Thursday, April 30, 2020

Caller ID spoofing ALERT

 We have been warned that fraudsters spoof CallerID so you are more prone to answer. Then they use the CallerID of  local law enforcement, neighbors,    your bank.
 Your bank. We have been warned to call the bank back if there is any doubt as to the authenticity of the call and not be so easily fooled by a spoofed CallerID.

 Now reports of the spoof going the other way. Fraudsters spoof YOUR CallerID and call your bank. If the CallerID matches the bank's records and the "normal" methods of verifying your IDentity pass, the bank will comply with the requests and you will not be happy. 
 Social media, big data, and prior phone calls to you might provide enough information to successfully pass the bank's fraud detection scripts and methods. 
 In our experience the bank may ask to verify or provide the last few transactions on the account. Often the bank's list has a few transactions you did not make - part of the procedure, you will not recognize or acknowledge these false transactions by design.
 Now fraudsters are successfully circumventing this method.
 They spoof your CallerID and use the automated systems to learn your last few transactions.
 I would think this would be a very targeted attack, but wanted to raise awareness.
 Awareness, preparedness, understanding.

Wednesday, April 29, 2020

Google Chrome Update

 Latest release as of  this writing   Version 81.0.4044.129

Got iPhone Got lock-ups, freezes, shutdowns?

 Have iPhone lockups, freezes, etc. lately? By sending eMail, Messages, and some other apps with Notification enabled a receiving iPhone, perhaps iDevices like iPads, can lockup.
The message, eMail, or other app just needs to send a crafted message with a special character set to cause the lockup. That crafted message has made it onto many forums so the lockups are becoming more and more common. 
 Apple is aware and says it has the fix. Until the fix is available you might consider disabling Notifications for some apps and features like Messenger, eMail, etc.
 It's not the app, its the Notification.
 Settings -> Notifications  then Notifications Off for Messages, etc.
Then re-enable Notifications once the problem is fixed.

Update: With out Notification Messages, eMails, and other Apps will need to be explicitly checked. The lockups, freezes, etc. are usually a nuisance.Balance that with having no notification. A power cycle, wait for automatic reboot, etc.

Saturday, April 25, 2020

COVID-19 Cyber Safety

Safer  NOT Safe

 Major cyber security outlets cite 30,000% increase in Covid-19 scams, attacks, IDentity thefts, security breaches, and other criminal activity. The lock down has affected the criminal element, they are fighting back.

 Most of the financial damage to our cyber wealth has been using scams to which no amount of security hardening of our Internet connected devices would prevent.
Is your credit card number for sale on the Dark Web? Enter it here to find out. If it wasn't before, it will be now.

 All of the major browsers have had security updates recently. Most of the browser add-ons, banking applications, VPNs, zoom, etc. have several security updates. Microsoft, Apple, Linux   same efforts.

 Microsoft released KB4550945 out of band April 22. Very rare, Very important. As last Tuesday is non on a B schedule, you will need to use Windows Update to request it.
 Zoom has important updates to date and should update to release 5 very soon.

 We are feeling financial pain. The criminal element is feeling their financial pain. Take effort to not let their pain cause your pain.

Friday, April 17, 2020

Linksys and D-Link routers and or Wireless Access Points

 All users of Linksys Smart Wi-Fi accounts had their passwords at that site reset 2-Apr-2020. Linksys found a large amount of traffic using a suspected credential stuffing attack to access that account's network. If successful the attackers changed the device's DNS settings to steer users to sites hosting COVID-19 related malware. The malware attempted to steal user's credentials for banking, financial, digital wallets, and others.
 If you have used Linksys Smart Wi-Fi web site to manage or monitor your Linksys or D-Link devices you should reset your account's password and check your device's DNS settings.

 It is good practice to have each device on your network use the local DNS settings on each network the device can connect to instead of the perimeter network devices like routers, cable modems, or Wireless Access Points.

Secret Consumer Score

 I recall getting a report card in school. Grades for the classes. Then a Deportment score. 
 The classes reports were understood and had a known range or score. A-F or 0-100 or similar. Deportment was free form and could be misunderstood. And verbose.

 Same now in the cyber world. We are aware of credit scores. Easily understood, though not always agreed.
 We might have a deportment score as well. I have yet to find a common name for this score or rating. Quite a few companies track and supply their customers with your consumer scores. The companies I have seen in reports:
 Zeta Global
 Retail Equation
 Consumer advocates who report on such matters tell interesting tales of the report contents. A reporter for the New York Times got a 400 page report on their activity that produced a customer score. The report included most of their messages to Airbnb, Yelp, etc. The report also included the date, time, device information, IP address, and more.
 Clients of these services use the information and consumer score to assess your trustworthiness. How long you have waited on hold, do you return items often, order take out late evenings, etc.
 For a period of time the companies might provide your report if you were under the GDPR protections. Now the response to a request for your data might be denied. The recent California Consumer Privacy Act has given some flux to the response requirements of these companies.
 The customers of these companies (You are the product, not a customer) use the reports and scores to help prevent fraud, flag big spenders, and perhaps give you the VIP treatment.
 A shock to the reports is how far back the data is kept. A shock is how arbitrary the scoring might be.

