Don’t Call or Click… BEWARE: Hackers, Scammers, Trolls & Low Lifes are on Overdrive!!

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, G.E. Investigations Articles, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Feb 262013

PHISHING

Yes Virginia… It is getting worse out there!

I know, I know…. Washington D.C. keeps saying that “Everything Is Getting Better!” But, I wish Washington and our so called Leaders would tell that to the “Scumbag Trolls” on the internet that it is okay to stop ripping people off because the gravy train is back! Until then, you should BE AWARE that there are new phishing scams in the works that will not only put you, your family, your friends, co-workers financially at risk… But also cost you more money on your cellular bill in the way of unwanted text messages.

Very soon, if not already, you will begin getting text messages from somebody you don’t know telling you something like…

“Hey its Jennifer, and I just took some new pictures and wanted to know what you think”

Well, if you decide to look, YOU’RE AN IDIOT!

This is another popular one that goes like this….

“OMG, I can’t believe you let them get a picture of you like that. Check it out (with a link)”

Well, I you decide to look, YOU’RE AN EVEN BIGGER IDIOT!

Or how about these two texts…

From: 8008274203@vtext.com
Message: Call 8 0 0 8 5 1 7 2 6 8 Attention Required California C U

From: 2222817829@vtext.com
Message: Attention Required 802 851 7268 California CU

The point in a nutshell is that you should not click or call anything remotely like this nor should you trust the message because it came from what you believe to be a loved / trusted one because it could be they clicked or the information was “SPOOFED” to look legitimate.

We have been posting article on this time of “PHISHING” Schemes, Malware, Trojans, Viruses, etc for awhile now to keep you in the know and as safe as you can be, based on your own caution and habits online.

Surf Safe… Be Safe!

From Your Friends at:

G.E. Investigations, LLC

Toll Free: 866.347.7948

Website: www.GeInvestigations.com

Follow Us / Like Us for more updates and Postings to keep you aware!

** Twitter: http://www.Twitter.com/GeInvestigation

** Facebook: http://www.facebook.com/pages/Phoenix-AZ/GE-Investigations-LLC/125237851985

Thousands of WordPress Sites Hacked To Push Work From Home Scam

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Nov 122012

Thousands of WordPress Sites Hacked To Push Work From Home Scam

Security Week
by Fahmida Y. Rashid
November 11, 2012

Thousands of WordPress websites have been hijacked recently to redirect to a “work at home” scam, according to researchers at Zscaler ThreatLabz.

The WordPress sites were hijacked to redirect visitors to the sites to two scam URLs, Julian Sobrier, a senior security researcher at Zscaler, wrote on the ThreatLabz blog. It appears that the scammers had added new pages with randomly-generated filenames inside the /wp-includes/ directory on the sites.

Attackers like to put malicious pages inside standard directories such as /wp-includes/ because many users generally don’t know which files belong there and which do not, Sobrier told SecurityWeek. The /wp-includes/ directory is a part of every WordPress installation and contains much of the core code. Webmasters recommended not adding, removing, or modifying files in this directory as it may cause the WordPress site to stop working.

“Attackers choose carefully the location of their new files to hide them,” Sobrier said.

While some of the hijacked sites have been blacklisted by Google Safe Browsing, majority of them are not flagged, Sobrier said. The visitors to these WordPress sites are all redirected to one of the two scam sites, realonlineincnow.com or online13workhome.com. Neither site was blacklisted by Google Safe Browsing at the time Sobrier wrote the post.

These hijacked sites were legitimate WordPress sites which had been hacked specifically for the campaign, Sobrier said. The scammers appeared to be sending out spam to propagate the link to the hijacked Websites.

Even though work-from-home scams are not new, Sobrier felt this particular campaign was “one of the biggest campaigns” due to the number of hijacked Websites. This campaign just illustrates how compromising thousands of Websites to redirect traffic to a malicious site can be “very easy, and very cheap” to do, Sobrier said.

The malicious scam site almost always takes on the appearance of a media outlet, including legitimate ones such as NBC or made-up outlets with “newsy” names, with a news article touting the success of the particular “opportunity.” It usually goes along the lines of how someone was able to make several thousand dollars a month from home. Most of them are also well-designed, with fake ads and links to news summaries.

“Work at home” scams have been around in some shape or form for a long time, and scammers are continuously finding new ways to target victims. Many of the sites take advantage of localization capabilities in order to modify the title of the article to reflect the site visitor’s geographic location.

