WIKIBAN: Security
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

29 August 2016

Dropbox tells Users to Update Old Password Now

Dropbox has emailed users warning them to update their passwords, while at the same time claiming that it hasn't been hacked.

The email from the cloud storage company has been aimed at users who haven't updated their password since mid-2012 or earlier, explaining that they will be forced to do so next time they try to sign in.

The company was keen to emphasise that the measure is "purely preventative" and that there is no evidence that the site has been compromised in any way.

However, Dropbox was hacked in the middle of 2012 and that's maybe why it's targeting specific customers, although the hack was disclosed and widely reported at the time.
The support page explained: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.

dropbox warns users to update old password



"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in."

This information isn't in the rather perfunctory email, which is as vague as possible presumably to avoid scaring the horses.

Dropbox offers two-step verification and works with FIDO standard security keys, but even customers using these services are being asked to change just in case.

Users of 4chan and Reddit claimed in 2014 to have stumbled across a list of seven million Dropbox passwords, but the company strenuously denied that these were from a hack, and indeed from its customers' accounts at all.


via

If you don't want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.

Don't forget to share!!!
Read More »

18 August 2016

Employee Arrested Over Sage Data Breach in UK

A 32-year-old woman has been arrested and bailed in connection with the data breach at accountancy software firm Sage. City of London Police confirmed that the woman was arrested at Heathrow Airport on "suspicion of conspiracy to defraud" and is a current employee of the company. The arrest comes two days after Sage admitted to a data breach when "unauthorised access" was gained by someone using an internal company log-in. Sage said that the personal information of employees at 280 organisations in the UK were compromised as a result of the attack.

"We believe there has been some unauthorised access using an internal log-in to the data of a small number of our UK customers, so we are working closely with the authorities to investigate the situation," Sage said in a statement released over the weekend.
woman involve was arrested by the police
 

The company has informed the Information Commissioner's Office and the City of London Police.

Sage did not reveal any further information about the breach, whether or how the data was obtained, how many people might be affected, the information that may have been compromised or even the services that were cracked.

The statement also raises questions about the security and monitoring of the company's authentication mechanisms. Sage did not say whether the breach was performed by a current or former employee, or whether the log-in credentials were compromised in some way.

Sage has around six million SMB customers around the world, and the unauthorised access of 280 customer accounts therefore represents only a small proportion of its total customer base. The company claimed that only UK-based customers were affected.

Thomas Fischer, threat researcher and global security advocate at Digital Guardian, laid the blame squarely at Sage's door, suggesting that the company's security was inadequate.

"It appears that the Sage breach came from an insider. Insider threats are almost always preventable if the right people-management processes and tools are in place," he said.

"This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account.

"Sage also claims that it's currently unsure how the data was compromised. Again, with the proper investments in IT security this should be easily controllable and identifiable in a very short period of time."

The admission of a security breach at Sage comes after a week of revelations from retail systems vendors that appear to have been targeted by a gang of Russian hackers.

If you don't want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.

Don't forget to share!!!
Read More »

Snowden Blames Russia Over US NSA Hack

The auction of hacking tools reportedly stolen from a server belonging to Equation Group, a hacking outfit linked with the US National Security Agency (NSA), is a coded message to the US authorities, according to NSA whistleblower Edward Snowden. He believes that the attack was genuine and that the group does have tools used by the NSA up until June 2013 when Snowden went public. However, Snowden suggested that the auction is not intended as a shakedown of the rich and gullible, but to send a message to the NSA to back off. Snowden described in a series of tweets how online hacking by intelligence services works. "The hack of an NSA malware staging server is not unprecedented, but the publication of the take is," he tweeted.

"NSA traces and targets malware C2 servers in a practice called Counter Computer Network Exploitation, or CCNE. So do our rivals. NSA is often lurking undetected for years on the C2 and ORBs (proxy hops) of state hackers. This is how we follow their operations.

"This is how we steal their rivals' hacking tools and reverse-engineer them to create 'fingerprints' to help us detect them in the future.

