UNI Computers has provided expert IT support since 1993, helping hundreds of businesses increase productivity and profitability by making IT a streamlined part of operations. Our mission is to deliver the latest technology consulting, services, maintenance, and support as a highly cost-effective IT solution in order to maximize our clients' productivity and profitability.
What Makes Us Different
24/7 Support
UNI Computers partners with your company to secure your revenue and keep your business running. Never go without IT service again, because our 100% US based support is here for you 24/7.
Predictable Cost
Our specific service model is one of the best business decisions you'll make. Always get excellent service and timely solutions. All labor is covered and stays predictable with a simple flat-rate monthly plan.
Built Around You
We customize innovative, effective solutions to help your business run smoothly, whether or not you have an internal IT staff. Our IT management is built on efficiency, and offers both on-site and remote support.
Aligned Success
Our technical experts provide the support you need to keep your network up and running so your staff stays productive. UNI Computers' proactive IT solutions solve problems before they affect your business.
Our Team
The UNI Computers team consists of Project Managers, System Analysts, Qualified Network Analysts, Network Administrators, Web Developers and Desktop Support Technicians. Clients receive years of collective knowledge in innovative IT support. Our team maintains the highest levels of technology and security certifications, so you can be confident when entrusting your organization's IT environment to us.
Executives
Lance Keltner (Partner)
Lance grew up in Overland Park, Kansas and always had a particular interest in computers. After realizing this passion, he turned that hobby into a job at 16 years old and found a job at a computer repair shop. Lance joined UNI during college and worked his way up to be able to purchase the business in 2006. He is responsible for Business Development, sets goals for the team, and makes sure UNI has the right person for the job. When Lance is not tinkering with computers, he finds himself absorbed in books and computer games, He also loves spending time with his wife Ami, daughter Avery, and their dogs and cats.
Amin Emami (General Manager)
Amin is responsible for making sure all UNI daily operations run effectively and efficiently. He is also known for creating a positive culture within the UNI team. Amin enjoys his role in Management because it allows him to take responsibility for the things around him. He likes to create new ideas to better the business and achieve company goals as a team. He spent his life wanting to be a leader and mentor others towards a common goal. Amin does a lot of traveling and spending time with his family.
Megan Dambro (Administrative Assistant)
Megan is a graduate of The University of Kansas after earning her degree in Business Administration. As a resident of Lawrence for 15 years, she has a career focused in hospitality and customer service. Although relatively new to the technology field, Megan has always had a great interest in the area and has been able to utilize this interest in helping with her family's business, installing lighting and sound systems. Megan enjoys water skiing, camping, and of course, KU basketball.
Support Desk
Cody Peters (Technical Services Engineer)
Hometown: Flower Mound, TX; First job: IT Support Technician at Torch Networks; Education + Training: IT Support/Highschool Diploma/3+ Years Hands On Exp; Hobbies: Fitness and most physical activities, Investing, Fishing, PC gaming, and anything related to building technology; Apps I Can't Live Without: Banking, Investing, Maps, Music; Tech Tip: How do you eat an elephant? Small bites at a time. Favorite Quote, Motto, or Slogan: Progression is the key to success. Recharging Zone: The Gym; Number of computers at home: 2; Favorite thing about The 20: Friendly environment.
Why Choose UNI Computers?
UNI Computers provides IT support throughout Lawrence and Kansas City areas. Our team of experts provides reliable on-site support. We're there when you need us, ensuring seamless productivity within your systems and providing the level of attention your business deserves. We value long-term relationships with our clients and will work closely with your business to ensure that you have all the technology resources for software and hardware that you need to be successful.
100% Unconditional Satisfaction
Our IT consulting and technology support services will give you the satisfaction you deserve. We will bend over backwards to ensure you are happy with our IT management & network support services.
Expeditious Repair
Your issues – even the minor ones – will be taken care of quickly and efficiently. Since everything is included in one price, we are highly-motivated to use our time wisely.
Guaranteed 1 Hour Response
Your computer support problem or network issues will be addressed in sixty minutes or less. It's a guarantee that your call is responded to within one hour.
No Technical Jargon
We'll provide clear answers to your computer and IT support questions. You'll never be made to feel out of your element by non-sensical tech speak.
Fixed Monthly IT Cost
You'll never be surprised. We offer an all-inclusive support plan, ensuring that our clients are not nickel-and-dimed when they need us the most. All this enables you to truly manage IT costs.
Your IT Department
Our entire team is an extension of your business. Empower your employees with on-demand support that's just a phone call away.
Our Services
We provide Managed IT Services, Business Continuity, VoIP, and Cloud Services so that your business always runs smoothly. Each of these pieces are critical for security, maximum efficiency, and ultimately, increased profitability. Schedule an appointment to learn how our tools, processes, and services will send your productivity soaring without ever having to manage your technology. We've got you covered.
