Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

  • CyberSecure Solutions Security Bulletin (July 24, 2019)

    Overview

    • Phish Tale of the Week
    • Sprint Breach Exposes Customer Data
    • Critical Flaw Found In VLC Media Player
    • How Can Netizen/CyberSecure Solutions help? 

    Phish Tale of the Week

    As is typical for most businesses, our HQ Office inbox receives the occasional phishing email attempting to trick an employee into sending the perpetrator some sort of payment or money order. In this case, the perpetrator was impersonating CyberSecure Solutions CEO, Michael W. Hawkins. Fortunately, Netizen and CyberSecure Solutions staff are regularly trained in email phishing and social engineering awareness. The attempt pictured below can be deconstructed and analyzed to point out the obvious, and not so obvious, details that prove this email to be fraudulent. 

    Take a look below:

    Some tell-tale signs that raise suspicions:

    1. The first detail shows that this email is being sent from an EXTERNAL account outside of the Netizen/CyberSecure environment. 
    2. Second, we can see multiple text and grammar errors, such as examples 2 and 3. 
    3. Example 4 shows an unprofessional signature to the email, which does not match the standard company signature. 


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: Sprint Customer Data Breached via Samsung Website Flaw, Critical Flaw Found in VLC Media Player

    Sprint Customer Data Exposed

    Sprint informed its customers that a major security breach took place on June 22. Hackers used an undefined vulnerability on a promotional Samsung website to obtain Sprint customer information. The amount of accounts breached has not been disclosed yet, but Sprint stated that among the exposed data was customers’ cellphone numbers, addresses, device types, device ID’s account numbers, and first and last names. The company promptly secured the vulnerability, changing the PINs for accounts that may have been compromised, and informed its customers of the event as well as recommendations to change their account passwords to avoid any possible exploits. Those affected have also been notified to place fraud alerts on their credit reports, monitor their credit changes and file a report of any suspected cases of identity theft.

    Experts warn any victims of the breach to follow the recommended actions take this breach seriously. “Regardless of the number of individuals affected, the type of information hackers had access to leaves Sprint customers vulnerable to identity theft and fraudulent activity,” Bitglass Chief Technology Officer Anurag Kahol said. “When armed with payment card information and personally identifiable information (PII), malicious parties can engage in highly targeted phishing attacks, make fraudulent purchases, sell said data on the dark web for a quick profit, and much more.”   

    To read more about the Sprint breach, click here.

    VLC Media Player Vulnerability Leaves PCs Exposed

    VLC Media Player is a free and open-source, cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. The tool is a very popular program that operates on Windows, Linux, Mac OS X, Unix, iOS, and Android systems. However, with its popularity and cross-platform capabilities, the program has caused concern for users after news broke that the VLC Media Player might be leaving PCs vulnerable to being hacked remotely. 


    Identified as CVE-2019-13615, the vulnerability in the hugely popular VLC Media Player (v 3.0.7.1) was recently discovered by Germany’s national Computer Emergency Response Team (CERT Bund). CERT Bund also stated that the affected systems are Windows, Linux or Unix machines, leaving machines operating on Mac OSX secure. Apparently, the flaw has left billions of computers exposed to Remote Code Execution (RCE) where hackers can get unauthorized access to install and execute malicious code and modify files/data on target machines and cause disruption through denial-of-service attacks (a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet). The good news is that there are no examples of this vulnerability being exploited in the wild, although many users have begun uninstalling the VLC Media Player as a safety measure. 

    Recommendations: Until further notice from VLC or VideoLAN, halt usage of the program and instead use an alternative option like Windows Media Player. Monitor the situation and wait for the company to release a patched update for the program before resuming using the tool. 

    To read more about the vulnerability, click here.

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    How Can CyberSecure Solutions Help?

    CyberSecure Solutions ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service,” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, CyberSecure offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers. To schedule a LIVE demo of the Overwatch Governance Suite, click here.

    CyberSecure Solutions is the commercial brand of Netizen Corporation, an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • Netizen Cybersecurity Bulletin (July 10, 2019)

    Overview

    • Phish Tale of the Week
    • Microsoft’s BlueKeep Proves Vulnerable
    • Critical Warning Issued for Samsung Cellphone Update App
    • How Can Netizen Help?

    Phish Tale of the Week

    Phishing attempts are often carried out with urgent messages that are meant to provoke the victim to act without rationally thinking about the contents of the email. In this instance, an employee received an email message from their boss asking them to buy Amazon gift cards for his best friend’s son’s birthday. 

    Take a look below:

    1. The first tell-tale sign is the “boss” emailing the employee for a personal favor, and asking for it urgently.
    2. A second attempt at urging the victim to act quickly and ignore rational thinking. 
    3. Improper grammar is used throughout the email, including the highlighted line.
    4. A very shady way of loading money onto a gift card is being requested, further raising suspicions. 


