Blog - Page 2 of 9 - Cyber One Solutions

ByBrian Carrico

We are the Backup and Disaster Recovery experts!

Have you ever deleted a crucial file or lost crucial data? At Cyber One Solutions we have a wealth of experience in backup solutions and disaster recovery — we are the experts in this field. For more information, please get in touch today or visit our website right away. https://www.cyberonesol.com

ByBrian Carrico

NSA to release its GHIDRA reverse engineering tool for free

The United States’ National Security Agency (NSA) is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco.

The existence of the framework, dubbed GHIDRA, was first publicly revealed by WikiLeaks in CIA Vault 7 leaks, but the tool once again came to light after Senior NSA Adviser Robert Joyce announced to publicly release the tool for free in his RSA Conference session description.

Reverse engineering tool is a disassembler, for example, IDA-Pro, that help researchers identify certain portions of a program to see how they work by reading information like its processor instructions, instruction lengths, and more.

GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux operating systems, and also supports a variety of processor instruction sets.

The toolkit can also be used to analyze binary files used by programs, including malware, for all major operating systems, including Windows, macOS, Linux as well as mobile platforms such as Android and iOS.

A synopsis for Joyce’s presentation notes that “the Ghidra platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”

According to the Vault 7 documents, GHIDRA was initially developed by the NSA in the early 2000s, and a Reddit user named hash_define who claimed to have had access to GHIDRA said that the tool had been shared with several other US government agencies in past few years.

While there is no such announcement that the NSA is planning to open source GHIDRA, some believe the agency will also publish GHIDRA source code on NSA’s code repository hosted by Github where it has already released 32 projects, so that the open source community can help maintain it for free.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


 
Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Mayday! NASA Warns Employees of Personal Information Breach

Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA)NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked.In an internal memo sent to all employees on Tuesday, NASA said the unknown hackers managed to gain access to one of its servers storing the personally identifiable information (PII), including social security numbers, of current and former employees.

The agency said NASA discovered the breach on October 23 when its cyber security personnel began investigating a possible breach of two of its servers holding employee records.

After discovering the intrusion, NASA has since secured its servers and informed that the agency is working with its federal cyber security partners “to examine the servers to determine the scope of the potential data ex-filtration and identify potentially affected individuals.” However, NASA said this process “will take time.”

It should be noted that no space missions were jeopardized by the cyber incident, the agency said.

According to the agency, any NASA Civil Service employee who joined, left, or transferred within the agency from July 2006 to October 2018 may have had their personal data compromised. NASA currently employs roughly 17,300 people.

The agency said all the affected employees would be notified once identified, and offered identity theft protection services and related resources to all affected employees, past and present.

“NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”

This is not the first time when the agency’s servers have been compromised. NASA suffered a massive security breach in 2016 when a hacking group released 276GB of sensitive data including flight logs and credentials of thousands of its employees.

At that time, the hackers even attempted to crash a $222 million drone into the Pacific Ocean by gaining control over the drone by rerouting the flight path.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Microsoft building Chrome-based browser to replace Edge on Windows 10

It is no secret how miserably Microsoft’s 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements.

According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project code name “Anaheim” internally, that will replace Edge on Windows 10 operating system as its new default browser, a journalist at Windows Central learned.

Though there is no mention of Project Anaheim on the Microsoft website as of now (except Anaheim Convention Center at California), many speculate that the new built-in browser could appear in the 19H1 development cycle of Microsoft’s Insider Preview program.

According to the report, the new browser will be powered by Blink rendering engine used by Chromium, one that also powers Google’s Chrome browser, instead of Microsoft’s own Edge HTML engine.

Chromium is an open-source Web browser project started by Google that is popular among web browser developers and also powers Vivaldi and Opera browsers.

“It’s unknown at this time if Anaheim will use the Edge brand or a new brand, or if the user interface between Edge and Anaheim is different. One thing is for sure, however; Edge HTML is dead,” the report said.

If you are unaware, Microsoft has already been using the Chromium rendering engine for its Edge browser on Android and iOS devices.