"Here's where it gets interesting: the NSA is not made of magic. Our rivals do the same thing to us - and occasionally succeed. Knowing this, NSA's hackers (TAO) are told not to leave their hack tools ('binaries') on the server after an op. But people get lazy.
snowden blames russia over attack at nsa


"What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is. Why did they do it? No-one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack."

Snowden suggested that the security services of his current hosts, Russia, are behind it.

"That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies [and] particularly if any of those operations targeted elections. Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks," he said.

"TL;DR: this leak looks like somebody sending a message that an escalation in the attribution game could get messy fast.

"Bonus: when I came forward, NSA would have migrated offensive operations to new servers as a precaution - it's cheap and easy. So? So the undetected hacker squatting on this NSA server lost access in June 2013. Rare public data point on the positive results of the leak."

He signed off on the series of tweets: "You're welcome, @NSAGov. Lots of love."


If you don't want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.

Don't forget to share!!!
Read More »

17 August 2016

Shadow Brokers Claims Responsibility for US NSA Hack

A hacking group called the Shadow Brokers claims to have turned the tables on the US National Security Agency (NSA) by hacking into its servers, stealing information and auctioning it off. Reports have it that the Shadow Brokers broke into the NSA by exploiting a team of in-house hackers at the agency called the Equation Group.

Once they solved this puzzle they were able to maraud through servers and pluck them for their goodies, and they are now trying to sell this information to the highest bidder.

The online response to the leak suggests that the package is small but powerful, and includes some of the NSA's elite hacking tools.
shadow brokers claims responsibility for nsa hack


A Tumblr blog operated by the hacker outfit has apparently been wiped clean. "There's nothing here. Whatever you were looking for doesn't currently exist at this address. Unless you were looking for this error page, in which case: Congrats! You totally found it," says a holding page.

The NSA press and media website is currently unavailable in what may be an unrelated issue, but the organisation has yet to comment on the incident.


If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
 
Sharing is Sex
Read More »

Kaspersky Uncovers Banking Trojan Riding on the Back of Google Adsense

Security firm Kaspersky Lab has uncovered a banking trojan that is being distributed via Google AdSense, and is therefore able to force itself on users with no interaction.
 
"We encountered a gratuitous act of violence against Android users. By simply viewing their favourite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," warned the Kaspersky researchers in a blog post.
 
"It turns out the malicious program is downloaded via the Google AdSense advertising network. Be warned, lots of sites use this network - not just news sites - to display targeted advertising to users. Site owners are happy to place advertising like this because they earn money every time a user clicks on it.

"But anyone can register their ad on this network - they just need to pay a fee. And it seems that didn't deter the authors of the Svpeng trojan from pushing their creation via AdSense. The trojan is downloaded as soon as a page with the advert is visited."

These kind of attacks are not new, and Kaspersky blurted out an alert about an incident at the Meduza news portal in July which has since been fixed.

"The Svpeng family of banking trojans has long been known to Kaspersky Lab and possesses a standard set of malicious functions. After being installed and launched, it disappears from the list of installed apps and requests the device's admin rights," the post continued.
kaspersky uncovers malware
Credit: V3


"Svpeng can steal information about the user's bank cards via phishing windows, intercept, delete and send text messages (this is necessary for attacks on remote banking systems that use SMS as a transport layer) and counteract mobile security solutions that are popular in Russia by completing their processes.

"In addition, Svpeng collects an impressive amount of information from the user's phone: the call history, text and multimedia messages, browser bookmarks and contacts." 


If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
 
Sharing is Sex
Read More »

16 August 2016

End-To-End Encryption Will Receive a Heavy Blow as EU is Considering on Imposing New Law

The European Commission (EC) is considering making web-based chat services such as Skype, WhatsApp and iMessage subject to the same laws governing telecoms providers, which could have a big impact on privacy and encryption. Telecoms providers currently have several obligations governing how they protect, store and access data on customers under the e-Privacy Directive. Operators have long complained that it is unfair that so-called over-the-top (OTT) providers are not subject to these laws, despite offering essentially the same services.

Reuters has cited internal EC documents in reporting that regulators are weighing up this situation and may indeed extend laws to OTT players, which would affect the likes of Google, Facebook, Microsoft and Apple.