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: Microsoft’s BlueKeep Vulnerability Proved Exploitable, Critical Warning for Scam Samsung Update App

    Microsoft’s BlueKeep Proves Vulnerable 

    Late last month, Microsoft’s Security Response Team (MSRC) issued a warning to organizations to update and install patches to BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability it patched in early June. The flaw, which affects older versions of Windows and is found in Remote Desktop Protocol (RDP), allows attackers to execute code remotely on a machine without the need to log in. The flaw requires no user interaction, a feature that’s caused concern for future malware which can be developed to exploit the bug and spread the malware across other vulnerable machines. Initially, when the patch was released on May 14, Microsoft had not seen the BlueKeep bug exploited in the wild. However, Microsoft acknowledged that it is “highly likely” that this bug can be exploited by malicious actors and cybercriminals.

    Now, almost two months later, BlueKeep discoverer and security researcher Kevin Beaumont stated that there are over a million systems on the internet with RDP exposed publicly and, to underscore the importance of applying Microsoft’s patch as soon as possible, Sophos also released a proof of concept video showing BlueKeep being exploited. This dashed the hope that the difficulty in executing the code would slowdown potential exploitation by criminals. The good news is that there is no evidence of BlueKeep being exploited in the wild.  
     
    To read more about the BlueKeep vulnerability, click here.

    Critical Warning Issued for Samsung Cellphone App

    Installing a firmware/update-manager for your phone helps to ensure your phone is secure. However, for 10 million Samsung smartphone users, this has become the complete opposite. Aleksejs Kuprins, a malware analyst at CSIS Security Group, revealed how an app called “Updates for Samsung” has been installed by over 10 million users directly from the Google Play Store. The app promises free firmware updates but redirects users to an ad-filled website and asks for money to install the updates. This $34.99/year service, which is supposed to be free, doesn’t use the Google Play Store to manage the subscription. Instead, it uses a separate payment processing system to pay the fee. The download speed is also restricted to 56 Kbps and asks users pay more money for faster speeds or premium packages. Kuprins also noted that free downloads almost always failed to complete. Overall, the app is not doing what it’s advertising to do. 

    So, what should you do? If you have this app installed, it’s recommended to remove it from your phone as well as dispute any transactions if you paid for the service. Additional advice would be not to download apps like this going forward. Instead, follow Samsung’s procedures for downloading updates, which appear as a notification and walk you through the simple, speedy, and secure process for updating your phone. If you want to check on the status of your device’s firmware, simply navigate to the “Software Update” option in the settings menu and select “Download and install” to check if you are running the latest updates; if not, then the download will start and the update will be completed in a few minutes. By following these recommendations, the updates are guaranteed to come directly from the vendor and are always free. 

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • Netizen Cybersecurity Bulletin (June 26, 2019)

    Overview

    • Phish Tale of the Week
    • Vulnerability in TP-Link’s Wi-Fi Extenders Could Allow Remote Control to Attackers
    • Latest Phishing Scam Impersonates Apple Support
    • How Can Netizen Help?

    Phish Tale of the Week

    Phishing attempts can often target specific groups that can be exploited by malicious actors. In this instance, we see a phishing email targeting Bank of America customers. The email seems to be a security notification about “unusual activity” on the bank account and urgent care is required. The email even contains the logo of the bank and the official website linked in the body, so it must be a real notification, right? Not so fast. The email has a few tell-tale signs of its in-authenticity.

    Take a look below:

    1. Notice the way that the “Bank of America” display name does not match the email format in the “From” field.
    2. In the “To” field as well as the greeting, there is a general salutation that is very vague and can be applied to anyone receiving the email.
    3. While hovering your cursor over the link, it is clearly a different link than the one provided in the body of the email.
    4. There are clear grammatical and spelling errors throughout the text, all of which indicate that the author is not very professional. 


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: Vulnerability in TP-Link Wi-Fi extenders Could Allow Remote Control to Attackers, Latest Phishing Scam Impersonates Apple Support

    TP-Link Wi-Fi Extenders Vulnerability

    A WiFi Extender is a device that repeats the wireless signal from your router to expand its coverage. It functions as a bridge, capturing the Wi-Fi from your router and rebroadcasting it to areas where the Wi-Fi is weak or nonexistent, improving the performance of your home Wi-Fi. With many internet users often not having enough coverage around their homes or office space, a simple solution is to use an extender to receive coverage to areas that are lacking it. However, TP-Link, a global leader in networking devices and accessories, disclosed that a vulnerability in the TP-Link RE365 Wi-Fi extender version 1.0.2 could allow an attacker to take complete control over the device.  

