Noticed an increase in spam?

Symantec have come up with this graphic to detail the true scale of this issue! See the original image on Symantec's website:http://images.mktgassets.symantec.com/Web/Symantec/%7B7924abaa-d3c7-4ead-b920-0044f56e1757%7D_Dridex-all-in-one-infographic.png

Symantec have come up with this graphic to detail the true scale. Here is the original image: http://images.mktgassets.symantec.com/Web/Symantec/%7B7924abaa-d3c7-4ead-b920-0044f56e1757%7D_Dridex-all-in-one-infographic.png

If you have noticed a massive increase in spam lately, you’re not alone! The spammers have upped their game in an attempt to gain access to your bank account.

Does this look familiar:

 

From: kenn_temple@hillspet.com  (info@divzia-a.md)
Attachment:
invoice_copy.zip

Subject: Reference Number #88387

Valued Client,

Please find attached to this email your statement

Our office has just shipped your package.
You can find the latest invoice for your purchase in this email. Please take a look at it as soon as possible.
you can to contact in case of any question about the transfer.

Accounts Department
Wavenet Group
Incorporating – Titan Technology, Centralcom and S1 Network Services
Tel 0844312707

 

 

All they are trying to do is get you to open the attachment and enable macros in a  Microsoft Office program….DON’T do it, whatever you do. If your antivirus isn’t up to scratch you could find yourself in deep water.

The Dridex Trojan has established itself as one of the most dangerous financial threats. The sheer size of the spam campaigns spreading Dridex (detected by Symantec as W32.Cridex) can sometimes overwhelm organizations hit by them. Dridex’s operators are disciplined and highly active, pushing out in the malware through massive spam campaigns that run to millions of emails per day. Even organizations who are well protected against the group’s malware can often struggle to cope with the sheer volume of spam the attackers send.

The malware is configured to target customers of nearly 300 organisations in over 40 regions. Almost three quarters of Dridex spam campaigns use real company names with the vast majority of spam being disguised as financial emails, such as invoices, receipts, and orders.

According to Symantec, Dridex will continue to be one of the main financial threats during 2016.

Why not take a look at the original article here: https://email.elq.symantec.com/dridex-en/

 

Goodbye IPv4, Hello IPv6…

With the explosion in the number of Internet-connected devices, the IPv4 address space used to identify networked devices has been quickly running out, making the transition to IPv6, which provides additional address space, inevitable.

This week, the American Registry for Internet Numbers (ARIN), the regional Internet registry for much of North America, has issued the final IPv4 addresses in its free pool, meaning that IPv4 has finally reached depletion.

At 128 bits, IPv6 has a much larger address space than the current standard, IPv4, which is facing the threat of address exhaustion because of its small size. IPv6 provides more than 340 trillion, trillion, trillion addresses, compared to the four billion IP addresses that are available with IPv4.

IPv6 also provides more flexibility in allocating addresses and routing traffic, eliminating the need for network address translation. Furthermore, with the coexistence of IPv4 and IPv6, gateway masking can add latency and could remove accurate geolocation and customer analytics data from IPv4.

With the first exhaustion of the ARIN IPv4 free pool, organizations will have to shift their attention to IPv6.

“The exhaustion of the free IPv4 pool was inevitable given the internet’s exponential growth,” ARIN president and CEO John Curran said in a statement. “While ARIN will continue to process IPv4 requests through its wait list and the existing transfer market, organizations should be prepared to help usher in the next phase of the internet by deploying IPv6 as soon as possible.”

Even though it has reached depletion, there will continue to be IPv4 address space issued to organizations by ARIN over the coming months.

Over the past few months, organizations qualifying for large block sizes were given the choice of joining the waiting list for unmet requests or accepting a smaller /24 block that was available. In the case they chose not to accept the /24 block, that block would go back into the inventory.

In the future, any IPv4 address space that ARIN receives from IANA, or recovers from revocations or returns from organizations may be used to satisfy approved requests on the waiting list for unmet requests. If ARIN is able to fully satisfy all of the requests on the waiting list, any remaining IPv4 addresses would be placed into the ARIN free pool of IPv4 addresses to satisfy future requests.

According to the latest statistics from Google, IPv6 is used in 21 percent of website connections in the US, but it’s still below nine percent globally. However, organizations have been aware of the need to deploy IPv6 for quite some time. In a 2010 survey, approximately 84 percent of organizations already had IPv6 addresses or have considered requesting them from their supplier.

