Friday, September 23, 2016

MAJOR YAHOO HACK- 500 million user accounts are affected


In case you use any of the Yahoo services you should check your accounts and act immediately since the company confirmed the massive data breach from 2014 where 500 million users accounts were affected.

Yahoo gave an official statement where they mentioned that they will notify each affected user.
Each of the affected users accounts may include names, email addresses, telephone numbers, dates of birth, hashed password, security Q&A.


Nevertheless, in case you are affected or not you should immediately act and change your password and enable two-step authentication (instructions here) which gives you an additional level of security where you can even request to receive a text message or call to your phone that includes few numbers you have to enter prior to logging into your account.

Moreover, you can use Yahoo Account Key (instructions here) that eliminates the need to actually remember a password. Instead, you will just receive a notification on your mobile device and you just type yes and voila- you are sign in is done.

You should also update your security questions that you have stated once you created your e-mail address since those are potentially exposed now.

This is not the first and last massive data breach that happened over the past few years.

What you should do is to take a lesson from it and immediately install an anti-keylogging app that keep your mobile device or PC safe from any intruders.

Stay safe!




Monday, September 19, 2016

C# Web Developer İlanı (Ankara/Türkiye)

Aşağıda yer alan mülakat sorularını cevapladığınızda 10 üzerinden 8 soruya doğru yanıt verdiğinizi düşünüyorsanız, cevaplarınızı CV’niz ve daha önce geliştirdiğiniz örnek projeler ile birlikte cv@zemana.com adresine gönderebilirsiniz. Mülakat süreci, 2 aşamadan oluşmaktadır. İlk aşama, aşağıdaki mülakat soruları üzerinden devam edecek, ikinci aşamada ise daha detaylı bir soru grubu ile mülakat yapılacaktır. Soruları Google kullanmadan cevaplamaya özen göstermenizi rica ediyoruz.

Proje Detayları:
Proje adı:  Zemana Endpoint Security Control Center’dır. Görev alacağınız proje, merkezi bir web panel üzerinden çalışan, kurumsal AntiVirüs uç noktalarının kendisine bağlanarak yönetimini sağlayan bir Control Center uygulamasıdır. Bu web uygulaması sayesinde, uç noktalara task ve policy atamaları gerçekleştirilebilmekte ve uç noktalardan gelen uyarılar merkezi olarak kayıt edilerek raporlanmaktadır.

Projede Kullanılan Teknolojiler:
MVC 5, WebAPI, ASP.NET Identity, MongoDB, Background Jobs,  JQuery.

Aradığımız nitelikler:
-   Takım oyuncusu (Mümkünse “Forvet” tercihimizdir)
-   Programlamaya gönlünü vermiş,
-   Yazdığı kodları şiir gibi gören,
-   Gördüğü her sistemin arkasını merak eden,
-   Kaliteli kod yazmayı prensip haline getirmiş,
-   Çok uluslu bir şirkette kendisini gurbette hissetmeyecek derecede İngilizce bilen,
-   Kendisini öğrenmeye adamış, inisiyatif sahibi takım arkadaşları arıyoruz.

Mülakat Soruları:
1.  Compare JSON against XML as data exchange formats.

2.  How would you transfer binary data in JSON?

3.  What are value types and reference types in C#?

4.  What does NoSQL stand for? How does it differ from SQL?

5.  What does “Document Database” stand for? What is the maximum document size limit in MongoDB?

6.  What are the differences between MVC and WebAPI in .NET?

7.  What does CRUD stand for?

8.  What is Domain Driven Design? What role does Repository Layer play in Domain Driven Design?

9.  What is the best way to instantiate an Abstract Class?

10. Write a class implementing Singleton pattern.



Thursday, September 8, 2016

Healthcare breaches: easy opportunity for profit plus + lack of security protection


2015 was “the year of the healthcare breaches”-according to IBM, 2016 Cyber Security Index.