    The vulnerability, tracked as CVE-2019-7406, could allow a remote attacker to perform arbitrary command execution via specially crafted user agent fields in HTTP headers. The attack works by sending a malicious HTTP request to the Wi-Fi extender. The vulnerability of TP-Link’s Wi-Fi extender allows a potential attacker to execute commands from the request. The attacker would need to know the extender’s IP address to exploit the vulnerability, but you can find thousands of exposed devices on IoT search engines like Shodan. More sophisticated attacks can be carried out due to the level of access that an attacker would assume, including potentially redirecting people to pages with malware, as well as taking over the routers to use as part of a botnet. 
     
    The vulnerability affects home and office users alike, which can put private and business data at risk. the affected TP-Link devices are the RE365 model as well as the RE650, RE350 and RE500 devices. However, TP-Link responsibly disclosed the vulnerability and released software updates to patch the flaw.  
     
    To read more about the TP-Link vulnerability, click here

    Phishing Scam Impersonates Apple Support

    The telephone version of phishing is called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to assume your identity and open new accounts. Vishing attacks are designed to generate fear and immediate response and therefore occur within short time frames. For example, a vishing perpetrator (visher) may gain access to a group of private customer phone numbers and call the numbers from the group. When a potential victim answers the phone, he or she hears an automated recording informing him that his bank account or social security information has been compromised. The victim is then instructed to call the “toll-free” number included in the message and also enter personal information like bank account numbers and social security numbers for “verification.” The victim’s entries are collected and then used to access their bank accounts or steal their identity.

     
    The latest vishing scam making the rounds involves scammers pretending to be Apple Support Agents alerting Apple users that their account has fallen victim to a data breach. Scammers implement a spoofing technique to imitate the real Apple support telephone number, often showing up on Caller ID as ” 1 (800) MYAPPLE,” even though the fake call is coming from another country. On Apple devices, the fake call even displays the Apple logo and either “Apple Customer Service” or “AppleCare” to trick users into thinking the call is authentic. The goal of the scammers is to gather iCloud or Apple ID account information of victims. Apple announced that iOS 13 will include a feature that forces unknown calls to go straight to voicemail, a feature which will likely debut in the fall. In the meantime, Apple is advising users not to answer questionable phone calls from Apple Support. If you are concerned about the status of your Apple account, contact Apple directly.  

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • NETIZEN AWARDED $845,000 U.S. ARMY CYBER SECURITY ENGINEERING CONTRACT

    NETIZEN AWARDED $845,000 U.S. ARMY CYBER SECURITY ENGINEERING CONTRACT

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 certified provider of cyber security and related solutions for defense, government and commercial markets, was awarded an $845,000 contract with the U.S. Army supporting the Project Manager Training Devices (PM TRADE) organization in Orlando, Florida. The work under the contract, which began on May 31st, includes Cyber Security Engineering support for Department of Defense (DoD) virtual training and simulation systems in Orlando, Florida and other locations across the United States and around the world.

    Netizen is working to ensure that military information technology (IT) infrastructure for virtual training and simulation platforms is secure and protected from a variety of cyber threats while also compliant with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), the Federal Information Management Security Act (FISMA), and other requirements. This is accomplished by leveraging uniquely skilled Netizen staff members that possess high levels of experience, education, and certification to provide cyber security engineering support for training and simulation products that are being built, upgraded, accredited, or deployed. This new contract is a follow-on to work that Netizen has been performing over the last two years.

    “We are renowned for the high level of quality, skill, and expertise that we offer as well as our ability to recruit and retain some of the most talented professionals in the cyber security industry. As such, our customers can be certain that the service they receive will always be top-tier. Most of them continually renew and expand existing contracts specifically to retain the capabilities and innovation our team provides,” said Max Harris, Netizen’s Chief of Business Development. He added that Netizen, as a Veteran-Owned company, is very proud to continue supporting the nation’s warfighters by ensuring that the critical systems they rely on for training and simulation are secure and compliant.

    Netizen is a highly specialized cyber security and compliance solutions provider that works in partnership with IT departments, information system owners/developers, and IT Managed Service Providers (MSPs) to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems.

    About Netizen Corporation: Named the Lehigh Valley’s “Veteran Owned Business of the Year” and a national Best Workplace by Inc. Magazine, Netizen is an Allentown, PA based Veteran-Owned company (SDVOSB) specializing in cyber security and related solutions for commercial and government markets with additional offices in Arlington, Virginia and Charleston, South Carolina. Netizen was also a recipient of the U.S. Department of Labor HIRE Vets Platinum Medallion Award for their commitment to veteran hiring and other accolades for superior contract performance and customer service. Learn more at NetizenCorp.com or call 1-844-NETIZEN (638-4936).

