Tag Archive for Security

| November 26, 2021
Comments Off on GoDaddy WordPress Sites Hacked?

GoDaddy WordPress Sites Hacked?

GoDaddy WordPress Sites Hacked?GoDaddy (GDDY), the world’s largest domain name registrar, disclosed that it had been hacked. According to reports on Monday (11/22/2021), an unknown attacker gained unauthorized access to the system used to provision the company’s Managed WordPress sites. This breach impacts up to 1.2 million GoDaddy WordPress customers. This number does not include the number of customers of websites affected by this breach.

GoDaddy logoThe company posted, We are sincerely sorry for this incident and the concern it causes for our customers,” “We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down.

GoDaddy resellers also compromised

On Tuesday (11/23/2021), GoDaddy confirmed that some of their resellers were also compromised in the attack. If you purchased your WordPress domains from

Assume your WordPress site has been compromised.

According to the SEC report filed by the Scottsdale, AZ-based firm, the attacker gained access via a compromised password on September 6, 2021. The attacker was discovered on November 17, 2021, when the attacker’s access was revoked. The attacker had more than two months to establish persistence, so anyone currently using GoDaddy’s Managed WordPress product should assume compromise until they can confirm that is not the case.

What happened at GoDaddy?

credentials in cleartextSeveral sites are reporting that GoDaddy stored sFTP (Secure FTP) credentials so that the plaintext versions of the passwords could be retrieved, rather than storing salted hashes of these passwords or providing public key authentication, which is industry best practice. This decision allowed an attacker direct access to password credentials without cracking them. According to their SEC filing: “For active customers, sFTP and database usernames and passwords were exposed.”

What did the attacker have access to?

The SEC filing indicates that the attacker had access to:

  • User email addresses,
  • Customer numbers,
  • Original WordPress Admin password that was set at the time of provisioning,
  • SSL private key and
  • sFTP and database usernames and passwords.

What could an attacker do with this info?

The attackers had unrestricted access to these systems for over two months. During that time, they could have:

  • Secure FTPThey have taken over these sites by uploading malware or adding a malicious administrative user. This allows them to maintain persistence and retain control of the sites even after the passwords are changed.
  • The attacker would have had access to sensitive information, including website customer PII (personally identifiable information) stored on the impacted sites’ databases.
  • Sometimes, an attacker could set up a man-in-the-middle (MITM) attack that intercepts encrypted traffic between a site visitor and an affected site.
  • The exposed email addresses and customer numbers cause increased phishing risks.

How to resecure your GoDaddy host WordPress site

GoDaddy should be notifying impacted customers. In the meantime, experts recommend that all Managed WordPress users assume that they have been breached and perform the following actions:

  1. If you run an e-commerce site or store PII (personally identifiable information) and GoDaddy verifies that you have been breached, you may be required to notify your customers of the breach.
  2. Change passwordsChange all of your WordPress passwords.
  3. Force a password reset for your WordPress users or customers.
  4. Change any reused passwords and advise your users or customers to do so. 
  5. Enable 2-factor authentication wherever possible. 
  6. Check your site for unauthorized administrator accounts.
  7. Scan your site for malware using a security scanner.
  8. Check your site’s filesystem, including wp-content/plugins and wp-content/mu-plugins, for any unexpected plugins or plugins that do not appear in the plugins menu.
  9. Be on the lookout for suspicious emails.

rb-

These GoDaddy data breaches are likely to have far-reaching consequences. GoDaddy’s Managed WordPress offering makes up a significant portion of the WordPress ecosystem, affecting site owners and their customers. The SEC filing says that “up to 1.2 million active and inactive Managed WordPress customers” were affected. Customers of those sites are most likely also affected, which makes the number of affected people much larger.


Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| October 11, 2021
Comments Off on Feds Nab Printer Toner Firms for Fraud

Feds Nab Printer Toner Firms for Fraud

Feds Nab Printer Toner Firms for FraudFollowers for the Bach Seat know that printer ink is one of the most expensive materials on earth. Well, the U.S. Department of Justice just prosecuted one of the worst examples of the sky-high price of printer toner. The DOJ announced that Gilbert N. Michaels of West Los Angeles was sentenced to 48 months in federal prison. He was convicted of orchestrating a decades-long, multimillion-dollar telemarketing scheme that defrauded more than 50,000 victims by selling printer toner cartridges.

ecades-long, multimillion-dollar telemarketing schemeAccording to the DOJ, his firms, IDC Servco and Mytel International, with the assistance of boiler room call center operators, fraudulently sold over a six-year span more than $126 million worth of printer toner cartridges throughout the United States. Michaels’ companies handled the billing and shipping of the toner. He charged the boiler rooms at or above retail prices for the toner they were selling to victims. Michaels provided price catalogs to the boiler rooms to use in making sales. The catalogs listed the price of the toner at up to five to 10 times the retail price. Many of the victims already were receiving toner at no additional charge under their existing contracts for copiers and printers.

