Breaking Alert: Massive Memory Leak Exposes Passwords

On February 23, 2017 web services and security firm Cloudflare announced a massive memory leak that affected numerous websites, possibly including popular ones that you may have used.

Google's Project Zero team discovered the leak and reported it to Cloudfare on February 18, 2017. The leak, dubbed Cloudbleed, exposed passwords and private data. Software collaboration site Github has created a list of possibly affected websites:

See Github's list of potentially affected sites 

 

What You Should Do

Details of the news are still coming in. Based on what we know so far, here's what we recommend you do:

1. Change your passwords.

2. Share this alert with your friends.

If your friends' passwords get compromised, it could result in phishing attacks using their address books, which means you could be targeted.

Contact PowerOne if you (or your friends) need help setting up a password management tool or dealing with the fallout of this security issue.


How to tell if email is fake, spoofed, or spam

How to tell if email is fake, spoofed, or spam

By now, you've heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that's where you come in. Here are some tips to help you identify a phishing or spoofing email.

Don't trust the name

A favorite phishing tactic is to spoof the display name of an email. It's easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It's the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.

You can't trust the header

It's not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in Internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient's mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn't legitimate.There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that's different from the sender's address, then you have good cause to be suspicious.

Hover before you click

Clicking links in emails is inherently risky – you don't know where a button, link or video will actually send you. But, if you hover your mouse over any links embedded in the body of the email, you can see the raw link. If it looks strange, don't click it – there's a good chance the email is fraudulent.

Remember the basics

If an email has spelling mistakes, requests personal information, or is written in threatening language, you should be suspicious. If you did not initiate contact with the sender, be wary and think where they could have found your contact details.

Trust your instincts

Given today's e-mail infrastructure, there's not much that can be done to prevent spoofing. Companies and organizations can tighten up their mail servers. This just makes it a little more difficult for criminals, not impossible. Appearances can be deceiving. Just because an email has convincing logos, language, and a seemingly valid email address, does not mean that it's legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don't open it. If something looks off, there's probably a good reason why. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.  A legitimate email can always be resent if deleted by mistake.


Crysis Ransomware Infects Windows, Mac, and VMware Machines

Click on the image in our email to get further information about ransomware in general  The following article details only one type.

The Crysis ransomware is quickly yet quietly spreading to businesses across the globe. Even though it is more common and destructive than the Locky ransomware, Crysis has not received nearly as much press attention.

Two traits make Crysis one of the most troublesome ransomware variants:

  • Crysis works on multiple platforms. Crysis can infect Microsoft Windows computers and phones, Apple Macintosh computers, and some VMware virtual machines.
  • A Crysis infection can be considered a data breach. Besides encrypting files for ransom, Crysis sends the infected computers' names and some of the computers' encrypted files to a remote server controlled by cybercriminals. As a result, a Crysis ransomware attack can be considered a data breach. This is particularly problematic in businesses governed by regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA) and the EU Data Protection Regulation.

How Crysis Is Spread

Crysis is mainly spread through phishing emails. Sometimes, the phishing emails contain attachments that have double file extensions, which make the malicious files appear as non-executable files. Other times, the phishing emails include URLs that lead to malicious websites.

Cybercriminals are also spreading Crysis by disguising it as an installer for various legitimate programs such as WinRAR, Microsoft Excel, and iExplorer. They are distributing these disguised installers in online locations and shared networks.

Another way Crysis is spreading is through self-propagation. It uses a variety of self-running files to spread to other machines, including Windows Phone devices and other computers on the same network.

What Crysis Does

Once on a computer, Crysis uses Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) algorithms to encrypt more than 185 file types on fixed drives, removable drives (e.g., USB drives), and network shares. It even encrypts many operating system files, which can make the computer unstable.

After the files are encrypted, Crysis sends the computer's name and a number of encrypted files to a remote server controlled by the cybercriminals. It also delivers a ransom note to the victim. The ransom varies, typically ranging from 0.8 to 1.8 bitcoins. (The exchange rate fluctuates, but a bitcoin is usually worth more than $500 USD.)

In Windows computers, the ransomware deletes any shadow copies made by the Volume Shadow Copy Service so that the victim cannot recover the files. It also creates new registry values that enable it to run every time the victim logs in to the computer. This makes it more difficult to remove the ransomware.

How to Protect Your Business from Crysis

To protect your business from Crysis, it is best to prepare a multilayer defense. The first line of defense is to make sure that all your computers and Windows Phone devices are protected against known vulnerabilities. This is achieved by using anti-malware software and regularly updating the operating system and applications on each device.

The second line of defense is educating employees about the dangers of opening attachments and clicking links in emails from unknown senders. It is also helpful for employees to receive some training on how to spot phishing emails

The last line of defense is to regularly back up files and systems on your business's computers and test those backups. This will not prevent a Crysis infection and the subsequent data breach, but it can save you from having to pay the ransom.

Contact your IT service provider for help in getting these lines of defense in place. PowerOne can also recommend other measures you can take to protect your business from Crysis and other ransomware.