 I have requested my data. I will update this post if I obtain any.

Thursday, April 16, 2020

Contact Tracing

 With the COVID-19 pandemic,  public and public health agencies are seeking ways to better control contagion.

 In 2017 BBC ran an experiment where British citizens were offered a smart phone application (app) to track their movements and correlate such movements with crowds to mathematically simulate a virus outbreak. 

 With the COVID-19 outbreak Singapore's government offered a smart device app TraceTogether.  Singapore has closed its borders, but business remains open. The app uses Bluetooth tracking with the user's permission to inform subscribers of potential contacts with known infections. Problem they found, not enough subscribers to be that effective.

 Now Apple and Google are working a similar method but the capability is to be built into the smart device's operating system. Thus iOS, iPadOS, Android would gain the capability with the normal smart device updates. This allows the capability to be turned off when the crisis passes, better control, regulation, and integration with public health technical capabilities.

 Warning about having smart devices with Wi-Fi enabled while away from the home network. The device will "beacon" its home network name as well as recent network names the device has associated with. The normal behaviour is to silently associate with any of these Wi-Fi network names. Convenient for home networks so no user actions needed to leave home and come back within Wi-Fi range. Not so safe as anyone with a radio can see these Wi-Fi beacons, name their Wi-Fi network name to match the beacon name, and you device will silently associate with this rogue network.

 Bluetooth has a shorter range with the integrated radio. Bluetooth randomizes its MAC address. The proposed tracking effort would further hash and change a Rolling Proximity Identifier every 15-20 minutes. These are received and recorded by any other Bluetooth device within range. The sending device can recreate these Identifiers.
Your device changes and sends these identifiers. Your device receives and records those other devices seen by the Bluetooth radio with an automatic delete after a preset interval. 
 When someone is diagnosed the public health authority issues that person a certificate which is added to the infected person list. If your device has been within Bluetooth proximity you will be informed so as to take the appropriate actions.

 Recall the HIPPA regulations and similar regulations, practices, and procedures are suspended during a pandemic. COVID-19 is a notifiable disease, health officials must inform the public. A contact tracing system can predict where the supplies needed should be deployed.

 Time will tell if this effort helps with the spread of COVID-19 and any follow-on contagions. 

 Our current efforts have been abused. People citing infection to have their workplace sent home, and all manner of other malformed behaviours.

 Then the issue of a difference between radio/Bluetooth proximity and virus transmit proximity. Apartment floors and walls as an example. And the reverse - virus spread via mutual touched surfaces and no radio proximity.

Tuesday, April 14, 2020

Microsoft Patch Tuesday 14-Apr-2020

 113 vulnerabilities patched with this patch Tuesday (2nd Tuesday of each month) session of updates.

The reported vulnerabilities in the Adobe Font Manager Library that missed last month's cycle is patched with today's update release. 

 There has been several Windows Defender signature updates recently as well.

 19 Critical updates, 3 with known active exploits. for more information.

Update: This patch update caused performance issues on one of our machines. Then on 22-Apr Microsoft released KB4550945 which resolved those issues. Rare for Microsoft to release out-of-band updates. The details have been slow in coming which prompted me to apply this update.

Saturday, April 11, 2020

Stimulus funds

 Reports today (11-April) of stimulus checks arriving via direct deposit to banks.

 Recall the issues in the past wherein people have had their refund stolen by tax payer information stolen (recall information gives no indication of being stolen).

 The IRS is to use a number of external companies to capture information of our information to further guide the stimulus funds.
Intuit to capture and update information for non-filers, and another set of companies to change your bank routing and account information. Just in case you've changed accounts or have other issues since you have last filed a tax return.


So asking the normal information, all available as public records or obtained via phishing, social media, etc.
Some/anyone else can file for your stimulus check(s) before you do, just as a very large number of us have had their tax refunds stolen.
You (or they) need to supply a phone number. Easily done by someone else. 
Then other security checks can currently be skipped.
Last years Adjusted Gross Income. Skip
PIN. Skip
State issued driver's License number or state issued ID: Leave blank

 As it is/was with tax refunds:
Be first to your stimulus funds before fraudsters.
BUT be real real sure you are at the real site and not a site created to steal your IDentity and stimulus funds.

Recall from last years Cyber Security SIG meetings, the city of San Marcos was a victim of a phishing attack where the tax details of all employees was sent to a external eMail address claiming to be a person in authority. Many of those employees were victim to a campaign to route federal tax refunds to other bank accounts or prepaid credit/debit cards.  With today's environment with workers working remotely or from home, the chance of a similar phishing attack increase AND the chance of such information being in transit over the Internet un-encrypted also is increased.

Chances of you being a victim are slight. But recovering your federal IDentity can take years.

 Awareness, Preparedness, Understanding.

Update: 15-April-2020

The IRS launched a website for tracking your stimulus payment.