Managed it Services
Don't have IT staff? Or maybe you have someone who does IT functions part time within your business. Perhaps you've tried outsourcing. In any case, we' re your IT department, actively monitoring and maintaining your network so your business is running at top efficiency.
Why Managed it Services?
With our predictable all-inclusive monthly pricing, maintaining and monitoring your network is completely our responsibility.
Our proactive approach to IT will guarantee that your network is running smoothly. Reduce cost while gaining access to a team of trained engineers who do nothing but ensure your business is protected and efficient. Stop waiting for your technology to fail before you address potential issues. We operate exactly like how your own internal IT department would operate except you receive all the benefits without having to manage it on your own. That way, you can focus on growing and impacting your business in ways only you can!
UNI Computers actively maintains and monitors your network and devices.
Adding new members to your team? Fantastic! Moving? No problem. With our all-inclusive pricing, all labor is completely covered. From setting up new devices for new employees all the way to preparing your technology for a move, it's all included. Our team will even come back out to your new location to properly set up your technology after your move
Benefits
Peace of mind
Predictable monthly pricing
All-inclusive means labor is always covered
Access to 24/7/365 live support
Increased operational efficiency
Reduced operating costs
Cost-effective access to enterprise-level support
Proactive monitoring and maintenance
Allows you to focus on running your business and not the technology
24/7/365 monitoring
Business Continuity
Although you can't prevent disasters from happening, you can minimize its impact on your business by putting the technology and plans in place in case disaster strikes.
Why is Business Continuity Critical?
Protect your business by implementing a business continuity strategy that puts the necessary plan and technology in place to reduce downtime in the event a disaster strikes.
Are your servers backed up? Is all your data stored on-site? Could your business weather a major equipment failure caused by a hard drive crash, flood, lightning strike, or even theft? Does all that equate to loss of revenue and productivity?
Our team of experts create detailed and appropriate strategy as well as conduct a risk assessment so that your employees can being working as soon as possible in the event of a disaster.
Benefits
Peace of mind
Team of experts in backup and disaster recovery
Protect your mission-critical data
Risk assessment
Strategy and implementation to reduce downtime
Customized strategy for your specific business
VoIP
Transform your business with cloud-based hosted VoIP. VoIP offers the flexibility, affordability, and reliability you need for your business communications.
Evolve Your Business with VoIP
UNI Computers provides state-of-the-art Cytracom hosted VoIP solutions.
Unlike traditional PBX systems, it's delivered without the expensive setup and bulky hardware. Because hosted VoIP is cloud-based, installation is quick and you are able to seamlessly integrate multiple locations. With well over 150 enterprise-class features, you'll save time and money, scale freely, connect employees anywhere, and have an entire team to support your needs.
Key features
include
Voicemail to text/email
Personal assistant
Hunt groups
Company directory
Custom On-Hold music
Time of day routes
Do not disturb
Custom caller ID
Benefits
24x7 support
Simple phones
Advanced phone service
Crystal-Clear, HD voice
Business continuity
Seamless phone to PC integration
In-Depth call insights
Over 150+ features
Cloud Services
Collaborate within the walls of your company with your employees or outside your walls with key partners. Not only does cloud services foster collaboration, but it also means being able to access critical data anywhere.
Why A Cloud-Based Infrastructure?
A cloud-based infrastructure allows you and your employees to share, edit, and publish documents in a unified system
Improve communication, e-mail, increase marketing abilities, and enhance your day-to-day business processes. Getting information to and from the cloud has never been easier or more affordable. Because these services are hosted by the experts at UNI Computers, you'll never have to worry about management, maintenance, or equipment that keeps them running smoothly.
A Cloud-Based infrastructure scales with your business, can be easily customized for your specific business needs, and is Cost-Effective.
Better yet, using a cloud-based infrastructure means that even if disaster strikes, you can still access critical files from anywhere.
Benefits
Secure critical files
Collaboration
Increased efficiency
Business continuity
Improve communication
Never worry about management, maintenance, or equipment
Security Services
You've worked hard to build your business. Now make sure everything you've put into it is secure. There are numerous opportunities for someone to exploit any vulnerabilities they find.
Is My Business Secured?
Protect your business data with UNI Computers's network security solutions.
We specialize in the planning, implementation, auditing, monitoring, and management of complete data and network security solutions. Security is certainly not something you can set and forget. It's also not a series of point solutions strung together. At UNI Computers, we believe in a proactive approach to your business safety that results in a well-designed security infrastructure.
Security threats have reached unprecedented levels.
Fully protect everything you've built with a holistic strategy instead of at individual points of potential exposure.