    POINT OF CONTACT:

    Rocco Zegalia
    VP of Sales and Marketing
    1-800-450-1773 ext. 717
    rzegalia@netizencorp.com

  • Netizen Cybersecurity Bulletin (12 June 2019)

    Overview

    • Phish Tale of the Week
    • Microsoft Urges Users to Patch BlueKeep Security Flaw
    • U.S. Customs and Border Protection Data Breach
    • How Can Netizen Help?

    Phish Tale of the Week

    Malicious actors are constantly finding new ways to target a big payday. In the newest trend, these cyber criminals are using secured websites to run their own phishing campaigns. 

    The criminals are relying on people’s trust in landing pages that contain “HTTPS” in the URL and TLS secured sites. After a phishing email is sent and the victim clicks forward onto the link, they will see a secured certificate on the site, but it’s all a ruse. In reality, the landing pages are only secured to play on the trust of victims and will capture any login credentials or information that a victim submits. This tactic was used in phishing campaigns such as the one that imitated Netflix’s log-in page to harvest login credentials. 

    Take a look below:

    1. While the login page seems very convincing and is almost too good to set apart from the real login page, notice the strange website URL that says “GroupNetflix”.   
    2. Notice the extra space between the “Sign Up Now” button and the period. 


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order, or ask for, anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: Microsoft Urges Businesses to Patch “BlueKeep” Flaw, Hackers Steal Border Agency Traveler Photos

    Microsoft Urges Businesses to Patch “BlueKeep” Flaw 

    Microsoft’s Security Response Team (MSRC) is warning organizations to patch BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability it patched earlier this month. The flaw affects older versions of Windows and is found in Remote Desktop Services (RDS). The flaw requires no user interaction, a feature that can be a cause for concern if future malware is developed to exploit the bug and spread the malware across other vulnerable machines. Initially, when the patch was released on May 14, Microsoft had not seen the BlueKeep bug exploited in the wild. However, Microsoft acknowledged that it is “highly likely” that this bug can be exploited by malicious actors and cybercriminals. Now, Microsoft says they are “confident” that an exploit exists for this vulnerability and more than one million internet-connected machines remain vulnerable to BlueKeep.

    In Microsoft’s official blog, the MSRC stated “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. The scenario is even more dangerous for those who neglected to update internal systems, they continue, as future malware could try to exploit vulnerabilities that have already been patched.” The vulnerable systems are the ones still running Windows XP, Windows 7, Server 2008 and Server 2008 R2. Microsoft continues to urge users to update their systems to ensure the latest patches and security features are installed and enabled on their machines out of fear of a repeat of the 2017 ransomware attack known as WannaCry.

    Security Researchers at Kenna Security are monitoring for any activity involving the BlueKeep bug and can confirm that there have already been attempts to reverse the patch and build an exploit by cybercriminals. The research group also estimates that there are still a significant amount of organizations that can be vulnerable to this attack, especially ones still using Windows 7 and Server 2008. One possible scenario in which cybercriminals can carry out an attack is exploiting BlueKeep by connecting to a target system via Remote Desktop Protocol RDP and sending specially crafted requests. If successful, criminals could execute code on a target system. Even if Windows 7 and Server 2008 are not exposed to the Internet, they’re susceptible to exploitation via a multi-pronged attack.
    Microsoft has released a patch for the vulnerability. If your business or organization operates a system running one of the listed vulnerable operating systems, Microsoft highly recommends that you update your systems to ensure the patch is installed.

    To read more about the BlueKeep bug, click here.

     

    Hackers Steal Border Agency Database of Traveler Photos

    The U.S. Customs and Border Protection (CBP) agency revealed that one of its subcontractors has been breached and a database containing images of travelers and license plates was stolen. The Customs and Border Protection agency declined to reveal the breached subcontractor but there is mounting evidence that Tennessee-based company Perceptics is the victim. The company develops and produces license plate readers that are used by the CBP. The subcontractor was breached because it had stored license plate images and traveler’s images on its own network, without the knowledge of CBP. The agency has declined to reveal how many people have been affected or the size of the data breach, which can mean that it is larger than expected. 

    Surprisingly, this is not the first time that Perceptics has been involved in a data leak. An incident in May involved one hacker dumping hundreds of gigabytes of data stolen from Perceptics on the dark web. It is unknown if the two incidents are somehow connected but the Customs and Border Patrol agency insists that it had no knowledge to Perceptics data transfer. What’s more worrying, however, is that the CBP allowed a third party to access sensitive data without its knowledge and did not ensure that its subcontractors had the appropriate security measures in place. 

    The agency outlined its security standards in an official statement, saying “CBP requires that all contractors and service providers maintain appropriate data integrity and cybersecurity controls and follow all incident response notification and remediation procedures. CBP takes its privacy and cybersecurity responsibilities very seriously and demands all contractors to do the same.”

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    To read the original article, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • Netizen Cybersecurity Bulletin (29 MAY 2019)

    Overview

    • Phish Tale of the Week
    • First American Financial Corp. Leaks 800+ Million Records
    • Google Begins Tracking “zero-day” Exploits
    • How Can Netizen Help?