Fake printer toner prices increases

To pull off the scam, the telemarketers would pretend to be representatives of toner-supply companies many of the businesses already had contracts with. The telemarketers would then tell the victims that the price of printer toner had increased. The fake sales reps told the victims they could buy the toners at the previous, lower price, prosecutors said.

boiler room call center operatorsBelieving they were dealing with their regular suppliers, the victims would sign order confirmation forms. IDC would then ship toner to victims along with highly inflated invoices. When the victim businesses realized they had been scammed, they called IDC to complain. The victims were typically told that IDC could not cancel the order or refund money because the victims had signed order confirmation forms. IDC also failed to disclose its relationships to the telemarketing companies that brokered the fraudulent deals.

IDC would threaten legal action or turn them over to collection agencies, prosecutors said. If IDC did agree to take the toner back, it would demand significant “restocking fees,” prosecutors said.

Not the first fraud conviction

Not the first fraud convictionMichaels’s operation dates back to the 1970s. This is not his first run-in with the DOJ. Michaels and his companies were under scrutiny in 1988. At that time, the companies were reprimanded for making false statements. They were forced to use an independent sales company to sell printer toner. 

As part of the sentencing, Michaels was ordered to pay a $200,000 fine. His net worth is said to be $6.7 million. Ciaran McEvoy, the spokesperson for the US Attorney’s Office in Los Angeles, said, “Mr. Michaels led a conspiracy whose deceptive practices were particularly damaging to the small business community.” 

Other defendants

Six other defendants were also found guilty along with Michaels:

  • James R. Milheiser of CA who owned and/or controlled Material Distribution Center, PDM Marketing, Bird Coop Industries, Inc., and Copier Products Center. He was convicted of conspiracy and mail fraud.
  • Francis S. Scimeca of CA owned Supply Central Distribution, Inc. and Priority Office Supply, was convicted of conspiracy and mail fraud.
  • Leah D. Johnson of CO who owned Capital Supply Center and LJT Distribution, Inc.
  • Jonathan M. Brightman, of CA and owner of Copy Com Distribution, Inc.; Independent Cartridge Supplier; and Corporate Products.
  • Sharon Scandaliato Virag owned XL Supply, Inc.
  • Tammi L. Williams, office manager at Elite Office Supply, and worked at Specialty Business Center, Rancho Office Supply, and Select Imaging Supplies.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| September 11, 2021
Comments Off on 10 Ways To Catch A COVID Phish

10 Ways To Catch A COVID Phish

10 Ways To Catch A COVID Phish

Cybercriminals, like to take advantage of fear. They are taking advantage of the ignorance-fueled COVID-19 Delta variant surge. Attackers are increasingly using business-looking COVID phish emails to do their dastardly deeds.

return to the office.More than half of employers are forcing a to return to the office. Employers are requiring the submission of paperwork such as COVID test results and proof of vaccination to keep your job. Hackers know that communication from employers about COVID can spark an emotional reaction and compel people to click. Researchers at Proofpoint found that business looking COVID phish attempts have increased by 33%.

Cybercriminals are taking advantage of these requirements. The demands for COVID paperwork give the attackers more ways to disguising their phishing attempts. Sherrod DeGrippo, Vice-President of Threat Research and Detection at Proofpoint, told The Washington Post. “That almost makes it easier for the bad actors because people are getting used to: ‘Upload your negative test here, go download this COVID form, fill it out.’” 

Fake O365 COVID phish attempts

Proofpoint logo

Proofpoint has detected fake Microsoft Office 365 phishing emails from cybercriminals posing as human resource departments. The attackers ask the recipients to submit proof of vaccination. The attacker’s goal is to steal your Microsoft 365 sign-in credentials. If you receive such an email, be sure to take the time to verify that it’s come directly from the organization you work for. One’s vaccination card contains useful information such as birthdates or full names, which hackers could target.

Proofpoint’s research has found emails telling employees they’ve lost their jobs due to COVID-19 are also on the rise. And what better way to do that than tell someone they’ve been fired? Mr. DeGrippo explains “It quite literally is clickbait. They need you to click on them, so in order to get the person to take the action, you’ve got to escalate their emotional state to one that has them emotional, instead of intellectual — thinking with the smart part of the brain.”

