Tag: Security

Posted on

Hackers Claim to Have Nearly 7 Million of Dropbox Usernames and Passwords

Dropbox-icon-960x540

UPDATE:
From Dropbox Blog:

Dropbox wasn’t hacked

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Ars Technica:

Popular online locker service Dropbox appears to have been hacked. A series of posts have been made to Pastebin purporting to contain login credentials for hundreds of Dropbox accounts, with the poster claiming that altogether 6,937,081 account credentials have been compromised.

Reddit users who have tested some of the leaked credentials have confirmed that at least some of them work. Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though thus far other accounts do not appear to have had their passwords reset.

Statement from Dropbox:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

Regardless of the claim from both the hackers and Dropbox, it is recommended for users to change their passwords. Enabling two-step verification is also highly recommended.

Posted on

Scam Alert: Fake Virus Warning to Make Users Call 1-855-420-8247

A tip from reader:

Scam Alert 1-855-420-8247

A pop-up warning showed up on Safari claiming the viruses were found on the computer. It was almost impossible to quit Safari as the pop-up re-emerges when closed. One way to deal with this is to force quit (Command-Option-Escape) Safari, then disable the auto-resume feature in OS X. In OS X Lion, Mountain Lion and Mavericks, go to System Preferences > General > and uncheck the “Restore windows when quitting and re-opening apps” option.

In the upcoming OS X Yosemite, the option looks slightly different; well, more than slightly different.

Check the “Close windows when quitting an app” option.

Close-windows-when-quitting-an-app

This particular scam has been around for a while.

It seems the scammer was astroturfing the comments on this page.

Posted on

Scam Alert: AppleSecurityIssue.com

A reader passed along an information on a scam site targeting Mac users.

The site address is applesecurityissue.com

applescurityissue.com scam

Quick search on the phone number 1-800-610-8993 yields one discussion at Apple Support Communities, so far. The site itself was registered on September 4, 2014 and updated today, September 18, 2014.

Whois information on applesecurityissue.com:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: APPLESECURITYISSUE.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS17.JIXHOST.COM
Name Server: NS18.JIXHOST.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 18-sep-2014
Creation Date: 04-sep-2014
Expiration Date: 04-sep-2015

>>> Last update of whois database: Thu, 18 Sep 2014 20:01:06 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar’s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant’s agreement with the sponsoring
registrar. Users may consult the sponsoring registrar’s Whois database to
view the registrar’s reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services’ (“VeriSign”) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: APPLESECURITYISSUE.COM
Registry Domain ID: 1874184235_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-09-04 11:22:40
Creation Date: 2014-09-04 11:22:40
Registrar Registration Expiration Date: 2015-09-04 11:22:40
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Gaurav Kumar
Registrant Organization:
Registrant Street: New Delhi
Registrant City: Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110018
Registrant Country: India
Registrant Phone: +91.1234567890
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: gautam@webcreationindia.co.in
Registry Admin ID:
Admin Name: Gaurav Kumar
Admin Organization:
Admin Street: New Delhi
Admin City: Delhi
Admin State/Province: Delhi
Admin Postal Code: 110018
Admin Country: India
Admin Phone: +91.1234567890
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: gautam@webcreationindia.co.in
Registry Tech ID:
Tech Name: Gaurav Kumar
Tech Organization:
Tech Street: New Delhi
Tech City: Delhi
Tech State/Province: Delhi
Tech Postal Code: 110018
Tech Country: India
Tech Phone: +91.1234567890
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: gautam@webcreationindia.co.in
Name Server: NS17.JIXHOST.COM
Name Server: NS18.JIXHOST.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-09-18T20:00:00Z

The data contained in GoDaddy.com, LLC’s WhoIs database,
while believed by the company to be reliable, is provided “as is”
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the “registrant” section. In most cases, GoDaddy.com, LLC
is not the registrant of domain names listed in this database.

Posted on

Synology Issues Official Statement to Address SynoLocker Ransomware

Synology on SynoLocker

Synology has been sending users email regarding the SynoLocker ransomware, mirroring the statement posted at Synology website from August 5, 2014.

Dear Synology users,

We would like to inform you that a ransomware called “SynoLocker” is currently affecting some Synology NAS users. This ransomware locks down affected servers, encrypts users’ files, and demands a fee to regain access to the encrypted files.

We have confirmed that the ransomware only affects Synology NAS servers running older versions of DiskStation Manager by exploiting a security vulnerability that was fixed and patched in December, 2013.

Affected users may encounter the following symptoms:

  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • Abnormally high CPU usage or a running process called “synosync” (which can be checked at Main Menu > Resource Monitor).
  • DSM 4.3-3810 or earlier; DSM 4.2-3236 or earlier; DSM 4.1-2851 or earlier; DSM 4.0-2257 or earlier is installed, but the system says no updates are available at Control Panel > DSM Update.

If you have encountered the above symptoms, please shutdown the system immediately and contact our technical support here: https://myds.synology.com/support/support_form.php

If you have not encountered the above symptoms, we strongly recommend downloading and installing DSM 5.0, or any version below:

  • DSM 4.3-3827 or later
  • DSM 4.2-3243 or later
  • DSM 4.0-2259 or later
  • DSM 3.x or earlier is not affected

You can manually download the latest version from our Download Center and install it at Control Panel > DSM Update > Manual DSM Update.

If you notice any strange behavior or suspect your Synology NAS server has been affected by the above issue, please contact us at security@synology.com.

We sincerely apologize for any problems or inconvenience this issue has caused our users. We’ll keep you updated with the latest information as we continue to address this issue.

Thank you for your continued patience and support.

Sincerely,
Synology Development Team

As a rule of thumb, Synology users should put their DiskStations behind firewalls and disable port forwarding for now. Make sure the DiskStations are running the latest version of DSM possible. More importantly, backup the content of the DiskStation.

Posted on

WordPress 3.9.2

WordPress 3.9.2 is released to address some security issues.

WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately.

This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It  was fixed by Michael Adams and Andrew Nacin of the WordPress security team and David Rothstein of the Drupal security team. This is the first time our two projects have coordinated joint security releases.

It is highly imperative to update to WordPress 3.9.2.

WordPress 3.9.2

In July 2014, WordPress plugin MailPoet were found to be vulnerable and affected sites running Joomla and Magento.

Posted on

Synology Vulnerability and Ransomware

In the early Sunday morning of August 3, 2014, a tweet by Mike Evangelist was linked on Hacker News.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

Mike Evangelist Tweet Synology Synolocker

I was somewhat scared by this news as some users at Synology forums reported that they were also victims of  SynoLocker which is a CryptoLocker malware which specifically targets Synology NAS. I am managing numbers of Synology NAS for a few small offices and homes. Granted that none of them are directly connected to the Internet, but I have to make sure none of them would be hacked and crypto-locked.

Make sure your Synology NAS is running the latest DSM Operating System.

Synology Software Update

For now, disable the QuickConnect service.

Synology Disable QuickConnect

Disable all port-forwarding if your Synology DiskStation is behind a NAT Firewall. This is a definite inconvenience; better to be safe than sorry.

More importantly, back-up the content of your Synology NAS. Should anything happen, you still have your data. My colleague has a great advice on backing up:

As always, if you have data on your Synology that you consider irreplaceable, make sure that you have it backed up to. I’d recommend using the built in Amazon S3 client. It’s cheap and fairly easy to set up, and should help you in case of a disaster.

I personally also run a backup to another hard drive locally for rapid recovery.