    Phish Tale of the Week

    One way a malicious actor can try to collect a business’ sensitive information is by targeting the business’ employees. Attempting to phish an employee requires some research about the company and the potential victim. The following is a phishing attempt that was received in our office last week. 

    This particular phishing attempt is almost unidentifiable because of the degree of attention that must be paid to pick out the telling factors. The email addresses the recipient by name, indicating that there was some research done to find the individual’s full name and email address. This process is called “social engineering” and is used to collect a victim’s information.

    Take a look below:

    1. Some tell-tale signs that raise suspicions:The first sign of an email received from outside of the Netizen environment is the “EXTERNAL” tag in the email subject line.  
    2. The email contains a typo where the recipient is encouraged to call for questions, but a phone number was never provided. 
    3. An unusually long site address from “AWStrackme” appears at the bottom of the email. 


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: First American Financial Corp. Leaked Hundreds of Millions of Insurance Records, Google Begins Tracking “Zero-Day” Vulnerabilities

    First American Corp. Title Insurance Records Leak

    First American Financial Corp., a Fortune 500 Company, is a national leading provider of title insurance and settlement services to the real estate and mortgage industries with millions of customers. Late last week, it was discovered that First American’s website has a major security flaw that allows anyone with a URL to a document held by the company to access other documents simply by changing a single digit in the URL. The website reportedly has exposed more than 800 million files dating all the way back to 2003. The digital files include many forms of sensitive customer information that could be used by malicious actors, including: bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. Many of the exposed files are records of wire transactions with bank account numbers and other information from home or property buyers and sellers.

    A spokesman for First American Financial Corp. shared the following statement:

    “First American has learned of a design defect in an application that made possible unauthorized access to customer data.  At First American, security, privacy and confidentiality are of the highest priority and we are committed to protecting our customers’ information. The company took immediate action to address the situation and shut down external access to the application. We are currently evaluating what effect, if any, this had on the security of customer information. We will have no further comment until our internal review is completed.”

    The information released by this security flaw could be a potential gold mine to phishers and scammers looking to cash-in on this data leak. With access to home addresses, bank account numbers and social security information, scammers can try to convince a homeowner to wire funds to a fraudulent account.

    For First American Financial Corp. Customers, it is recommended that you:

    • Closely monitor the situation and pay attention to the company’s updates.
    • Monitor your bank account and credit statements for suspicious activities.
    • Do NOT provide any information to calls/emails asking you to wire funds. Contact First American Financial Corp. Customer Service if you receive such calls. 

    To read more about the First American Financial Corp. leak, click here.

    Google Begins Tracking Zero-Day Vulnerabilities 

    The Google Project Zero team, a group of top Google security researchers with the sole mission of tracking down and neutralizing the most harmful security flaws in the world’s software, has begun documenting zero-day vulnerabilities exploited in the wild. These secret hack-able flaws, known in the security industry as “zero-day” vulnerabilities, are exploited by criminals, state-sponsored hackers and intelligence agencies in their spying operations. 

    The security research team is compiling a list of these vulnerabilities that had been exposed before the vendor of the software could patch the security flaws. The spreadsheet currently lists over 100 vulnerabilities exploited in the wild since 2014. The table includes the flaw’s CVE identifier, impacted vendor, impacted product, the type of vulnerability, a brief description, the date of its discovery, the date when a patch was released, a link to the official advisory, a link to a resource analyzing the flaw, and information on attribution. The list currently includes vulnerabilities affecting products from Facebook, Microsoft, Google, Apple, Adobe, Mozilla, Cisco, Oracle, IBM and Ghostscript. The data from this research shows that, on average, there is a new exploit identified every 17 days. The data also reveals that it takes vendors roughly 15 days to patch the exploited flaw after it becomes public. 

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    To read the original article by SecurityWeek, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • NETIZEN NAMED A NATIONAL ‘BEST WORKPLACE’ BY INC. MAGAZINE

    NETIZEN NAMED A NATIONAL ‘BEST WORKPLACE’ BY INC. MAGAZINE

    Allentown, PA: Netizen Corporation, an ISO 27001:2013 certified provider of cyber security and related solutions for government and commercial markets, was named one of the Best Workplaces in the United States for 2019 by Inc. Magazine. Only a small fraction of the thousands of applicant companies vying for this prestigious award are selected each year based upon employee surveys, benefit programs, corporate culture, and other metrics. Netizen will be highlighted in the June 2019 issue of Inc. Magazine which features the Best Workplaces award recipients from around the country.

