Scatty.com

Category: Cyber Security

5 Huge Security Bugs In Major Protocols

Even if we don’t know the first thing about computers, we all want to know that we’re safe when we’re using them in our homes or at work. Computers end up containing a lot of personal and financial information, and it can be devastating when that information falls into the wrong hands.

Hackers have been able to exploit a lot of vulnerabilities in hardware and software over the years, causing some of the biggest data breaches ever seen. When discovered, these bugs are typically patched instantly, but a lot of damage can be done in that time. Here are five instances of huge security bugs in major protocols causing international problems.

EternalBlue

A vast majority of people around the world rely on Microsoft Windows to keep them safe when using their personal computers. Because of this, there is a lot of testing done to make sure that Windows is secure, and one of the biggest exploits that have ever been found came in 2016, which was able to attack Windows computers. Chinese hackers were found using the EternalBlue exploit to remotely hack PCs thanks to a Server Message Block vulnerability.

It was learned that 2016 wasn’t when EternalBlue was developed, but rather when it was first used maliciously. The exploit was designed by the US National Security Agency, with Microsoft knowing nothing about it until the hacks were underway. Microsoft quickly developed a patch to combat the exploit that had affected pretty much every Windows operating system.

HP Printers

When we think about internet security, our brains immediately turn to our personal computers, laptops, and cell phones. Very rarely do we think about printers as being able to be exploited because of a bug, but it turned out that we should’ve been worried all along. In 2011, an RCE vulnerability was found in Hewlett-Packard printers that allowed hackers to access the printer’s information remotely.

Not only did this bug let the hackers obtain the private information of the users, but it also allowed them to turn these printers into a weapon of sorts. The bug caused many of the HP printers to catch fire, even though HP refuted these claims. A company spokesman said that the reports of the bug causing fires was “false” and that the printers “have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire.”

Adobe

North Korea and South Korea have been at odds for many years, and due to the lack of physical fighting between the two, both sides have launched a lot of cyber attacks. One of the biggest exploits came via the Adobe Flash player when North Korean hackers exploited a vulnerability and collect a lot of personal information from South Korean targets.

The bug was known as CVE-2018-4878, and seemed like a harmless file when it was sent via email. As long as the person that was using their computer opened Adobe Flash through any source (i.e. webpage, Microsoft Office, etc.), then the targeting was successful. Thankfully, Adobe was able to catch wind of this bug and patched it within a day, allowing South Koreans to browse safely once again.

Heartbleed

Back in February 2012, Heartbleed became a security bug that would end up being talked about for more than two years before it was finally discovered and patched within a week during early April 2014. The bug affected millions of websites that were using Transport Layer Security and caused an overload in allowed data. Even after the patch was released, there were still hundreds of thousands of websites affected for months.

Thankfully, the number has dropped to almost nothing ever since then, but a lot of damage was caused along the way. Private keys were revealed on some pretty popular websites including Reddit, Pinterest, SoundCloud, Tumblr, and many more. Social security numbers and many other pieces of information were leaked before Heartbleed was shut down.

Shellshock/Bashdoor

Have you ever been in a situation where you seemingly lost control of your computer and it felt like a ghost was in charge of it? You may have been one of the many people affected by the Shellshock security bug that was discovered in 2014 after affecting many people. Interestingly enough, the bug was introduced in the late 1980s but took a while to shut down.

Those that were using Unix systems were the ones exploited by this bug, with macOS and Linux users being the biggest targets. The patches were implemented shortly after the bug was discovered, leaving many to wonder why it was able to go untouched for so long.

How to Recognize An Unsafe or Hacked Website

Almost all of us have run into a problem where we don’t know why our computer isn’t operating the way it should be. After doing some research, we find out that we’ve gotten hacked or have been infected with a virus. Then, you’re left wondering how that could happen. Every website you go to says that it’s secure, and browsers like Google Chrome confirm that, and you make sure to never open anything from an unknown email address.

So how does this happen? There are way more websites out there than you might think that are unsafe or hacked, and they can cause harm to your computer and your personal information. Before you click on any webpage, there are some surefire ways to spot a harmful site. Here are five tips on recognizing websites that have been compromised.

Respect the S

There was a time when we would all just blindly go to any website that started its URL with HTTP. These days, you want to make sure that every website you visit instead starts with HTTPS. What’s the difference between the two? 

