×

Warning

JUser: :_load: Unable to load user with ID: 292

Announcement

Announcement (3)

(Source article was taken from: https://blog.malwarebytes.com/101/2017/09/google-reminds-website-owners-to-move-to-https-before-october-deadline/)

 

With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as “NOT SECURE” in the address bar. The company has started sending out warning emails to web owners in August as a follow-up to an announcement by Emily Schechter, Product Manager of Chrome Security Team, back in April.

Google began marking sites in Chrome v56, which was issued in January of this year. They targeted HTTP sites that collect user passwords and credit card details.

For owners to secure the information being shared among their visitors and their web server, they must start incorporating an SSL certificate. Failing to do this is risky for both parties: sites that allow the sending of information in clear text may also allow its exposure through the Internet.

Ms. Schechter also provided website owners with a handy guide on how to enable HTTPS on their servers. An additional guideline on how to avoid the “NOT SECURE” warning on Chrome is also available for web developers.

Looking at the way things are panning out, we can be confident that HTTPS will be the norm in no time. However, this doesn’t mean that all sites using SSL certificates can and should be trusted.

Google intended to separate phishing sites from legitimate ones with the marking of insecure sites, as Help Net Security noted in an article. Unfortunately, the introduction of new browser versions capable of flagging sites also promptly introduced more phishing sites using HTTPS. We’ve been seeing examples of this in the wild, as well, the latest of which was an Apple phishing campaign.

Discerning phishing pages from the real ones has become more challenging than ever. This is why it’s important for users to familiarize themselves with other signs that they might be on a phishing page apart from the lack of SSL certificates. Fortunately, users don’t have to look far from the address bar when they want to double-check that they’re on the right page before entering their credentials or banking details. Keep in mind the following when scrutinizing URLs and other elements around it:

  • Look for letters in the URL that may have been made to look like another letter or number, or there may be additional letters or numbers in the URL. For example, examplewebsite.com may appear as examplevvebsite.com—Catch that? The double ‘v’ together makes it look like the letter ‘w.’ This is an example of typosquatting. Here’s another example: examp1ewebsite.com—the ‘l’ in “example” is actually the number one.
  • Look for an Extended Validation Certificate (EV SSL). You know that a trusted website has this when you see a company name beside the URL, as you can see from the below UK Paypal address. Not all sites with SSL have this, unfortunately, but some of the trusted brands online already use EV SSL, such as Bank of America, eBay, Apple, and Microsoft.

Lastly, be aware that phishers may use a free SSL certificate in their campaign to make it appear legitimate. They may also hijack sites that already have SSL in place, adding more to the veil of legitimacy they want to attain.

Tuesday, 16 May 2017 12:08

Beware of The WannaCry Ransomware Attack!!

Written by

(Source ad image was taken from: https://en.wikipedia.org/wiki/WannaCry_ransomware_attack)

 

IMPORTANT TIP!

Have a backup solution of your important data (from time to time) in place such as keeping your important files in a 3rd party data storage (external hard disk, thumbdrive, DVD or CD) to evade ransomware attacks.

 

The WannaCry ransomware attack (or WannaCrypt, WanaCrypt0r 2.0,Wanna Decryptor) is an ongoing cyber-attack of the WannaCry ransomware computer worm targeting the Microsoft Windows operating system. The attack started on Friday, 12 May 2017, infecting more than 230,000 computers in 150 countries, with the software demanding ransom payments in the cryptocurrency Bitcoin in 28 languages. The attack has been described by Europol as unprecedented in scale.

The attack affected Telefónica and several other large companies in Spain, as well as parts of Britain's National Health Service (NHS), FedEx, Deutsche Bahn, and LATAM Airlines. Other targets in at least 99 countries were also reported to have been attacked around the same time.

Like previous ransomware, the attack spreads by phishing emails,but also uses the EternalBlue exploit and DoublePulsar backdoor developed by the U.S. National Security Agency (NSA) to spread through a network which has not installed recent security updates to directly infect any exposed systems. A "critical" patch had been issued by Microsoft on 14 March 2017 to remove the underlying vulnerability for supported systems,but many organizations had not yet applied it.

Those still running exposed older, unsupported operating systems were initially at particular risk, such as Windows XP and Windows Server 2003, but Microsoft has now taken the unusual step of releasing updates for these.

Shortly after the attack began, a web security researcher who blogs as "MalwareTech" accidentally found an effective kill switch, registering a website that was mentioned in the code of the ransomware. This slowed the spread of infection, but new versions have now been detected that lack the kill switch.