Benefits
Secure your business
Unmatched complete security solutions
Business continuity and stability
Reduced risk
Statutory and regulatory compliance
Safe transfer of data
Custom solution for your needs
UNI Care+
Let's face it, sometimes we accidentally click on that ad; sometimes the same problem pops up again later. Sometimes it's our own fault for not being more careful, sometimes it's just bad luck or a malicious website. (or a very cleverly-worded ad on a website) With ransomware ravaging the internet and hardware that fails sometimes without warning, you need protection that works with you the way you work. If you're like us, we hate not knowing what repair bills are going to cost. It might cost a lot, it might cost a little. We are changing the way computer repair works with our UNI Care+ service. Never again will you have to wonder what repairs are going to cost. We have your computer covered, 100%. You can rest easy knowing that your computer is covered with the latest antivirus and anti-malware software. Your files will be backed up with industry leading online backup, at no extra charge. We even manage updating popular third-party programs like Adobe Reader, Google Chrome, and Mozilla Firefox. Now you don't have to worry about whether that popup for an update is real or not! You also get free in-store service for any problems. All labor in store is 100% covered. Even switching to a new computer is free! Stop paying for repairs each time you need them. Start paying one price and have everything that matters covered. Computers are a lot like cars. If you neglect them, sooner or later, something bites you, usually at the worst time! Having regular maintenance and checks on your computer is like getting your oil changed and rotating your tires. It just needs to be done. Luckily, it's now really, really simple. In fact, we'll do most of it for you!
UNI Care+
Includes the following: Remote monitoring of computer health on one computer, Automatic Updates for popular software, Industry leading antivirus and malware protection, All in store labor 100% FREE!, All HouseCall labor discounted 50%, All Remote Support labor discounted 50%, Unlimited Online Backup of your important files included!, 2 Months Free if You Purchase a Full Year in Advance.
(per month)$39.00
Here's how it works
Wasn't that simple? Now you can get back to the important things in your life, and leave your computer security and backup to us. We have you covered.
Click on the plan you want and fill out the form, or give us a call at 785-841-4611. Or you can just stop by anytime.
We'll get you setup on the right plan for you.
Either bring your computer into our store, or we can remote into your computer and setup all of the software for you.
No charge for any of that setup.
We'll remove any old antivirus software so that it doesn't conflict with the new software.
That's it!
Computer Repair
UNI Computers offers full service computer repair. We fix both Desktop and Laptop PCs! Computer repair is what put us on the map, it's what we do best and what we love! No matter what problem you have, we can solve it for you. All of our in-store computer repair services are flat rate as well. That means you'll never have a hidden charge or have to pay for us to learn how to fix your problem. You always know what you'll be paying. If we discover that a repair is going to take additional work, we will always confirm with you first. We also provide services tailored around specific problems such as broken Laptop screens and broken Laptop power ports.
Diagnostics
Includes the following: Computer checked in at our store, Hardware and Software diagnostics, Specific problem troubleshooting, Physical Cleaning, Computer Upgrade options.
One-on-Ones / Remote
Includes the following: In-store or Remote computer support, Work directly with the technician, Training and tutoring available, By appointment only, Larger problems may be checked in for in-store repair.
HouseCalls
Includes the following: our technicians come to you!, Diagnose and fix specific problems, By appointment only, Residential only, Larger problems may be checked in for in-store repair.
Laptop LCD Screen Repair
Includes the following: Complete LCD Repair for most laptop and tablet screens *touchscreens extra, includes the price of the screen in repair (for most models)
Laptop Power Port Repair
Includes the following: Repair or Replace broken or loose laptop power ports, New port included (if needed), Labor to solder port included (if needed).
Virus Removal
Unfortunately, the need for Virus Removal is a fact of life. There are individuals that get their kicks by writing malicious software. It's all too easy in today's busy world to miss the signs of a bad website, email, or facebook link. Before you know it, you are flooded with popups or prompts to pay some random company money to remove infections. If you suspect your computer has been infected, you can trust the team at UNI. We continually update ourselves on the latest malicious software and build our knowledge base on how to effectively remove them. UNI uses several different methods to scan your computer to ensure that we identify and remove every trace of malicious software. This includes viruses, trojans, malware, spyware, scareware, rootkits, and bootkits to name a few. Finally, you can rest easy knowing that your virus removal won't break the bank. We complete all of our virus removals with a single flat rate price which means no surprises and the best virus removal in town!
Complete Virus Removal
Includes the following: All Viruses Removed, File System Cleaning, Registry Cleaning, Anti-Malware Scans, Manual Removal of Stubbon Viruses (if needed).
Data Recovery
Your data is a delicate thing. Computers crash, laptops are dropped, Hard drives die.
UNI Computers can help!
UNI data recovery can restore your valuable data and lost information. Our service is quick and easy. Bring your computer, into our store We'll perform a secure recovery get your important files back.
Data Recovery Services
We perform data recovery services on the following devices:
Laptop Computers
Desktop Computers
External Hard Drives
Custom Built Computers
At UNI Computers, you can have your computer custom built exactly the way you need it.
Whether you use a computer for home, office, gaming, or anything else, we can tailor it to be exactly what you need.
What if I'm not sure what I need?
No problem! We have spent years perfecting the art of listening to our customers needs in order to get them exactly what they want.
