Massive new security threat exposed

Security_Aug18_AIt seems like nearly every week, and in some cases nearly every day, there is some security breach announced. The vast majority of these assaults tend to revolve around online user accounts, where password, account information, and even usernames are stolen. Over the years, there has been a general trend where the number of accounts breached or compromised is growing, and in early August news broke about possibly the biggest breach to date.

The latest big-scale breach

In early August, it emerged that a Russian hacker ring had amassed what is believed to be the biggest known collection of stolen account credentials. The numbers include around 1.2 billion username and password combinations, and over 500 million email addresses.

According to Hold Security, the company that uncovered these records, the information comes from around 420,000 sites. What is particularly interesting about this particular attack is that such a wide variety of sites were targeted when compared this with other attacks which tend to either attack large brand names or smaller related sites.

How did this happen?

Despite what many believe, this was not a one-time mass attack; all sites that were compromised were not attacked at the same time. Instead, the hacker ring – called the Cyber Vor – was likely working on amassing this data over months or longer. How they were able to amass this much information is through what’s called a botnet.

Botnets are a group of computers infected by hackers. When the hackers establish a botnet, they attack computers with weak network security and try to infect them with malware that allows the hacker to control the computer. If successful, users won’t even know their computer has been hacked and is being used by hackers.

Once this botnet is established, the hackers essentially tell the computers to try to contact websites to test the security. In this recent case, the computers were looking to see if the websites were vulnerable to a SQL injunction. This is where hackers tell the computers in the botnet to look for fillable sections on sites like comment boxes, search boxes, etc. and input a certain code asking the website’s database to list the stored information related to that box.

If the Web developer has restricted the characters allowed in the fillable text boxes, then the code likely would not have worked. The botnet would notice this, and then move onto the next site. However, if the code works, the botnet notes this and essentially alerts the hacker who can then go to work collecting the data.

So, is this serious and what can I do?

In short, this could be a fairly serious problem. While 420,000 sites may seem like a large number, keep in mind that the Internet is made up of billions of websites. This means that the chances of your website’s data being breached by this ring are small. That being said, there is probably a good chance that one of the sites related to your website may have been breached.

So, it is a cause for concern. However, you can limit the chance of hackers gaining access to your information and a website’s information.

1. Change all of your passwords

It seems like we say this about once a month, but this time you really should heed this warning. With 1.2 billion username and password combinations out there, there is a chance your user name for at least one account or site has been breached.

To be safe, change all of your passwords. This also includes passwords on your computer, mobile devices, and any online accounts – don’t forget your website’s back end, or hosting service. It is a pain to do, but this is essential if you want to ensure your data and your website is secure from this attack.

2. Make each password different

We can’t stress this enough, so, while you are resetting your password you should aim to ensure that you use a different one for each account, site, and device. It will be tough to remember all of these passwords, so a manager like LastPass could help. Or, you could develop your own algorithm or saying that can be easily changed for each site. For example, the first letter of each word of a favorite saying, plus the first and last letter of the site/account, plus a number sequence could work.

3. Test your website for SQL injunctions

If you have a website, you are going to want to test all text boxes to see if they are secure against SQL injunctions. This can be tough to do by yourself, so it’s best to contact a security expert like us who can help you execute these tests and then plug any holes should they be found.

4. Audit all of your online information

Finally, look at the information you have stored with your accounts. This includes names, addresses, postal/zip codes, credit card information, etc. You should only have the essential information stored and nothing else. Take for example websites like Amazon. While they are secure, many people have their credit card and billing information stored for easy shopping. If your account is hacked, there is a good chance hackers will be able to get hold of your card number.

5. Contact us for help

Finally, if you are unsure about the security of your accounts, business systems, and website, contact us today to see how our security experts can help ensure your vital data is safe and sound.

Published with permission from TechAdvisory.org. Source.



Creating accessible technology plans

BValue_Aug18_AIn many countries around the world, businesses are required to meet the needs of all employees. For able-bodied employees, one system will usually be able to meet needs, but disabled employees may have different requirements. Therefore, businesses should ensure that they develop an accessible technology plan.

Read more...



5 common ways virtualization fails

Virtualization_Aug11_AVirtualization has become common place in small to medium size businesses. After all, the idea of moving physical systems to virtual ones that not only usually costs less but also allows owners to get rid of physical hardware, makes it an appealing option. While virtualization is popular, migrations are not always successful. Following are five of the more popular reasons why they can fail.

Read more...



Saving Facebook content to read later

Facebook_Aug18_ASince its release, Facebook has gone from a college-only network to international site that connects millions of people. With more than half of adult users having more than 200 friends on average, our News Feeds have become a highly congested and constantly changing collage of stories and posts. Many of these posts are links to articles that we find interesting. While we would love to drop everything and read a particular link there are times when this isn’t possible. To help, Facebook has introduced the new Save feature.

Read more...



5 common security breaches

Security_Aug05_AThese days, the security of various technology based systems is constantly being called into question. From attacks on mobile devices to ever increasing types of malware, many businesses are struggling to stay on top of their security. One of the best ways to help ensure your systems are secure is to be aware of common security issues. To that end, here are five common ways your security can be breached.

Read more...



cartoon