Details on Microsoft’s new Anaheim web browser are still scarce, and we are waiting to hear more about the project from Microsoft itself, but Windows Central speculates that we could see the new browser in action as early as April of next year.

If the rumor is true, Google, who celebrated the 10th anniversary of its Chrome web browser this year will gain an unbeatable monopoly in the browser market.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

New Android API Lets Developers Push Updates Within their Apps

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true.

Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it’s optional.

Along with the launch of a number of new tools and features at its Android Dev Summit 2018, Google has also launched the a new API, called “In-app Updates,” which aims to help developers ensure that users are running the latest and greatest version of their app.

“We’ve heard that you’d like more controls to ensure that users are running the latest and greatest version of your app. To address this, we’re launching an In-app Updates API,” Google said.

How Does Android’s New In-app Updates API Work?

It should be noted that the Android’s new In-app Updates API doesn’t force or lock out users from the app if they chose not to update it.

Instead, the API has been designed to aggressively inform users about the latest available updates and give them a smooth in-app installation experience without closing the app or opening the Google Play Store.

As explained by Aurash Mahbod, Google’s director of engineering, in the above video, the In-app Updates API gives Android developers two ways to push a new update to their users, as explained below:

1) Immediate in-app update (for critical patches) — App developers can display a full-screen message to their users informing them of a new update, which users can choose to download (if they want) and install immediately right then and there, within the app itself, before they can use the app.

For obvious or whatever other reasons, users can deny to update immediately and continue using the app, in case they are not connected to Wi-Fi or are low on the battery.

2) Flexible in-app update (for regular updates) — Using this option, Android app developers can display a small “available update” notification to users, giving them an option to accept it and then keep using the app while the new version app is downloaded in the background.

Once the app is downloaded, it will get installed the next time the user re-opens the app.

Flexible update also gives users the “Not Now” option, which users can select in case they don’t want to install the update.

The concept is good and definitely not new, as many applications already have custom mechanisms to determine if users are running an outdated version, then prompt them to install the latest version from the Play Store. However, the new API makes this whole process standard, smooth and easy, giving users a great new experience.

Android In-app Updates API

Aurash also said the company is currently testing the In-App Updates API in Google Chrome for Android and is making the new API available to developers who are early access partners. It will be available to all developers soon.

Google also says that Android developers will have the ability to completely customize the update flow so that it feels like part of your app, which indicates that all apps will not have the same in-app update experience.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Facebook Eyes Acquiring Major Cyber Security Firm

Facebook is reportedly looking to acquire a major cyber security firm following a massive breach that compromised data from 30 million accounts.

The company has approached several unnamed cyber security providers about potential acquisitions, according to The Information.

The social media giant, after a preliminary review, says the hack was likely carried out by spammers, according to the Wall Street Journal, not a state-sponsored attack as some had feared.

The hackers were able to exploit a vulnerability in the platform’s “View As” feature that lets users see what their profile looks like to other users, depending on their privacy settings. The hackers were able to gain access codes to user accounts without having their passwords.

Facebook has said that it’s working with the FBI about the breach.

The hack came after a difficult year of setbacks for Facebook, starting with revelations that Russian trolls had manipulated its platform in an attempt to influence the 2016 presidential election.

Facebook hit a nadir during the Cambridge Analytica scandal when it was revealed that the British research firm improperly obtained user data from 87 million Facebook accounts which were then allegedly used for voter suppression efforts and other election-related actions.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Cyber One Solutions signs with @ConnectWise

Cyber One Solutions is very excited to announce that we have partnered up with @ConnectWise to deploy their Business Management Software packages @QuosalQuote, @ScreenConnect and @LabTechSoftware to run our IT and Managed Services more efficiently.

@ConnectWise transforms how Technology Teams build, manage, and grow their businesses. Their solutions increase productivity, efficiency, and profitability.

We appreciate both @ConnectWise as well as @IngramMicroInc for having us out in #TampaBayFL last week to show us their product offerings.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

30 Million Facebook Accounts Were Hacked: Check If You’re One of Them

Late last month Facebook announced its massive security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the ‘View As’ feature.