This could threaten the end-to-end encryption offered on these services because telecoms operators cannot currently offer this protection as they are required to make communication data available if requested by law enforcement.

Law enforcement and tech companies are increasingly coming to blows on encryption and privacy, and a shift in the law to govern those carrying the majority of communications would mark the latest effort by the authorities to win this battle.
V3
Facebook, which owns WhatsApp, has already noted its concern at this development. Reuters quoted Facebook's response to the EC’s consultation as saying that user privacy would be at risk.

"[We would] no longer be able to guarantee the security and confidentiality of the communication through encryption because governments would have the option of restricting the confidentiality right for national security purposes,” the firm said.

"Therefore, any expansion of the current ePrivacy Directive should not have the undesired consequence of undermining the very privacy it is seeking to protect.”

“We believe that simplifying and streamlining regulation will benefit consumers by ensuring they are provided with a simple, consistent and meaningful set of rules designed to protect their personal data,” said the letter.
The EC's full proposals for overhauling the e-Privacy Directive are expected later this year.

 
We always strive to give you quality contents and if you don't want to miss any of our latest updates, kindly click here to subscribe with your email address and dont forget to check your inbox for confirmation

Sharing is Sexy
Read More »

15 August 2016

Security Leak: Russian Athlete Whistleblower Online Account Hacked

A Russian whistleblower who revealed state-backed athlete doping in the country has had her account on the World Anti-Doping Agency (WADA) website hacked, potentially revealing her whereabouts. Yuliya Stepanova was integral in revealing the widespread use of banned substances to help Russian athletes outperform their rivals. The revelations led to some athletes being banned from the Olympics. Stepanova was forced to leave Russia and live in hiding after revealing the information, which no doubt upset the government.

WADA has now admitted that Stepanova's account on the organisation's Anti-Doping Administration and Management System (ADAMS) was hacked, most likely by those wishing to ensure she sees 'justice' in Russia.

“Through WADA’s regular security monitoring ... the agency noted that someone other than Ms Stepanova had accessed her account," the organisation said in a statement.

"WADA immediately locked Ms Stepanova’s account to prevent further access and notified her of the situation."

WADA also acknowledged a recent spike in phishing attacks against its members, suggesting that Stepanova may have inadvertently revealed her information to the hackers.

"Earlier this week, WADA was made aware of an alleged hack of its website and to phishing scams. Regarding the latter, the agency confirmed that some users had received illegitimate emails that look as though they come from WADA, which ask users to click on a link and enter their personal credentials," it said.
rusian athlete whistle blower online account hacked
Image credit: theGuardian


"WADA quickly investigated and immediately sent an email to all users, including a warning banner on the ADAMS home page, alerting them to these emails, which WADA would never send, and asking them to advise ADAMS support immediately if they were to receive such an email.”

WADA explained that it is contact with “the relevant law enforcement authorities” and that it has always been a target for hackers.

“Stakeholders can rest assured that the agency takes IT security and data privacy very seriously; accordingly, as a matter of course, we monitor all our systems on a continuous basis and adjust as necessary in line with the best IT security practices,” the agency said.

The incident underlines the ease with which phishing attacks can put people at risk, as witnessed in 2014 when scores of celebrities had their iCloud accounts hacked and personal media stolen and distributed online



If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
 

Share This...
Read More »

UK Firms Employee Details Could be Exposed Because of Sage Data Breach

Sage Group, a provider of accounting, payroll and payments software for businesses, said an internal login had been used to gain unauthorised access to the data of some of its British customers. The personal details of the employees of about 280 British companies were potentially exposed in the breach, a company source said. It was working to ascertain whether any data had been stolen, the source added.

"We are investigating unauthorised access to customer information using an internal login," the company said in a statement.

"We cannot comment further whilst we work with the authorities to investigate but our customers remain our first priority and we are speaking directly with those affected," it added.

The company has informed the Information Commissioner's Office and the City of London Police.

Sage did not reveal any further information about the breach, whether or how the data was obtained, how many people might be affected, the information that may have been compromised or even the services that were cracked.