MANY are reporting: Payment Status Not Available

Update:  25-Apr-2020   The first batch of 5 million paper checks due to arrive "soon" - this week. More checks are scheduled to be sent each week, about 5 million per week until September.

As stated above you may choose to provide the IRS with your bank direct deposit information to perhaps speed the process. Several sites that capture that information and have your stimulus payment information changed to their bank accounts have been found and taken down. Ability to capture your IRS interactions by manipulating DNS or BGP are in use  with new ones appearing daily. Phone scams, pop-up and browser ads and many other Covid-19 methods in use by criminals to steal your stimulus funds, sell you pandemic gear or treatments have increased by 30,000% in recent days. NOT a typo 30,000%
 Again, awareness, preparedness, and understanding to protect your financial wealth is a goal of the Cyber Security SIG>

Thursday, April 9, 2020

SuperVPN on Android devices

 Google has removed SuperVPN from Google Play store. Very popular return from search for VPNs in the Google Play store until it was removed 9-Apr-2020.
 About 100 million loads.
 Suggest you remove SuperVPN and replace with another VPN service.

Wednesday, April 8, 2020

Experian crossing creepy line?

Google's CEO said "Google policy on a lot of these things is to get right up to the creepy line and not cross it."
 I feel the creepy line in my opinion has been crossed at times.

 Then today we got this eMail:

So the subject line has an explicit amount and a name on the subject line. Bad practice. The amount cited is an exact figure of a recent change yesterday. Our bank online statement still does NOT list this charge at the time of this post.
The message headers indicate this is sent MIME to get the images and graphics.  Not S/MIME.
I didn't know FICO legal name was Fair Isaac Corporation.

 Equifax, Experian, TJ Maxx, Ashley Madison, Target, zoom, Marriott, ...
We are all in this together.They are also all in this together.

Awareness, Preparedness, Understanding.

Live your life like your life has been captured for use. It probably has.

Tuesday, April 7, 2020

Updates abound 4/7/2020

iOS 13.4.1  iPadOS 13.4.1  MacOS beta updates (two in 2 days)
macOS Catalina 10.15.4 Supplemental update
Chrome, Brave, Vivaldi, Firefox, Safari, Tor, tutanota all have updates today or recently

New information today 4/8/2020:
Most browsers has similar or related vulnerabilities that allow a remote attacker to take control of video cameras, microphones, GPS data, and/or stored passwords. Some botnets see attempts to find digital wallets or key chain data.

 Evidence via researchers show an increase in attack attempts. Compromises are triggered by visiting malicious web sites OR valid sites hosting malicious ads.

Use in browser methods to check the version of any/all browsers, update, and do not forget browsers on smartphones, tablets, and home devices.

I will cover this in more detail later. I would advise visiting with any/all of your browsers, note the detail, and take the actions to increase safer browsing.

Our current situation increases the motivation for by browser attacks. Covid-19 health tips, stimulus checks, unemployment, job seeking sites, economy, etc. We're more apt to visit sites like these and many more - grocery delivery, ...

Thursday, April 2, 2020

Home Garage and Automobile security

 Recent events in Sun City. Thefts from cars in driveways.

 Having your garage door closed with the cars inside helps - to a degree.
Most garages have a garage door opener. Keypad near garage door entry, or use of a remote control door opener carried in a car.  Your keypad has a 4 digit code  so a number between 0 and 9999. or 10,000 or so combinations to have a thief or bugler or home invader attempt go gain entry.
Not so for most garage door remote control openers!  Most have a shift register in the receiver attached to the opener inside the garage. So instead of programming a open code, trying that code, waiting for the receiver on the in garage opener to reset, a device can arrange the possible codes in a single string of codes, send that string as a serial signal and cycle thru all 10,000 combinations in about 8 seconds.
That thief can capture the signal, then replay it after you've closed the door and driven away. Newer garage door openers use one time codes and other mitigations to prevent this vulnerability.
with the recent rash of someone rummaging thru unlocked cars in the neighborhood, they can easily capture the remote garage door opener's code and/or signal to be used later. Might thus suggest changing the code after an occurrence.

 For automobiles with key less entry and/or start the capture and replay of the unlock code was a thing. Recent automobiles have mitigated this. We Always use the button on the car door handle to lock our car so no signal is broadcast.

 However a video played at a recent cyber security SIG meeting shows a surveillance camera capturing two individuals approaching a new Mercedes in a driveway. One stands by the car, the other gets close the the house and walks the exterior with a radio scanner in his hand. That scanner has a transmitter to relay a signal to the other person near the car. After a few seconds the car flashes lights to indicate it has been unlocked. He gets access to the car, gets into the drivers seat. The other person starts to run to the getaway car, but is stopped when the car thief indicates the car won't start. The person scanning the house goes back to the house, scans again, the car now starts and both drive away with the stolen car. So a cough drop metal tin on the bedside table to hold your keys while sleeping might be a good idea.   Why does the car not stop when out of range of the key fob? Safety - what is you're driving when the key fob runs out of battery? Of falls off the roof of the car wher it was placed "just for a second".