Author Archives: Gregory Rivas

Article: Hacked Yahoo Data Is for Sale on Dark Web

“Some time around August 2013, hackers penetrated the email system of Yahoo, one of the world’s largest and oldest providers of free email services. The attackers quietly scooped up the records of more than 1 billion users, including names, birth dates, phone numbers and passwords that were encrypted with an easily broken form of security.

The intruders also obtained the security questions and backup email addresses used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world: Several million of the backup addresses belonged to military and civilian government employees from dozens of nations, including more than 150,000 Americans.

No one knows what happened to the data during the next three years. But last August, a geographically dispersed hacking collective based in Eastern Europe quietly began offering the whole database for sale, according to Andrew Komarov, chief intelligence officer at InfoArmor, an Arizona cybersecurity firm, who monitors the dark corners of the internet inhabited by criminals, spies and spammers. Three buyers — two known spammers and an entity that appeared more interested in espionage — paid about $300,000 each for a complete copy of the database, he said.

The attack, which Yahoo disclosed on Wednesday, is the largest known data breach of a company. And neither Yahoo nor the public had any idea it had occurred until a month ago, when law enforcement authorities came to the company with samples of the hacked data from an undisclosed source.

Yahoo still does not know who broke into its systems in 2013, how they got in or what they did with the data, the company said Wednesday. It has made more progress tracking down a separate hacking episode in 2014, which compromised 500 million email accounts and was disclosed in September. The company has said it believes the 2014 attack was sponsored by a government entity but has not identified it.

The Federal Bureau of Investigation said in a statement that it was investigating the Yahoo breach. Attorney General Eric T. Schneiderman of New York also said his office was in touch with Yahoo to examine the circumstances of the data breach.

Security experts and former government officials warned that the real danger of the Yahoo attack was not that hackers gained access to Yahoo users’ email accounts, but that they obtained the credentials to hunt down more lucrative information about their targets wherever it resided across the web.

“This wasn’t an attack against Yahoo, but rather reconnaissance to launch other campaigns,” said Oren Falkowitz, a former analyst at the National Security Agency who now runs Area 1, a Silicon Valley security start-up.

“Inactive or not, a billion user accounts and hashes means attackers have a golden key for new phishing attacks,” he said. In a phishing attack, a hacker often poses as a trusted contact and tries to induce the recipient of an email to click on a malicious link or share sensitive information.

Users routinely ignore advice to use different passwords for their different accounts across the web, which means a stolen Yahoo user name and password could open the door to more sensitive information in online-banking, corporate or government email accounts.

Mr. Komarov said the group that hacked Yahoo in 2013, which he calls Group E, appeared to be motivated by money, not politics. It is believed to have broken into the systems of major American internet companies like LinkedIn, Myspace, Dropbox and Tumblr, as well as foreign-owned services like VKontakte, a Russian social network similar to Facebook.

Group E sometimes sells complete copies of the data, Mr. Komarov said. It also combines information from different hacking forays into a master database. Like a corporate marketer, it peddles chunks of the data to spammers seeking to reach specific audiences, like middle-aged women who live in certain ZIP codes. It sometimes operates through intermediaries.

That database of 1 billion Yahoo accounts, Mr. Komarov said, is still for sale, although current bids are coming in at $20,000 to $50,000 since the data is much less valuable now that Yahoo has changed the passwords.”


Article: 1 Billion Yahoo Accounts Stolen

“Yahoo has suffered another hack.

The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.

Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. ‘We have not been able to identify the intrusion associated with this theft,’ Lord wrote in a post announcing the hack.

‘The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,’ Lord added.

Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.

Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords.

Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. ‘The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,’ Lord said, adding that he believed the attack was launched by a state-sponsored actor.

Today’s revelations add to Yahoo’s long string of security problems. Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September. What Yahoo executives knew about the breach, and when they knew it, have been crucial questions in Verizon’s ongoing acquisition of Yahoo. Yahoo did not disclose the first breach until several months after the deal was announced.”

“What can users do to protect their account?

  • Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
  • Review all of your accounts for suspicious activity;
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
  • Avoid clicking on links or downloading attachments from suspicious emails; and
  • Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.”


please call asap – Spam Email Sent to the Fordham Community on 11/30/2016

This is a Spam email that has been reported. This message was
received on or about November 30th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:

——————–Begin Message ——————————
From: “Performance SLC” <>
Date: Fri, Nov 4, 2016 at 12:48 PM
Subject: please call asap

Dear User,

Records indicate you have inquired in the past for student loan relief. You may now meet the new criteria for a student loan forgiveness program which may include loan consolidation into one new low payment, monthly payment deferments, loan discharge, or even complete loan forgiveness.

We are an A-rated BBB accredited agency, that offers graduated students help with a money back guarantee. You won’t pay us anything unless we complete your enrollment, and your call-in consultation does not cost you anything either.

Connect with a specialist now at  888-870-6120

It only takes a few minutes to find out your options. Call our direct line, and be instantly connected without waiting on hold between the hours of 7 AM- 6 PM PST(Pacific Standard).


Performance SLC

17748 Sky Park Cir.
Irvine CA 92612

To unsubscribe or change subscriber options visit: (LINK HERE)

—————————–End Message —————

Webmail Filter Activity- Phishing Email Sent to the Fordham Community on 11/04/2016

This is a Phishing email that has been reported. This message was
received on or about November 4th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:

——————–Begin Message ——————————
From:  Candelaria, Marcella U <>
Date: Fri, Nov 4, 2016 at 12:48 PM
Subject: Webmail Filter Activity

Please note that your Mailbox Filter is not active. Kindly Update Now to get new mails. (LINK HERE)

Thank you,

Candelaria Marcella

ITS support for Faculty and Staff

—————————–End Message —————

Article: Free Tools to Remove Ransomware Infections From Your PC

“Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

The No More Ransom Project offers a quick way to find out what sort of ransomware is on your PC . Alternatively, the Malware Hunter Team runs the ID Ransomware online service which can also be used to identify infections.”

You can find a range of tools and software made available by researchers to scour your PC clean of the most common types of infection as well as links to the the No More Ransom Project and Malware Hunter Team’s ID Ransomware online service in the article.


Tip #13 Pay Attention to Permissions and Privacy Policies


Application permissions on your mobile devices grant an application access to certain information or functions of your phone. When you install an application you are usually greeted with a pop up listing all the permissions the application requests access to. Such permissions include the ability to access your device’s storage and place phone calls. While many simply click through to get the application up and running, it is important to consider what the application is requesting access to and if it is entirely necessary.

If an application is requesting permissions that do not fit the functions of the application (i.e. “find accounts on this device” and “modify your contacts, read your contacts” for an application that only changes your background photo) consider denying the permission to the application. Be cognizant of the applications you download to your device and ensure it is doing only what you intend it to do.

The same principle applies to privacy policies. Though many choose to gloss over them, it is prudent to see how certain information is used, especially in regards to social media sites and applications that require permissions to your information.  Make sure you are comfortable with what that information will be used for and how the information is stored.

Alert: Notice of McAfee Class Action Settlement Email

This is an questionable email that has been reported. This message was
received on or about October 12th, 2016. It is advised that you DO NOT respond to this message or anything that looks like it. You may disregard and delete
this message if you did not use the product listed. If you have any questions about the validity of this email please contact IT Customer Care at 718-817-3999 or via

——————–Begin Message ——————————
From: McAfee Class Action Settlement Claims Administrator <>
Date: Wed, Oct 12, 2016 at 9:20 AM
Subject: Notice of McAfee Class Action Settlement.