    INC MAGAZINE smallNetizen, which was founded in September 2013, is also one of the fastest growing companies in the Lehigh Valley region of Pennsylvania, where it is headquartered. They have satellite offices in Arlington, VA and Charleston, SC as well as field locations around the country in places like Orlando, FL and Huntsville, AL. Netizen has received several other notable awards recently including the U.S. Department of Labor HIREVets Platinum Medallion, Lehigh Valley Veteran Owned Business of the Year, and Charleston Defense Summit Innovation Spotlight.

    “Ingraining a family-like corporate culture at Netizen is a primary goal of the executive team, and this proves it. We take tremendous pride in what we offer our people, not just in terms of compensation and benefits but other perks as well such as rewards and recognition, education and training, career growth, flexibility, and camaraderie. Our team members are among the best-of-the-best, so we do everything possible to ensure their success and satisfaction. This, in turn, enables us to provide customers with world-class service from professionals who are truly committed to what they do and determined to make a difference,” said Michael Hawkins, Netizen’s President and CEO.

    Netizen is not a “general information technology (IT) services company” but rather a highly specialized cyber security and compliance solutions provider that works in partnership with IT departments, information system owners/developers, and IT Managed Service Providers (MSPs) to ensure appropriate levels of security and compliance controls are implemented and maintained for all types of systems.

    About Netizen Corporation: Named the Lehigh Valley’s “Veteran Owned Business of the Year” and one of the nation’s Best Workplaces by Inc. Magazine, Netizen is an Allentown, PA based Veteran-Owned company (SDVOSB) specializing in cyber security and related solutions for commercial and government markets. Netizen was also a recipient of the U.S. Department of Labor Platinum Medallion Award for their commitment to veteran hiring and other accolades for superior contract performance. Their new commercial-focused subsidiary, CyberSecure Solutions, is also trusted to engineer, audit, and maintain cyber security solutions for businesses of nearly every size and type worldwide. Learn more at NetizenCorp.com and goCyberSecure.com.

  • Netizen Cybersecurity Bulletin (15 MAY 2019)

    Overview

    • Phish Tale of the Week
    • Ransomware Attacks Hit Baltimore City Servers
    • Hospitals Demanding Better Cybersecurity from Device Makers
    • How Can Netizen Help?

    Phish Tale of the Week

    Malicious actors are often attempting to find an unassuming victim to target with the goals of persuading them to provide log-in credentials or download malware. Some of these targets are college students, busy with studies and maybe unaware to phishing attempts. 

    This week, we have an example of a phishing email that was sent to Lehigh University students, a local college renowned for its technologically advanced campus. This one contains a message to students claiming that their school-assigned email inbox has reached its data limit. There is a link that the phishing email claims to be a sign-in page for students to use in order to extend their “data quota”. As is the case with most phishing emails, there are many red flags in the email that should signal a malicious attempt on the recipient of the email.  

    Take a look below:

    Some tell-tale signs that raise suspicions:

    • Notice the awkward phrasing of the email body text, as well as the obvious error in repetition of the message beginning with the words “Further incoming…”.
    • With the mouse hovering over the link, it is clear to see that the link will not direct the student to a domain used by Lehigh University.


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s Cybersecurity Brief: Ransomware Attacks Hit Baltimore City, Hospitals Are Pushing For Better Device Cybersecurity

    Hospitals Taking Initial Steps In Improving Device Cybersecurity

    With the amount of connected devices hospitals use in daily operations, there is an initiative by hospitals pushing device makers to ensure the security of their products. This comes as a response to increased reports of cyberattacks and a growing recognition of both financial and patient safety concerns, especially as the threat becomes more real. The attention to cybersecurity follows health-care’s embrace in recent years of digital technologies, from electronic medical records to mobile lab tests. For hospitals, internet-connected devices offer the potential to monitor patients more continuously and closely, and use the data to guide—and improve—care.

    In stepping up their efforts, hospitals have gone beyond building firewalls and taking other actions to shield their own networks—they have moved into demanding information like the software running devices that manufacturers have long considered proprietary. Hospitals are running tests to detect device weaknesses, asking manufacturers to reveal proprietary software to assess vulnerabilities, and sometimes even rejecting bids or canceling orders for devices that don’t have adequate safety features. Some of these hospital’s requests have caused tensions with device manufacturers, although there’s also collaborations between the two parties in efforts to improve device cybersecurity. 

    In February of 2019, credit-rating agency Moody’s Investors Service ranked hospitals and healthcare facilities as one of the sectors most vulnerable to cyberattacks.

    Hospitals and Healthcare Facilities statistics:

    • More than 150 million personal health records have been breached in health-care company hacks since 2009.
    • The healthcare industry was the victim of 88 percent of all ransomware attack in U.S. industries in 2016.
    • In the past two years, 89 percent of healthcare organizations were breached.

    To read more about the increased hospital cybersecurity efforts, click here.