During the last year, 47% of the United states population experienced a personal healthcare data breach.

Out of the 16 critical infrastructure sectors, the Healthcare industry suffered from the most recent data breaches, an estimated ~21% - according to Gemalto’s report Data Breach Index for the first half of 2015.

Scary statistics speaks for itself, but what makes healthcare industry so attractive to cyber-criminals?

Simple answer. Easy opportunity for profit plus + lack of security protection.




Medical profiles are worth much higher on the black market than simple credit card numbers, since they contain: patients’ social security number, home address, phone number, emergency contacts, email address and etc.

According to Elliott Franz who is a CEO at Virtue Security “it’s easier than ever to gain access inside a hospital’s network and compromise a device,”



In February this year, the computers at Hollywood Presbyterian Medical Centre have been down for more than a week as the Southern California hospital tried to recover from a Ransomware attack.
In order not to lose all its patient medical records, the hospital paid $17,000 to restore the hijacked files.

2015, was the year of healthcare breaches, but for now 2016 hasn’t shown a different face.

What measures to undertake?

Hackers will use many kind of advanced attack techniques to achieve their final goal.

For all businesses, as well as for healthcare organizations, it is very important to implement layered security approach and to use variety of other tools to block hackers out! A comprehensive security solution is number one move that each business has to undertake.

Having a security solution that is always up to date and that is able to defeat ransomware, keyloggers, financial malware, SSL injectors and other threats is a must have for every organization.

Besides, it is very important to include other techniques such as segregating networks so in case a hacker manages to gain access to one network area doesn’t automatically have access to all the data stored throughout the organization.

Since more and more organizations rely on wireless routers, one more technique that healthcare organizations should apply is to keep that their routers and other parts up to date. Beside having their routers safe having their network passwords secure and changed frequently is an additional level of security that hackers will find hard to pass.

Without proper education we are lost. Same goes for this situation. Many healthcare data breaches were caused by employees itself without themselves being even aware of it. Healthcare organizations should educate their staff members on how to avoid a phishing scam, on social engineering tactics and other attacks that target employees, and very importantly advice on choosing secure passwords.

Hackers very often misuse the existing software that your organization is using if it is not up to date all the time. Healthcare organizations should always keep the software patched and up to date to lessen possible security vulnerabilities.

It is very important to think about your organizations safety and to implement security techniques and tools that will keep you safe as best as possible. Remember a data breach always costs more than securing your organization.

So, what is better?!




Wednesday, August 31, 2016

Free tips how to keep kids Safe Online


Do you worry that your kids will receive some harassing messages or become a victim of ever accelerating cyber-criminal?!

Most probably you do.

Internet is very important for kids nowadays. They use it for experiencing new staff, educational purposes and many other great benefits. However, as much as good things it can bring the bad part doesn’t fall behind. That is where parent’s worry starts.

The Internet hides many kinds of cyber dangers and kids always like to try new staff and click on almost everything. Therefore, the parent may worry that a hacker can misuse this very easily.  It is very important to teach kids about the cyber space from start and to get engaged in their online lives so you can see their behavior and advise them accordingly.

The Internet can bring many kind of risks: hidden online predators, illegal online activities, privacy loss, harmful sites and etc. Parent should explain their kids that not everything on the Internet is true and what harm it can bring to them if they believe in everything they see or read.

Below we have highlighted some key tips you should follow to ensure your kid is safe so you can sleep well.

1. Cyber-crime awareness – the first and most important tip is talking to your kids about cyber-crime and how to avoid it. Let them stay aware on the tactics hackers use to trick end users, teach them how a suspicious download button looks like and let them always be open and not scared to come to you if they have downloaded a virus by mistake. A good proactive security solution may be the best fit for this situation since it will block anything before it runs.

2. Passwords – make sure that your home network is secured with a strong password. Moreover, make sure to educate your child that password sharing is not a safe practice and that creating a strong password and keeping it for itself it’s the best way to say safe.  

