Category: Blog

Unsecured At Any Speed: The Cyber Risks Of The Connected Car – Written By Michael Xie

Written By – Michael Xie – Shared by Joe Koval

Founder, President and CTO at Fortinet, overseeing the technology vision and strategy for the global network security leader

I have never seen anyone pull into a parking space, get out of their car and leave their laptop, wallet, iPhone, social security card, list of most important passwords and their banking information on the hood before walking away. But as the era of the connected car begins, that may essentially start happening every day.

Continue reading

Western Digital My Cloud Storage Device Vulnerability

The backdoor, lets anyone log in as user mydlinkBRionyg with the password abc12345cba.

WD mostly sells the My Cloud range as accommodated for file sharing and backup in domestic environments. But several of the designs with the backdoor is four-disk machines fit for use as a shared warehouse in small business and also competent of being configured as iSCSI targets for use maintaining virtual servers. Throw in the fact that some of the messed-up machines can reach 40TB volume and there’s the very real possibility that sizeable databases are dangling online.

Observant readers will have found that the username includes the string “dlink”. D-Link, the group, also makes network associated storage (NAS) devices and Bercegay wrote that he found “references to file handles and directory structure that was fairly unique, and from the D-link device. But, they also absolutely matched my WDMyCloud device”.

Update to the most recent firmware to patch this vulnerability.

Public WiFi is a SECURITY RISK

I’ve been preaching this for quite some time.  Public WiFi is NOT to be trusted.  It is so simple for a hacker to be sitting in your local Starbucks with his coffee and laptop and go unnoticed.  He has made his laptop a “hot spot” and named the SSID something like “StarbucksGuest”.  You see this SSID in your available list and connect.  The hacker can now see EVERYTHING you are doing on the internet.  Here is a story you need to read.  This is just another example why you SHOULD NOT use public WiFi:

Public WiFi Used for Mining Bitcoin

 

Forever 21 Credit Card Data Breach

Engadget.com reports:

 

If you shopped at a Forever 21 store this year, there’s a chance your credit card information may have been stolen, CNET reports. The retail store confirmed this week that between April 3rd and November 18th of this year, a number of point of sale terminals at stores across the US were breached. While it hasn’t provided any numbers on how many customers were affected, Forever 21 did say that in most cases, card numbers, expiration dates and verification codes, but not cardholder names, were obtained by hackers. However, in some cases names were also obtained.

Encryption is usually used by the store to protect its payment processing system, but in some stores, the encryption was sometimes off, opening up their point of sale terminals to malware. Not every terminal in every affected store was infected with the malware and not every store was impacted during the full time period of the breach. In some cases, credit card data stored in certain system logs prior to April 3rd were also exposed.

Forever 21 said payment processing systems outside of the US work differently but that it was investigating whether non-US stores were affected as well. Purchases made through its website weren’t impacted by the breach.

Contact Information

Joseph Koval –President
845-608-2505
13 Tomkins Ridge Rd.
Tomkins Cove, NY 10986

Follow us