To have a custom built computer made just for you, simply fill out the form below, and we will contact you!
You can also call us anytime or simply stop by the store and talk to one of our expert computer people.
UNI Warranty
UNI Computers offers an unparalleled warranty that is attached to all of our custom-built desktop computers. It's simple: Warranty work is our priority. Built on a unique no hassle, no wait concept; you will be back in superb working order as quickly as possible. So what are the benefits? If your computer has a problem, bring it directly to us. No calling an operator that is located half way around the world. Bring it in, drop it off. All UNI Custom Built computers take priority for the life of the computer and move directly to the top of the technician's service schedule.
Custom Built Desktop Computers
All of our custom-built desktop computers come with a 3 year parts and labor warranty. Simply bring your computer to UNI and it will head directly to a UNI Technician to be next-in-line.
Custom Built Laptop Computers
UNI Laptop Computers come with a 1, 2, or 3-year manufacturer's warranty. We honor that warranty and provide manage the repair if needed on your behalf. Just bring your laptop to us and we will take care of the rest. Some laptops also have optional accidental damage coverage, including drops and spills.
Financing
UNI Computers makes purchasing our products and services easier and more convenient with UNI Financing. Our financing option provides our customers with another option and can be used with any product or service. Spread your purchase out in to multiple affordable monthly payments by applying for UNI Financing. Stop by our store today and fill out your UNI Financing application. Within seconds, you can be approved! Our team will happily answer any questions you have and guide you along the way. Contact us or stop by today to see if UNI Financing is an option for you! UNI Financing is:
Fast!
Easy!
On-the-spot approval!
Use for any purchase! No minimums!
No Interest for 12 months!
Remote Support
UNI Computers uses Teamviewer to facilitate remote support for residential clients.
This incurs no cost to the customer and there is no installation on the customer's end. A simple single file download is all that is required and can be deleted as soon as the session is finished.
Industry Expertise
With over 26 years of experience in maximizing our clients' networks, our team understands exactly what you need for your particular industry. Find just a few of the industries we serve listed below!
Health Care
Every second can make a difference, which means that your systems and processes are required to perform at a moment's notice. Keeping your patients safe and your staff up to date makes a significant impact on your staff's ability to make the best decisions about treatment. Stay HIPAA compliant, follow industry and government regulations, transfer information securely, bill accurately, and increase efficiency.
Accounting
With increasing global threats of security breaches and consumer demand for secure services, you can depend on UNI Computers to optimize your institution's IT performance, streamline expenses, boost security, and give your organization a competitive edge. We have the credentials to prove it.
Manufacturing
With a secure and proper network infrastructure in place with UNI Computers, our team is ready to help your business continue to evolve and run at its highest efficiency. Gain visibility across your global supply chain, support manufacturing strategies, meet ever-changing compliance, secure your data, streamline operations, and keep your business profitability up with a healthy network and a technical team that supports all your business needs.
Blog
Indoor Gardening Company AeroGrow May Have Had Data Breach - May 3, 2019
Do you do any indoor gardening? If so, odds are that you own AeroGrow equipment. If that's the case, some of your personal information, including the credit or debit card number you paid for the goods with, may have been compromised. The company recently notified its customers that they discovered malware lurking on their payment processing page. For reasons that aren't yet clear, the company did not detect the malicious code for some four months. They estimate that the malware was active between October 29, 2018 and March 4, 2019. Aerogrow has notified the FBI and enlisted the aid of a third party to assist with the forensic investigation, which is ongoing. At present, the company is unable to determine how many of its customer records were compromised. To this point, they have confirmed that among impacted customers, the following information was taken: Credit or Debit card number, Expiration date, Security Code, Any personal data the customer may have used to verify processing of the payment in question. Grey Gibbs, the AeroGrow Senior VP of Finance and Accounting issued a formal apology in the aftermath of the incident, saying, "I want to sincerely apologize for this incident and I regret any inconvenience it may have caused you. I want to assure you that we take this criminal act very seriously and have addressed it thoroughly." The company's response has been generally good, and they've offered a year of free credit monitoring to all impacted customers. However, that's small consolation to those who now have to deal with the prospect that their identities may have been stolen and may face fraudulent charges on their credit cards in the weeks and months ahead. If you're an AeroGrow customer, to be safe, report your payment card as compromised and take whatever other steps you deem necessary to protect your identity. Used with permission from Article Aggregator.
