hankimg

“As a business owner, you don’t have time to waste on technical and operational issues. That’s where we shine! Call us and put an end to your IT Service problems finally and forever!”

Hank Wagner, Owner
Computer Networks of Roanoke
IT Guru, Published Author, and Trusted Advisor to Medical Practice Administrators and Business Owners

What Happens To Stolen Medical Records?

Typically after a health record hack, the data will "go dark" for some time before resurfacing in different variations, he says.

So, it will look like basic short-form ID theft material, but eventually the electronic health record will surface as a “fullz” - the slang term on the deep web for a complete long-form document containing of all the intricacies of a person's
health history, preferred pharmacy, literally everything.

What happens is the people who purchase those “fullz” then go to another vendor on the deep web for what's called “dox”, the slang term for documentation, where they then proceed to have passports, drivers' licenses, Social Security cards - all these things that will help the counterfeit imitation of the victim. ... So, you have an electronic health record that will typically go for $20 apiece, and you'll spend a couple hundred dollars on “doxs” to support that identity, and once it's an identity kit, you can sell it for $1,500 to $2,000.

Those ID kits are then used for a wide variety of criminal activities, including illegal immigration, pedophilia and launching more attacks using social engineering.

Inside This Issue
1 Stolen Records
2 ISIS Hacker
2 Yahoo Data Breach
3 Infected USB
4 Samsung Recall

Multiple Backdoors Found in D-Link DWR-932 B LTE Router

oct16-1If you own a D-Link wireless router, especially DWR-932 B LTE router, you should get rid of it, rather than wait for a firmware upgrade that never lands quickly.

D-Link DWR-932B LTE router is allegedly vulnerable to over 20 issues, including backdoor accounts, default credentials, leaky credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal Plug-and-Play) configuration.

If successfully exploited, these vulnerabilities could allow attackers to remotely hijack and control your router, as well as network, leaving all connected devices vulnerable to man-in-the-middle and DNS poisoning attacks.

Hank Wagner, Owner
hank.wagner@computernetworksinc.com
https://www.computernetworksroanoke.com
757-333-3299 x232

Hacker Who Helped ISIS to Build 'Hit List' Of US Military Personnel Jailed for 20 Years

A computer hacker who allegedly helped the terrorist organization ISIS by handing over data on 1,351 US government and military personnel has been sentenced to 20 years in a U.S. prison.

Ardit Ferizi, aka Th3Dir3ctorY, from Kosovo was sentenced in federal court in Alexandria, for "providing material support to the Islamic State of Iraq and the Levant (ISIL) and accessing a protected computer without authorization and obtaining information in order to provide material support to ISIL," the Department of Justice announced on Friday.

The 21-year-old ISIS-linked hacker obtained the data by hacking into the US web hosting company's servers on June 13, 2015.
Ferizi then filtered out over 1,300 US military and government employees' information from the stolen data and then handed it over to Junaid Hussain, according to court filings [PDF].

The stolen data contains personally identifiable information (PII), which includes names, email addresses, passwords, locations and phone numbers of US military service members and government workers.

Junaid Hussain, who was a British jihadi and believed to be the then leader and creator of a group of ISIS hackers called the Islamic State Hacking Division (ISHD), posted the names and personal data of 100 US service member's families online.

Hussain, who was also known as Abu Hussain Al-Britani and used the moniker TriCk, was later killed in a US drone strike in Syria in August last year.

Massive Yahoo Data Breach Shatters Records

oct16-2Yahoo's disclosure of one of the largest-ever data breaches comes after months of dark web chatter that indicated it may be the next victim following large online services including Twitter, LinkedIn and Dropbox.

Yahoo blames the attack on a "state-sponsored actor," but it did not name a suspect country. Still, it's a confident assertion for a cyberattack, which computer security experts contend is notoriously difficult to attribute.
Yahoo says details on at least 500 million accounts were stolen in late 2014. The company is notifying those affected and asking them to change their passwords. Most, but not all, of the exposed passwords were encrypted with a strong algorithm, leaving some users at more risk than others.

Over the two years since the breach, state-sponsored hackers would have had plenty of time to attempt to crack even the strongly encrypted passwords, says Michael Lipinksi, CISO and chief security strategist at Securonix. "I think it's safe to say those accounts were compromised," he says.

