XSolutions On Security vol 2

XSolutions scours the internet and brings you the cybersecurity news you need to know to protect your business.

Our mission: “Deliver true Managed IT Services by putting people first. Because, there is no time, for downtime.”

Fraud Alert

Data For 29,600 Payment Cards Exposed

Hot off of the press from Recorded Future, who in a recent post, listed the latest hacks that exposed data from payment cards:

  • Cobb Tuning Products – 2,300
  • Mike and Denise’s Pizzeria – 8,300
  • MyPetDMV – 1,300
  • Heirloom Roses – 2,800
  • Film Alley Movie Theater – 13,400
  • Big Dipper Wax Works – 1,500

The above credit card breaches total 29,600. I don’t know for sure how large the above companies are. But, from some of the names, they look more like smaller businesses.


You do not have to be a mega-company to be a target. ALL businesses, no matter their size, are targets putting their customers at risk.

Businesses, start protecting your data.

Combining Data, Hackers Piece Together 3.8 Billion User Records!

Bad guys are smart. A few months ago, criminals breached the social media platform, Clubhouse, and scraped billions of phone numbers of users and their contacts.

They’ve figured out how to combine that info with Facebook profiles, producing 3.8 billion user records containing names, phone numbers, Clubhouse ranks, and Facebook profile links. This database is allegedly for sale on the Dark Web.

Why is this important? Because it helps scammers create mass campaigns with personalized information, making them incredibly more potent. Not to mention the identity theft that is likely to occur as a result.

Folks, stop oversharing information on social media! If you suspect that you’re a victim of the above or even if you are not, do the following immediately:

  • Change your passwords
  • Make sure EVERY password is unique. Use a Password Manager to keep track of them.
  • Use two-factor authentication ON EVERY account that accepts it. No exceptions.

Beware Of Zloader Banking Trojan Delivered Via Google Ads!

Microsoft recently sounded the alarm that criminals are purchasing Google Ads directing users to bogus sites to deliver the Zloader Trojan. An apparent upgrade from the usual SPAM email delivery system.

Another trick is that attackers registered fake companies to sign their bogus files, bypassing antivirus protection.

As if that wasn’t enough, since Zloader can open their targets to other infections, they monetized the Trojan further by selling access to other criminals!

I told you cybercriminals are smart, and they keep evolving. So, in addition to watching out for unsolicited emails from people you don’t know, be very wary of clicking Ads.

Folks, every day gets scarier and scarier.

Danger – Android Trojan Infects 10 Million+ Users

ZDNet reports that the GriftHorse Trojan has weaseled its way past Google’s Play Store security and has embedded itself in 200+ applications.

Circumventing Google’s protections, GriftHorse requests users to submit their phone numbers for verification purposes. Once the victims comply, they are subscribed to premium SMS messaging services without their knowledge. Charges can, in some cases, exceed $35 per month, with victims often not noticing for months. In this way, GriftHorse rakes in millions of dollars a month.

Google removed the infected Android Apps; however, they are still available on 3rd party sites.

BEFORE you load any app onto your phone, please vet them:

  • Look at reviews.
  • Google them and see if anything negative pops up.
  • Look closely at the permissions they seek versus the functions they’re supposed to perform.
  • Become very suspicious if you start receiving unsolicited messages, especially in quantity.
  • See which apps consume the most resources – a sign that it can be malicious.
  • Limit the number of apps you download and get rid of ones you no longer need.

Proof-Of-Vaccination App Puts 650K users At Risk!

CBC News announced that Canada’s Portpass, a proof-of-vaccination app, may have left personal details on 650,000 users exposed on the web. Information possibly at risk are email addresses, names, blood types, phone numbers, birthdays, and driver’s licenses.

Folks, with the rush to put everything online for convenience and ease of access, companies and government entities take on a huge responsibility that many do not seem to take seriously.

The settings of online databases must be constantly reviewed to ensure that the data is secured. One incorrect setting can expose data on the web. Of course, the bad guys know this and scour the web for this very thing.

Folks, be careful of what you sign up for—although highly convenient, putting info online has risks.

REMEMBER: No matter how careful you are with your personal data, your security can be compromised by those around you (i.e., friends, family members, third-party vendors, and government agencies).

This happened in Canada, but it can also occur in any country.

XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection. Call (845) 362-9675 for a free consultation.