Hackers Are Now Using Remote Desktop Services For Ransomware - May 2, 2019
Ransomware continues to be the weapon of choice for hackers around the world, but their distribution methods are evolving. Recently, a new strain of the ransomware known as CryptoMix was found in the wild, sporting a new distribution methodology. Hackers are beginning to target publicly exposed remote desktop services and installing their poisoned software manually. In the case of the remix of CryptoMix, once installed, the malware appends the .DLL extension to all encrypted files and predictably demands a ransom from the victim to get his or her files back. Despite the evolving delivery method, the threat remains the same, so perhaps it's time for a review. Here are several things your staff can do to minimize your risk of being taken offline by a ransomware attack: Back your data up religiously. This isn't so much a prevention strategy as it is an insurance policy. It should go without saying, but too many SMBs don't do this, so we wanted to list it first. Make sure your employees are absolutely phobic when it comes to opening attachments from people they don't know and trust. Even in cases where they recognize the sender, it's always best to take the step of phone verification before actually opening the file. All attachments should be scanned with a robust antivirus tool before opening. Be sure your people know not to connect Remote Desktop Services directly to the internet. Everyone using such services should do so via a VPN. Make sure all Windows updates and security patches are installed in a timely fashion. Many a problem can be avoided simply by keeping your software up to date. If you' re not using some type of security software that relies on behavioral detection or white list technology, you' re not doing your company any favors. None of these things (even taken together) will absolutely ensure that you don't fall victim to a determined hacker, but they will dramatically reduce your risk. Used with permission from Article Aggregator.
Facebook Admits to Accessing Email Contacts - May 1, 2019
Facebook can't seem to stay out of its own way. Recently, the social media giant has made headlines on a regular basis, and seldom for anything good or groundbreaking. Not long ago, the company found itself in the midst of a controversy when it came to light that they were asking people for their email account passwords, claiming that it needed these in order to verify the identities of the new users. As a practice, this is almost unheard of. In fact, countless numbers of articles have been written underscoring the fact that no legitimate company would ever request such information. In addition, if anyone ever received an email asking for email logins and passwords, (or passwords of any kind), it was a sure sign of a scam in progress. In addition to that being a horrible business practice, the fear was that Facebook was improperly using the information and unauthorized to harvest personal information on everyone who complied with their unreasonable request. As it turns out, those fears were spot on. The company recently released a statement saying that they" unintentionally" uploaded email contacts from some 1.5 million new users on its servers, without the consent or knowledge of those users. Part of the company's dubious explanation reads as follows: "Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings." Given the company's recent history of privacy abuses, this explanation has not been well received. It provides further evidence that Facebook has and continues to utterly fail when it comes to protecting its user's information, even as it generates billions of dollars in revenue from it. Used with permission from Article Aggregator.
Driver in Some Wifi Devices Could Allow Hackers Access - April 30, 2019
You almost certainly do not know the name Hugues Anguelkov. He's an intern working for Quarkslab, where he spends his time researching potential security issues. He's also a bit of an unsung hero because he recently uncovered a string of five devastating vulnerabilities in the Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets. That's significant because it turns out that these drivers are used in a staggering array of equipment around the world. Anguelkov writes: "You can find these chips almost everywhere from smartphones to laptops, smart-TVs and IoT devices. You probably use one without knowing it, for example if you have a Dell laptop, you may be using a bcm43224 or a bcm4352 card. It is also likely you use a Broadcom WiFi chip if you have an iPhone, a Mac book, a Samsung phone or a Huawei phone, etc. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk. "He goes on to say that two of vulnerabilities he found are present in both the Linux kernel and the firmware of certain Broadcom chips. He added that the most common application, from a hacker's perspective, would be to utilize them to launch a remote denial of service attack. In all, this vulnerability impacts equipment made by a staggering 166 different technology vendors worldwide, which means that it's incredibly likely that you're using a vulnerable piece of equipment right now. The good news is that Broadcom is currently working on the issue and although no firm timeframe has been given for when we might expect a fix, given the scope and scale of this issue, the company is certainly motivated to make it happen quickly. For the time being, there's not much for you to do here, other than be mindful that the issue exists and be on the lookout for a fix from Broadcom. Used with permission from Article Aggregator.
Reading Articles on Updated Google Chrome Will Become Easier - April 29, 2019
Google has some good news for PC users who surf the web using their Chrome browser. Google is adding a new feature called "Reader Mode", which will strip out unnecessary background clutter with the goal of making articles easier to read. The new feature is currently available in the company's experimental Canary release, so if it's something you'd like to play with now, there's an easy way you can do that. It's a good move and a welcome addition to Chrome's capabilities, but it should be noted that Google is somewhat behind the curve here. Apple added Reader Mode to its Safari browser ages ago, back in 2010. Both Firefox and Microsoft Edge have included that capability since 2015. In fact, even the Android version of Chrome has had something like Reader Mode for a while now (Simplified View). However, for reasons that aren't entirely clear, Chrome's PC-based users have been left out until now. In any case, even if Google is a bit late to this particular party, it's a welcome addition. Soon PC users surfing with Chrome will have a much easier time reading articles on the web, thanks to the reduced clutter the new view makes possible. Given the rampant growth of ads, popups and bling appearing all over web pages these days, that's a very good thing and not a moment too soon. Again, if you'd like to get a sneak peek at the new addition, you can do that. All you need is an up to date version of Chrome's "Canary" release. Once you've got that, just paste the following into your address bar: chrome: //flags/#enable-reader-mode Then restart your browser. At that point, you'll be able to put any page into reader mode by clicking on the "Settings" button in the top right-hand corner of the browser and selecting "Distill page." Used with permission from Article Aggregator.
