Tag Archives: hackers

RESEARCHERS PROVE ABILITY TO HACK DEVICES USING SOUND WAVES

Yesterday, computer security researchers from the University of Michigan and the University of South Carolina proved they have discovered a way to hack into a device using sound ways. This newly found weakness allows them to control or influence devices through tiny accelerometers. Accelerometers are instruments that measure acceleration and are manufactured as dynamic silicon chip-based devices used to sense movement or vibrations known as microelectromechanical systems, or MEMS. They are used for navigating, determining the orientation of a tablet and calculating distance in fitness monitors. Accelerometers are standard in consumer products such as smartphones, Fitbits and automobiles.

In the paper highlighting the research, they demonstrate how they were able to add additional steps to a Fitbit monitor, as well as, play a “malicious” music file from a smartphone, demonstrating they can control the phone’s accelerometer. Kevin Fu, one author of the paper, stated, “It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words.” He went on to say, “You can think of it as a musical virus.”

In addition, research from the paper shows that with the toy car, they did not infiltrate the car’s microprocessor, but rather controlled the car by forcing the accelerometer to generate fake readings. Computer security researchers remarked that this is new insight into cybersecurity challenges in complex systems, which show how analog and digital components can interact in unpredictable ways.

Vinny Troia, CEO of NightLion Security commented, “as we see a heightened push to develop self-driving vehicles from numerous companies, undetected vulnerabilities, such as this one, that could allow an attacker to remotely control a self-driving vehicle is disturbing, but a reality that should be seriously considered.”

The computer security researchers will be presenting their findings at the IEEE European Symposium on Security and Privacy in Paris next month.

Gmail Forbids JavaScript Attachments

As of February 13, Gmail is no longer allowing emails to be sent with a JavaScript attachment. Gmail restricts numerous file attachments for security purposes and now .js files have been added to the list.

“JavaScript files have been the main source of malware viruses within the past few years”, says NighLion Security CEO Vinny Troia. This is exactly why Google has begun forbidding .js attachments.

That being said, Gmail users should keep in mind that malware can be found within other file attachments that are not yet a part of Gmail’s restricted list. According to iTech Post, Malware is being reported to have switched from using JavaScript to SVG attachments and malicious LNK. The malware is being embedded into ZIP archives with malicious PowerShell scripts attached.

Per security experts, PowerShell is a scripting language in the Windows system used for automated administration tasks. These scripts have been used to download malware in the past, and some malware programs are written entirely in PowerShell.

Regardless of this malware switch, by blocking emails with JavaScript attachments Gmail is eliminating one of the main sources of malware transportation. Nonetheless, if you need to send a .js file for a legitimate purpose, you can do so using Google Drive, Google Cloud Storage or other types of storage solutions.

A good rule to live by is if you don’t know a file type or what it does, don’t open it.

Hacks on WordPress sites deliver malware to visitors

WordPress sites are experiencing a large increase in hacks that deliver malware and ransomware to first-time, unsuspecting users. It is not yet clear how this is happening but it is being looked into extensively. No one should be visiting WordPress sites with out-of-date versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight, or Internet Explorer. With these outdated systems, you can find your computers infected with the ransomware package, which puts a hold on your computer system until you pay a hefty ransom.

To disguise the attack furthermore, the code redirects users through a series of sites before delivering the malware. It is possible that hackers are regularly updating malware when old ones get flagged.

This shows that trustworthy sites can still expose you to malware and hacks. The best way to prevent hacks is to be up-to-date on security updates when they become available.

Business malware removal

Identity theft Increases during tax season

Identity theft has become an increasingly large issue throughout the world. Unfortunately, it is an even bigger issue around tax season, according to a video from KSDK. Last year alone 500,000 people complained of stolen identity and about half occurred during tax season.

The only things you can do to prevent identity fraud is by filing your taxes earlier and using an IRS pin number to file safely. Vinny Troia, Cyber Security Expert and CEO of Night Lion Security, explained how the IRS pin is the main way to avoid a stolen identity because the pin is only assigned to one person and no one else can file your taxes for you unless they get the pin number.

Click here to watch the video to learn more.

Ransomware detected in Israel cyber attack

Israel experienced a severe cyber attack last Monday. A virus known as ransomware was sent through email and was discovered in the energy department and the suspects are still unknown. Ransomware is software that blocks users from accessing their computer system and have to pay the ransom in order to gain access. They had to paralyze lots of the Israeli Electricity Authority’s computers, according to an article on Tech insider. Ransomware has become very common and causes disastrous consequences.

Click here to read more on the article.

Cyber Defenses are essential in stopping attacks

The Securities and Exchange Commission (SEC) made it clear that prevention is their main goal in their cyber security enforcement agenda this year, according to an article on the Financial Times. Recently RT Jones, a small regional investment agency experienced a cyber attack by China and had 100,000 of their clients’ information stolen. This was upsetting to the SEC because they had just openly stated that investment advisers and broker-dealers must get their cyber defenses in order to prevent hackers.

The SEC had established a list of grievances against RT Jones about the failure to implement cyber defenses. It has been a long time coming for the SEC to finally crack down on companies. The SEC is certain that preventative measures are the best way to decrease the alarming amount of cyber attacks on the financial service industry. Now if a company experiences a cyber attack, they may face a dilemma with the SEC as well.

Read more on the article here.

Biggest cyber threats of 2016

As time goes on, hackers are becoming increasingly advanced. In 2015, 34.2 percent of computer users experienced at least one Web attack. This is a huge issue for users and is only expected to get worse. It is expected that data breaches, ransomware and browser plug-ins will be the biggest security threat of 2016, according to an article on Fox News.

Data breaches are the most well known and this is when hackers steal payment information. Retailers will continue to be hit by hackers but there are some predictions of different kinds of industries to be hit this year including hotel industries, medical insurance and high-tech toy industries. The Apple pay system is a good way to prevent hackers stealing credit card information, as well as EMV chips in credit and debit cards.

Ransomware is a type of malware that prohibits users from using their system. The victims have to pay a ransom through an online payment method to access their system again. The FBI actually suggests victims paying the ransom in order to use their system again. To prevent this from happening, watch out for what you click on. Ransomware has to be installed before it can actually work on someone.

It is reported that people spend much of their time on Web browsers. Hackers can find a flaw in a browser and try to get victims to click on a bad site. This is another reason why people need to pay close attention to what they are clicking on.

Click here to read more on this article.