Authorize.net API Integration: Creating vendor folder

Here are the steps to follow if you’re trying to create the vendor folder on Ubuntu for your authorize.net API integration project:

  1. Create a new folder where you want the authnet files to be stored. Open the Terminal and open the new folder. Install the latest Composer, if you don’t have it already.

Follow the instructions from: https://getcomposer.org/download/ (see below or access the url provided)

Run the following in your terminal to get the latest Composer version:

step 1:
php -r “copy(‘https://getcomposer.org/installer’, ‘composer-setup.php’);”

step 2:
php -r “if (hash_file(‘SHA384’, ‘composer-setup.php’) === ‘669656bab3166a7aff8a7506b8cb2d1c292f042046c5a994c43155c0be6190fa0355160742ab2e1c88d40d5be660b410’) { echo ‘Installer verified’; } else { echo ‘Installer corrupt’; unlink(‘composer-setup.php’); } echo PHP_EOL;”

step 3:
php composer-setup.php

step 4:
php -r “unlink(‘composer-setup.php’);”

2. Create a new file composer.json in the new folder you created. Inside the json file, write the following, then save:

{
“require”: {
“php”: “>=5.6”,
“authorizenet/authorizenet”: “~1.9”
}
}

3. In Terminal run command: composer update

4. If all goes well, then you’re good. If you get the cUrl or simplexml errors, then do the following before running “composer update” again:

for cUrl: in Terminal, run the following command
sudo apt-get install php7.0-curl

for simplexml: in Terminal, run the following command
sudo apt-get install php7.0-simplexml

After installing the 2 options, run: php composer.phar install

You will be asked to provide a Token. For that,

– sign up or sign in to Github.
– go to Developer settings -> Personal Access Token -> Generate new token (I checked all options)
– copy new Token and paste it in Terminal

It should work now. If you have any questions, I would suggest that you ask the Internet. There are smarter people out there that can help you.

“Think Before You Tap”

“Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interests. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are being used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information. Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

Obviously, an end-user who was trained to spot social engineering red flags would think twice before falling for these scams. The link goes to a complimentary job aid that you can print out and pin to your wall. You’re welcome to distribute this PDF to as many people as you can.
https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf

DocuSign Phishing Attack

Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.

Largest Single Cyberattack In History!

ALERT: WannaCry ransomware hits 150 countries with over 200,000 victims in only 3 days. The attack crawls for open vulnerabilities in Windows OS. Typically, ransomware like most Phishing attacks use a blended approach of email and web as attack vectors.

Please be sure to: (a) update your Windows OS right away, (b) make sure you have and are using current versions of both email and web security systems, and (c) archive your emails and files to ensure back up and recovery.

New Phishing Scam: Missed Voicemail

Criminal hackers are constantly trying to trick people into clicking on links or open attachments they did not ask for. Their new “scam of the week” is to send you an email that looks like it comes from WhatsApp and claims it is a voice mail left for you. It’s not.

Do not click on the “Play” button. If you do, your computer will get infected with malware which can cause your identity to get stolen, or all your (or the organization’s) files held for ransom.

Here is a general safety rule: Instead of clicking a link in an unverified email claiming it’s from WhatsApp (or any other social media) log in to your WhatsApp account the standard way instead and check for any messages there. Remember: “When in doubt, throw it out!”

Airline Phishing Attack

“There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.

“Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.

Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!”

Hackers Use Ransomware To Extort Money From U.S. Businesses

A new article published today by KrebsonSecurity about the hacking of the San Francisco rail system re-confirms that foreign hackers use ransomware to extort money from U.S. businesses. The hacker in the Krebs article has been extorting money from different companies in the amounts of tens or hundred of thousands of dollars. Read the entire article on KrebsonSecurity.com

Sometimes we may think that, my company is not big enough to catch a hacker’s interest. Wrong. No company is too small or too big for a hacker to extort money from. As the hacking impact may be different for each company, it is interfering with the business operations. It is important that additional security measures are taken to accessing company database and files. Additionally, if you received a ransom request after an attacked, report it immediately to the FBI. Each reporting can be used to identifying the bad guys.

Reporting Ransomware to the FBI

On September 15, FBI published a new Public Service Announcement urging victims of ransomware to report the attacks to the them. Every ransomware report helps the FBI “gain a more comprehensive view of the current threat and its impact on U.S. victims”.

Ransomware creators are currently targeting businesses, not only individuals, causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. In the first months of 2016, FBI reports that the “global ransomware infections were at an all-time high”, estimating 100,000 computers a day being compromised by one ransomware variant. However, an exact number of individual or business victims cannot accurately be identified because many of the ransomware attacks go unreported.

“All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network.”

CONTINUE READING at: https://www.ic3.gov/media/2016/160915.aspx

 

Invincea [Security News & Alerts]

5/23/2016: [ALERT] Two Attacks for The Price Of One: Weaponized Document Delivers Ransomware and Potential DDoS Attack

DDoS (distributed denial of service) in ransomware a new trend… Beware of phishing emails! The attack comes as a Rich Text Document (.rtf) file attached to your email. Opening it and running the macro attached to it, will install the ransomware on your computer.

Read the full article for technical details