Latest Scam Involves People's Social Security Numbers - April 27, 2019
There's a new scam making the rounds, and it's a particularly nasty one involving your social security number. Here's how it works: You may get a robocall seemingly from the government, claiming that there's a problem with your Social Security number. The call also states that your account has been flagged for suspected fraudulent activity. You'll be given a number with instructions to call back and speak to a government agent in order to get help resolving the issue and prevent your arrest. Needless to say, given the importance of your Social Security number and the looming threat of legal action and possible arrest, a significant percentage of people will call back. They will be desperate to resolve the matter quickly before things escalate. Of course, the reality is that Social Security numbers cannot be suspended. This is merely the hook this breed of scammers are using to get people to call them and get help resolving an issue that doesn't actually exist. If you make the mistake of calling back, you'll be pressured for your name, date of birth, and banking information. In addition to those of course, you will be asked to verify your Social Security number for security purposes. Essentially then, those who get roped into this scam wind up giving the person on the other end of the line everything they need to steal their identity and empty their bank account. While anyone of any age can be targeted by the scam, it seems to be impacting older Americans in disproportionate numbers, which makes this group of scammers even more despicable than most. As ever, vigilance is the key to staying safe. If you get a call like this, don't call back at all. If you feel tempted, don't call the number you get via the robocall. Rather, look up the number of your local Social Security office and begin your inquiry there. In short order, you'll confirm for yourself and your own peace of mind that there is indeed nothing to it. Used with permission from Article Aggregator.
Removing USB Gets Easier In Windows 10 Update - April 26, 2019
Microsoft has recently rolled out a small but important change where USB connected devices are concerned. The changes have been heralded as an improvement by some and seen as a step backward by others. In particular, the company has tweaked the way Windows 10 handles the process of disconnecting a USB or Thunderbolt storage device. These devices include USB-connected hard drives, flash drives and even data transfer cables between PCs and smartphones. There are two options users can select from where removing these devices is concerned: Quick Removal and Better Performance. Previous versions of Windows 10 automatically defaulted to the "Better Performance" setting. The latest release of the OS has changed the default to "Quick Removal" which results in a significant change. Under the Better Performance setting, your USB device (as the name indicates) is optimized for maximum performance, which allows you to make the most of data transfer speeds. By defaulting to "Quick Removal" the process of disconnecting a USB device is faster and more convenient because it bypasses the "safe removal" process, but at a notable sacrifice in data transfer speed. The good news is that it is still possible change the default back to the Better Performance setting. Of course, doing so will mean that you'll have to follow the" Safely Remove Hardware" process you've probably grown quite accustomed to. To change your default setting back to Better Performance, just follow these steps: Connect the USB device. Right Click the "Start" button and select "File Explorer." Identify the drive letter associated with the device whose settings you wish to change. Right click the start button again, then select "Disk Management" . Locate the drive and click "Properties" . Select the "Policies" tab and set the policy for that device, choosing between Quick Removal and Better performance. Once you do that and click "Ok," you're all set. Used with permission from Article Aggregator.
Update on New Microsoft Edge Browser - April 25, 2019
Microsoft is slowly inching closer to a mainstream release of a new version of its Edge Browser for Windows 10, this one based around Chromium technology. Recently, Microsoft released Canary, a developer build for the new browser. Any member of the Windows Insiders group can get access to the early build if they want a sneak peek at what's to come. The company has promised beta builds in the months ahead, along with builds that are Windows 7.8.1 and Mac OS compatible. If you decide to take a look at the current state of the code, it's important to remember that the new Edge should still be considered in pre-Alpha state and is focused on the basics for the time being. That means there's not a lot in terms of functionality just yet. In fact, at present, the new Edge looks more or less like the old Edge, minus language support, PDF support, tab sweeps and smooth scrolling. Consider it to be a scaled back version of the current Chrome browser with built in MSN news feeds. As such, these early builds may be of interest to enthusiasts, developers and early adopters who want to start getting a handle on the state of things to come. Honestly though, a casual user won't find much of interest here. While Microsoft has had a poor track record where its browsers are concerned, the hope is that their new offering designed with Chromium at the core, will be more of a success. They hope to leverage the vast strengths of industry leader Google. That, however, remains to be seen. Even so, there is undeniable value to developers and a few other select groups to get in on the fun now so they can develop a better understanding of the shape and direction of the new Edge as its contours begin to emerge. Used with permission from Article Aggregator.
