December 31, 2019

Celebrity addresses posted online in New Year’s Honors List leak

By Paul Ducklin

The UK Cabinet Office just published its latest list of civilian honor’s that recognize members of the public who are considered to have made a major contribution in fields such as arts, science, medicine, sport or government.

Unfortunately, according to the Guardian newspaper, when the New Year 2020 list was first published, late on the evening of Friday 27 December 2019, it included the home address, work address and full postcode of many the recipients, rather than just the general area where they are based.

The awards include the prestigious Companion of Honor; Knighthoods and Damehoods (awards similar to the US Presidential Medal of Freedom); and a range of other recognitions such as CBE, OBE and MBE – letters that you have probably seen written after the names of famous British people.

Being public awards, the honor’s Lists are, of course, a matter of public record, and the full names of the recipients can be downloaded from the UK Government website.

The list usually gives a general idea where each recipient lives, limited to a region (e.g. East Sussex), a city (e.g. Edinburgh) or a postcode district in London (e.g. SW4).

But the Guardian says it was contacted by a reader who downloaded the list shortly after it first appeared, saw full addresses instead of general locations, and realized something was wrong.

Read more at https://nakedsecurity.sophos.com/2019/12/30/celebrity-addresses-posted-online-in-new-years-honours-list-leak/

7 types of virus – a short glossary of contemporary cyberbadness

By Paul Ducklin

OK, technically, this article is about malware in general, not about viruses in particular.

Strictly speaking, virus refers to a type of malware that spreads by itself, so that once it’s in your system, you may end up with hundreds or even thousands of infected files…

…on every computer in your network, and in the networks your network can see, and so on, and so on.

These days, however, the crooks don’t really need to program auto-spreading into their malware – thanks to always-on internet connectivity, the “spreading” part is easier than ever, so that’s one attention-grabbing step the crooks no longer need to use.

But the word virus has remained as a synonym for malware in general, and that’s how we’re using the word here.

So, for the record, here are seven categories of malware that give you a fair idea of the breadth and the depth of the risk that malware can pose to your organization.

To jump to a specific item, click in the list below:

  1. KEYLOGGERS
  2. DATA STEALERS
  3. RAM SCRAPERS
  4. BOTS, aka ZOMBIES
  5. BANKING TROJANS
  6. RATS (Remote Access Trojans)
  7. RANSOMWARE
  8. WHAT TO DO?

Read more at https://nakedsecurity.sophos.com/2019/12/28/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness/

Christmas malware uses “Support Greta Thunberg” as a lure

By Paul Ducklin

SophosLabs has a seen a variety of Christmas-time spam campaigns that shamelessly hitch a ride on the coat-tails of climate activist Greta Thunberg.

The malware-spreading spams arrive with subject lines such as…

Please help save the planet

Greta

Friends help

Support Greta Thunberg - Time Person of the Year 2019

Greta Thunberg

the biggest demonstration

Demonstration 2019

…and they urge you to join an upcoming demonstration.

The catch, however, is that the time and place of the alleged demonstration aren’t in the body of the email itself.

To find out more, you need to open a Word document that’s either linked to in the email, or attached to it:

MERRY CHRISTMAS

You can spend Christmas Eve looking for gifts for children.

They will tell you Thank you only that day.

But the children will thank you all their lives if you come out

for the biggest demonstration in protest against the inaction

of the government in connection with the climate crisis.

Support Greta Thunberg - Time Person of the Year 2019

I invite you. Time and address are attached in the attached file.

FORWARD this letter to all colleagues, friends and relatives

RIGHT NOW, until you forget!

Many thanks.

As mentioned, some of the emails didn’t actually have an attached file; instead, they had a link at which you could download the file for yourself.

Read more at https://nakedsecurity.sophos.com/2019/12/27/christmas-malware-uses-support-greta-thunberg-as-a-lure/

Apple iCloud “data dump” extortionist avoids prison

By Paul Ducklin

A London man who tried to extort $100,000 from Apple by threatening to dump data from millions of iCloud accounts and then shut them down will be spending the holiday season at home, despite being sentenced in court last week.

Kerem Albayrak, 22, from North London, ended up pleading guilty to three offences – one charge of blackmail, and two charges of unauthorized access.

The UK’s National Crime Agency (NCA), which investigated the crime, reported last week that Albayrak was given a two year suspended jail term, 300 hours of unpaid work and a six month electronic curfew for threatening to delete 319 million iCloud accounts.

Albayrak had a month of fame back in March 2017, apparently using the Twitter handle “Turkish Crime Family”, where he claimed to have recovered passwords for an ever-increasing number of iCloud accounts that were his blackmail bargaining chip with Apple:

[2017-03-21] 200 Million iCloud accounts will be factory reset on April 7

[2017-03-22] The number of Apple credentials have increased from 519m to

             627m, we are convinced it will keep growing until 7 April 2017

[2017-03-22] Update: We are still strengthening our infrastructure and

             acquiring more servers for 7 April 2017

[2017-03-22] If Apple does not figure out a way to stop us they'll be

             facing serious server issues and customer complaints

According to the NCA, Albayrak first contacted Apple on 12 March 2017, presumably revealing that he had login details for at least some iCloud accounts, and demanded a “fee” for deleting his database instead of putting it up for sale online.

The hush money he wanted was $75,000 in cryptocurrency or $100,000 in the form of 1000 iTunes cards of $100 each.

Read more at https://nakedsecurity.sophos.com/2019/12/26/apple-icloud-data-dump-extortionist-avoids-prison/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation