Halt!

Posted on July 8, 2015 by Carmelo

Due to a computer glitch and are supposedly unrelated, United Airlines flights were grounded this morning and at the same time the New York Stock Exchange halted all trading.

Is foul play suspected? At this time, the answer is no, but when we talk of Information Security, we always go back to the golden trio of Confidentiality, Availability, and Integrity.

Just like  Post-Doctorate medical doctor getting his degree, it’s a workforce multiplier, because that leads to a new doctors office (buy, rent), a person to answer the phones and do billing, nurses, labs for lab work. The exact opposite is true when availability is compromised to critical systems such as travel and trading. I’m sure with the losses in travel, they will pass the expenses onto the consumer while the Stock Exchange showed higher losses than usual when ‘betting’ on a system they are more cautious and apprehensive on using. The U.S. stocks closed with sizable losses with the Dow Jones industrial average losing 261 points, Standard & Poor’s 500 gave up 34 points and the Nasdaq was down 87 points.

The United Airlines downing of the aircraft was due to a router and automation issues, from the news stories I’ve read. What this means to me, and I could be wrong, is that they might have been performing Infrastructure as a Service (IaaS) and dynamically created or removed a critical route OR someone did something they shouldn’t have without following proper change control procedure.

The FBI and Department of Homeland security immediately rose to action to investigate the outage at the New York Stock Exchange but didn’t find any attack footprints but also did not say what caused the outage. That means to me that it was either a really good attack, something like a program errored out wrong, something like a system went on the fritz or someone really messed up.

Posted in Security Blog | Tagged , , , , , | Comments Off on Halt!

Phishing and Vishing Attacks are Up

Posted on July 1, 2015 by Carmelo

With the recent OPM hack… I use hack loosely because of this. A lot of Personally Identifiable Information (PII) was stolen. About 32 million records. The PII consisted of Names, Addresses, Social Security Numbers, Dates of Birth, places one lived for the last 10 years, and full names of one’s relatives, like mother’s maiden name…

EVERYTHING NEEDED TO STEAL AN IDENTITY!

Phishing attacks will get worse and all need to be on the lookout for fake and fraudulent emails, most likely offering up identity theft protection offers because of the OPM hack.

Sometimes an attacker will use both a phishing and vishing attack together. This picture shows a social engineering campaign.

phishing and vishing campaign attack

Opportunities are boundless for an attacker after a computer is able to be remotely controlled or monitored. Access to all the data the user and the user’s computer houses or has access to, which can be everything.

Teach your family and friends (and coworkers) about complex and easy phishing and vishing attacks. Question everything that is strange. Monitor your credit report. You’ll be better off!

AAA Members get free ID theft monitoring, check it out at aaa.com/idtheft

Posted in Security Blog | Tagged , , , , , | Comments Off on Phishing and Vishing Attacks are Up

Vishing Voicemail? Sounds Serious!

Posted on June 25, 2015 by Carmelo

I got a voicemail yesterday on my Google Voice number, a number I haven’t used in a year. Vishing is voice phishing, a category of social engineering and the act of using the telephone in an attempt to scam a user into surrendering private information that will be used for identity theft.

Hi, This message is to contact you. My name is Danny Archer and I’m calling you, regarding an enforcement action by the U. S. Treasury attending your serious attention, ignoring this, will be an additional 2nd attempt to avoid initial appearance, before a magistrate church or the grand jury for the federal criminal offense. My number Is (202) 591-1615. I repeat, that’s (202) 591-1615. I advise you to cooperate with us and help us to help you. Thank you very much and have a blessed day.

Hit the play button below to hear what it sounds like.

Be suspicious of all unknown callers. People should be just as suspicious of phone calls as they are of e-mails asking for personal information. And some experts suggest letting all calls from unknown callers go to voicemail.

•Don’t trust caller ID. Just because your caller ID displays a phone number or name of a legitimate company you might recognize, it doesn’t guarantee the call is really coming from that number or company. As explained earlier, caller ID spoofing is easy.

Ask questions. If someone is trying to sell you something or asking for your personal or financial information, ask them to identify who they work for, and then check them out to see if they are legitimate.

Call them back. Again if someone is selling you something or asking for information, tell them you will call them back and then either verify the company is legitimate, or if it’s a bank or credit card company, call them back using a number from your bill or your card. Never provide credit card information or other private information to anyone who calls you.

Register your number with the National Do Not Call registry at donotcall.gov. Even though criminals and unscrupulous telemarketers may ignore the list, if you are on the list and get a call from a supposed telemarketer, that could be a tip that the offer is bogus. Most legitimate telemarketers obey the rules and laws about contacting consumers. Also, the Website provides a place where complaints can be filed.

Report incidents. Report vishing calls to www.ftc.gov or call (888) 382-1222. The FTC wants the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. If you think you’ve been a victim of a vishing attack you can also contact, the Internet Crime Complaint Center.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Vishing Voicemail? Sounds Serious!