Millions of Toyota Customers Possibly Affected by Data Breach - April 24, 2019
In recent months, Japan is a nation under cyber-siege, with several high-profile attacks having been made against the country. The most recent attack targeted Toyota. If you own a Toyota or Lexus, it's possible that at least some of the information you gave to the company has been compromised. Although an investigation into the matter is ongoing, Toyota wasted no time letting its massive customer base know. Their official statement reads in part, as follows: "We have not confirmed the fact that customer information has been leaked at this time, but we will continue to conduct detailed surveys, placing top priority on customer safety and security." Later in the statement the company stressed that if customer information was, in fact compromised, that information did not contain credit card or other payment numbers. Early indications point to a well-organized hacking group calling themselves the OceanLotus Group. Although even this cannot be confirmed at this point. The details surrounding the attack are murky at this point. What we do know with certainty is that on March 21st, the company detected an unauthorized intrusion into its corporate networks across a staggering 8 company divisions, marking it as an extremely well organized and sophisticated attack. Considering the other attacks made against Japanese companies and government agencies, it seems that for reasons that are not yet clear, one or more big hacker organizations filled with top-tier talent has decided to put the nation under the virtual gun. Only time will tell exactly who's behind the attacks and what their ultimate purpose might be. For now, the key thing to know is that if you own a Toyota or Lexus, it's possible that at least some of your personally identifiable information was compromised. Be on the lookout for additional information from Toyota as it becomes available. Used with permission from Article Aggregator.
Malware in Documents is Latest Hacker Trend - April 23, 2019
There is a new Threat Spotlight released by Barracuda Networks. One of the biggest trends in 2019 (where threats against businesses of all sizes are concerned) now takes the form of poisoned documents attached to emails. The company analyzed more than 300, 000 email samples collected over the past twelve months. They discovered that the frequency of document-based malware attacks increased markedly during the first quarter of 2019, with nearly sixty percent of poisoned files taking the form of documents. As Jonathan Tanner of Barracuda Networks put it: "For the past couple of years, script files were a very popular attack method. The percentage of these sort of files declined drastically, however, and was a significant source of the increase of documents as an infection method... Documents are a natural evolution from script files, since the languages used are also the ones used for documents - namely VBScript and JavaScript. The same attacks could be converted to the document-based ones with only slight modifications. The script authors had already become very adept at obfuscation techniques, so these could contribute greatly to document-based malware where scripting is already more common and thus deeper inspection of the script itself is required." The good news is that most antivirus software is quite good at detecting malicious files. Of course, the weakest link in the equation isn't detection software, it's users. In light of the evolving threat, education is more important than ever. Although to date, the majority of employees have been stubbornly resistant to educational measures designed to reduce the rate at which employees will click on and open documents received from un-trusted or even unknown sources. As a business owner, that will likely be one of your great challenges in the year ahead. The more wary you can make your employees about opening files from people they don't know, the safer your network is bound to be. Used with permission from Article Aggregator.
Breach at Georgia Tech University Exposes Personal Info - April 22, 2019
If you've ever been a student or employee of the Georgia Institute of Technology, be advised that any personally identifiable information the university had on you may have been compromised. Recently, the university reported an instance of unauthorized access into databases connected to its web app. They first discovered evidence of the unauthorized access in mid-December of 2018 and have been investigating since. To date, however, it remains unclear exactly how long a time the unidentified hackers had access to their databases or what specific information may have been taken. The formal statement issued by the university says, in part: "The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech's cyber security team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers and birth dates." The fact that the university's investigation is now several months old indicates that the hackers were quite skilled. Given the information that the University fears was compromised, it's more than enough to create a false identity. If you have ever been employed at Georgia Tech, or if you've ever taken classes there, be mindful that enough of your personal information may have been compromised to steal your identity. If you haven't yet used a service that helps protect you against such things, it may be time to consider doing so. In any case, vigilance is the order of the day. We don't yet know how many records may have been compromised, but it's better to be safe than sorry. If you've been fortunate enough to have avoided having your identity compromised, count yourself lucky indeed. It's something that can take years to fully recover from. Stay on your guard. Used with permission from Article Aggregator.
Several Popular Restaurants Had Credit Cards Stolen - April 20, 2019
If you frequent any of the following restaurants and paid them a visit between May 23, 2018 through March 18, 2019, your credit card data may have been compromised. The parent company of these chains, Earl Enterprise, recently announced that an unspecified number of store locations were found to have been infected by PoS malware. When taken together, they managed to harvest more than two million credit card numbers nationwide. These were later found for sale on the Dark Web. The list of restaurants includes: Chicken Guy! Mixology. Tequila Taqueria. Earl of Sandwich. Planet Hollywood. Buca di Beppo. If you've been to any of the restaurants named above in that range of time, you may have already received a notification from the company. If you want to confirm whether the location near you was one that was compromised, Earl Enterprise has a lookup tool on their website allowing you to drill down and find out definitively. The company was made aware of the issue in late February when they were contacted by private security researcher Brian Krebs. He discovered a large cache of credit card numbers on the Dark Web that belonged to the company's customers. Once they were informed, they launched their own internal investigation, duly notified law enforcement, and brought in a third-party firm to assist them with the investigation. Upon confirming Krebs' findings, they made a public announcement to their customers. Exercising an abundance of caution, Earl Enterprise is encouraging all its customers to keep a watchful eye on their credit and debit card statements and to stay alert for any suspicious activity. If you notice any, report it to the company that issued your credit card immediately. If you see something and don't report it right away, you may wind up having to pay for charges you didn't make. Used with permission from Article Aggregator.
