[Wi-fi is being rebranded]

Wi-Fi now has version numbers, and Wi-Fi 6 comes out next year

https://www.theverge.com/2018/10/3/17926212/wifi-6-version-numbers-announced

Quote

If you’ve ever bought a Wi-Fi router, you may have had to sort through specs that read like complete gibberish — like “802.11ac” or “a/b/g/n.” But going forward, Wi-Fi is adopting version numbers so that it’ll be easier to tell whether the router or device you’re buying is on the latest version.

In the past, Wi-Fi versions were identified by a letter or a pair of letters that referred to a wireless standard. The current version is 802.11ac, but before that, we had 802.11n, 802.11g, 802.11a, and 802.11b. It was not comprehensible, so the Wi-Fi Alliance — the group that stewards the implementation of Wi-Fi — is changing it.

All of those convoluted codenames are being changed. So instead of the current Wi-Fi being called 802.11ac, it’ll be called Wi-Fi 5 (because it’s the fifth version). 

 

[Major Complaints About the iPhone XS Are Stacking Up]

Major Complaints About the iPhone XS Are Stacking Up

https://gizmodo.com/major-complaints-about-the-iphone-xs-are-stacking-up-1829447724

Quote

It wouldn’t be an iPhone launch without a small army of hand-wringing Apple fans complaining about their expensive new phones on the internet. This year is no exception, and forums are filling up with reports of issues with the iPhone XS and iPhone XS Max. None of the problems are particularly catastrophic. At least not yet.

Before we get into the details, it’s worth pointing out that the iPhone XS devices are brand new. They’ve been out in the wild for less than two weeks. The public release of iOS 12 is equally new, although it enjoyed many months in beta-testing. So it’s not necessarily a surprise that a new iPhone with new software will suffer from a few bugs. We’ve seen it happen before—most notably in 2010, the year of Antennagate—and we’ll see it again.

That doesn’t mean you shouldn’t be pissed off if your iPhone XS is all messed up. We’re making a running list of the widespread complaints about the new phones, and we encourage you to add your own grievances in the comments. You can also email me tips directly.

 

[Tempted to let your old domain lapse? Read this first…]

Tempted to let your old domain lapse? Read this first…

https://www.stationx.net/tempted-to-let-your-old-domain-lapse-read-this-first/

Quote

Technically, you never actually own a domain name outright; you only ever lease it. So if it doesn’t get renewed, a domain name eventually ends up back on a domain registry database. From here, it can be passed on to a reseller - and can ultimately end up in the hands of a completely new user.

For IT managers, renewal of active domains is a routine admin matter. And in fact, most resellers enable you to set up an auto-renew arrangement so there’s no action required at your end. Even after the expiry date has passed, all major registries give you plenty of prompts and a generous grace period to re-register.

So it’s practically impossible to let a domain name expire ‘by mistake’. For it to fall out of your control, there has to be a conscious decision on your part not to renew it.

StationX offers some excellent training courses.

[Current Threats]

Hackers Stole 50 Million Facebook Users' Access Tokens Using Zero-Day Flaw

https://thehackernews.com/2018/09/facebook-account-hack.html

Quote

Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.

UPDATE:  10 Important Updates You Need To Know About the Latest Facebook Hacking Incident.

In a brief blog post published Friday, Facebook revealed that its security team discovered the attack three days ago (on 25 September) and they are still investigating the security incident.

The vulnerability, whose technical details has yet not been disclosed and now patched by Facebook, resided in the "View As" feature—an option that allows users to find out what other Facebook users would see if they visit your profile.

According to the social media giant, the vulnerability allowed hackers to steal secret access tokens that could then be used to directly access users' private information without requiring their original account password or validating two-factor authentication code.

 

[Current Threats]

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

(Primarily directed at Brazilian targets)

https://thehackernews.com/2018/10/ghostdns-botnet-router-hacking.html

Quote

Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials.

Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings on an infected device, allowing attackers to route the users' internet traffic through malicious servers and steal sensitive data.

According to a new report from cybersecurity firm Qihoo 360's NetLab, just like the regular DNSChanger campaign, GhostDNS scans for the IP addresses for routers that use weak or no password at all, accesses the routers' settings, and then changes the router's default DNS address to the one controlled by the attackers.

 

[Current Threats]

Warning issued as Netflix subscribers hit by phishing attack

https://nakedsecurity.sophos.com/2018/09/21/warning-issued-as-netflix-subscribers-hit-by-phishing-attack/

Quote

Netflix phishing scammers are at it again – sending emails that try to steal sensitive details from subscribers.

Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.

Netflix, which has 130m global subscribers, is a popular target for phishers. Back in January we wrote up a similar scam which also targeted Netflix users.

 

[Current Threats]

Mass WordPress compromises redirect to tech support scams

https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/

Quote

During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September.

The sites that are affected are running the WordPress CMS and often using outdated plugins. We were not able to figure out whether this campaign was made worse by the exploitation of a single vulnerability, although the recent RCE for the Duplicator plugin came to mind.

Threat actors inject vulnerable sites in different ways. For example, on the client-side we see one large encoded blurb, usually in the HTML headers tag, and a one liner pointing to an external JavaScript. Website owners are also reporting malicious code within the wp_posts table of their WordPress database.

 

[Current Threats]

The article is about Australia, the problem is worldwide and on the rise.

Gone in 15 Minutes: Australia's Phone Number Theft Problem

https://www.databreachtoday.com/gone-in-15-minutes-australias-phone-number-theft-problem-a-11552

Quote

SIM hijacking is not a new attack, but there's increasing interest in stealing phone numbers. That's because banks often send two-step verification codes over SMS. Additionally, major services such as Google, LinkedIn, Facebook and Instagram use the mobile channel in some scenarios for password resets.

Over the past two years, fraud involving unauthorized phone ports has increased, mostly due to organized crime, says Detective Chief Inspector Matthew Craft of the New South Wales Police's Financial Crimes Squad. Craft says because of the mobile industry's "inability to implement some simple measures to prevent it from occurring," the problems have continued.

 

[Current Threats]

Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer

https://thehackernews.com/2018/09/newegg-credit-card-hack.html

Quote

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg.

Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.

Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.

 

[Current Threats]

I do believe we have some Indian members:

UIDAI’s Aadhaar Software Hacked, ID Database Compromised, Experts Confirm

https://www.huffingtonpost.in/2018/09/11/uidai-s-aadhaar-software-hacked-id-database-compromised-experts-confirm_a_23522472/

Quote

NEW DELHI—The authenticity of the data stored in India's controversial Aadhaaridentity database, which contains the biometrics and personal information of over 1 billion Indians, has been compromised by a software patch that disables critical security features of the software used to enrol new Aadhaar users, a three month-long investigation by HuffPost India reveals.

This has significant implications for national security at a time when the Indian government has sought to make Aadhaar numbers the gold standard for citizen identification, and mandatory for everything from using a mobile phone to accessing a bank account.

 

[Current Threats]

New Malware Combines Ransomware, Coin Mining and Botnet Features in One

https://thehackernews.com/2018/09/ransomware-coinmining-botnet.html

 

Quote

Windows and Linux users need to beware, as an all-in-one, destructive malware strain has been discovered in the wild that features multiple malware capabilities including ransomware, cryptocurrency miner, botnet, and self-propagating worm targeting Linux and Windows systems.

Dubbed XBash, the new malware, believed to be tied to the Iron Group, a.k.a. Rocke—the Chinese speaking APT threat actors group known for previous cyber attacks involving ransomware and cryptocurrency miners.

According to the researchers from security vendor Palo Alto Networks, who uncovered the malware, XBash is an all-in-one malware that features ransomware and cryptocurrency mining capabilities, as well as worm-like ability similar to WannaCry or Petya/NotPetya.

In addition to self-propagating capabilities, XBash also contains a functionality, which is not yet implemented, that could allow the malware to spread quickly within an organization's network.

Important: Paying Ransom Will Get You Nothing!

What's worrisome is that the malware itself does not contain any functionality that would allow the recovery of the deleted databases once a ransom amount has been paid by the victims.

To date, XBash has infected at least 48 victims, who have already paid the ransom, making about $6,000 to date for cybercriminals behind the threat. However, researchers see no evidence that the paid payments have resulted in the recovery of data for the victims.

 

[The Internet Is In Danger of Drowning (Video)]

Most internet network cables are installed along the coasts. With rising sea levels, the placement of these cables needs to be moved if the internet is going to survive.

https://cheddar.com/videos/the-internet-is-in-danger-of-drowning/

[How To Check If Your Twitter Account Has Been Hacked]

How To Check If Your Twitter Account Has Been Hacked

https://thehackernews.com/2018/09/twitter-account-hacked.html

Quote

Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened?

Twitter now lets you know this.

After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account.

Twitter has recently rolled out a new security feature for its users, dubbed Apps and Sessions, allowing you to know which apps and devices are accessing your Twitter account, along with the location of those devices.