Personal Identification #: #########
Confirmation Code: #######
Class Action Settlement Notice
If you bought McAfee or Intel Security software between January 10, 2010 and February 10, 2015, you may be entitled to benefits from a class action settlement.
You must file a Cash Election Form to receive a cash payment.
To file a Cash Election Form, click here.
Read this notice carefully, as it affects your rights.
For more information, visit or call 1-844-343-1478
WHAT IS THIS CASE ABOUT? Two consumers filed class action lawsuits saying that McAfee engaged in certain unfair practices about auto-renewal charges and the advertising of discounts and reference prices. McAfee denies that it did anything wrong. The settlement is not an admission of wrongdoing.
WHO IS INCLUDED? You are in the “Auto-Renewal Class” if you are in the United States and you: (1) were charged by McAfee for the auto-renewal of any McAfee or Intel Security software from January 10, 2010 to February 10, 2015; (2) your first auto-renewal charge was at a higher price than the price you paid McAfee for your initial software subscription; and (3) that auto-renewal charge was not fully refunded to you by McAfee or fully credited to you on your credit or debit card.
You are in the “Reference Price Class” if you are in the United States and: (1) you purchased from McAfee or manually renewed through McAfee a subscription for any McAfee or Intel Security software from January 10, 2010 to February 10, 2015, and (2) you paid a discounted price for that purchase or manual renewal.
If you received this notice, you have been identified as being in the Auto-Renewal Class, based on McAfee’s records.
WHAT DOES THE SETTLEMENT PROVIDE? McAfee has agreed to provide an $11.50 settlement benefit to all class members in the Auto-Renewal Class. You can elect to receive the $11.50 settlement benefit as cash, but only if you file a Cash Election Form by no later than December 23, 2016. Eligible class members who don’t file a Cash Election Form will instead receive an $11.50 McAfee value certificate good towards the purchase of McAfee or Intel Security consumer products. In addition, McAfee has agreed to implement certain practice changes concerning auto-renewal transactions and pricing advertisements. For more information, visit
HOW DO I RECEIVE A CASH PAYMENT? You must file a Cash Election Form to receive a cash payment. There are two ways to file a Cash Election Form: (1) File online, at; or (2) Print a Cash Election Form, available at, fill it out, and mail it (with postage) to the address listed on the Cash Election Form. Cash Election Forms must be filed online or postmarked by December 23, 2016. If you file online, you can choose to receive the cash payment as a check or as a direct credit to your PayPal account. For Cash Election Forms filed by mail, cash payments will be made by check. Only eligible class members will receive payments.
YOUR OTHER OPTIONS. If you don’t want to receive a cash payment or other settlement benefits and don’t want to be bound by the settlement and any judgment in this case, you must send a written request to exclude yourself from one or both classes, postmarked no later than November 28, 2016. If you exclude yourself, you will not receive benefits from the settlement. If you don’t exclude yourself, you will give up the right to sue McAfee and related entities about any of the issues related to this case. If you don’t exclude yourself, you may object to the settlement or to the request for fees and costs by Class Counsel. The detailed class notice, available at, explains how to exclude yourself or object. The Court will hold a hearing in the case (Williamson v. McAfee, Inc., Case No. 14 cv 158 EJD; Kirby v. McAfee, Inc., Case No. 14 cv 2475 EJD) on January 26, 2017 at 10:00 a.m., to consider whether to approve: (1) the settlement; (2) attorneys’ fees and costs of up to $2,400,000 for Class Counsel, to be paid by McAfee in addition to the benefits provided to class members; and (3) service awards of $1,250 each for the two class representatives in this case. You may appear at the hearing, but you don’t have to. The Court has appointed attorneys (called “Class Counsel”) to represent the class members. These attorneys are listed in the detailed class notice. You may hire your own attorney to appear for you, but if you do so, it will be at your own expense.
WHERE CAN I GET MORE INFORMATION? For more information, visit or call
A federal court authorized this notice. This isn’t a solicitation from a lawyer. You aren’t being sued.
——————–End Message ——————————

Tip #7 Secure Your Accounts

Multi Factor

Sometimes just a password is not enough to protect your account. Multi-factor authentication provides an additional layer of protection to your accounts and information. Methods of implementing this protection includes the use of a key or code generated by an automated system, an app that expires after a certain amount of time, and security questions.

This ensures that if your password is compromised, an attacker will not be able to get into the associated account easily. They will need a given key or code, as mentioned above, in order to complete the login.

