Monthly Archives: April 2017
Dronejacking
The world in which we live gets more technologically advanced every day and things that were previously accessible to only a select few have now become available to pretty much everyone. During the 1980’s when personal computers were the newest thing, the desktop devices were much more expensive (not to mention cumbersome) than they are today.
Thirty plus years later, personal computers are commonplace in homes around the industrialized world and everything on the internet is now available anywhere at anytime thanks to a large variety of handheld mobile electronic devices, including cell phones, laptops and tablets.
Another electronic device that is quickly changing the way we live and work is the drone that began as a hobby for flying enthusiasts or expensive gifts to kids from parents who could afford them. Today multiple companies are manufacturing affordable drones which have made them more popular and the devices are quickly becoming mainstream business tools.
Multiple government agencies and a variety of businesses are now using drones to assist in accomplishing their goals which include photography, news media, farming, law enforcement, shipping and more uses for drones are always being found.
Both UPS and Amazon plan to start delivering packages using drones instead of the typical mail transporting services. When that becomes reality you will have to worry about your package even making it to your doorstep to be stolen by someone watching for package deliveries because hackers will be able to gain control of drones in-flight and redirect them to another location.
As we have seen in the past any type of electronic device that gets connected to a network becomes a potential target for hacking. These nefarious efforts are made easier by devices that have little or no security measures in place and are easy to set up facilitated by using open ports and unencrypted communications.
A recent example sparked anxiety in the up-and-coming drone industry when a drone was found outfitted with hacking capabilities that would allow it to hack into local wireless networks after landing on roofs of businesses, homes or government facilities.
DefCon demonstrated in 2015 that someone could very easily take control of a drone while in flight. Since shipping drones will likely be launched each time from a specific location, it won’t take long for hackers to determine flight patterns and easily assume control of regularly flying drones and their cargo.
The logistical nightmare created by dronejacking for companies like Amazon and UPS could negatively impact the success of such programs even though successful dronejackings would be unreliable and package contents are unknown.
Drones have also been known to annoy people when they fly over their houses and many have resorted to throwing rocks or shooting guns to bring them down. This presents questions about invasions into personal space and “no-fly zones,” which are just a few of the issues currently being considered by national and local authorities. Ordinances and regulations about drones are still being formulated so many agencies don’t know how to handle drone complaints.
The media and photography enthusiasts use drones to get pictures that are not easily accessed otherwise using expensive high-quality photographic equipment. Hackers could easily assume control of not only the expensive drone, but the costly equipment it carries which creates a tempting target for dronejacking by those who resell various devices including drones and camera equipment.
Multiple federal, state and local law enforcement agencies use drones for surveillance and to assist with crowd control in highly charged scenarios like protests and situations involving active shooters. Protesters could look to technology to take out surveillance drones and security feeds upon which law enforcement agencies rely.
Researchers have found open ports and weak authentication tools in many drones used for consumer shipping which allows hackers to send remote commands to drones to redirect them. Most of these redirections are currently being done manually but it won’t be long before someone produces a format that makes exploitation easier.
Most vulnerabilities are easily remedied with a software update from the drone manufacturer and those who manufacture more expensive high-end drones will probably offer fixes sooner than cheaper drones for which fixes will be a long time coming.
Cybersecurity experts predict that drone exploit kits will soon start making the rounds on the internet and more media stories about dronejackings will appear in newscasts worldwide. Questions about personal no-fly zones will abound and debates on social media will be heated about solutions that may include running software from a laptop instead of hurling rocks and loading weapons.
Experts also predict drones will be taken out of the air by individuals using directional antennas and that hackers will develop a way to quickly eliminate surveillance drones used by law enforcement.
Commercial aviation grew slowly over a long period of time as did rules and regulations governing it. Drones are advancing at a much more rapid pace which is leaving the United States Federal Aviation Administration scrambling to formulate regulations governing where and when both private and commercial drones can fly and local authorities are awaiting those rules and regulations, as are individuals who operate or are affected by drones.
Top 10 Vulnerabilities
Top 10 Cyber security Vulnerabilities
Intel Corp is a leader in the tech world of cyber security and uncovers an average of 245 new computer related threats daily. The experts at Intel have developed a Threat Dashboard that lists all the current threats, vulnerabilities, ransomware, exploit kits and campaigns of which their experts are aware that are designed to nefarious invade electronic devices for the purpose of stealing valuable personal and confidential information.
Intel has determined the following to be the Top 10 Vulnerabilities of which computer users everywhere need to be aware:
Cyber security vulnerability list:
CVE-2017-0038
A vulnerability in Microsoft Windows could allow remote hackers to gain access to sensitive information. The flaw exists in the Graphics Device Interface (gdi32.dll), which hackers can exploit using an EMF file. The EMF file format is an extension of the spool file format, Enhanced MetaFile, which Windows uses for reading, filing, storing, and printing documents.
Uncovering CloudFlare Vulnerability: Cyber Security Risks and Customer Data Exposure
Cyber security researchers discovered a vulnerability affecting websites that use CloudFlare, a content delivery network that sits between the computer user and their internet host. The vulnerability could result in possible memory leaks that expose private customer information, posing a serious risk to website users’ sensitive data
CVE-2016-1019
This cyber security vulnerability affects Adobe Flash Player, a popular freeware used for accessing internet applications, viewing multimedia, and streaming audio and video. Remote hackers can exploit the vulnerability to cause a denial of service, application crash, and/or execute arbitrary code using unspecified vectors. As such, it poses a serious cybersecurity risk to users of the software
CVE-2016-4117
This vulnerability also affects Adobe Flash Player’s by enabling remote code execution.
