Court shuts down alleged PC tech support scam

From PC World, October 24, 2014 – by Grant Gross

This the kind of thing that can really hurt the honest companies that actually provide a great security platform.  Please read:

A court has shut down a New York tech support vendor after the U.S. Federal Trade Commission accused the company of scamming computer users into paying hundreds of dollars for services they did not need.

The FTC’s complaint against Pairsys, based in Albany, New York, also alleged that the company charged customers for software that was otherwise available for free.

Pairsys cold-called computer users in the U.S. and other countries, claiming to be representatives of Microsoft or Facebook, and convinced them to allow the company’s workers to gain remote control over the customers’ PCs as a way to diagnose computer problems, the FTC said.

Pairsys charged computer owners US$149 to $249 to fix nonexistent problems on their PCs, the FTC alleged.

The company also purchased deceptive online ads that led computer owners to believe they were calling technical support lines for legitimate companies, the FTC said in its complaint, filed with the U.S. District Court for the Northern District of New York in September.

Pairsys did not immediately return a message seeking comment on the FTC complaint.

Pairsys and its operators “targeted seniors and other vulnerable populations, preying on their lack of computer knowledge to sell ‘security’ software and programs that had no value at all,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement. “We look forward to getting consumers’ money back in their pockets.” <READ MORE>

Banks: Credit Card Breach at Staples Stores

Posted on KrebsonSecurity, October 14, 2014

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast. <READ MORE>

Ensuring the Security of Your Company’s Data

From: Intuit QuickBooks, by Andrea Hayden on July 20, 2014

This was posted to our site back in August. Since that time a very nasty ransom ware, CryptonWall 2.0 has surfaced.  If you get hit, plan on spending at least $500.00 just to get your data back.

This article provides you with some guidelines and is worth your time to give it a look. Thanks for visiting our site – Randy Centrella <READ MORE>

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked

From: The Hacker News, October 14, 2014

Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world. Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.


A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site. <READ MORE>

The Secret to Secure Data in the Cloud? Know What You’re Up Against

From: Law Technology Today, Posted by: Ajay Patel September 30, 2014

The issues of data security and sovereignty have become hot topics in recent years as increasing amounts of sensitive, confidential and personal information is stored in the cloud. With these concerns have come revisions to laws in many countries and jurisdictions to keep up with the changing landscape of data privacy.

The trickiest thing to legislate is managing the exchange of information across borders, simultaneously allowing the transfer of data while maintaining the maximum level of security. This requires multi-national agreements in an attempt to get different countries with different laws to comply to a unilateral level of data protection.

However, this can mean that data is not always as well protected as we think. For instance, the Safe Harbour agreement sidesteps legal obstacles to transmitting personal information between the European Union and the United States by setting out “the adequate level of protection for the transfer of data from the [EU] to the United States [that] should be attained if organisations comply with the Safe Harbour privacy principles for the protection of personal data transferred from a [EU] Member State to the United States.” This is separate from the privacy policies of the EU and the US, requiring only adherence to the Safe Harbour privacy principles of notice, choice, onward transfer, security, data integrity, access and enforcement. <READ MORE>

Cryptowall Alert

Ransomware, in this case “Cryptowall”, is a type of malware which restricts access to the computer system (your files) that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
Please take a moment of your time to read this attached document.  It contains valuable information about the evolution of this particular ransomware. Most importantly, learn what you can do and what you should look for to protect your files and your business from becoming another victim. <READ MORE>
Questions? Call 407-678-8300


4 Top Online Security Concerns for Small Businesses

From: Intuit QuickBooks, by Brian Penny on September 16, 2014

Cloud security is in the hotseat following a massive leak of celebrity photos that were stored on Apple’s iCloud service. Apple initially issued a statement that its servers are secure, but conceded that several prominent celebrities had their accounts compromised.

Your business may not be as well-known as Jennifer Lawrence, but this doesn’t mean your data is safe in the cloud. In fact, with the financial nature of your business data, you could be even more at risk. If your business has an online presence, you need to proactively defend yourself against these common digital attacks. <READ MORE>

Home Depot reveals details of data breach

By Chris DiMarco September 22, 2014 – Inside Counsel Magazine

The incident underscores the risk of cybercrime not only for customers but for executives.