HTTPS is the same thing, except it has an extra layer of encryption that makes sure that your data is more secure. The ‘S’ stands for secure, simply enough, and most websites have made the switch in recent years to avoid data breaches.

Keep Looking at the URL

The “HTTPS” at the beginning of the URL isn’t the only thing that you should be looking for. There are a lot of people who end up typing in the wrong web address when they’re moving too fast in their browser’s address bar and still hit enter. 

This can lead you to a similar-looking website that’s not actually safe. If you’re looking for sports scores and accidentally stumble on WSPN.com instead of ESPN.com, you might get something that looks legit but is actually a harmful website.

Payments

Almost all of these fake or unsafe websites have store options, but you can spot which ones aren’t legitimate by the ways that you can pay. The safest ways you can pay online are through sites like PayPal or via credit card. Fake websites won’t be likely to accept credit cards since they can easily be hit with a chargeback as credit card protection is more stringent than debit card protection.

If there is a website that only accepts mailed payments or money orders, that’s a massive red flag to stay away from that website and block it from your browser forever. Even some sites that look shady can be legitimate because they accept encrypted payments, allowing your payment information to remain safe.

Trust the Chrome

Over the years, Google Chrome surpassed all of the other web browsers to become the most commonly used in the world. These days, around two-thirds of computer users trust Chrome, and for good reason. Not only does it have a very user-friendly interface, but it has plenty of extension options that make the browsing experience much better.

One thing that not many people consider when using Chrome is that it adds a lot of layers of protection. Whenever you’re about to visit a site that seems unsafe or hacked, Chrome will offer up a warning. In most cases, you can still surpass Chrome’s suggestion, but there are other times when the browser simply won’t allow you to continue. It’s best to heed Chrome’s warning when it does come up.

Layout

There are plenty of legitimate websites that look like they were designed back in the Angelfire days (looking at you, Wikipedia). However, most of them that are completely dated and look like they have no HTML arrangement whatsoever and can hardly be trusted. Any legitimate website will make sure that there’s a web designer to make sure everything looks up to date.

They say that you should never judge a book by its cover, but that mostly applies to books themselves or human beings. When it comes to websites, though, image is everything for legit businesses, and they wouldn’t allow a shady-looking website to go live.

Bonus Tip: Email Links

Another thing that you should look out for is your email inbox. Instead of clicking on a link that you receive in an email, always make sure to type in a web address yourself. This will ensure that you’re not going to any harmful websites as there are plenty of virus-filled emails that look authentic. If you have any doubt whatsoever about the validity of an email, it’s best to just delete it and move on with your day instead of putting your computer and private info at risk.

When Should You Run A Background Check On Someone And How?

There are going to be some instances in life in which you have to submit to a background check, but there also might be times when you need (or want) to run a background check on someone else. Whether you’re checking their criminal record, credit, residential history, or anything in between, there’s some information that you’ll want to know.

In what cases are you most likely to need a background check on a person, though? We have a few scenarios where a background check is common, and we’ll also let you know how to perform a background check. While it might be easier and cheaper than you think, it can also involve some legal issues to think about.

Employer

A majority of the background checks that are performed are through employers who want to make sure that they’re investing their time and money into the right person. Typically, a background check will come after an interview and when a conditional job offer is issued. However, before everything is put into writing and signed, a background check is done for the final approval of the employee.

There are certain things in a background check that will end up being pertinent information for an employer. They’ll be able to see if their potential employee has been hopping from job to job while also seeing if there’s a criminal history that could hinder the safety of coworkers. If the applicant was found lying on their resume or has been charged with a white-collar crime, it could lead to the job offer being withdrawn.

Landlord or Tenant

A landlord is going to want to know that they’re renting the property they own to the right people, and they’ll find out much of the same information that an employer would. The background check can help to verify employment, guaranteeing that the tenant has enough money to pay the rent each month. If there’s no criminal background, it can also help the landlord feel at ease knowing that their property will go undamaged.

Tenants can also run background checks on their potential landlords. There are many landlords that aren’t exactly saints and can end up dealing in shady practices. You want to know that if you’re sending potentially tens of thousands of dollars per year to someone that you’re not going to get randomly evicted because the landlord is a potentially harmful person.