Earlier this year, many of the scam sites started displaying Facebook Like icons on their pages to convey a sense of legitimacy. Facebook allows you to embed any Like widget on any website, even if the domains or URLs do not correspond. Scammers are using this trick to appear more legitimate, by tricking visitors into thinking their website has been visited and liked by many people.

Zscaler researchers also found that several work from home sites appeared earlier this year on the list of the top-20,000 most visited sites in the world.

Direct Link: http://www.securityweek.com/thousands-wordpress-sites-hacked-push-work-home-scam

University of Maine Hacked

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security No Responses »

May 122012

University of Maine Hacked

1,175 Social Security numbers and 435 credit card numbers may have been accessed.

eSecurityPlanet News

By Jeff Goldman

May 11, 2012

The University of Maine recently stated that hackers had breached a university server, resulting in the possible exposure of as many as 1,175 Social Security numbers and 435 credit card numbers.

“John Gregory, executive director of Information Technologies at UMaine, said Thursday that the Computer Connection, the computer store involved in the breach, primarily serves the Orono campus,” The Kennebec Journal reports. “It is possible that students from other campuses, including the University of Maine at Augusta, could purchase computers from there, but Gregory said it wouldn’t make up a large part of the store’s business.”

The server also provided services to a computer store at the University of Arkansas, potentially affecting over a thousand customers there as well. “However, university officials are continuing to investigate the matter and believe that once it completes its analysis, the actual number of affected customers will be smaller,” according to a University of Arizona press release. “At this time, a review shows that seven customers’ complete credit card numbers were located in the breached data server, with one customer being a unit of the university. Significantly, no security codes or other sensitive authentication data were stored on the server for any customers, officials said.”

“The Maine State Police Computer Crimes Unit, FBI, UMaine police and information technology staff at the University of Maine System and its flagship campus are investigating the server security breach,” writes Bangor Daily News’ Nick McCrea. “Investigators are working with AllClear ID’s Identity Protection Network to notify affected customers.”

“The University of Maine also experienced a computer security breach in 2010, when hackers allegedly accessed personal data of an estimated 4,585 students from the campus Counseling Center,” Mainebiz reports. “Forensic analysis ultimately revealed that no personal data was uploaded or shared.”

Direct Link: http://www.esecurityplanet.com/hackers/university-of-maine-hacked.html

Hacker steals data on 780,000 Utahns from state computer

Apr 112012

Hacker steals data on 780,000 Utahns from state computer

USA TODAY

By Michael Winter

April 9, 2012

A computer hacker stole Social Security numbers for 280,000 Utahns and swiped names, addresses and birth dates for 500,000 others, state officials said today.

Utah Department of Technology Services

Officials announced the dramatically higher estimates at a news conference, the Salt Lake Tribune reports. Utahns covered by Medicaid or the Children’s Health Insurance Program (CHIP) who sought health care in the past four months are the most likely victims of the identify theft, officials said.

They first believed that the data theft, which occurred late April 1, involved only 24,000 Medicaid payment claims or eligibility inquiries. That estimate grew to more than 182,000 and included people covered by CHIP, among others.

A hacker traced to Eastern Europe first accessed a weakly protected computer server at the Utah Department of Health on March 30. The thief downloaded about 224,000 files, some of which contained hundreds of records, said health department spokesman Tom Huduchko, the Associated Press says. The breach was discovered April 2.

In a statement, the Department of Technology Services explained that a “configuration error occurred at the password authentication level, allowing the hacker to circumvent DTS’s security system.”

The stolen Social Security numbers did not include other personal information, he said. But the files had other data for 500,000 additional individuals.

The DTS noted in an FAQ (pdf) that claims payment and eligibility inquiries “contain sensitive, personal health information from individuals and health care providers. Such information could include Social Security numbers, names, dates of birth, addresses, diagnosis codes, national provider identification numbers, provider taxpayer identification numbers, and billing codes.”

The revised figure means that roughly one in four Utahns may have had their individual information compromised.

State officials will be contacting affected residents. Those whose Social Security numbers were stolen will receive a year of free credit-record monitoring. The news release has more information.

Direct Link: http://content.usatoday.com/communities/ondeadline/post/2012/04/hacker-steals-data-on-780k-from-utah-state-computer/1?csp=34news#.T4ZNqNmWtI5

Microsoft Patches Critical Windows Zero-day Bug That Hackers Are Now Exploiting

Apr 112012

Microsoft Patches Critical Windows Zero-day Bug That Hackers Are Now Exploiting

Computerworld

By Gregg Keizer

April 10, 2012

Microsoft today delivered six security updates to patch 11 vulnerabilities in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting.