    Ransomware Attacks Hit Cleveland Airport

    For over a week, some Baltimore City government departments have been offline as a result of ransomware attacks on the city’s servers. The attacks, believed to be a ransomware called RobbinHood, have taken the city’s email services and other services offline. Fortunately, police, fire, and emergency response systems have not been affected by the attack, but nearly every other department of the city government has been affected in some way. 

    Baltimore Chief Information Officer Frank Johnson explained in a press conference last week that the malware was “the very aggressive RobbinHood ransomware” and that the FBI had identified it as a “fairly new variant” of the malware. The newer version of the ransomware has emerged over the past month. The nature of the ransomware, believed to be spread directly to the individual machines via psexec and/or domain controller compromise, since the ransomware itself does not have any network spreading capabilities and is meant to be deployed for each machine individually, means that the attacker would need to already have gained administrative-level access to a system on the city’s network.

    The city is still recovering from the attacks, which have disrupted everything from real estate transactions, on-line bill payments for residents, and services such as telecommunications. Ransomware attacks typically are all about making money: Attackers demand a fee to decrypt victims’ files they have accessed and encrypted. This is the second successful attack on Baltimore, in such a short time frame, which highlights the obstacles many local governments face when it comes to cyber security.

    The Big Picture:

    No business or organization is invulnerable to a cyberattack, as these incidents prove. Business and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    To read the original article by arsTECHNICA, click here.

    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

     

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • Netizen Corporation Cybersecurity Bulletin (May 1st, 2019)

    Overview

    • Phish Tale of the Week
    • Microsoft Reveals Email Services Hack
    • Cleveland Hopkins International Airport Attacked by Ransomware
    • How Can Netizen Help?

    Phish Tale of the Week

    People always assume they can spot a malicious email because they’ve seen them before.  And to a point, that’s true. However, the malcontents who send them are always changing their methods. The more times people fall prey to phishes, the more success (and money) the authors enjoy.

    This week, we have an example of an improvement in the level of sophistication of a phishing email. This one contains formatting that is consistent with the Microsoft Outlook environment, which makes it more attractive to employees. Plus, there’s a green box telling the reader ‘the sender of this message is trusted’, meaning it’s legit, right? 

    Take a look below:

    Once again, however, some tell-tale signs raise suspicions:

    • An unusually long email address in the FROM field, and one with an unfamiliar domain. This one appears to have originated in Japan.
    • The time stamp says the message was received at 4:29 PM, yet the body of the message claims “a message wasn’t delivered at 7:59 AM”.
    • Unless there is a digital signature employed, the phrase the sender of this message is trusted is far from a guarantee. 

    Additionally, as mentioned in our previous bulletins, the subject line is prefaced with the [EXTERNAL] tag, which is a feature of Microsoft Office 365. This is easy to identify as coming from outside the Netizen environment.


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2019” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s cybersecurity brief: Ransomware Attacks Hit Cleveland Airport, Microsoft Email Services Accounts Compromised by Hackers

    Microsoft Email Services Accounts Compromised by Hackers

    In an alert notification sent by Microsoft to impacted users, the software giant informed its customers about a breach in its email services that gave hackers access to user’s information for nearly three months. Microsoft says that among the information that was breached were email addresses, subjects of emails, and contact names. 

    In an official statement released by Microsoft, officials said “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your email address, folder names, the subject lines of emails, and the names and email addresses you communicate with), but not the content of any emails or attachments.” 

    Initially, Microsoft notified users that their login credentials were not directly impacted by the hack, but the software company did advise that users change passwords. Microsoft also said that only a limited subset of customer accounts were affected by the breach and the scheme was already addressed by blocking the attacker’s access. Around 6% of the affected individuals were notified that the attackers could have had unauthorized access to the content of their email accounts.

    Recommendations:

    • Reset your Microsoft account password
    • Be wary of an increase in phishing or spam emails
    • Pay attention to questionable domain names in emails
    • Do not provide personal information or payments
    • Avoid suspicious email links and attachments

    To read more about the Microsoft hack, clickhere.

    Ransomware Attacks Hit Cleveland Airport


    Cleveland Hopkins International Airport was hit by a ransomware attack that has halted the services for days as an investigation is underway by the FBI.

    Cleveland Hopkins International Airport’s information systems were targeted by a cyberattack that crippled information screens that display in-airport flight arrivals, departures and baggage claims. An investigation is under way by the FBI in order to determine the source of the attack and to restore the services back to normal operations. Additionally, the airport-affiliated emails were taken down by the attack as well. 

    In a statement released by the City of Cleveland, officials said:

    “Email is temporarily down as well as in-airport flight and baggage information screens. All other systems are functioning as normal and there are no impacts to flights or safety and security operations…To help clarify some misinformation that is being circulated, core business systems such as accounting, payroll, timekeeping, etc., which are maintained at the City level, were not compromised and remain fully functional.”

