You may have seen the news over the past day regarding the Petya virus. Please know that we are researching this new cyberattack and following developments. Although how it infects its victims is not entirely clear this early in the outbreak, we remind all users to be vigilant when surfing the Internet and opening email.
If you receive a suspicious email, please delete it immediately. Do not forward suspicious messages to other users as this may result in them clicking on a malicious link.
What we know so far:
We have come across a new piece of malware that targets infected users’ information on established banking and shopping sites. This nasty virus is brand new; we are actively working with several security vendors to identify how it originates and how to eradicate it. Although not all information is readily available at the moment, we wanted to notify you immediately.
Yahoo has confirmed that it has been the target of another massive data breach, this one stemming back to August, 2013. The newly discovered breach is in addition to the huge 2014 breach and impacts more than one billion Yahoo users.
The breach includes names, email addresses, phone numbers, dates of birth, MD5-hashed passwords, and security question answers. This latest hack makes Yahoo the victim of two of the largest data breaches in history.
If you have a Yahoo account, here are some steps you should take to secure your account:
Shellshock: a bug in a popular open-source software
On Wednesday, security experts announced the discovery of a previously unknown security flaw impacting systems running on an open-source Unix-based platform. Systems employing this platform include Apple and Linux. The bug, called Shellshock, poses a serious risk to workstations, routers, and servers.
Your PCs are not susceptible to the bug as they operate on a proprietary piece of software.
In addition, Daystar has reviewed all Fortinet devices (our primary firewall and router solution) and has determined that is not affected by this vulnerability.
What should I do?
A new phishing scam attacking e-mail users has surfaced this month. The e-mail imitates the E-ZPass Service Center, the electronic toll collection system, and uses E-ZPass colors and logo to appear authentic. The subject line reads something like, “In arrears for driving on a toll road.” The text is vague, but informs the recipient that they “have not paid for driving on a toll road.” The e-mail then asks the user to download an invoice to remit payment of the unpaid toll as soon as possible.
The e-mail is not legitimate and the link to the invoice actually contains a virus that can adversely impact your computer’s performance and/or steal passwords or other sensitive information.
According to E-ZPass, they do not, and will not, send invoices via e-mail. All E-ZPass invoices are sent through United States Postal Service.