THE CYBER LANDSCAPE: UNPATCHED MICROSOFT JET VULNERABILITY
GOOGLE+ TERMINATED IN RESPONSE TO LEAKAGE OF USER’S DATA
In response to a publicized security breach, Google is looking to shut down their failed social media site. Google+ was created with the intention of overthrowing Facebook, but instead has left its scanty user base exposed to third-party data intrusions via software bug.
How Data Was Compromised
Destined to be a popular site, Google+ was once an exclusive social media alternative that required an invitation, which made it all the more alluring; how users data was then shared with others is less exclusive. When signing into apps, there was the option to sign in with Google+, similar to signing into an app with Facebook, which then allowed the app to collect and harvest data generated by the user. When a Google+ user logged in with their account, they not only offered up their information, but also their friend’s information.
Who Was Affected
While Google+ never experienced the fame it had predicted, there was still a notable user base. 500,000 users were ultimately affected by this security bug, which revealed their age, jobs, and local information– placing them in danger of fraud. The software bug gave approximately 438 third-party vendors access to users private information from 2015 to March 2018, when the loophole was discovered.
Why Was it Not Made Public
The Google+ data leak was discovered in March– incidentally the same month that Facebook was under fire for the Cambridge Analytica scandal. Looking to avoid Facebook’s fate, Google+ chose not to disclose the data leak– instead choosing to quietly repair the software bug. The difference in data leaks is rather apparent, with Google+ having a much smaller user base in comparison to Facebook.
What You Can Do
Many users made a Google+ account when it was all the rage, but most didn’t use it after initial creation. While you may not be using Google+ anymore, one of your friends might have– leaving you exposed. Checking to see if you have a Google+ account is as simple as checking your gmail or university email, then going into your settings to completely delete the Google+ account. A lot users have an account and they don’t even realize it.
The site is said to shut down in ten months, while leaving a business aspect of Google+ still available.
THE CYBER LANDSCAPE: YOUR HOME WIFI ROUTER
Can my wi-fi router be compromised?
Wi-Fi routers pose an easy target for most hackers. A router’s firmware will pose a risk if left running without an update. Most households will keep their Wi-Fi router running day in and day out, without being checked for the latest patches or bug fixes.
Over time, Wi-Fi routers’ vulnerabilities are amplified. Most firmware is built with open source code, which is a cost-effective way to allow for customization, but is also seen as more susceptible to cyber attacks.
Is this even a serious threat?
Yes. In a study done by the American Consumer Institute (ACI), it was found that in a range of 186 Wi-Fi routers, from a slew of popular providers, 155 were found to be based on open source code. This means that 83% of those routers have a higher probability of being exposed to attacks.
Earlier this year there were thousands of Wi-Fi routers infiltrated by Russian hackers, reported by NBC. Barreling through little protection, a semi-experienced hacker could easily move past password barriers such as: 1234 and other simple passwords. Once they have access to your router, they can sift through private data, spy on web interactions, or even gain access to your financial institutions.
How to protect yourself:
- Update your Router’s firmware
- Search online for vulnerabilities on your device
- Turn off Remote Administration
While the “Remote Admin” tool is helpful for when you need tech help from afar, it leaves a loophole that could be used by hackers.
THERE IS SOMETHING “PHISHY” ABOUT SPEAR PHISHING.
We all know about email phishing, it’s relatively easy to spot. When the prince of Nigeria emails asking for help, we know not respond with our banking info, but when your I.T. provider “emails” with a link to click to login, this might be a little harder to recognize as an attack. Spear phishing is the next worst version of plain old phishing.
Spear phishing is a relatively cheap and effective way to gain access to someone’s personal information or computer system. With a little research and an email address, a hacker can pose as a trusted source. Posing as this official source, hackers can access aia a spoofed login link or an attachment.
This type of phishing has increased by 65% since last year, meaning your inbox may soon receive an email you weren’t expecting. Here are a few examples of what a spear phishing attack may look like:
The Executive
Emails from higher-ups are always more likely to receive special attention, something hackers realize too. An American steel company was targeted with an email from the board of directors, which prompted employees to click a link. This link allowed for hackers to gain access to employee’s email database and all attachments.
Protect yourself from dubious links by double checking with the person who initiated the email. It is unlikely that there will be a login link attached in an email, but always double-check.
The Job Candidate
With team expansions come new hires, but not all job applicants are alike. This “potential” hire will typically send a short intro summary and an attachment of their resume, which is what holds this compromising malware.
Protect yourself from malicious attachments by having an intermediary defense system, like a web portal or file uploader to scan all attachments to verify a word document.
The IT Note
Who hasn’t run into IT troubles? When an email pops up from your provider, it doesn’t signal any red flags, but they link they provide might be anything but helpful.
Protect yourself from these malicious links by remaining vigilant online and refraining from providing personal information online.
Remaining Vigilant Online
There are many ways for a hacker to investigate a user’s personal interests, such as through their social media. With simple research, a personally crafted attack could be sent to an unexpecting inbox. Don’t be the one to fall for the attack:
- Remain very vigilant online
- Double check with the sender
- Have an intermediary defense system
- Avoid links that direct to a login page
- Keep up to date with cyber attacks
WINDOWS HANDWRITING ASSIST: HARMLESS AID OR MASSIVE VULNERABILITY
Those with a touchscreen or stylus capable Windows PC are most likely in love with the smart feature that allows a handwritten scribble to become formatted text. Introduced in Windows 8, the handwriting recognition tool was implemented with the goal of easing a user’s experience.