CVE-2016-0189
This vulnerability allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption in Microsoft JScript 5.8 and VBScript 5.7 and 5.8 engines, which are used in Internet Explorer’s versions 9 through 11 and other products.
CVE-2016-7200
Microsoft Edge’s Chakra JavaScript engine is affected and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a “crafted” website which are those built for purposes of carrying out a cyber attack.
CVE-2017-0037
Cybersecurity experts have identified a vulnerability in Microsoft Internet Explorer that could lead to remote code execution. The flaw is related to the “HandleColumnBreakOnColumnSpanningElement” and could potentially be exploited by remote attackers. It poses a significant cybersecurity risk to users of the browser.
CVE-2016-7201
Microsoft Edge’s Chakra JavaScript is affected with this vulnerability and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a crafted website.
CVE-2016-7288
This vulnerability also affects Microsoft Edge and could result in execution of arbitrary code or a denial of service and the flaw lies within the scripting engines that are exploitable using crafted websites.
CVE-2017-0016
This vulnerability causes memory corruption in Microsoft Windows applications and could result in a denial of service with the flaw lying in mrxsmb20.sys and the way SMB traffic is handled.
Enhance Cyber Security: Partner with “EyesEverywhere” for Reliable Consulting Services
Computer users face an ongoing challenge of keeping up with the latest computer viruses and hacking vulnerabilities, which can affect anyone, anywhere, anytime. To fight nefarious computer invasions, it’s crucial to maintain up-to-date security software and develop a working relationship with competent IT professionals. For reliable cyber security consulting services in Toronto, consider partnering with EyesEverywhere. Our team of experts can help assess your vulnerabilities and implement effective security measures to protect your business from cyber threats.
Potentially Unwanted Programs (PUPs)
How Potentially Unwanted Programs (PUPs) Can Compromise Cyber security
What Is PUP in cyber security?
The term Potentially Unwanted Programs or PUPs in the cyber security world refers to software programs that contain possibly malicious adware or cause other unspecified objectives like installation of toolbars or nefarious programs.
PUPs: The Voluntarily Downloaded Software That Can Harm Your Computer
The title was given to this type of software to distinguish it from malicious software (malware) because PUPs are voluntarily downloaded by computer users who don’t read and/or fully understand the true terms and conditions of download agreements that may include installation of other programs whether wanted or not.
PUPs as Adwares: How They Infect Electronic Devices and Compromise Cyber Security
Typically, PUPs are adwares that appear as coupons, underlined words, advertising banners, or annoying pop-up ads on websites that users frequently visit. The intention of these ads is to entice users to click on them, subsequently installing malicious content onto electronic devices. This content may include optimization tools, web browser toolbars, and other unsafe cyber products that compromise the security of the device.
These crafty PUPs do nothing but generate “pay-per-click” income for the PUPs’ creator from unsuspecting personal computer and hand-held electronic device operators who unknowingly download malicious programs onto their electronics. Most PUPS get into electronic systems via bundled installations of “freeware” software, PDF creators, download managers and video streaming or recording.
A lot of PUPs are bundled within customized installer tools on download websites like Brothersoft, Softonic and CNET that enable computer users to download various computer software programs.
Indications of Potentially Unwanted Programs (PUPs) on Electronic Devices:
PUPs can be difficult to detect. Ransomware, for instance, displays a pop-up window on the computer screen, demanding a specified amount of money to restore encrypted data. Other symptoms of PUPs are not as noticeable and include the following indications:
Injection of advertising banners within website pages you visit.
Website text is randomly turned into hyperlinks. hyperlinks are links to another location, document or file that are typically activated by clicking on a word or image that is highlighted on the computer screen.
Slow running computer (not caused by running too many programs or lack of hard drive or memory space).
Slow internet connection.
Frozen or unresponsive browser.
Cursor drags 10 seconds behind the mouse.
Different home page continually appears.
New toolbars appear that you can’t remove.
Pop-ups that recommend fake software or software updates.
Bombardment with pop-up ads; close one and another appears even when you’re not online.
Browser redirects repeatedly redirect users from the website they’re trying to access to a different one.
Lots of bounced back email (indicative of having been hacked).
Unfamiliar icons appear on desktop.
Constant computer crashing.
Cell phones and other electronic devices are not immune and are vulnerable to mobile malware, the symptoms of which may include short battery life (drains quickly) or cell phone bills that include charges for things you didn’t buy or messages you didn’t send.
Botnets and other types of malware are nearly impossible to detect unless you run a cyber security scan. Computer users can protect electronic devices. How? from land and mobile cyber threats by using anti-malware security software designed specifically for personal computers, smartphones, tablets, and other devices. Safeguards exist specifically designed to keep Android devices from infected applications, unauthorized surveillance, and nefarious malware.
Inasmuch as Intel uncovers 245 new cyber threats per minute. It has never been more important to utilize up-to-date cyber security software to protect electronic devices from malicious infections that can turn one’s life upside down or completely halt business operations.
If you suspect that your electronic devices have been infected by PUPs or other malicious software, it is important to take swift action to protect your data and privacy. You can seek help from cyber security consulting services in Toronto, such as Eyes Everywhere. Our team of professionals can help you locate, identify, and eradicate PUPs and other malware from your devices. Contact us today to safeguard your digital assets
To read more about PUPs you can visit here