Dating

Let’s say that you start dating someone that you met online and you really like them. You don’t want to move too fast because you don’t know them all that well, but if you really feel inclined, you can have a background check run on them to make sure that you’re not getting into anything dangerous. While employers must notify someone that a background check is being run on them, it can be different for individuals.

In most cases, it’s illegal to conduct a background check on someone that doesn’t know there’s one being submitted. With that in mind, you’ll want to study your local laws to see what can be done. At the very least, you’ll still be able to verify who they are without breaking the law by getting a full check. If you both consent, though, a background check might be extreme, but it won’t hurt.

Childcare

You absolutely want to make sure that your children are safe above all else. With that said, never put your children in the hands of someone that you don’t know unless they are willing to submit to a background check. Anyone that’s willing to do so is likely going to be trustworthy, and the background check will show just that.

Some childcare providers may be offended by the thought, and if they are, it’s probably not worth your time to leave your kids with them. When it comes to teachers, though, they have already had background checks, so you can be assured that they’re qualified to watch your children throughout the day.

How to Run a Background Check

In most states, you’re able to access someone’s criminal history through a quick search on the state’s website. If you want more information such as credit, address, employment history, etc., you’ll have to get something more detailed. There are verified websites that can perform a full background check, and they usually only cost around $10 to $20.

No matter what kind of background check you’re getting, though, you want to inform the other party that you’re running a background check on them and you should obtain their permission. Failure to do so can lead to legal action against you.

Everything You Need to Know About DDoS Attacks

These days, it seems you can’t venture anywhere on the web without threats lurking around every corner. And each day, you hear about a new data breach, virus, or some other threat to your security and data online. 

When will the madness end? Well, probably never. As long as people are sharing sensitive information on the Internet (such as Social Security numbers and payment data), hackers will try to take advantage. 

Still, there’s one type of online threat that many people have never heard of, but that’s been gaining traction over the last several years. It’s the DDoS attack—and anybody with a server, website, or even an email address could be at risk.

What is a DDoS Attack?

Specifically, DDoS stands for “distributed denial of service.” In simplest terms, a DDoS attack aims to slow down a server or crash it altogether by essentially flooding it with fake web traffic. These types of attacks can wreak serious havoc, especially on websites that rely on steady uptime to generate revenue through direct eCommerce sales or even ads. In fact, one study has found that major server outages for the top five eCommerce sites in the United States total about $3.5 million per hour.

Unfortunately, DDoS attacks have grown not only in their frequency, but their size as well. Attacks of several hundred gigabytes per second are no longer uncommon, rendering some “DDoS protection” software unable to keep up. Meanwhile, it seems that nobody is safe from the threat of a DDoS attack; from major corporations to small non-profits and everything in between, attackers will target any and all vulnerabilities.

How to Protect Yourself

With all this in mind, what can you do to be proactive against DDoS attacks? While there’s no way to guarantee you’ll never fall victim to an attack on your site or server, there are some steps you can take to reduce your risk. 

Start by making sure you’re using a server or hosting platform with build-in safeguards against these kinds of attacks. Many hosting companies offer DDoS protection as part of their hosting packages. If you can upgrade your protection to guard against even larger attacks, do so.

Meanwhile, be aware of the signs of a DDoS attack. Most often, victims of DDoS attacks will notice problems accessing their website. The site may be slow to load or it may fail to load altogether. In other cases, you may still be able to access your own site, but you may receive reports from others that they cannot or that the site is loading very slowly. If this occurs, you’ll want to contact your hosting company as soon as possible so they can look into it further.

Don’t Become a Victim

Hopefully, you never have to worry about a DDoS attack causing downtime on your server or website. Unfortunately, these attacks are becoming a very real threat across the web. By being aware of what DDoS attacks entail, you can better protect yourself!

5 Most Unbelievable Hacking Incidents

It has become a major movie cliche: the computer hacker who, typing furiously under great pressure, needs only a few more seconds to break into “the mainframe.” Something akin to a superhero, the nerdy but attractive character at the keyboard accomplished the impossible, bypassing all necessary security walls in the nick of time.

 

This scenario certainly is exciting, but it is the type of thing that only happens on the film or TV screen, right? Read on for five unbelievable computer hacking incidents that seem too incredible to be true.