3. Cyber-bullying – this practice has become, unfortunately, very common in the virtual world especially among young generations. In case your child is being cyber-bullied, teach them to never respond to harassing messages and to report these activities to respective government bodies.

4. Privacy – unfortunately, online privacy is a myth. Everyone can just simply “google” you and get all the information they need about you. But let the found information be safe enough. Teach them to carefully reveal information about themselves, to hide their location tags, and to think twice before posting something on social networks since nowadays everything can be misused.

5. Parental control filtering – there are many options to implement; web filtering, block access to websites you find harmful or inappropriate, configuring parental controls on your router. However, this may work for younger children but for older kids it may not be that successful since they will probably find ways around the filtering you have implemented.

6. Online sites – it is more than important to educate your kids on the importance of safe browsing. Let them stay aware to only interact with secured websites (https protocol) or that are secured by some of the security software vendors. Also, whenever they register and reveal some of their info to any website, legitimat
e or not, let them inform you so you can double check. It is very important to reduce the risk of online identity theft therefore the less information they reveal the safer they are. A good anti-keylogger software would remove the worries since it camouflages all the keystrokes you enter so no one can track what you type.

7. Security solution - To not worry all the time if your kid has downloaded a virus, ransomware or even a keylogger and with that make the whole family harm the best would be to install a comprehensive security solution that will block automatically the downloaded virus and will always inform you if your device is at threat.

It is definitely not easy to educate your kids on the importance of staying safe online since most probably they don’t want to listen, therefore find the best possible way to reach out to them with the message. Till than install a parental control filtering and a security software and reduce the risk as much as possible.




Tuesday, August 23, 2016

Epic Games hacked again –800,000 gamers personal info exposed online


 Just few days ago, we have been mentioning how gamingindustry takes a huge part of the software development industry and how cyber criminals always try to attack with different techniques.

Well, here it comes. Online forums run by Epic Games have been hacked and more than 800,000 personal info from their users is exposed.

The organization which is well known for developing games such as Tournament, Gears of War and Infinity Blad has experienced a major hack last year and now they were hit again.

The hacking attack has put thousands of user’s private information at risk such as: usernames, birth date, passwords, comments section, private messages and other sensitive info.

Below you can find the statement published on Unreal Engine forum site:



Ok. Passwords are safe so they think it’s good to go but most users are not aware that cyber criminals can misuse their other exposed info in many other malicious ways like sending malware to the stolen email addresses, using social engineering tactic, phishing scams and etc.

Question that arises here is: What is causing these major hacks?

According to ESET Blog, the problem appears to be the usage of out-of-date version of the vBulletin software that has SQL injection vulnerabilities which basically means that hackers have a free way to attack and steal users’ info.

After their first major breach, EpicGames should work on their problems but they didn’t since two times their same security vulnerability has been misused by hackers.

What to do now?

EpicGames should definitely work on their problems and fix their security issues right away. On the other hand, gamers should protect themselves by using complex passwords for each of their accounts.
 
For those who have their info exposed with this hack, we recommend installing security software that will block any attempt of cyber criminals to misuse your stolen email address.

Main point here is that it’s the organizations’ responsibility to take care of their clients’/users’ data therefore we advise every business to don’t  play with their luck and to implement the right security solution within their work frames.





Friday, August 19, 2016

What are the most recent ransomware discoveries?


In the period between 2015 and 2016 there is been an increase in the total number of users who encountered ransomware. It rose by 17.7% compared to previous year and, as it seems, it doesn’t show any signs of stopping.

Owners of small businesses are experiencing a great hip of ransomware attacks since they present a great attacking point to cyber criminals. As a matter of fact, a security report states, that 54% of UK companies were hit by ransomware in the last year. The problem that arises here, as National Cyber Security Alliace states, is that 60% of small businesses hit by cyber attacks end up going out of business.