What if you suspect a phishing email

  1. Fake O365 COVID phish emailBreathe – If an email seems to make you particularly angry, worried, or curious – it’s best to pause for a moment before you click.
  2. Altered domain names are a giveaway. Did  “humanresources@widgit.com” suddenly become “HR@widgit.com” – verify these requests through a second channel —  get someone from HR on the phone before opening it.
  3. Be skeptical of emails from familiar people (like the CEO) who do not usually communicate directly with you. Don’t click on links or open attachments from those senders. Always get someone on the phone before opening it.
  4. Hover over the link to expose the associated web addresses in the “to” and “from” fields. Your company’s email is probably not gmail.com.
  5. Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.
  6. Use different passwords for your work and personal email. That way, if one gets compromised, hackers can’t break into the other and use it to compromise more accounts. A good password manager tool should help.
  7. Don’t forward suspicious emails to co-workers.
  8. Report suspicious emails to the IT security department.
  9. Install and keep up-to-date anti-malware software on all your devices to scan web sessions and emails.
  10. Never donate to charities via links included in an email; instead, go directly to the charity website to donate.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| August 26, 2021
Comments Off on PMP Renewed

PMP Renewed

Renewed my Project Management Professional (PMP) certification with the Project Management Institute (PMI).

 

PMP certificate

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| March 30, 2021
Comments Off on It Is World Data Backup Day 2021

It Is World Data Backup Day 2021

It Is World Data Backup Day 2021The tenth annual World data backup day is March 31, 2021. World data backup day is a time to remember to backup the data on your computer, your phone and other mobile devices. Data backup is a not-so-hard way to avoid a disaster because your chances of losing your data are pretty good.

Consider the following:

  • 30% of people have never backed up
  • 113 phones lost or stolen every minute
  • 1 in 10 computers are infected with a virus every month
  • 31% of PC users have lost all of their files due to events beyond their control
  • 140,000 hard drives crash in the US every week
  • 60% of companies that lose their data will shut down with 6 months of the disaster

World backup day


Your data is worth more than your devices

Hardware is cheap and getting cheaper. What is the value of the new business plan you spent three months writing? The music and movies you have on your devices? The cute video of your kid’s trip to the beach or your puppy being a goof? You can get a new computer or phone, but you cant replace those important files without a backup.

Why you should have a data backup plan

There are several scenarios that could take place where having a backup of your data would be useful:

  • Your phone gets stolen, and you lose all your pictures and videos.
  • An external hard drive crashes, deleting your home videos.
  • You forget your laptop in a cafe and you’ve lost all your homework.
  • A virus holds your data hostage until you pay to remove the restraints.
  • You accidentally delete something important,

What to do?

backup your dataThe advantage of having your important data backed up off-site, away from your home or office, is that it’s safe from theft, fire, and other local disasters. When you backup your data, you’re making a second copy of files you don’t want to lose. Should something happen to the originals, you can restore the data backups to your computer or mobile device with a backup.

Technically, a backup just refers to any piece of data that exists in two places. The primary purpose of a data backup is to have a recovery plan should the primary data become inaccessible. It is common to keep backups offsite like online or, at the very least, on a second hard drive, even another internal one.

Your data backup options

There a 2 types of cloud services to hold you data backups. The first is a cloud storage service for keeping your data safely backed up online. A cloud storage service a place to selectively upload important files that you need to keep off of your physical device.Your data backup options

If you are a Microsoft 365 customer – OneDrive cloud back up is included in most plans.

If you prefer Google, Google Drive is a cloud backup option to investigate.

iCloud is cloud storage for Apple devices.

There are lots of other cloud storage services to pick from.

Some argue that using these services gives the tech-titans more access to your data. If that concerns you there is a second option.  Cloud backup services let you backup data automatically and on a schedule. There are many Cloud Backup services to chose from as well.

encryptionWhen backing up to the cloud be sure you understand level of encryption they offer. When you encrypt data, you encode it so only authorized people can read it. It is up to you to keep your backup secure. Use a strong password and choose the 448-bit option, the maximum encryption offered by many providers. It would take a computer millions of years to crack the encryption and gain access to your data.  

Don’t forget to test your data back up

Remember that you haven’t really backed anything up unless you can restore it.

Many people are unable to restore their data backup because they forgot or lost their decryption password – Keep it somewhere secure – But not in your back up. Or they never did a practice restore so they simply weren’t practiced enough in using their tool to use it reliably – when the pressure was on.

rb-

Whether to a USB drive, an external drive, the cloud or a private server, backup all that important data somewhere safe. Do this often.

Treat restoring data back ups like a fire drill – practice being safe  before the real thing happens and you aren’t fighting against both fear and unfamiliarity at the same time.

Stay safe out there !

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
« Older Entries   Recent Entries »