Popular services and websites that utilize multi-factor authentication include:

  • Google
  • Apple
  • Facebook
  • Twitter
  • Steam
  • Dropbox
  • LinkedIn

An example of multi-factor authentication used by Google is the addition of a code that is texted to you after the initial login. If the machine from which the login is taking place is not one that was used recently, the additional layer of security is implemented. Unless the attacker has your phone as well,  your account will remain inaccessible.

This is not a sure-fire solution though as some websites will email you the code, and if you reuse the same password for your email and the attacker was able to get into your email account, then the additional layer of security is moot.

Consider utilizing protection beyond a username and password. Many other websites now offer additional ways to protect your information and accounts. Also make sure you do not reuse passwords for multiple accounts to further strengthen the security on your accounts.

Receipt ###-### – Malicious Email With Attachment Sent to the Fordham Community on 09/29/2016

This is a Malicious email that has been reported. This message was
received on or about September 29th, 2016. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:

——————–Begin Message ——————————

Date: Thurs, Sept 29, 2016 at 6:46AM
Subject: Receipt ###-###

*There is no body to this message only an attached file titled “Receipt”. The file is confirmed to be malicious.*

——————–End Message ——————————

Article: 500 Million Yahoo Accounts Stolen

“Yahoo confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.

The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

Yahoo urges users to change their password and security questions and to review their accounts for suspicious activity.

The silver lining for users — if there is one — is that sensitive financial data like bank account numbers and credit card data are not believed to be included in the stolen information, according to Yahoo.

Yahoo is working with law enforcement to learn more about the breach.

“The FBI is aware of the intrusion and investigating the matter,” an FBI spokesperson said. “We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”

A large-scale data breach was first rumored in August when a hacker who goes by the name of “Peace” claimed to be selling data from 200 million Yahoo users online. The same hacker has previously claimed to sell stolen accounts from LinkedIn  and MySpace.

Yahoo originally said it was “aware of a claim” and was investigating the situation. Nearly two months later, it turns out the situation is even worse.

“This is massive,” said cybersecurity expert Per Thorsheim on the scale of the hack. “It will cause ripples online for years to come.”

U.S. Sen. Richard Blumenthal called for tougher legislation to “make sure companies are properly and promptly notifying consumers when their data has been compromised.”

“If Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users’ trust,” he said in a statement.

Here are steps to take to secure your online accounts.

Change passwords often

Yahoo is asking anyone who hasn’t changed their password since 2014 to update it. This is good advice for everyone: Passwords should be changed often. You won’t always get a timely notice from a company that an account was compromised — and sometimes it might not even know about a hack until much later. In this case, it took two years for the company to confirm the breach.

Never use the same password twice

Never use the same password twice. If hackers get the password for one of your online accounts, they can try to use it to access your other accounts that take the same credentials.

Pick better passwords

Consider using a phrase instead of single words that are more easily guessed. Don’t go for common phrases like cliches: Pick a combination of words that don’t go together — i.e. rather than “herecomesthesun,” go for something like “wombatbootsparade”.

Avoid using common passwords like 1-2-3-4-5-6 or p-a-s-s-w-o-r-d, and include a mixture of numbers, letters and characters.

Update those security questions

If you forget a password, using security questions is an easy way to gain access back into your own account — its not like you’ll ever forget your mom’s maiden name. But some Yahoo security answers and questions were a part of the breach. The company has already disabled any unencrypted security answers on its accounts.

If you frequently use the same security questions and answers for other online accounts, you’ll want to change those, as well. Attackers could use the information taken from Yahoo to obtain access to other online accounts that contain even more sensitive information.

Avoid choosing the obvious questions and don’t provide answers that are easy to find online through Google searches, social media sites or old Live Journal entries.

Be alert

The company is urging users to look through their Yahoo accounts (email, calendar, groups, etc.) for any signs of suspicious activity. Although it doesn’t say what to look for, start by checking outgoing emails.

Be extra careful about clicking on links or opening downloads from unknown email addresses. If anyone emails asking for your password, it’s a red flag — even if it looks like it’s coming from a legitimate place like Yahoo or a bank. Never share any account information or passwords over email.”