 

Background

The purported infection vector, EternalBlue, was released by the hacker group The Shadow Brokers on 14 April 2017, along with other tools apparently leaked from Equation Group, believed to be part of the United States National Security Agency.

EternalBlue exploits vulnerability MS17-010 in Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft had released a "Critical" advisory, along with an update patch to plug the vulnerability a month before, on 14 March 2017. This patch fixed several client versions of the Microsoft Windows operating system, including Windows Vista onwards (with the exception of Windows 8), as well as server and embedded versions such as Windows Server 2008 onwards and Windows Embedded POSReady 2009 respectively, but not the older Windows XP, according to Microsoft. According to Dona Sarkar, head of the Windows Insider Program at Microsoft, Windows 10 was not affected; however, IT writer Woody Leonhard questioned if this is the case with all Windows 10 systems, or just builds 14393.953 and later.

Starting from 21 April 2017, security researchers started reporting that computers with the DoublePulsar backdoor installed were in the tens of thousands. By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day. Apparently DoublePulsar was used alongside EternalBlue in the attack.

 

Attack

On 12 May 2017, WannaCry began affecting computers worldwide. The initial infection might have been either through a vulnerability in the network defenses or a very well-crafted spear phishing attack. When executed, the malware first checks the "kill switch" domain name.[a] If it is not found, then the ransomware encrypts the computer's data, then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and "laterally" to computers on the same network. As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days or $600 within seven days.

The Windows vulnerability is not a zero-day flaw, but one for which Microsoft had made available a security patch on 14 March 2017, nearly two months before the attack. The patch was to the Server Message Block (SMB) protocol used by Windows. Organizations that lacked this security patch were affected for this reason, although there is so far no evidence that any were specifically targeted by the ransomware developers. Initially, any organization still running the older Windows XP was at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014). However, after the outbreak, Microsoft released a security patch for Windows XP on 13 May 2017, the day after the attack launched.

According to Wired, affected systems will also have had the DoublePulsar backdoor installed; this will also need to be removed when systems are decrypted.

Ken Collins of Quartz wrote on May 12 that three or more hardcoded bitcoin addresses, or "wallets", are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown. To track the ransom payments in real time, a Twitterbot that watches each of the three wallets has been set up. As of 15 May 2017 at 7 PM, a total of 220 payments totaling $59,747.53 had been transferred.

Impact

The ransomware campaign was unprecedented in scale according to Europol. The attack affected many National Health Service hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected. On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted. In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP. NHS hospitals in Wales and Northern Ireland were unaffected by the attack.

Nissan Motor Manufacturing UK in Tyne and Wear, England halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware. The attack's impact could have been much worse had an anonymous security expert, who was independently researching the malware, not discovered that a kill-switch had been built in by its creators.

Cybersecurity expert Ori Eisen said that the attack appears to be "low-level" stuff, given the ransom demands of $300 and states that the same thing could be done to crucial infrastructure, like nuclear power plants, dams or railway systems.

Microsoft has also released patches to fix the exploit used by the ransomware on the operating systems Windows XP, its 64-bit counterpoint, Windows Server 2003, and Windows 8, even though they all have been unsupported during that time.

 

**For more article info please visit the source: Wikipedia Website

credit: https://owncloud.org/features/

 

Access, Sync and Share Your Data, Under Your Control!

ownCloud is a self-hosted file sync and share server. It provides access to your data through a web interface, sync clients or WebDAV while providing a platform to view, sync and share across devices easily — all under your control. ownCloud’s open architecture is extensible via a simple but powerful API for applications and plugins and it works with any storage.

 

Access everything you care about

Store your private pictures, documents, calendar and contacts on your ownCloud server at home, a rented VPS or use one of the public ownCloud providers. Access your existing data on an FTP drive at work, images shared with you on Dropbox, or your NAS at home--all through your ownCloud server.Run your ownCloud server in a place you trust and access all the data you care about in one place!

 

Your data is where you are

When traveling, access ownCloud through your Android or iOS devices. Automatically upload pictures after taking them. Sync files at home or work with the desktop client keeping one or more local folders synchronized between devices. And wherever you are, the web interface lets you view, share and edit your files alone or with others.
Wherever you are, your data is with you thanks to ownCloud!

 

Share with anybody on your terms

Send password protected public links so others can upload files to you; get notified on your phone when you get a share from your own or another ownCloud server. Edit documents together, have video calls over your own server, comment on pictures shared with or by you. Don't be alone!
With ownCloud, you easily share and collaborate with whomever you want.