Everyone is a target; therefore we all should take needed precautions and most importantly always
stay informed on the latest variants and ransomware discoveries. CBR listed the latest versions:

El Gato

This one is for Android users. Cat-themed ransomware displays cute cat images once users’ device has been infected and locked. It has the ability to steal users SMS Messages, encrypt their files and also has botnet capabilities. It is not an advanced variant since it is find to be easily decrypted.

Hitler

Here, most probably the name of the ransomware should tell a lot. However, it has been discovered by a Jakub Kroustek, malware analyst who stated that this ransomware was developed by less-skilled hackers that for the attack method used file detection. Once you become a victim it will display a picture of Hitler. It doesn’t even encrypt files, so what it does is that it removes the extension for all the files under different directories. The ransom that the victim had to pay was 25 Euro Vodafone Card. However, if the victim refused to pay, the ransomware would crash victims’ computer and delete all files. So, here a good offline back up would be a good prevention.

Cerber v2

This ransomware variant was more advanced in a sense that it was capable to escape general antivirus checkers due to the fact that it was updating its hash all the time. So general antivirus product were not able to detect it since they were left without the malware signature. Soon, Trend Micro released a free decryptor tool to crash the malware so Cerber presence didn’t last long.

These are only few version that were present, there are many other that are uncovered and many more that still hide it the dark part of the cyber world. Back up your files regularly and install a ransomware protection that is capable to defeat all ransomware variants. Isn’t it better to pay a little for a security protection than huge amounts in ransom?!

At the end it’s your choice. Ransomware analyst at Zemana devoted their time to spare you guys all the headache ransomware can cause. They developed a product that is capable to defeat known and unknown ransomware variants as stated by MRG Effitas. See report here.

Simply, install ransomware protection and stay worry free.




Thursday, August 18, 2016

Sphinx Banking Trojan is part of the Olympic Games in Rio 2016 and definitely it's taking Gold!


Sphinx Banking Trojan is part of the Olympic Games in Rio 2016!

The banking Trojan is targeting banks and payment methods in Brazil. Everyone could expect that a cyber attack will happen during this particular time since thousands of people are visiting and everyone is purely focused on the games and fun.

Cyber attackers have fun also but in their way.

Did you hear about the infamous Zeus? Well, this Trojan is part of that malware family and it contains the Zeus code in itself. The advanced feature of this malware that it learned the mistakes from Zeus baking Trojan and improved by becoming immune to detection so not even Zeus tracking tool can detect it.

Sphinx banking Trojan first appeared last year in August as well, offered most probably by a Russian vendor for $500 per binary (less malware builder) meaning to say that the buyers cannot generate new malware files rather they have to contact the vendor again.

How does Sphinx banking Trojan works?

Just like other banking Trojans, it spreads by creating fake websites that have web injects. So, you think it's your bank but actually  it’s not, so it extracts all the data you enter. It has been even further advanced with social engineering tactics and card reader that is able trick the user to enter their data so the cyber criminals can collect it.

By using this method, the infamous banking Trojan attacked three banks in Brazil as well as Boleto payment methods.

Cyber criminals attack where money is so the popularity of banking Trojans was expected.

Therefore corporations and home users should always be aware of this problem and implement multiple layered security protection. By expecting this kind of globally famous event, as the Olympics, organizations should know that cyber criminal can misuse it easily.

How to stay safe from banking Trojans?

Simple. No need to display step by step guides how to stay safe. Rarely something works. That is the reason why security vendors exist. They invest their time in constant research and behavioral analysis of these kind of malicious activities. So hurry and download an anti-keylogger that has real-time protection and that is specialized in blocking baking Trojans, financial malware, ransomware and similar advanced threats.

Install it and keep it running all the time! If you do this than no worries you are safe!

Useful note: Did you know that Zemana AntiLogger got the perfect score in detecting and blocking banking Trojans, financial malware and advanced keyloggers? See full report here.