    The Big Picture:

    No business is invulnerable to a cyberattack, as these incidents clearly show. Business operations and safety operations can be heavily impacted and result in the loss of millions of dollars. To better protect your business or organization, take a proactive stance about cybersecurity. 

    To read the original article by CYWARE, clickhere.


    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Copyright © 2019 Netizen Corporation. All rights reserved.

  • Netizen Corporation Cybersecurity Bulletin (April 17th, 2019)

    Overview

    • Phish Tale of the Week
    • Security Flaws in Enterprise VPN Apps
    • WPA3 Security Vulnerabilities Discovered
    • How Can Netizen Help?

    Phish Tale of the Week

    Phishing attacks are attempts by a hacker, masquerading as a trusted person or entity, to steal vital information such as login credentials, credit card information, or personal information by persuading the victim to open an email, instant message or text message. 

    In this particular attempt sent to an executive faculty member, a malicious actor tries to lure his would-be victim into clicking on links with malware packages. The attacker attempts to persuade the recipient of the email to click on an “important file” shared from a colleague. Again, the attacker is relying on people’s inherent trust in others to gain access to sensitive information. 

    An example email follows below:

    As mentioned in the previous Cybersecurity Bulletin, the subject line is prefaced with the [EXTERNAL] tag, which is a feature of Microsoft Office 365.  This is easy to identify as coming from outside the Netizen environment.

    The items that draw attention to a likely phish attempt include:

    • An unusually long email address in the FROM field, and one with an unfamiliar domain
    • An unusual corporate name; Netizen’s own internal server is not called “Netizencorp”
    • Broken HTML string in the body of the message


    General Recommendations:

    A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

    • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
    • Verify that the sender is actually from the company sending the message.
    • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
    • Do not give out personal or company information.
    • Review both signature and salutation.
    • Do not click on attachments.
    • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
    • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

    Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

    Cybersecurity Brief

    In this week’s cybersecurity brief: Four Enterprise Vendor’s VPN Apps Have Security Flaws, WPA3 Revealed to be Susceptible to Security Bugs

    Department of Homeland Security Reveals Security Flaws in VPN Apps

    An alert issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency states that a vulnerability bug present in several enterprise VPN apps may allow a hacker to remotely access a company’s internal network. The warning was issued following a public disclosure by CERT/CC, the vulnerability disclosure center at Carnegie Mellon University. 

    These enterprise VPN apps, built by vendors Cisco, Palo Alto Networks, Pulse Secure and F5 Networks contain a security bug that stores the session cookies and authentication tokens on a user’s computer to allow the user to remain logged into the VPN without having to reenter their credentials frequently. However, if these tokens were ever to be stolen, the hacker would be granted access to the internal network without needing the user’s password. These tokens could be stolen through malware and used to infiltrate company apps, systems and data. 

    As of now, the only vendor to confirm the vulnerability of their app and issue a patch was Palo Alto Networks. F5 networks reportedly knew about the security bug since 2013 but recommended that users simply apply two-factor authentication instead of releasing a patch. Neither Cisco nor Pulse Secure have patched their apps. 

    To read more about the VPN security flaw, click here.

    WPA3 Discovered to be Susceptible to WPA2 Backwards Compatibility Flaws



    The newest version of Wi-Fi Protected Access protocol has been released for nearly a year and a half. Before that, Wi-Fi networks had been protected by WPA2, which contained many critical vulnerabilities. Primarily centered around the authentication handshake between devices connecting to a network, these vulnerabilities were exploited by hackers frequently, prompting the creation of the new standard, WPA3. WPA3 was designed to protect against those vulnerabilities by employing a new handshake method called “Dragonfly”, which was hailed as invulnerable to the security vulnerabilities of WPA2. However, security researchers Mathy Vanhoef and Eyal Ronen discovered that the new Dragonfly has vulnerabilities due to its backward compatibility with devices that can’t connect using WPA3. Fortunately, the vulnerabilities were caught early in the life cycle and can be fixed with software patches.

    The vulnerabilities included means for an attacker to gather information from the handshake about the passwords being used on the network and even a way to bypass the protocol’s security feature and obtain the handshake by masking the WPA3 as a version of its predecessor. 

    In a statement released by the Wi-Fi Alliance, the industry group that commissioned WPA3, officials said:

    “Recently published research identified vulnerabilities in a limited number of early implementations of WPA3-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable cryptographic elements. WPA3-Personal is in the early stages of deployment, and the small number of device manufacturers that are affected have already started deploying patches to resolve the issues. These issues can all be mitigated through software updates without any impact on devices’ ability to work well together. There is no evidence that these vulnerabilities have been exploited.”

    To read the original article by ArsTechnica, click here.


    How Can Netizen Help?

    Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

    We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

    Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

    Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

    Copyright © 2019 Netizen Corporation. All rights reserved.