Personnel Data and Social Security Numbers for EVERY Federal Employee STOLEN

Posted on June 18, 2015 by Carmelo

It was announced last week that hackers stole Social Security Numbers, military records and veterans’ status information, address, birth date, job and pay history, health insurance, life insurance, and pension information (age, gender, race data) when they breached the Office of Personnel Management (OPM). J. David Cox, president of the American Federation of Government Employees, believes that Social Security numbers were not encrypted, which is a cybersecurity failure that is absolutely indefensible and outrageous.

Mike Rogers, the former chairman of the House intelligence committee, said last week that Chinese intelligence agencies have for some time been seeking to assemble a database of information about Americans. Those personal details can be used for blackmail, or also to shape bogus emails designed to appear legitimate while injecting spyware on the networks of government agencies or businesses Chinese hackers are trying to penetrate.

It is very important to be aware of phishing and spear phishing emails. Fraudsters may even pose as Identity Theft or Credit Monitoring companies to get even more information and possibly money from you. The FTC has great resources on combating fraudsters and identity theft.  http://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure

Posted in Security Blog | Tagged , , , , , , , , , | Comments Off on Personnel Data and Social Security Numbers for EVERY Federal Employee STOLEN

Photo Bombed. How Metadata Can Kill.

Posted on June 6, 2015 by Carmelo

Most photos taken by any popular smart phone contains all sorts of metadata. Metadata is extra data, for photos, there are a whole ton of metadata, as you can see here. An Islamic State terrorist learned the hard way, that some metadata includes exact geolocation coordinates.

After an ISIS terrorist posted a selfie on social media (twitter) at his Islamic State Headquarters building, the metadata was pulled and the Air Force took quick action and destroyed the building.

Metadata in pictures gives location, think about that. Also, think about possible dangers to you and your family when photos are posted online with metadata. Not to live in fear though, there are privacy controls that a lot of Social Media sites offer. Also, smartphones, depending on the brand, can clean your metadata. Here is a quick guide to disable geotagging on the iPhone.

Posted in Security Blog | Tagged , , , | Comments Off on Photo Bombed. How Metadata Can Kill.

The Stegosploit Digital Steganography Project

Posted on June 5, 2015 by Carmelo

Stegosploit is the technique that allows an attacker to embed executable JavaScript code within an image. Now there are new scary scenarios for Internet users that could be infected by viewing a picture on any website, even without clicking on it or downloading it. The image could be the container for the priming of the malware.

When an Internet user views the image, the hidden script would automatically load on the host the malicious code that could be used for various purposes, including control victim’s device and steal sensitive data.

The expert highlighted that antivirus software and malware detection solutions are not able to detect the Stegosploit leaving users open to any kind of attack.

Posted in Security Blog | Tagged , , | Comments Off on The Stegosploit Digital Steganography Project

Credit Card Skimmers at Gas Stations

Posted on June 5, 2015 by Carmelo

A recent investigation in Florida uncovered 103 credit card skimmers over a three-month period. A problem state leaders here have faced head on.

Arizona is number two in the nation.

Aggressive measures by investigators at the Arizona Department of Weights and Measures and state leaders since 2011 have reduced the number of skimmers being used at Arizona gas pumps. Only four devices were found last year and four so far this year, in Tempe, Phoenix, Scottsdale and Yuma.

Armenian-based criminal organization out of Los Angeles are suspected responsible for putting the devices in local gas pumps.

Read more here.

Posted in Security Blog | Tagged , , , , | Comments Off on Credit Card Skimmers at Gas Stations

Phoenix Comicon 2015

Posted on May 30, 2015 by Carmelo

At first, we were having a hard time trying to decide what to wear to Comic Con, so we decided on actually going casual this year. Then one of our friends noticed we were in the Program guide! So we HAD to wear the same costume as last year :)

Trevor and his girlfriend Lindsey visited during comic con and they came with us as well!

Pat and Beau are at 0:11 while Jaime and I are at 1:25! Pretty cool!

Posted in life | Tagged , , , , , , , , , , | Comments Off on Phoenix Comicon 2015

Magnum P.I.I.

Posted on May 28, 2015 by Carmelo

magnumpii

Found on AdExchanger

Posted in Security Blog | Tagged , | Comments Off on Magnum P.I.I.

Google Fiber Sends Fine Letters to Pirates

Posted on May 26, 2015 by Carmelo

Google’s Fiber division is passing along automatic fine notices to Google Fiber users suspected of pirating copyrighted content.

Instead of merely alerting subscribers that their connections have been used to share copyright infringing material, these notices serve as automated fines, offering subscribers settlements ranging from $20 to $300.

Read more here.

Posted in Security Blog | Tagged , | Comments Off on Google Fiber Sends Fine Letters to Pirates