New Data Breach Hits US Cellular Company

It’s the dawning of a new year and the hackers of the world have been busy.  This time it’s US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company’s customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That’s small consolation if you’re one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

“On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account.”

If you haven’t received a notification in the mail from US Cellular then it’s  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we’ll probably be seeing a lot more of this kind of thing in the year ahead.

A New iPhone Bug In HomeKit Could Brick Your Phone

Thank Trevor Spiniolas’ sharp eyes if you own an iPhone.  The independent security researcher recently discovered a critical security flaw in iOS that impacts all version from 14.7 to 15.2.

If exploited, this flaw can turn your fancy phone into a very expensive paperweight, so it’s one to take seriously.

Trevor discovered that by changing the name of a HomeKit device to a large string of characters, it would cause the iPhone to crash. In his case Trevor used a string half a million characters long for testing.

Unfortunately, there’s no easy way out if this should happen to a user because of course the new device name is backed up to the iCloud. So if the user tried to restore the iPhone it would pull the relevant information from the Cloud, hit the renamed device, and trigger the error again.

Spiniolas has publicly disclosed his findings, so Apple is aware of the issue.  Initially the company promised a fix before the end of 2021 but they’ve since come back with a revised timeframe of “early 2022.” For now, if you run afoul of this issue you don’t have many good options.

Spinolas recommends the following steps for impacted users:

  • Restore the affected device from Recovery or DFU Mode
  • Set up the device as normal but do NOT sign back into the iCloud account
  • After setup is finished, sign into iCloud from settings. Immediately after doing so disable the switch labeled “Home.” The device and iCloud should now function again without access to “Home” data.

It’s a bit of a process with more hoop jumping than many people will care for. However, the steps outlined above will get the job done and give you your phone back.  Here’s hoping Apple doesn’t hesitate in terms of the fix.

This New Malware Steals Passwords From Popular Browsers

A new threat has appeared on the horizon. Even if the name is not familiar to you this malware strain is bad news indeed.

Called RedLine it is an information-stealing malware that specifically targets popular web browsers including Opera, Microsoft’s Edge browser, and Chrome.

Unfortunately, many people have come to rely on their trusty web browser to store and remember their passwords for them. RedLine takes advantage of this and the group behind the code has found a way to crack the browser open and grab the passwords stored within.

Even worse is that RedLine isn’t just isolated to a single gang or group of cyber criminals.  Instead, it is being offered as a commodity on the Dark Web. That means anybody with about $200 USD can buy a copy and start harvesting the credentials of anyone they infect.

While it is true that passwords stored inside web browsers are encrypted, RedLine can programmatically decrypt those passwords if they are logged in as the same user which is very much the case here.  RedLine runs as the user who was infected which means that all of their passwords are open to the person controlling the malware.

Although it is highly convenient the bottom line is that it’s dangerous to have all of your passwords stored inside your web browser.  If you insist on going that route, then your best bet by far is to enable two-factor authentication on every website you visit frequently that offers it. That is so at least if your passwords are compromised the hackers who gain access to the information still can’t easily access your accounts.

Given how RedLine is being marketed on the Dark Web we can expect to see a surge in attacks using the malware in the months ahead.  It’s going to get a lot worse before it starts getting any better.

What are the essentials of a business continuity plan?

What are the essentials of a business continuity plan?

An unexpected emergency can wipe out your business! A business continuity plan can help it survive. But, what should a good business continuity plan cover? Read this blog to find out.

A list of your key contacts
One of the most important elements in your business continuity plan is a list of all your important contacts who should be informed of the disaster. This can include all your C-level execs, HR managers, IT Manager, client facing managers, etc.,

A comprehensive list of your IT inventory
Your business continuity plan should contain a list of all the softwares, apps and hardware that you use in the daily operations of your business. This list should identify each of those as critical or non-critical and mention details pertaining to each of them such as

  • The name of the app/software
  • Version/model number (for software/hardware)
  • Vendor name and contact information for each of them
  • Warranty/support availability details
  • Contact information for customer support for these hardware/apps
  • Frequency of usage

Backup information
Data backups are critical to your disaster recovery and so your business continuity plan should include information about data backups. It should mention how often data is backed up, in what formats and where. It should also mention what data backups are available–ideally, you should be backing up ALL data already!

What’s your Plan B?
Make sure your business continuity plan lists a backup operations plan that will come into play in the event of a disaster. Examples include alternative workflows such as options to work remotely or to allow employees to bring their own devices to work (BYOD) until the time regular business premises or systems are ready.

Floor plans and location
Your business continuity plan should also include floor plans of your offices with the exit and entry points clearly marked up, so they can be used in the event of any emergency. It should also mention the location of data centers, phones, key IT systems and related hardware.

Process definition
Make sure your business continuity plan defines the SOPs to be followed in the event of an emergency.

Think business continuity planning is too complicated? Don’t give up! A lot of SMBs, don’t create a business continuity plan thinking it is too much of a hassle. But this can prove fatal to your business later. A qualified MSP can help you understand business continuity planning and even help you create a business continuity plan that’s best suited for you..

Popular Digital Photo Company Shutterfly Hit By Ransomware Attack

Recently digital media giant Shutterfly was hit by a major ransomware attack.

The attack disrupted broad swaths of the company’s services including those offered under their GrooveBook, BorrowLenses, and Lifetouch brands.

According to a report received by BleepingComputer, Shutterfly was targeted by the Conti gang. That group was able to encrypt more than four thousand of the company’s devices and 120 VMware and ESXi servers.

Like so many ransomware attacks in recent months the Conti gang did not start encrypting files immediately upon breaching the Shutterfly network.  Instead they lurked for a time while quietly exfiltrating files to a server they control.

The Conti gang has created a private Shutterfly data leak page that contains screenshots of the data the group allegedly stole prior to launching the encryption phase of their attack.  The purpose is to use the stolen files as leverage to prompt the company to pay the ransom demanded. The ransom in this case is reportedly in the millions of dollars.

Based on the screenshots on the data leak page it appears that the Conti gang made off with legal agreements, merchant account info, and a wide range of login credentials for corporate services.

The company has released a brief statement about the matter that reads as follows:

“Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.

As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate.”

Based on the above there’s little for users of those services to do at present. Out of an abundance of caution if you do use the impacted services you will probably want to change your password right away.