Are you Shellshock’d? {bashbug}

By: Kyle Cavalieri

Are-You-Shell-Shocked-DIGITS-LLCOn September 25, 2014, a new vulnerability that affects most versions of Linux and Unix operating systems, which includes Mac OS X, was discovered. According to security researchers, given the reach of the Bash itself and combined with the sheer volume of devices and application that rely on the Bash, Shellshock is likely going to be larger than the Heartbleed vulnerability that was identified earlier this year. If Shellshock is exploited successfully, the vulnerability could allow an attacker to gain control over a targeted computer.

Bash is a common component of Unix and Linux systems and is commonly referred to as ‘shell.’ Bash acts as a mechanism for the user to instruct the operating system what to do. The vulnerability lies in the fact that an attacker can imbed malicious code into application code that require Bash to execute. At this time, the most critically vulnerable systems are Web servers running the aforementioned OS’s. Although, non-Web servers are also vulnerable, specific conditions need to be in place in order for an attacker to gain control. Imbedded systems that are running Bash that are Internet facing, such as surveillance systems, routers, conferencing and IP based phone systems may also be vulnerable and should be inspected appropriately.

Once the targeted system has been exploited, the attacker can extract password lists off the system and use those passwords to move laterally within the network to gain access to other systems with the company’s production environment.

Due to the wide spread nature of this vulnerability, cyber security companies, like DIGITS LLC, are able to detect whether your systems are currently vulnerable to this latest threat. Contact a cyber security specialist today for more information.

www.digitsllc.com

DIGITS LLC

Internet Security with Computer Forensic Expert

Recently DIGITS LLC‘s Director of Computer Forensics and Investigations was featured on WIVB, Buffalo’s Channel 4 News, about the topic of Internet viruses.  Kyle Cavalieri is an expert in Cyber Security and offered his opinion about these Internet viruses that could put anyone connected into the web in a bad situation. Check out the video below for more information on how to stay secure from this ‘ransomware’ Internet virus.

Learning about Internet threats with WIVB

This WIVB story, reported by Jordan Williams, started with a local man that was victim to a cyber attack that appeared to take control of his personal laptop.   A FBI Buffalo representative and DIGITS LLC’s Director of Computer Forensics and Investigations both provided feedback from the “ransomware” attack.  It is very important to make sure that you are aware of these type of cyber attacks.  Both representatives reinforced that it is important to call to shut down your computer right away and call a security expert, like DIGITS LLC, if you fall victim from a computer virus similar to described here.

Check out this report WIVB, interviewing computer and security experts about this ransomware virus.

Data Security to Prevent Data Breach- Last Chance to Register!

Data Security to Prevent Data BreachThis Thursday, December 6, 2012, DIGITS LLC and Escapewire Solutions will be holding a ‘Lunch & Learn’ event centered around the topic of data security and data breaches.  Listen to case studies of those who have suffered from data breaches and learn what technology is recommended to stay secure from these cyber threats.

Date:              Thursday, December 6, 2012
Time:            12:00 p.m. to 2:00 p.m. (Lunch will be provided)
Location:   DoubleTree Inn, 10 Flint Road, Amherst, New York 14226

Click here to register for ‘Data Security to Prevent Data Breach’ lunch & learn event.

Continue reading

Data Breach Security – Prevent Data Breach

The following facts have been gathered by DIGITS LLC in preparation for our upcoming Lunch and Learn event: Data Security to Prevent Data Breach.  Click here to register for this event.

banner1

According to Help Net Security, 80 major law firms were hacked in 2011 1

hr1

banner1

Law Firms and CPA Firms, esp. Healthcare, Tax, Matrimonial, Personal Injury, and Large Corporate Litigation practices are prime targets for Hackers. 1

hr1
banner1

Hackers have been successful in compromising even the most sophisticated and secured corporate networks 1
hr1
banner1

Forty-six states have enacted Data Breach Notification Laws 1

hr1
Law Firms & CPA Firms Target of Organized HACKERS

hr1

This information was gathered by DIGITS LLC in preparation for our upcoming Lunch and Learn event: Data Security to Prevent Data Breach.  Click here to register for this event.

www.digitsllc.com

WARNING: Windows Phone Scam

Last night, an associate from DIGITS LLC received a phone call on his home phone from a number that he did not recognize.  The 510 area code threw him off a bit but he thought that this caller might be from an out of country friend…  The phone call ended up being from a cyber-crook foe.

The attack came from this phone number: 510 943 3040

The individual on the other line claimed to be from Windows.  This person said that they found a bug on the users’ Windows computer and continued to attempt to instruct the steps to allow remote access to the computer.  We knew right away that this was a scam.  First of all, there aren’t any Window’s machines within the facility, and second, Windows would never call a home phone asking for remote access.

DIGITS LLC is well trained to be aware of a situation like this, but many of our friends and family might not know the difference of a scam phone call.  These cyber scammers are looking to obtain personal information including usernames, passwords, and banking information.  The DIGITS LLC associate also mentioned that in the background  he could hear multiple conversations of the same matter.   This is our attempt to warn you, please pass on to all of your colleagues and STAY SECURE!