The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February.

But it was MS12-027 that got the most attention today.

“Things got a bit more interesting today,” said Andrew Storms, director of security operations at nCircle Security, “because Microsoft is reporting limited attacks in the wild.”

Flaws that attackers exploit before a patch is available are called “zero-day” vulnerabilities.

The single vulnerability patched in MS12-027 is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010; Microsoft also called out SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic as needing the patch.

Storms, other security experts and Microsoft, too, all identified MS12-027 as the first update users should install.

Hackers are already using the vulnerability in malformed text documents, which when opened either in Word or WordPad — the latter is a bare bones text editor bundled with every version of Windows, including Windows 7 — can hijack a PC, Microsoft acknowledged in a post to its Security Research & Defense (SRD) blog today.

“We list MS12-027 as our highest priority security update to deploy this month because we are aware of very limited, targeted attacks taking advantage of [the] CVE-2012-0158 vulnerability using specially-crafted Office documents,” said Elia Florio, an engineer with the Microsoft Security Response Center, in the SRD blog post.

Microsoft did not disclose when it first became aware of the attacks, or who reported the vulnerability to its security team.

Storms speculated that an individual or company had been attacked, uncovered the bug and notified Microsoft.

Microsoft rarely deploys a patch “out of cycle,” meaning outside its usual second Tuesday of every month schedule. The last such update was shipped in December 2011, and was the first for that year.

Also affected is software written by third-party developers who have bundled the buggy ActiveX control with their code or called it. Those developers will have to provide their own updates to customers.

“Any developer that has released an ActiveX control should review the information for this security bulletin,” said Jason Miller, manager of research and development at VMware. “These developers may need to release updates to their own software to ensure they are not using a vulnerable file in their ActiveX control.”

Attackers can also exploit this bug using “drive-by download” attacks that automatically trigger the vulnerability when IE users browse to a malicious site, Microsoft admitted.

That means the flaw patched by MS12-027 is a double threat. “There are two attack scenarios. There’s the malicious website [scenario] and then RTF documents, which are pretty common,” Miller said.

Miller expects to see attackers glom onto the vulnerability once they have a chance to analyze the bug and craft their own exploits. “More and more will jump on this this month,” Miller argued.

Wolfgang Kandek, chief technology officer at Qualys, agreed. “Now that [the advisory] is published, other malware authors will be looking at it to see what’s there,” Kandek said. “We’re sure to see more attacks against this vulnerability.”

Eight of the 11 bugs patched today — including the one in MS12-027 — were rated “critical” by Microsoft, its highest threat ranking. Another was pegged “important,” and the remaining two were tagged as “moderate.”

Microsoft identified MS12-023, a five-patch fix for IE, as the other update to roll out ASAP.

The company typically releases an IE security update in even-numbered months; on those months, security professionals usually recommend that users apply the browser update first.

Not this month.

“MS12-027 trumps the IE update this month,” said Miller.

Storms also remarked on the downgrading of the IE bulletin. “When has there been a month when IE hasn’t been the one to patch first?” Storms asked. “I can’t remember one.”

Patches for IE9

Two of the five vulnerabilities in MS12-023 were rated critical for IE9, the newest edition of Microsoft’s browser that runs on Windows Vista and Windows 7.

Other bulletins today applied to Windows, .NET, Microsoft’s VPN (virtual private networking) tool and Office 2007 and the ancient — and no longer sold — Microsoft Works.

Miller pointed out that MS12-024, which patches a critical vulnerability in all supported versions of Windows, also applies to Windows 8 Consumer Preview.

Although the MS12-024 advisory does not mention Windows 8 Consumer Preview, anyone running that sneak peek will be offered the update, said Miller. Computerworld confirmed that MS12-024 was among several other non-security fixes Microsoft delivered to Windows 8 today.

According to Qualys, the bug in MS12-024 lets hackers hitch a ride inside legitimate software installation packages.

Amol Sarwate, manager of Qualys’ vulnerability research lab, said the vulnerability would be very attractive to purveyors of phony antivirus software, a category often called “scareware” or “rogueware.”

April’s six security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Similar Articles:

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld.

Direct Link: http://www.pcworld.com/businesscenter/article/253558/microsoft_patches_critical_windows_zeroday_bug_that_hackers_are_now_exploiting.html