The statement also raises questions about the security and monitoring of the company's authentication mechanisms. Sage did not say whether the breach was performed by a current or former employee, or whether the log-in credentials were compromised in some way.
uk firms at risk of exposure
Credit: V3


Sage has around six million SMB customers around the world, and the unauthorised access of 280 customer accounts therefore represents only a small proportion of its total customer base. The company claimed that only UK-based customers were affected.

"It appears that the Sage breach came from an insider. Insider threats are almost always preventable if the right people-management processes and tools are in place," he said.

"This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account.

"Sage also claims that it's currently unsure how the data was compromised. Again, with the proper investments in IT security this should be easily controllable and identifiable in a very short period of time."

The admission of a security breach at Sage comes after a week of revelations from retail systems vendors that appear to have been targeted by a gang of Russian hackers. 


If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
 

Share This...
Read More »

7 August 2016

Get Avast Anti-Virus Security 2016 Licence key and Activation Method/Guide

Well as i said earlier on the post i recently published "Download the Latest Smadav 2016 Rev. 10.9 For Better Security" Computers are not safe enough this days as a result of inability to get a protective antivirus to prevent virus from killing your computer files, it also happens as a result of expiring date of an antivirus.

This days many antivirus are expiring as a result of some upgrades made especially by avast antivirus.
Avast Antivirus is also seems to be among first class antivirus in the world of virus protection.

There is one major problem with anti-virus software: It needs updating. Users cannot be relied upon to have even the anti-virus software in the first place, let alone be able or willing to pay for the updates but as a result of inability to pay for the update, Lets quickly look at the latest serial of the latest 2016 Avast Antivirus with the steps involved on how to insert the key.
please Note that Your license key must now be inserted into the program.



 

2016 AVAST ANTIVIRUS ACTIVATION KEY

Your license key is:

---------- Cut here ----------
C00596864H1200A0718-P4HFBHHL
----------Cut here ----------
OR



----------Cut here ----------

W9740570R9942A0910-8NB2E62T
 ----------Cut here ----------

Note: You can use any one of the above serials depends on the one that works for you, but as for me the first one works successfully for me

 How To insert The Above Avast license key


To insert your license key, please follow the instructions below:

1. Highlight the license key above, then right-click it and select "Copy".
2. Open your Avast Free Antivirus controls and select the "Settings" tab.
3. Next, click the "Registration/subscription" tab.
4. Click the arrow next to "Offline registration" to expand this option.
5. Click the "Insert the license key" button.
6. Right-click in the empty Registration box and select "Paste".
7. Click "OK" – your license key is now inserted and your Avast antivirus software can now be used free of charge for a further 12 months.

If you experience any trouble while inserting the license key, please click here for more help: https://www.avast.com/en-us/FAQ/AVKB9

** Important notice **


Please note that, under its license conditions, Avast Free Antivirus is for home, personal, and non-commercial use only. Commercial versions of Avast can be found a



 Enjoy the world of protection from useless malwares and errors 


We always strive to give you quality contents and if you don't want to miss any of our latest updates, kindly click here to subscribe with your email address and dont forget to check your inbox for confirmation.
Read More »

6 May 2016

How to remove Shortcut Virus on PC with Command Prompt

Antivirus is more protective and reliable to be used on PC so as to protect your computer against any malware attack but it seems that  many antivirus isn't free and the free ones are not that too good enough to protect your computer only few can do.

The main purpose and reason for creating antivirus is to wipe out virus of any kind but still the problem of virus remains to the extend that instead of antivirus to wipe and clean virus, The virus is now wiping and corrupting the antivirus its self.

so since the available antivirus we commonly used are not enough to protect our computer against virus attack let look at the possible solution and the way out on how to remove shortcut virus with out any software, that is by using CMD.

Some are referring the shortcut as a virus while sometimes its just an error within the operating system which will eventually hides all your data and important files to the extend that you need to format the USB drives and loss your important contents inside. I believe you can be able to protect your self from this kind of virus or more so you can be able to recover your data if your victim of such incidence.