Many hosting and infrastructure providers have also ensured their IPv6 compatibility over the past few years including Carpathia Hosting, Telehouse, Verio, SoftLayer, CoreLink, The Planet and NTT.

ARIN board chairman and Internet pioneer Vint Cerf said, “When we designed the Internet 40 years ago, we did some calculations and estimated that 4.3 billion terminations ought to be enough for an experiment. Well, the experiment escaped the lab… It needs room to grow and that can only be achieved through the deployment of IPv6 address space.”

 

For more information, check out the original post here.

Spammers taking it to the next level!

Good afternoon!

A client of ours has recently received a very convincing spam email, appearing to be from a colleague asking if they had seen the file mentioned in the subject. Seen this before? I’m sure you have. The difference with this case is that the spammers followed up with a phone call to make this much more convincing.who

The body read along the lines of ‘I understand that you have already spoken to John Smith at Company regarding this file’. Although the name of the person and the company was actually legit name (taken from a published profile on the company’s website). Not long after the email arrived, a call came in from the mentioned person, asking our client if they had received the file in question.

By looking at the email header we were able to see the email came from Microsoft’s Hotmail servers, using a free account they had created. It’s possible that this is an individual case of a targeted attack, but nevertheless it is a reminder to be vigilant and always be suspicious of any emails (or calls) that you weren’t expecting.

Stay safe out there!

Adobe Flash Player – Critical Security Patch update this week!

Most people have Adobe Flash Player installed on their PCs; you couldn’t use YouTube without it! Adobe is releasing a critical update this week to patch a vulnerability that allows hackers to take control of you Windows or Mac PC remotely. If you notice a pop up for Adobe Flash, please make sure it is genuine and if you are at all suspicious then download the update directly from Adobe.

AdobeFlashUpdate

To confirm the affected version is anything up to and including Version 16.0.0.287 (or 11.2.202.438 on Linux). The update that will fix these issues is Version 16.0.0.296.

To check the Flash Player version on your PC, go to http://helpx.adobe.com/flash-player.html and hit the [Check now] button. Bear in mind that you can have different versions of Flash for Internet Explorer and Firefox/Chrome/etc. so if you use more than one browser you may have to check/update the IE and non-IE version.

160x41_get_flashplayer

There have been reports of exploits already, meaning that the hackers are aware of the vulnerability and are using it before Adobe have been able to release the patched version (at the time of writing the latest version available is still 16.0.0.287 on adobe.com).

Those of you who have an IT support contract with us, fear not – we’re monitoring the situation and as soon as the Adobe patch is released we will be deploying this to all machines remotely.

If you are not with us and would like more information, feel free to contact us to discuss the support we provide from as little as £10 per PC per month.

Stay safe out there,

Andy Readman
Index eBusiness Support Team

How secure is your password? Here’s the top 25 worst passwords!

What makes a good password? Obviously a combination of letters (upper case and lower case), numbers and symbols; but another important factor is that it is unique. SplashData are an Internet security company that have researched the 25 most common passwords of 2014. If you use a password on this list, you need to get it changed!

The list is based on data from 3.3 million leaked passwords from Europe and North America, and no surprise that ‘password’ ‘qwerty’ and ‘letmein’ feature.

There has been a number of high-profile hacking stories recently, but your accounts won’t need to be hacked if you use one of these passwords!

password

The top 25 most-used passwords of 2014 are as follows:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 1234567890
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1

SplashData have also given advice based on the top 100 passwords, you should avoid the following:

  1. Passwords based on simple patterns on your keyboard (e.g. qwertyuiop).
  2. Any password using numbers alone.
  3. Don’t use a favorite sport as your password (baseball, football, hockey, soccer, golfer are all in the top 100).
  4. Don’t use a favorite team either (e.g. manutd).
  5. Don’t use your birthday or especially just your birth year — 1989, 1990, 1991, and 1992 are all in the top 100.
  6. Common names (michael, jennifer, thomas, michelle, charlie, andrew, and daniel are all in the top 50).

 

Also in the top 100 are swear words and phrases, hobbies, famous athletes, car brands, and film names.

Read more: http://splashdata.com/press/worst-passwords-of-2014.htm

Happy Friday! – 3D printer adapted to print plants

Computer scientist Yuichiro Takeuchi (of Sony Computer Science Laboratories, Inc.) has developed a 3D printer that prints yarn encasements holding plant seeds that grow in to full-fledged plants in just a few weeks.