At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million.

Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn’t manage to access any third-party app data.

Here’s How Facebook Classified the Stolen Data:

hack facebook

Facebook vice president of product management Guy Rosen published a new blog post Friday morning to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows:

  • For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
  • For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
  • A remaining 1 million Facebook users did not have any personal data accessed by the attackers.

Besides this, Rosen also added that the attackers had no information to data from “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.”

Moreover, hackers also were not able to access any private message content, with one notable exception—If a user is a Facebook page administrator who had received or exchanged messages from someone on Facebook, the content of those messages was exposed to the attackers.

Here’s How to Check If You Are One of 30 Million Affected Users

Facebook said users can check whether they were affected by the breach by visiting the social network’s Help Center.

Facebook also added that the company will directly inform those 30 million users affected to explain what information the attackers might have accessed, along with steps they can take to help protect themselves from any suspicious emails, text messages, or calls.

So far the identity of the hackers remains unclear, but Rosen said Facebook is working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to investigate who might be behind the breach or if they were targeting anyone in particular.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend.

The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.

The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night.

“We are currently experiencing technical problems with our flight information screens,” a post on the Bristol Airport’s official Twitter feed read on Friday.”Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.”

The airport also urged passengers to arrive early and “allow extra time for check-in and boarding processes,” though this two days technical meltdown caused delays in baggage handling, with customers needed to wait longer than one hour for their bags.

However, no flight delays were reportedly caused due to the cyber attack.

An airport spokesman said that the information screens went offline due to a so-called “ransomware” attack, though he confirmed that no “ransom” had been paid to get the airport systems working again.

Affected systems and flight information screens were finally restored on Sunday, officials said.

“We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” the airport tweeted on Sunday.

At the moment, it is not clear how the ransomware got into the airport systems. Bristol is carrying out an investigation to find out what happened.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.
ByCOS Webmaster

Hackers Steal Customers’ Credit Cards From Newegg Electronics Retailer

The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg.

Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.

Magecart hackers used what researchers called a digital credit card skimmer wherein they inserted a few lines of malicious Javascript code into the checkout page of Newegg website that captured payment information of customers making purchasing on the site and then send it to a remote server.

Active since at least 2015, the Magecart hacking group registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain newegg.com, and acquired an SSL certificate issued for the domain by Comodo for their website.

A day later, the group inserted the skimmer code into the Newegg website at the payment processing page, so that it would not come into play until or unless the payment page was hit.

So, when customers add a product in their shopping cart, enter their delivery information during the first step of the check-out, and validate their address, the website takes them to the payment processing page to enter their credit card information.

445015869041890415610615604156013.PNG

As soon as the customer hit submit button after entering their credit card information, the skimmer code immediately sends a copy that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.

Newegg Hack May Affect Millions of Customers

The attack affected both desktop and mobile customers, though it is still unclear how many customers were actually hit by this credit card breach.

However, considering that more than 50 million shoppers visit Newegg every month and that the malicious code was there for over one month, it could be assumed that this Magecart newest card skimming campaign has possibly stolen the payment information on millions of Newegg customers, even if only a fraction of those visitors make purchases.

Earlier this month, the Magecart hacking group breached the British Airways website and its mobile application and managed to walk away with a bounty of sensitive payment card data from 380,000 victims.

“The skimmer code [used in the Newegg breach] is recognizable from the British Airways incident, with the same basecode,” RiskIQ researchers said.

“All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways.”

In the Newegg case, the hackers used smaller skimmer code of “a tidy 15 lines of script,” since it only had to serialize one form.

If you are one of those Newegg customers who entered their credit card details on the website during the attack period, you should immediately contact your bank, block your payment card, and request for a replacement.

However, the way Magecart is scooping up payment card data from popular services with relatively little efforts suggests that Newegg probably will not be its last target.

Cyber One Solutions specializes in offering Managed IT ServicesManaged Security ServicesCloud Services, Project ServicesVoIP ServicesConsulting, and more.


Have something to say about this article? Comment below or share it with us on Facebook or Twitter.