Read Also: How to remove .ink shortcut virus on Pc
How to remove shortcut virus with comman prompt


How to remove shortcut virus on your Flash Drive or pen Drive with a command prompt

  1. Firstly, click on start menu, and search for cmd
  2. After that, right click on the command prompt icon, and select run as administrator.
  3. Once the command prompt windows is open, type the command below
attrib -h -s -r -a /s /d X:*.*
Just replace the letter X above with your USB drive letter and press enter, all your files will be visible and accessible in just a second
 
Now with this guide you can be able to set your USB drive free and use freshly,
let us know if you encounter any problem within

If you dont want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook or twitter to get the latest updates about tech and more.


Its really not fair to know this without sharing kindly share this post using the share icon below 
Read More »

12 April 2016

Why GTbank *737# service Menu is not Secured. A MUST READ

You may be amazed why a mere Blogger will be complaining about the banking security system of one of the best nigerian Banks. Well everybody has a different preconceived notion regarding different point of view as how someone view a situation. GTbank is one of the best nigerian bank in providing quality and efficient service to its customers more especially by introducing the *737# menu to allow its customers perform different kind of transaction like recharging your phone, paying your bills and opening an account with them and many more (check HERE).

Nowadays online transaction are much as everybody engage himself one way or the other to buy something online or perform a certain transaction with his bank account and with *737# Menu you can easily transfer money from someone bank account to your bank account directly by just using the last four (4) digits of his ATM card.
Be conscious when using *737# to perform transaction

Disclaimer

This post was not associated with GTbank or its associates and its not written to detriment the image of GTbank but to make you aware of some security flaw and a solution to make your banking transaction simple and safer.

You might Also want to Read:
How to chat with Gtbank Customer Care Online
How to buy Airtime, pay your bills with GTbank offline

How *737# Code works with GTbank

This is a service menu that is used by any Gtbank customer to buy airtime, pay your nepa or DSTv bill, send airtime to friends, transfer money from your account directly to any other Gtbank customer or to other banks respectively. When you just dial *737# with the phone number you used in opening the account it will show up a menu of different transactions, assuming you want to transfer money to a friend, then what you need to do is just to select 4 and fill the requisite field available, after completing everything you need to use your last four (4) digits of your ATM card to authenticate the transaction. Basically you can notice that the last four (4) digits of your ATM card is the backbone of this transaction and without it *737# Menu is useless.

Unfortunate Situation

You have a GTbank account with huge amount of money inside and unfortunately for you someone inside your Office, family or a workaround friend is pretending to be a good Samaritan to you thereby given him access to your phone or your ATM card thinking that all is well. That mole within you can be able to memorize the last four (4) digits of your ATM card at a glance and whenever he is opportune to have access to your phone, he can easily transfer money to his bank account within couple of minutes and even thereby deleting the alert messages available on your phone, you can not be able to notice the transaction at the spot unless you are like me in collecting bank statement every month, which unfortunately for you and fortunately for him you are being frauded easily.


How to Protect Yourself from being Scam

Well haven't notice of the loophole is for you to know and be aware the kind of security counter measure you should check and implement to make sure that the unfortunate circumstance in the above paragraph never occurs. For those using Android phone i can recommend you to use Applock (download HERE)  in securing most of your Application especially the "phone" where someone dials a number or if you using another device that cannot support Applock you can always lock the phone using the security feature provided by the manufacturer of the device and still in some cases someone will remove your sim and put it on other device, in this case you are also mandated to enable sim card lock on your SIM as its best way for this.

Not only that, your ATM card is a great asset to you and you need to make it confidential by not disclosing it to anybody especially if you suspecting someone of a similar behaviour. Dont allow many people to get a hold of you ATM card even for a glance.

My Recommendation to GTbank

Gtbank engineers might not be aware of this certain security flaw but am using this platform as means of recommending a new secret password/PIN to be introduced for proper execution of the *737# service Menu i.e. one has to cram his password/PIN thereby not telling anybody as in similar to ATM card PIN which i believe will be difficult for anyone to guess and to discontinue the use of ATM last four (4) digits PIN.

Conclusion

Security is an illusion, weather you are using any other commercial bank in nigeria or abroad you have to be always vigilant and take counter measures in securing your banking details because anything that has advantage also have its disadvantage.

 
We always strive to give you quality contents and if you don't want to miss any of our latest updates, kindly click here to subscribe with your email address and dont forget to check your inbox for confirmation
Read More »