Warns
now browsing by tag
HPE warns of impending SSD disk doom – Naked Security
Source: National Cyber Security – Produced By Gregory Evans
Techies are used to worrying about the longevity of their data storage. Hard drive heads used to have a nasty habit of crashing before laptops introduced software to protect them from drops and power surges. ‘Data rot‘ can damage your DVD storage, and magnetic tape can suffer as its substrates and binders degrade.
But what about the firmware, which contains the instructions for reading and writing from the media in the first place? That’s now an issue too, thanks to HPE. It had to recall some of its solid-state drives (SSDs) last week after it found that they were inadvertently programmed to fail.
The company released a critical firmware patch for its serial-attached SCSI (SAS) SSDs, after revealing that they would permanently fail by default after 32,768 hours of operation. That’s right: assuming they’re left on all the time, three years, 270 days, and eight hours after you write your first bit to one of these drives, your records and the disk itself will become unrecoverable.
The company explained the problem in an advisory, adding that an unnamed SSD vendor tipped it off about the issue. These drives crop up in a range of HPE products. If you’re a HPE ProLiant, Synergy, Apollo, JBOD D3xxx, D6xxx, D8xxx, MSA, StoreVirtual 4335, or StoreVirtual 3200 user and you’re using a version of the HP firmware before HPD8, you’re affected.
You might hope that a RAID configuration might save you. RAID disk implementations (other than RAID 0, which focuses on speed), mirror data for redundancy purposes, meaning that you can recover your data if disks in your system go down. However, as HPE points out in its advisory:
SSDs which were put into service at the same time will likely fail nearly simultaneously.
Unless you replaced some SSDs in your RAID box, they’ve probably all been operating for the same amount of time. RAID doesn’t help you if all your disks die at once.
This bug affects 20 SSD model numbers, and to date, HPE has only patched eight of them. The remaining 12 won’t get patched until the week beginning 9 December 2019. So if you bought those disks a few years ago and haven’t got around to backing them up yet, you might want to get on that.
HPE explains that you can also use its Smart Storage Administrator to calculate your total drive power-on hours and find out how close to data doomsday your drive is. Here’s a PDF telling you how to do that.
Unfortunately, HPE didn’t include the same kind of warning that Mission Impossible protagonist Jim Phelps got at the beginning of every episode: “This tape will self destruct in five seconds”.
But then, 117,964,800 seconds is a little harder to scan. In any case, your mission, should you choose to accept it, is to back those records up.
The post HPE warns of impending SSD disk doom – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | hacker | Hill warns lawmakers not to spread Ukraine election interference narrative pushed by Russia
Source: National Cyber Security – Produced By Gregory Evans
Just a day after the Trump administration’s former top Russian expert testifying in an impeachment hearing took GOP lawmakers to task for spreading “a fictional narrative” about Ukraine meddling in the 2016 U.S. presidential election, a new report revealed that senators and their aides recently were told by U.S. intelligence officials that the tale was part of a multiyear Russian disinformation campaign.
“The Russians have a particular vested interest
in putting Ukraine, Ukrainian leaders in a very bad light,” Fiona
Hill, a former White House adviser on Russia, said Thursday. “Based
on questions and statements I have heard, some of you on this committee appear
to believe that Russia and its security services did not conduct a campaign
against our country — and that perhaps, somehow, for some reason, Ukraine did.
This is a fictional narrative that has been perpetrated and propagated by the
Russian security services themselves.”
Hill said the narrative could cause harm to the
U.S. and give Russia a foothold in next year’s election. “Right now,
Russia’s security services and their proxies have geared up to repeat their
interference in the 2020 election. We are running out of time to stop them,” Hill
said, asking lawmakers to avoid promoting “politically derivative falsehoods
that so clearly advance Russian interests” during the impeachment probe.
Her blunt assessment came nearly a week after other witnesses such as former Ambassador to Ukraine Marie Yovanovitch, National Security Council Director of European Affairs Lt. Col. Alexander Vindman and EU Ambassador Gordon Sondland painted a picture of a president pressuring the new Ukraine president, Volodymyr Zelenskiy, for dirt on political rival Joe Biden by withholding aid.
President Trump and his Congressional supporters have repeatedly
raised the specter of Ukraine interfering
in the 2016 election. But diplomats and officials testifying during the impeachment
hearings have dismissed that notion – and allegations that Biden while vice
president pressured Ukraine to dump a prosecutor to shield his son, Hunter, who
served on the board of a Ukrainian energy company – as false, citing an IC
assessment released in 2017 that pinned election interference on Russia.
Vindman,
who testified before the panel earlier in the week, referred to the tale as “a Russian narrative
that President Putin has promoted.” That’s what the intelligence community
recently told senators and their aides, detailing Russia’s long-term initiative
to finger Ukraine as the culprit behind 2016 election meddling by using a
network of intelligence officers and prominent Russians and Ukrainians to
spread disinformation to politicians and journalists, according to a Friday report
in the New York Times.
Earlier in the day the president and GOP lawmakers seemed to
double down on the Ukraine narrative with Trump telling the hosts of Fox &
Friends that Ukraine was hiding a server that the Democratic National Committee
(DNC) turned over to CrowdStrike, which the president incorrectly referred to as
a Ukrainian company. “They have the server, right, from the
DNC, Democratic National Committee,” said Trump. “They gave the server to
CrowdStrike or whatever it’s called, which is a country — which is a company
owned by a very wealthy Ukrainian. And I still want to see that server. You
know, the FBI’s never gotten that server. That’s a big part of this whole
thing. Why did they give it to a Ukrainian company?”
The president also had referenced
a server and CrowdStrike in the July 25 phone call with Zelensky at the heart
of the impeachment hearings, presumably referring to the server that the
company examined as part of its investigation into Russia’s hack of the DNC during the run-up to the
2016 presidential election.
The intelligence community has been united in its assessment
that Russia was behind the DNC hack and a widespread influence campaign aimed
at benefiting the Trump campaign. And former Special Counsel Robert Mueller laid
out evidence of Russia’s initiative, indicting a number of people and
organizations, including 12 GRU officers, in the caper.
Mueller’s probe bore fruit again last week when a jury found longtime
Trump confidante and campaign adviser Roger Stone guilty on seven charges,
including of lying to Congress and obstruction regarding his communications
with the Trump campaign and WikiLeaks.
The post #cybersecurity | hacker | Hill warns lawmakers not to spread Ukraine election interference narrative pushed by Russia appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns
Source: National Cyber Security – Produced By Gregory Evans
A Facebook post that resurfaces around the holiday season has been declared as an illegal scam, according to the Better Business Bureau.
The post discusses the “Secret Sister Gift Exchange,” where participants are instructed to send one gift in order to receive up to 36 gifts in return. However, it’s easy to see that the math just doesn’t add up.
“These gift exchanges, while they look like innocent fun, are really pyramid schemes – and are considered illegal,” the BBB warns.
The gift exchange first became popular in 2015. Users were encouraged to invite others to participate in the exchange and were told that they would receive information on where to send the gifts.
Eventually, participants will be instructed to send an email or social media invitation to send a modest gift to a stranger along with their friends, family and contacts.
“The cycle continues and you’re left with buying and shipping gifts for unknown individuals, in hopes that the favor is reciprocated by receiving the promised number of gifts in return. Unfortunately, it doesn’t happen,” says the BBB.
In reality, the scam relies on recruitments to remain afloat. When people stop participating, the supply of gifts dwindles, letting down countless people who were expecting gifts.
But it doesn’t end there: the information you provide during the exchange can easily end up in the hands of cyber thieves.
“When signing up, the alleged campaign organizer is asking for personal information such as a mailing address or an email,” says the BBB. “With just a few pieces of information, cyber thieves could expose you to future scams or commit identity theft.”
