TRI Newsletter – October 2018
Browser Spyware Infections “scareware”
Please continue to be diligent and aware when going online to surf the web or check your email. I still get calls 2-4 time a day about attacks of “Scareware”. The first thing you should do is Shut Down your computer. Many of them tell you not to, but that is because the scareware is loaded into your RAM (temporary storage). Once the computer shuts down that is cleared. The first thing I will ask when called is did you shut down your computer.
(Example of browser “scareware”)
If you get a page that tells you that you are infected with XXX many viruses and to call their tech support number right away, DON’T. What’s happening is your browser has being hijacked by the people claiming to have identified your infection. If you were to call, they will appear to be as legitimate as they can as they request your payment information. Because this is attempting to ‘get a reaction’ from you, both PC and MAC computers are at risk. HP, Dell, Microsoft and all other legitimate technicians will only call you when you have initiated a call to their support. Additionally, and unfortunately, due to these scareware tactics, if you attempt to Google or execute a web search for one of these legitimate company resources, it is even possible that the page you find is a fake landing page published by these malicious persons. (Look in your computer, software or printer documentation for a customer support number.)
What can you do now? If shutting down didn’t solve the problem, we can usually walk you through resetting your browser over the phone. If you clicked on/called the number, Shut Down your computer and call us. Most spyware can be cleaned off your computer in about an hour ($125).
50 million Facebook accounts breached by access-token-harvesting attack
Bugs in two features enabled mass harvest of single sign-on tokens.
Sean Gallagher – 9/28/2018, 1:35 PM
Facebook reset logins for millions of customers last night as it dealt with a data breach that may have exposed nearly 50 million accounts. The breach was caused by an exploit of three bugs in Facebook’s code that were introduced with the addition of a new video uploader in July of 2017. Facebook patched the vulnerabilities on Thursday, and it revoked access tokens for a total of 90 million users
In a call with press today, Facebook CEO Mark Zuckerberg said that the attack targeted the “view as” feature, “code that allowed people to see what other people were seeing when they viewed their profile,” Zuckerberg said. The attackers were able to use this feature, combined with the video uploader feature, to harvest access tokens. A surge in usage of the feature was detected on September 16, triggering the investigation that eventually discovered the breach.
NewEgg cracked in breach, hosted card-stealing code within its own checkout
Like British Airways breach, attack blended with site code, sent data to lookalike domain.
Sean Gallagher – 9/19/2018, 2:30 PM
If you feel that your account has been breached what should you do?
- Close accounts affected and/or create new accounts with the company.
- Verify all charges on credit cards were done by you.
- At the least, change passwords to a secure and different password.