Rumblings of a breach of Home Depot’s information systems began in early September; however, the company was slow to reveal the extent to which customers were affected. After an initial warning from banks and a report from cybersecurity newshound Brian Krebs on Sept 2, confirmation of the incident was not released until almost a week later on Sept 8. Details of the breach were not made available by the company until Sept 18, when it announced that the cyberattack put payment card information at risk for approximately 56 million unique cards and that the malware linked to the attack was believed to be present between April and September 2014. Every store in North America is believed to have been involved.

With so many people involved, it can be easy to fault the home improvement giant with the glacial speed at which it gave out information. But Home Depot says that the investigation uncovering those details began on the same day as bank issued warnings and that the infection has now been contained.

The malware in question is believed to be similar to that used in the Target breach, which affected over 40 million customers in late 2013. The malware affects point-of-sale kiosks and checkout lines, and in the Home Depot case, may have specifically targeted self-checkout lines.

In response to the issue, Frank Blake, chairman and CEO of Home Depot has said, “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges. From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”


Related Stories:

Boards need to oversee cybersecurity risk says SEC official

Data security gets more attention following Target breach

Target’s cybersecurity event may have been preventable


Given the increasing frequency of massive data breaches like this, though, customer anxiety is no longer easily assuaged by increased security standards, free credit monitoring software and a promise to do better. That in turn manifests as anxiety for the C-suite. Following the Target incident, multiple high-level executives were terminated or stepped down for lack of proactivity in shoring up Target’s cyber defenses. While there has been no word yet on similar moves at Home Depot, it’s an inevitability that someone will need to pay the piper.

Even more worrisome for both customers and executives is a New York Times report out today that cites multiple former and current Home Depot employees who witnessed negligent customer data handling throughout its stores. According to that article, “several people who have worked in Home Depot’s security group in recent years said managers failed to take such threats as seriously as they should have. They said managers relied on outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers.”

While experts have warned that cybersecurity should be a priority for corporations, the events of the last two years have proven that even considerable investment can be foiled by innovative hackers. And as the causality role call begins to look more like the average American’s weekend errand list, you can expect it to continue to be a topic of conversation,

Facebook Working on Private Sharing App, Report Says

From: Mashable – Tech – by Adario Strange, September 17, 2014

Facebook is reportedly working on a new app designed to encourage private content sharing — by making the process even more personal.

Citing multiple sources, a report on Techcrunch claims that the current code name for the app is “Moments” and will give users a grid-style interface from which to share private moments with friends and family.

The reasoning behind the app, allegedly, is to assist Facebook users who want to share intimate content with close contacts, but have been put off by the site’s increasingly complicated privacy settings.

The report hedges on whether or not the app will ever actually be released, citing numerous past internal Facebook experiments that never became public-facing products.

But if true, the app would indicate that Facebook is continuing to work to win back the trust of some users who have been daunted by the site’s complicated and ever-shifting privacy settings and News Feed changes.

A Facebook spokesperson offered the company’s standard response: “we do not comment on rumors or speculation.”

Ditching Paper Signatures: Are All Electronic Alternatives Equal?

From: Law Technology Today, By Eliya Fishman August 28, 2014

More than 90% of the world’s digital data has been generated within the last two years. Everything around us is moving faster. Our on-demand, in-an-instant mindset has zero tolerance for bandwidth limitations and mobility constraints. And then, we suddenly find ourselves facing a stack of paper that should have been signed yesterday…

Paper might be dying, but the tried and true process of ‘printing to sign’ continues to linger. In fact, according to a recent ALM Media online reader survey on signature-dependent processes and the use of digital signatures, 49% of all documents are printed for the sole purpose of adding signatures. And with 47% of respondents signing documents at least four times per week, you can quickly figure out what that means in terms of wasted resources, precious time, and money. Speaking of time, the survey also revealed that processes involved with obtaining physical signatures were extended by 1.24 days on average, spelling potential disaster for time-sensitive transactions. <READ MORE>