The BBB recommends keeping the following tips in mind should you receive an invitation to participate in an online gift exchange with people you don’t know:
- Ignore it. Pyramid schemes are illegal in the United States and Canada.
- Report social media posts inviting users to participate in the gift exchange.
- Avoid giving out personal identifying information to strangers.
- Be aware of false claims. Even invitations that claim to be legal and endorsed by the government are false, as the government will never endorse illegal activity.
Click here to sign up for Daily Voice’s free daily emails and news alerts.
The post #cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns appeared first on National Cyber Security.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | City of Ekurhuleni warns of ongoing scams and cyber crime
Source: National Cyber Security – Produced By Gregory Evans With the festive season approaching, the City of Ekurhuleni (CoE) warns people of scammers who have been reportedly scamming people of their money. This follows complaints received by the City from people who have been scammed by people pretending to be municipal officials. Many victims were […] View full post on AmIHackerProof.com
#cyberfraud | #cybercriminals | Nevada Attorney General warns about cyber scams targeting minors
Source: National Cyber Security – Produced By Gregory Evans NEVADA (KTNV) — As part of Cybersecurity Awareness Month, Nevada Attorney General Aaron D. Ford advises Nevada’s youth and parents to be aware of online scams targeting minors. Just like adults, scammers target young people through popular online platforms, such as apps, games, and popular social […] View full post on AmIHackerProof.com
Local #cyber-security #firm warns #voters of #clickbait links ahead of #GE14
A local cyber-security firm have warned voters to be prepared for a rise in clickbait phishing links that could potentially be a cybersecurity threat in the upcoming 14th General Election (GE14).
Quann Malaysia general manager, Ivan Wen, said in a statement that the internet could see a rise in clickbait phishing sites or emails with attachments and sensational titles that trick users to click links for “Exclusive” or “Shocking” stories.
“When a news sounds too good to be true, it is likely fake news,” he said.
Phishing sites are used to trick victims into giving their personal data such as email addresses, identity card numbers, and even credit card information.
These phishing emails can also launch ransomware attacks that encrypt important information on the device.
In a worst-case scenario, this can become a national threat, the firm said.
“Besides that, these phishing links could automatically be shared with your contacts once they have access to your device,” Wen said.
According to a report by Dynamic Business Technologies, 48 per cent of IT providers reported that phishing emails were behind ransomware attacks.
Quann cites two country elections where clickbait links resulted in cyber security threats.
In the 2016 US Elections, a phishing campaign by Russian Intelligence Agency was allegedly launched against a US company involved in developing election systems. Fake Google alert emails were sent to employees which when clicked took them to a legitimate looking Google site where hackers were able to steal their data.
Using information obtained in the attack, the hackers sent 122 phishing emails containing Microsoft Word document attachments to local government agencies offering ‘election related products and services’.
These documents had been ‘trojanised’ with a Visual Basic script that once connected to the internet, downloaded an unknown payload to the device, to steal and access the victim’s information, the company said.
Wen said in UK last year, several parliament MPs were targeted in a phishing campaign. While the report said parliament sites and addresses were not compromised, several individual’s personal emails were being compromised with key information leaks.
To prevent being infected by malware via clickbait links, the company advised users to take the following precautions:
• Key in the address of a legitimate news site instead of directly clicking links sent to you
• Before clicking, hover your mouse pointer over the link to view the link address. Do not click website links that are unfamiliar, even if they came from someone you know. Their accounts could have been compromised.
• Install an Anti-Phishing Toolbar and Antivirus that run quick checks on sites you visit to ensure they are safe to visit.
• Only access secure sites that begin with “https” with a closed lock icon near the address bar.
• Regularly monitor your online accounts to ensure they have not been hacked. Use strong passwords and regularly change them.
• Regularly update your browsers with the necessary security patches.
• Beware of pop-up windows masquadering as legitimate extensions of a website as they are often used to target users visiting a website that has been compromised.