In order to find out current and all past logged in devices and locations where your Twitter account was accessed for the last couple months, follow these steps:

 

[Current Threats]

Apple Removes Several Trend Micro Apps For Collecting MacOS Users' Data

https://thehackernews.com/2018/09/apple-trendmicro-macos-apps.html

Quote

Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.

The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers.

The apps were removed just two days after Apple kicked out another popular "Adware Doctor" application for collecting and sending browser history data from users' Safari, Chrome, and Firefox to a server in China.

 

[Current Threats]

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html

Quote

A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS.

While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks.

The phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake.

Discovered by Pakistan-based security researcher Rafay Baloch, the vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading.

 

[Patch Tuesday Updates (Windows)]

Microsoft Issues Software Updates for 17 Critical Vulnerabilities

https://thehackernews.com/2018/09/microsoft-software-updates.html

Quote

Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity.

This month's security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET, and more.

Four of the security vulnerabilities patched by the tech giant this month have been listed as "publicly known" and more likely exploited in the wild at the time of release.

 

[5 things that will slow your Wi-Fi network]

That is good to hear. I am glad you found it useful.

Cheers!

[Cybersecurity Need-to-Know for Web Developers]

Most of you think of cyber security as more attacks on your PCs and less a issue for web developers. You worry about keeping your PC and your data safe and worry about improving your design understanding and graphic skills. This is not a condemnation, before security and programming I was a web developer too until 2008 or so. I saw the world this way as well.

So finally, I have some fresh training under my belt on web applications, so here are my tips for you to keep your web sites and especially your client’s sites more secure. A good link for more info is http://www.webappsec.org/ as webapp security can be its own standalone job in the general world of cyber security.

 

The facts:

• 2017 reports show that 21% of breaches were web-based attacks on sites and applications.
• You need not be a target, just a means to a target. As you know, you can look at your web site as a folder on a server among many other folders, that is why it is cheap unless you pay for something more. So, if we both are on a sever and my folder is to hard to get into from outside, they will hack your site, one in your folder, they can laterally transfer into my folder once they are in the server. One person’s week security is a backdoor into everyone else’s web site.
• By far, the most serious security vulnerability is SQL injection.
• There is a 37% likelihood of Information Leakage being the first thing attackers look at. Data being shown that tells attackers what technology you use that they can use to get in.

 

Web Sites:

• Predictable Resource Locations (PRL, 15%), by this we mean things common to computers, programs or even people. Attackers may just choose to enter a folder or document by typing it in, in a solid guess that it may exist.
  • /admin
  • .config.php
  • /web-console
  • /temp
  • /webdav
  • .bak
  • .old
  • .orig
  • .keep
  • .save
• Standard Apache folder structure
• Standard PHP folder structure
• Robots.txt is another leak many of you should know the use of at least. Theoretically robots.txt holds a list of folders you do not want web crawlers to index for search engines. I used them thinking they could not hurt even if they are ignored by many crawlers. As a hacker, I have to wonder why you are hiding the folder ~joe from search engines? Must be something interesting enough to check out. It is not protected, and they are kept in the same place with the same name, so I just have to type it in the address bar and see what folders out there that you want to hide.
• How about Directory Indexing that can get me to the contents of folders?

 

Web Servers:

• Consider the Response Header of web pages, it holds useful information:
  • Date/timestamp can help narrow down where your server is.
  • It will show the server – example: Server: Microsoft-IIS/7.5. Now that you know the server, you can go to the National Vulnerabilities Database and find vulnerabilities for that version of IIS you can use to breach it.
  • It may show for instance what version of ASP.NET you may have used so you can find vulnerabilities for that.
  • It may show what CMS and the version and that can be used to find vulnerabilities for that version.
  • This data is there by default. You/your host must change the server settings in order to block such information
• Verbose Errors Messages (technical errors messages):
  • You have seen these, the error messages that pop up in the browser but do not really tell you where the issue is. Find one and have a good look at it. See what info it is giving away to the viewer/attacker.
  • A typical one you are likely to see is the HTTP Status 500 error. Look at the data it is broadcasting to the attacker.
  • It may show anything from folder structure to scripts you have running and variables and processes you are using. Again, the more info the attacker has the easier to attack you.
  • Ensure that you have generic error messages in production that will not share info with attackers. You can still get the data from Logs for instance.
• Keep all un-needed data off production errors, use generic error pages, have default server configuration inspected for security issues and finally, keep everything updated. The worst attacks of 2017/2018 were due to old servers or unpatched servers.
• 300 Error Multiple Choices, this is when a server cannot find a page and may “suggest” pages. These pages may be unknown to the attacker but now been spotlighted by the server being helpful to the user.
• Disable support for weak cipher suites, so only strong encryption is used. You want to disable support for:
  • RC4
  • Null Ciphers
  • Export Ciphers
  • Single DES
  • Triple DES
• Use AES 128-SHA for TLS 1.0 & 1.1
• Use AES 128-GCM-SHA256 for TLS 1.2

[Current Threats]

Cyber security is not just about protecting your data and files. It also includes protecting your-self. Who you are, what you do, what you like. Habits and data describing who you are as well as just data representing you like birthdays and SSNs.

