Internet Security News for August 26, 2019
Registered Domain Stolen, Instagram Security Warning, iPhone’s Critical Security Vulnerability, Fake Site Can Steal Bank Info, Covert Push Notifications by Deceptive Marketers and Breach Data Stolen is For Sale and more.
This week’s round up on Online Security in the news covers quite the gamut of areas to carefully watch. Internet Security and your website should never be taken for granted. According to the 2019 Verizon Data Breach Investigations Report, 43% of security breaches involved small businesses. Everyone needs to be aware of security whether they have email, a website, or are online doing day-to-day business (i.e. banking, researching, or marketing).
Sonoma Valley Hospital Website, Email Addresses Hijacked
The article actually shows it was the domain name that was hijacked with an actively registered domain owned by the hospital since 1996. Hackers can take this domain and now resell it for a high value (3-letter domain names are highly coveted) or they can create a fake hospital site (taking advantage of all the marketing that Sonoma most likely did since 1996) to spread malicious virus.
Domain names can be hacked by the following methods:
- Your email is connected to your domain registration gets hacked. They do a password reset and gain access.
- Your domain registrar has security issues.
- Your domain expired without auto-renewal set.
“The website had been registered with Sonoma Valley from September 23, 1996, with a September 22, 2021 expiration date. But the record was updated on August 7 and is now in the “hands of pirates.”
On August 6, officials said the “svh.com” domain was maliciously acquired, and it became clear that the hospital would not have its domain returned. The report did not explain how Sonoma Valley came to that conclusion.”
Article by Jessica Davis
Instagram Security Warning: Millions At Risk From ‘Believable’ New Phishing Attack
Practice internet security with email and social media. If you receive an email or a message with a direct link to a company, don’t click on it. Instead, when you want to log into any website, go to your website browser and either use your bookmarked link or type it in the location bar directly. For instance, Instagram.com is not difficult to remember and can save you a lot of headache.
“Security researchers at Sophos have warned of a new phishing campaign targeting Instagram users. And this is a phishing campaign with a devious twist. The attackers mock up what’s intended to look like two-factor authentication (2FA) in an attempt to appear legitimate. But it’s obviously not 2FA. It’s a standard attempt to steal login credentials, to amass usernames and passwords.”
iPhone Alert: Apple Accidentally Introduced A Critical Security Vulnerability In New iOS 12.4
Last week it was an Android problem, this week it’s Apple.
“The security flaw lets a malicious hacker take over almost any iPhone or iPad.”
“The vulnerability was already used to jailbreak iPhones in minutes.”
Banking trojan Bolik spreads disguised as the NordVPN app
NordVPN is a popular virtual private network. Researchers at Dr. Web discovered this trojan created on a fake (cloned) site mimicking the real NordVPN. For proper internet security, always check the domain/web address of a site before downloading software. Do not click links from emails whenever possible.
“The Win32.Bolik.2 trojan is an improved version of Win32.Bolik.1 and has qualities of a multicomponent polymorphic file virus. Using this malware, hackers can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems.”
Browser Push Notifications: Useful Feature Exploited by Deceptive Marketers
If you own a business website and you want visitors to receive a pop-up alert when you add new content, you may have used a plugin called “Browser Push Notification”. Your visitors must approve or deny the notification. Unfortunately, not everyone using these plugins are using them nicely.
“Here is where the unscrupulous marketer takes advantage of the feature. Rather than asking for the user’s permission to send notifications, the message box asking for permission will ask for the user’s permission to play a video, for example. If clicked, the user is redirected to another website to watch the video, they believe. This could be used to redirect the user multiple times to multiple websites until they stop or finally lose any semblance of sanity. All the while, for every website the user clicks on the “allow” button, the user has granted the marketer the permission to send notifications, thus opening the door (or window) for abuse.”
Stolen credit, debit card accounts for sale on black market may be linked to Hy-Vee data breach
There’s a reason to be aware of data breaches from corporations that serve the public. If you do business with that corporation, you want to go into your account immediately to change passwords and request new credit card/debit cards for new numbers. Yes, it’s a pain to do this but it’s the most secure way of guaranteeing your accounts are safe after a corporation has a breach.
“Two anonymous sources, including one at an unidentified major U.S. financial institution, told Krebs that information stolen from accounts linked to the Hy-Vee breach is being sold under the code name “Solar Energy” at “Joker’s Stash carding bazaar,” a website where stolen credit and debit card data is resold.”
WordPress Plugins Exploited in Ongoing Attack, Researchers Warn
Keeping your WordPress (or any CMS/database driven website) up to date is imperative. If you don’t have time to do it yourself, hire a digital web agency, like us, that offers WordPress Security to do it for you.
“Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”). All plugins have updates available resolving the vulnerabilities – but researchers in a Friday post warned that WordPress users should update as soon as possible to avoid attack.”
Article by Lindsey O’Donnell
Website & WordPress Internet Security
Don’t think because you’re a small to mid-size business, or a hotel or resort that you do not have to worry about your website’s security. This is the landscape of the internet. We offer monthly monitoring services that are part of our “Website Security Program.” There are never any guarantees that you’re safe, but with our services we run daily backups, and monthly updates of your website core files, plugins and themes. Should your business website get hacked, we get it repaired and restored within 24 hours of becoming aware of it.
Call us today at (561) 822-9931 or complete the form below to get eyes on your website’s security.
We can sign you up immediately and schedule a website review. Was your website hacked? Upon sign up, you will receive the benefit of a 24-hour repair and restore. You’ll receive a monthly notice from us when your website and plugins have been updated. You’ll never be guessing if we’re doing our monthly service. Move to our host (cost included in Security Program) and have the benefits of our server’s security monitoring, too.