The post Local #cyber-security #firm warns #voters of #clickbait links ahead of #GE14 appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers could kill #patients by #attacking their #pacemakers, warns #Royal Academy of Engineering
Hackers could kill patients by attacking their pacemakers or heart pumps, the Royal Academy of Engineering has warned.
In a new report, security experts warned that health tech is vulnerable to cyberattacks which could have ‘severe consequences’ for patient safety.
The RAENG warned that the number of the number of healthcare devices which are susceptible to hacking is growing which not only poses a threat to individuals, but also provides a way to gain access to entire networks.
The experts cautioned that pacemakers or wearable health monitors which are linked up to the internet or internal computer networks could also provide a gateway for hackers to plant ransomware into systems, potentially crippling in the NHS or government departments.
Some US hospitals have already been infected by the Wannacry and Medjack computer viruses after hackers targeted medical devices which were not protected.
Professor Nick Jennings, a fellow of the RAENG and Vice Provost at Imperial College London said: “There is genuine harm that can be done through poor cyber security on medical devices, on future-connected homes, on autonomous vehicles, and if they are not dealt with then that will lead to harms and deaths.
The post Hackers could kill #patients by #attacking their #pacemakers, warns #Royal Academy of Engineering appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
IRS #WARNS #HACKERS ARE #TARGETING #TAX #PREPARERS
Source: National Cyber Security News
The IRS issued a warning to certified personal accounts. It says hackers are now targeting the CPA networks and tax preparers should be on high alert.
The IRS has issued a warning to certified public accountants. It says hackers are now targeting the CPA networks, and tax preparers should be on high alert.
Clayton Moore, a certified public accountant at Moore and Moore in Tupelo, says these sort of attacks have been around for years. A part of the reason is a CPA firm could be a one-stop shop for a hacker because all of your personal data is being stored in one place.
“CPA firms data is very valuable. Our clients trust in us that their information is secure,” said Moore. “It is up to us to protect their data.”
Moore says an important way to keep data protected is making sure all staff is aware of methods hackers will use to gain access to the network.
“Often times it’s a phishing email that can look very, very convincing it is from that sender,” added Moore. “It’s not from that sender, and the attachment is not your report. It’s malicious software that is going to download on the network.
View full post on National Cyber Security Ventures
Top #cyber-security #official warns of #lackluster #response to #attacks
Source: National Cyber Security News
A second top cyber-security official is sounding the alarm over the US’s inadequate response to Russian and other cyberattacks.
Army Lt. General Paul Nakasone told the Senate Armed Services Committee that adversaries that include Russia, China, North Korea and Iran are not facing retribution for their cyberattacks on the US.
“They do not think that much will happen. They don’t fear us. That is not good,” said Nakasone, Trump’s nominee to direct the US Cyber Command and the National Security Agency.
He said his role would be to present options to Trump, but the strategy “emanates from the executive branch.”
Sen. Ben Sasse (R-Neb.) said Nakasone’s assessment that the US doesn’t retaliate when attacked is the “most important” exchange happening at the Capitol.
Sasse said while 80 percent of congressional hearings are “fake” and 90 percent are “pointless,” this one matters because a sense of urgency is “bubbling up” to counterattack.
“We are not responding in any way that is adequate to the challenge that we face,” Sasse said.
On Tuesday, Adm. Mike Rogers, current head of the NSA and U.S. Cyber Command, warned that Russia is still trying to meddle in American elections and the US hasn’t done enough to dissuade such interference.
View full post on National Cyber Security Ventures
Cyber security #firm warns of #rising #QR code #scams
Source: National Cyber Security – Produced By Gregory Evans
A leading regional cyber security services provider, Quann Malaysia (formerly known as e-Cop Malaysia), has warned of scammers starting to use fake ‘quick response’ (QR) codes to steal data and money from users.
Quann Malaysia, in a statement, said the black-and-white squares were often seen on websites, restaurants, advertisements, rental bikes and retail outlets — to enable users to quickly scan to unlock, or retrieve information related to a business.
The post Cyber security #firm warns of #rising #QR code #scams appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
D5 Creation