This theft of account credentials apparently is the biggest that's ever been discovered, easily overtaking the exposure of 359 million MySpace accounts in 2008, which only came to light earlier this year. Other record-setting breaches included the exposure of 164 million LinkedIn emails and passwords in 2012 - which also came to light this year - as well as the exposure of 152 million Adobe accounts in 2013.
Unlike the breaches at LinkedIn and MySpace, as well as other big breaches involving Dropbox and Tumblr, the Yahoo account details are not circulating or for sale on the underground, a sign that experts say may indicate the company's attribution is accurate. The company says an "investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network."

In addition to passwords, the compromised information includes names, email addresses, phone numbers and birthdates. Also stolen were the security questions and answers users had selected to verify their accounts, only some of which were encrypted. Payment card and bank account information was likely not affected, because that information was not stored in the compromised system, Yahoo says.

Beware Malware Infected USB Sticks Left In Mailboxes

Don't plug that USB stick into your laptop. It could infect your computer with malware and viruses.

Australia's Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people's letterboxes in the Melbourne suburb of Pakenham.

It seems to one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers.

The warning, published on the official website of the Victoria Police, one of Australia's state police departments, reads:

"Members of the public are allegedly finding unmarked USB drives in their letterboxes.”

Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues [malware].

The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices. "The warning comes after a recent flood of reports from residents in the suburb of Pakenham who found compromised unmarked drives in their mailboxes and inserted them into their computers.”

Although the police did not provide any further details as to the type of malware on the drives or whether the victims were served ransomware demands upon running the malicious code on the drives, it is no surprise to us that some people plugged the drives into their PCs.

If you are feeling this way about your computer network…

oct16-3

… it is probably time to give us a call at 757-333-3299.

Talking is free…..

HP Inkjet Printers Refuse To Accept Third-Party Ink Cartridges After Stealth Firmware Update

Extreme Tech
The inkjet printer market has been a ridiculously profitable racket for HP and its ilk for decades, and manufacturers have fought tooth and nail to keep it that way. HP launched the latest salvo in this effort earlier this month, when a six-month-old firmware update suddenly kicked in and locked out third-party ink cartridges.

Multiple models in HP’s OfficeJet, OfficeJet Pro, and OfficeJet Pro X were all affected, even though none of these models had seen a firmware update in the past six months. The consensus is that HP actually baked this response into the March 2016 update it released, but told no one it was coming. This ensured more people would adopt the firmware and report that it worked without incident.

In a statement to the BBC, HP noted that some devices had been updated with this functionality via firmware, while others had shipped with the necessary chips and capabilities from Day 1. “The purpose of this update is to protect HP’s innovations and intellectual property,” HP said in a statement. “In many cases, this functionality was installed in the HP printer and in some cases it has been implemented as part of an update to the printer’s firmware.”

Dutch ink cartridge manufacturer 123inkt noted it had received more than 1,000 complaints in a single day as a result of its cartridges suddenly failing to work in HP hardware. Refilled cartridges with an HP security chip should still function, though this requires that the user still purchase an original set of HP cartridges at significantly higher prices.

Samsung Is Recalling The Galaxy Note 7 Worldwide Over Battery Problem

oct16-4Samsung is recalling millions of new Galaxy Note 7 smartphones worldwide after reports that the devices can catch fire while charging.

The massive recall of one of Samsung's flagship devices is an embarrassing setback for the world’s biggest selling smartphone maker. The Note 7 was unveiled just a month ago, and big rival Apple (AAPL, Tech30) is expected to show off its new smartphone next week.

Samsung (SSNLF) said Friday it had found a problem with the battery in some of the phones and was halting sales in 10 countries, including South Korea and the U.S. It will offer customers a new product for free in the coming weeks to replace the 2.5 million Galaxy Note 7s that have been sold.

Samsung said devices in China don't appear to be affected because it used another battery supplier. But it was unclear if models sold in China would nonetheless be recalled.

The company originally said it would take about two weeks to prepare the recall, but later announced Note 7 users in the U.S. can exchange their device for a Galaxy S7 or Galaxy S7 Edge, starting next week. It will also refund the cost of Note 7-specific accessories.

Samsung is giving Note 7 users a $25 gift card or bill credit for the inconvenience.