The handwritten recognition tool has the capability of storing all previous texts in order to better interpret stylus scribbling and suggest corrections. All data is saved, collected and compiled into a file called WaitList.dat.
A Digital Forensics and Incident Response (DFIR) expert, Barnaby Skeggs, was the one to highlight the handwritten recognition tool. In an interview with ZDnet he reviewed complications, “The user doesn’t even have to open the file/email, so long as there is a copy of the file on disk, and the file’s format is supported by the Microsoft Search Indexer service,”.
While this isn’t meant to be a major vulnerability, it ultimately poses a risk. WaitList.dat collects texts from other sources on the device that includes written text, like emails, written documents, passwords, and usernames.
Skeggs went on to elaborate that WaitList.dat could also recover text from deleted documents, “If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file.”
To a digital forensics expert like Skeggs this provides all the evidence he needs to show a document had once existed– as well as it’s data.
As mentioned before, the purpose of the handwritten recognition tool was to simply aid a user, not hinder them. PC users that are utilizing this tool may need to have extra precautions, but won’t be in danger unless their device is targeted.
If you’re looking to resolve this potential security issue, you can manually go to the following address and delete WaitList.dat. Skeggs listed the typical location of the file: C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat
APPLE USERS ARE LEFT EXPOSED TO A NEW PHISHING ATTACK
This new phishing attack has gained a level of sophistication that will trick even a trained user. An unpatched URL vulnerability allows a hacker to imitate a website address and then acquire information through a fake login portal.
The URL vulnerability was discovered by Rafay Baloch, a security researcher based in Pakistan. Microsoft Edge by Windows and Apple Safari by iOS are the two major browsers affected. While Microsoft has created a patch for the spoof URLs in the previous month– meaning Google Chrome and Mozilla Fox users are in the clear.
Baloch discovered that this vulnerability (CVE-2018-8383) as a result of a race type condition issue: a web browser will allow JavaScript to change the web address in the URL bar while a page is loading.
Here’s how this phishing attack works: hackers are able to load an authentic webpage, allowing for the proper web address to display in the URL bar, and then quickly swap in a more sinister code. Users are then led to what appears to be a legitimate login screen, where usernames and passwords are then captured. This can easily deceive a vigilant user, as the web address doesn’t appear to change drastically.
Any website can be recreated by a hacker with this URL loophole, including Gmail, Facebook, Twitter, and even a large number of banking websites.
Baloch produced a proof-of-concept (PoC) page where he exposed the URL vulnerability on both Microsoft Edge and Safari. Both web pages granted JavaScript access to change the web address in the URL bar while the page was still loading.
Ultimately, it’s best to double-check web addresses, but to also keep an eye on the latest phishing attacks.
To read more about technical details about the phishing attack, read Baloch’s blog.
IS AIRPORT WI-FI SECURE?
The one thing that makes an airport layover bearable may be more risky than many realize.
Airport Wi-Fi, though sometimes faster than cellular networks, is often unencrypted and rather unsecure, according to a study by Coronet. They created a list of the 10 U.S. airports where you’re most likely to have information stolen via the Wi-Fi.
This doesn’t mean you should never connect to airport Wi-Fi, but it does mean it is important to be careful when doing so.
THE 7 REASONS VDI IS THE NEXT MUST-HAVE FOR COMPLIANCE
My intention with this blog is to create a conversation about the topic of VDI’s (virtual desktop infrastructure) impact on compliance, whether positive or negative. Therefore, please comment with questions and opinions!
I’ve built and used many VDI environments, but VDI’s impact on compliance didn’t occur to me until recently.
I was hired by a client in the financial sector to identify ways of achieving compliance as it relates to devices at the edge and their cloud presence. My conclusion was that we needed to implement a VDI infrastructure, which would prevent anyone from accessing the cloud tenancies unless they originate from certain IP addresses within the organization. At the same time, we would no longer have to worry about “data at the edge” – i.e. devices and handhelds that can contain compliance data and might be subject to theft or information leak.
As we moved forward with the project, I realized there were other benefits of VDI unaccounted for in the original decision to move to a VDI infrastructure:
1. Desktop Isolation
In a VDI environment, the different virtual instances can be prevented from exchanging data with one another, which is hard to implement in a physical environment
2. Unified Access
Users access their VDI environment in the same manner regardless of scenario – normal or disaster recovery; no new accommodations, directives or training for end users must be provided in a business continuity situation
3. Dynamic Load Provisioning
VDI can dynamically allocate resources (RAM, CPU, GPU, etc.) for users with varying workloads, such as in computational modeling
4. Simplified Reference Architecture
VDI can be designed and deployed based on proven reference architecture, rather than making incremental improvements to existing environments
5. Data Loss Prevention
VDI resolves the issue of preventing USB/External drives from leaking data outside the organization
6. Unified Image
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
7. Uninterrupted Workflow
Forced reboots no longer affect the end user; patches and updates can run at a very aggressive schedule