 

1. The 1995 Citibank Hack

 

Before Russian software programmer Vladimir Levin hacked into the New York IT system of Citibank in 1995, few industry experts would have thought such an attack possible. Sitting comfortably in his St. Petersburg apartment, Levin authorized a series of fraudulent banking transactions that drew a total of roughly $10 million from individual accounts around the world. Both Citibank and the FBI fortunately tracked many of the transactions, and Levin was extradited to the US, where he served three years in prison.

 

2. The 2000 MafiaBoy Hack

 

When MafiaBoy (the screen name of Canadian teenager name Michael Calce) hacked some of the top sites on the internet in 2000, people simply couldn’t believe that he could pull off such a coordinated attack at just 15 years of age. Using a DDoS (distributed denial-of-service) approach, he overwhelmed the IT networks of Amazon, CNN, eBay, Yahoo, eTrade, and Dell, resulting in financial losses estimated at $1.2 billion. When he was caught, MafiaBoy admitted that he did it simply to impress his fellow hackers.

 

3. The 2004 Delta Airlines Hack

 

Another teenage hacker, German Sven Jaschan brought down the entire IT system of Delta Airlines, among those of other large corporate entities, as an 18-year-old college student. An innovator in the hacker world, Jaschan allegedly coded the Sasser worm. Famous among IT experts for affecting Microsoft Windows, this self-replicating and self-distributing computer virus successfully infected tens of millions of computers that span the globe.  attacked vulnerable Microsoft Windows operating systems.

 

4. 2010 Marriott International Hack

 

One of the most unusual cyberattacks in history, this extortion attempt doubled as a search for employment. Hungarian citizen Attila Nemeth infected the security firm Marriott International with a malicious virus and then threatened further damage if they didn’t give him a job. Marriott responded to Nemeth with a fake employee account and the promise of work. After receiving forms of personal identification that include his passport and resume, the company passed the information to the US Secret Service.

 

5. The 2014 iCloud Celebrity Hacks

 

In what was certainly one of the most salacious of all hacking incidents, a team of hackers in various US locations used phishing techniques to gain access to the Apple iCloud accounts of numerous A-list Hollywood celebrities including Kate Upton and Jennifer Lawrence. After releasing private photos and videos (some of which contained nudity), two affiliated hackers were sentenced to roughly a year in prison.

How to Become a Cybersecurity Expert

Cybersecurity is on many people’s minds these days. It is also one of the fastest-growing industries. According to the U.S. Bureau of Labor Statistics, jobs in this field are growing at a much faster pace than average. What does it take to become a cybersecurity expert? 

Get an Entry-Level Job

You have to decide how you will develop the knowledge and skills to master cybersecurity. Work experience is crucial and often the key to meeting the requirements of critical advanced certifications that will mean better opportunities in this industry. 

Since cybersecurity companies are facing a labor shortage, now is an excellent time to try for that entry-level position that will train you and pay you at the same time. You will need to go to the job interview with plenty of knowledge, though. If you are not in a place where you can go back to school, then self-study using the internet. This may give you just enough information to get your foot in the door.

Get a Certificate

Some starter certifications you can take will give you enough to get an entry-level job. Many have no experience prerequisites, too, so you can take them even if you don’t work in the tech industry. 

Some examples of starter certificates include:

  • Microsoft Technology Associate Security Fundamentals – For just a little over one hundred dollars, you can learn core security principles and some other basic security concepts. To earn the certificate, you must pass an exam. 
  • ISACA CSX Cybersecurity Fundamentals Certificate – CSX is recognized for some of its advanced certifications, but they also offer a fundamentals course. There are no prerequisites for this course, but you must pass a 2-hour exam to get the certificate. It costs less than two hundred dollars. 
  • CompTIA Security+ – The Security+ course helps you establish core knowledge regarding cybersecurity. The course has the approval of the U.S. Department of Defense, possibly making you eligible for an entry-level government job. That bonus means the course costs a little more. You’ll pay 381 dollars to take the exam. 

All three of these are self-paced self-study courses. Once you think you know the information, you take an exam. If you pass, you earn the certification. You could also opt to go to college for a two or four-year degree in information systems or network security.

 

Get a Specialty

Cybersecurity is a broad term that includes many types of expertise. For example, you could be the person who designs secure networks or stays up to date on trends in hacking. You could also test the various connections looking for intruders. 

Each path is significant, but they can be different, too. You get to the expert level faster if you pick one instead of trying to learn everything at once.