Takeuchi’s technology can print gardens that conform to any shape you choose be it, triangular, rectangular, or even panda-shaped:

3d printing garden

 

Yuichiro Takeuchi, Sony Computer Science Laboratories

 

Read more here: http://www.businessinsider.com/3d-print-plants-for-city-green-spaces-2014-10#ixzz3H3teKjdN

 

Via:  @

Happy Friday! – Japan planning Robot Olympics by 2020

Japanese prime minister Shinzo Abe is planning on throwing an unforgettable Olympic Games when Tokyo hosts the competition in 2020 – by holding an Olympics for robots as well.

Fans of Robot Wars will surely be delighted at the plans, which were revealed by Mr Abe while touring robotics factories in Saitama and Tokyo.

Will Tokyo 2020 be first ever Robot Olympics?

The prime minister told reporters he wanted to showcase the country’s status as a pioneer in robotics, adding that he plans to create a special taskforce to grow the industry to 2.4trillion yen (£13.8billion) – three times the size it is now.

Prime minister Shinzo Abe hopes to grow the robotics industry to revitalise Japan’s faltering economy (Picture: Getty)

‘In 2020, I would like to gather all of the world’s robots and aim to hold an Olympics where they compete in technical skills,’ he said.

‘We would like to set up a council on making a robotic revolution a reality in order to aid Japan’s growth.’

Mr Abe is hoping the robotics industry can revitalise Japan’s faltering economy, which has struggled since the global economic recession.

With Switzerland planning to host the world’s first Cyborg Olympics in 2016 – where athletes with robotic enhancements will compete against one another – the idea of a Robot Olympics doesn’t seem so far-fetched.

Robotics has come a long way since the days of Robot Wars, but Craig Charles might still be hoping for a phone call.

Via MetroRead more here

 

 

WordPress 4.0: The app becomes a platform

WordPress has announced the first beta of version 4.0, but despite the major version number, it’s an incremental upgrade. Changes to the left of the decimal point aren’t as major in WordPress as they are elsewhere, but the updates in the pipeline for 4.0 and beyond reflect how WordPress has become a platform, rather than an application.

Originally just a blogging system, WordPress has grown into an entire site-publishing solution courtesy of its third-party developers. Aside from the thousands of easily interchanged themes available for WordPress, its library of plug-ins can turn it into everything from a discussion board engine to an e-commerce solution. Consequently it’s now considered a viable replacement for other content-management and site-architecting solutions, from Zen Cart to Drupal.

WordPress 4.0: The app becomes a platform

Credit: WordPress

WordPress’ path to this point, however, wasn’t planned. For one, new features for WordPress don’t typically start as direct contributions to the core code. Instead, additions are prototyped as plug-ins, then merged into the core of the project if they pass muster with the core development team.

For an idea of how incremental those changes can be, look no further than some of the features promised for the core of the 4.0 release: previews of embedded URLs (such as from YouTube), a revamped plug-in installation user experience, and a new view format for the media library.

As conservative as those changes are, other plug-ins under development as core proposals hint at WordPress’ status as as a full-blown software ecosystem, as viewed by its users — and its creators. Among them is a plug-in that provides a JSON REST API for WordPress, currently listed at the “development” stage. Another, a front-end editor, allows changes to be made to posts while browsing the site itself, rather than logging into WordPress’s back-end panel.

WordPress may also be facing future competition as an ecosystem from Ghost. Also devised in its base incarnation as “just a blog,” the Node.js-powered publishing system may be able to ride the rising tide of interest in Node.js and the JavaScript ecosystem and become a major contender. But despite a great deal of activity on the core project, it’s still in its infancy, and its plug-in API hasn’t even been nailed down yet. WordPress has inertia and a massive installed based on its side.

One constant issue with WordPress that’s gone hand in hand with its explosive growth as an ecosystem has been security. Themes are implemented in WordPress as live PHP code rather than static files, and themes hiding malicious code have been spotted in the wild. Plug-ins, too, have been a source of obfuscated malicious code, as well as exploitable vulnerabilities.

WordPress has defended itself against this by providing a curated source for both themes and plug-ins, in much the same manner as the Google Play store for Android. But the majority of the work involved in securing a WordPress installation, even as WordPress evolves as its own platform, clearly still falls to the end-user.

Via InfoWorld.com.