SO we need to beware of data collected about us as much as data that is ours. Anything free like Google is collecting data about you and selling it for their own profit, that is why you get the free services.

 

Google Secretly Tracks What You Buy Offline Using Mastercard Data

https://thehackernews.com/2018/09/google-mastercard-advertising.html

Quote

Over a week after Google admitted the company tracks users' location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.

Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.

According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google.

 

[Current Threats]

I must assume we have a few more Canadian types other than our favorite admin, so heads up to all our neighbors:

Air Canada Suffers Data Breach — 20,000 Mobile App Users Affected

https://thehackernews.com/2018/08/air-canada-data-breach.html

Quote

The exposed information contains basic information such as customers' names, email addresses, phone numbers, and other information they have added to their profiles.
 

Passport Numbers Exposed in Air Canada Data Breach

However, what's worrisome?

Hackers could have also accessed additional data including customer's passport number, passport expiration date, passport country of issuance and country of residence, Aeroplan number, known traveler number, NEXUS number, gender, date of birth, and nationality, if users had this information saved in their profile on the Air Canada mobile app.

The airline assured its customers that credit card information saved to their profile was "encrypted and stored in compliance with security standards set by the payment card industry or PCI standards," and therefore, are protected.

 

[Fantastic News Everyone! Win95 is back! Who would have thought.]

Come on you old-timers, admit it, you missed it! It was the greatest thing since sliced bread, and you all know there are games out there that you miss that never got ported up the line. 

Windows 95 is now an app you can download and install on macOS, Windows, and Linux

https://www.theverge.com/2018/8/23/17773180/microsoft-windows-95-app-download-features

Quote

Windows 95 is the operating system that’s now used as a yardstick for what’s possible on modern devices and platforms. We’ve seen Microsoft’s popular OS appear on the Apple Watch, an Android Wear smartwatch, and even the Xbox One. Today, someone has gone a step further and made Windows 95 into an app that you can run on macOS, Windows, and Linux.

 

[The Issue of Net Neutrality]

Possibly a good example of the loss of Net Neutrality for those of you still not really following along with what it means.I think it is, but Verizon's claim is not without merrit, I just don't buy it myself.

Fire dept. rejects Verizon’s “customer support mistake” excuse for throttling

County disputes Verizon claim that throttling "has nothing to do with net neutrality."

https://arstechnica.com/tech-policy/2018/08/fire-dept-rejects-verizons-customer-support-mistake-excuse-for-throttling/

Quote

A fire department whose data was throttled by Verizon Wireless while it was fighting California's largest-ever wildfire has rejected Verizon's claim that the throttling was just a customer service error and "has nothing to do with net neutrality." The throttling "has everything to do with net neutrality," a Santa Clara County official said.

Verizon yesterday acknowledged that it shouldn't have continued throttling Santa Clara County Fire Department's "unlimited" data service while the department was battling the Mendocino Complex Fire. Verizon said the department had chosen an unlimited data plan that gets throttled to speeds of 200kbps or 600kbps after using 25GB a month but that Verizon failed to follow its policy of "remov[ing] data speed restrictions when contacted in emergency situations."

"This was a customer support mistake" and not a net neutrality issue, Verizon said.

 

[Hello Everybody!!]

Good to have you, welcome on board.

[Patch Tuesday Updates (Windows)]

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

https://thehackernews.com/2018/08/microsoft-patch-updates.html

Quote

...Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.

The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.

Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release.

According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully.

Besides this, Microsoft has also addressed 39 important flaws, one moderate and one low in severity.

 

[Google Android P is officially called Android 9 Pie]

Google Android P is officially called Android 9 Pie

https://thehackernews.com/2018/08/android-9-pie.html

Quote

Yes, the next version of sugary snack-themed Android and the successor to Android Oreo will now be known as Android 9.0 Pie, and it has officially arrived, Google revealed on Monday.

Google says Android Pie comes with a "heaping helping of artificial intelligence baked in to make your phone smarter, simpler, and more tailored to you."