TRI October 2018 Newsletter
TRI Newsletter – October 2018
Browser Spyware Infections “scareware”
Please continue to be diligent and aware when going online to surf the web or check your email. I still get calls 2-4 time a day about attacks of “Scareware”. The first thing you should do is Shut Down your computer. Many of them tell you not to, but that is because the scareware is loaded into your RAM (temporary storage). Once the computer shuts down that is cleared. The first thing I will ask when called is did you shut down your computer.
(Example of browser “scareware”)
If you get a page that tells you that you are infected with XXX many viruses and to call their tech support number right away, DON’T. What’s happening is your browser has being hijacked by the people claiming to have identified your infection. If you were to call, they will appear to be as legitimate as they can as they request your payment information. Because this is attempting to ‘get a reaction’ from you, both PC and MAC computers are at risk. HP, Dell, Microsoft and all other legitimate technicians will only call you when you have initiated a call to their support. Additionally, and unfortunately, due to these scareware tactics, if you attempt to Google or execute a web search for one of these legitimate company resources, it is even possible that the page you find is a fake landing page published by these malicious persons. (Look in your computer, software or printer documentation for a customer support number.)
What can you do now? If shutting down didn’t solve the problem, we can usually walk you through resetting your browser over the phone. If you clicked on/called the number, Shut Down your computer and call us. Most spyware can be cleaned off your computer in about an hour ($125).
50 million Facebook accounts breached by access-token-harvesting attack
Bugs in two features enabled mass harvest of single sign-on tokens.
Sean Gallagher – 9/28/2018, 1:35 PM
Excerpt
Facebook reset logins for millions of customers last night as it dealt with a data breach that may have exposed nearly 50 million accounts. The breach was caused by an exploit of three bugs in Facebook’s code that were introduced with the addition of a new video uploader in July of 2017. Facebook patched the vulnerabilities on Thursday, and it revoked access tokens for a total of 90 million users
In a call with press today, Facebook CEO Mark Zuckerberg said that the attack targeted the “view as” feature, “code that allowed people to see what other people were seeing when they viewed their profile,” Zuckerberg said. The attackers were able to use this feature, combined with the video uploader feature, to harvest access tokens. A surge in usage of the feature was detected on September 16, triggering the investigation that eventually discovered the breach.
NewEgg cracked in breach, hosted card-stealing code within its own checkout
Like British Airways breach, attack blended with site code, sent data to lookalike domain.
Sean Gallagher – 9/19/2018, 2:30 PM
Excerpt
The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg’s webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg’s Web infrastructure. It appears that all Web transactions over the past month were affected by the breach.
If you feel that your account has been breached what should you do?
- Close accounts affected and/or create new accounts with the company.
- Verify all charges on credit cards were done by you.
- At the least, change passwords to a secure and different password.
Thank you,
James, Chris, Michael, Clint, Brett & Suzi
Technical Reinforcements
612-720-0233
info@reinforceme.com
www.reinforceme.com