Windows Defender Security Comes to Mac Devices - April 19, 2019
If you're a Mac user and looking for next-level antivirus protection, we've got some potentially good news. Microsoft recently announced that their enterprise security platform, (Windows Defender Advanced Threat Protection) is now available for macOS. To reflect the product's move away from offering protection exclusively to Windows-based systems, the company tweaked the name of the product. It is now called simply" Microsoft Defender ATP. "The newly minted version of the software is currently available for Macs in limited preview form, and represents the latest in an ongoing expansion effort. Last month, the company rolled out a version that extended its impressive protection to both Windows 7 and Windows 8.1. Future plans will include a further expansion to also provide protection to Linux-based machines. At this point, Admins can install Microsoft Defender ATP on the following macOS versions: Mojave. High Sierra. Sierra. Individual users will have the option to configure advanced settings in the software unless their admins specifically disable that functionality. The code also includes an auto-update feature that can be toggled by an Admin. If you're an admin working in a Mac environment, you might not see a particular need for the new software. However, Microsoft pointed out in the bulletin they released with the announcement that Defender can detect KeRanger, which was the first ransomware strain to target the macOS. In any case, more security options are generally better than fewer, and Microsoft has long been a favorite target of the hacking world. Love them or hate them, they do know a thing or two about security, especially at the enterprise level. Most insiders hail this move as a good one. All that to say, if augmenting system security figures highly in your near term plans, and it probably does, this could be an excellent addition to your arsenal.
New Malware Hidden in Emails About Flu Protection - April 18, 2019
Fear is a fantastic way to spread malware, which is why hackers around the world are using the fear of a flu pandemic as a hook to install a nasty strain of ransomware. Researchers at MyOnlineSecurity have detected a cunning email campaign which spoofs the Centers for Disease Control and bears headlines warning of a Flu Pandemic. The message is short and to the point, explaining that a flu pandemic has been detected and urges recipients to read the attached document for further instructions to protect their families and help keep it from spreading. The instructions also helpfully include the note that in order to view the document properly you'll need to click the' Enable Editing' button. The attachment bears the name" Flu Pandemic Warning, "which reinforces the message itself. It's an excellent choice from the perspective of the hackers, because they know that a relatively high percentage of those who receive this message from what appears to be a trusted agency will open it. Unfortunately, the moment they open the file and click to enable editing, they doom themselves. The word document is poisoned and contains scripts that will install the GrandCrab v5.2 ransomware on the victim's machine, which will promptly lock their files and demand a hefty payment. While this is a nasty and especially effective campaign, it's not the only one that the creators of Grand Crab are engaged in. Recently, the Chinese government issued their own alert, stating that beginning on March 11, various government departments were bombarded with phishing-style emails intent on installing ransomware on their servers. All that to say, vigilance is more important now than ever. There's no telling how long this campaign will run, or what may come after it, but one thing you can be sure of. They're not going to stop.
New Phishing Attack Targets Amex and Netflix Users - April 17, 2019
If you do business with either American Express (AMEX) or Netflix, be on the alert. Windows Defender Security Intel has recently reported the detection of two major new phishing-style campaigns aimed at the customers of both businesses. Recipients have been receiving emails that appear identical to official Netflix and American Express communications. In both cases, the ultimate goal is to convince customers to hand over their credit or debit card information. Microsoft has sent a couple of different tweets out about the issue. One of them assures customers that "Machine learning and detonation-based protections in Office 365 ATP protect customers against both campaigns." And another warned that "The Netflix campaign lures recipients into giving away credit card and SSN info using a' Your account is on hold' email and a well-crafted payment form attached to the email." The unfortunate truth is that emails like the ones currently in play are extremely easy to craft and very compelling. The hackers simply play on the fears of the customer, making it sound as though if they don't take immediate action they'll lose access to a valued service they've come to rely on. There's essentially no cost to the hacker for pushing out hundreds, or even thousands of emails like the ones currently being used. For each victim that falls prey to the tactic, the costs can be enormous. As ever, the first best line of defense is education and awareness. In addition to that, if there's ever any question at all about the status of your account, the best thing you can do is to address the issue via another channel. In other words, don't simply reply to the email you received. Open a new tab, look up the company's customer support number and call to verify. Doing so will tell you in short order whether the email you received was legitimate, or someone trying to separate you from your hard-earned money.
Myspace Permanently Lost Large Amounts of User Data - April 16, 2019
Are you or were you a MySpace user? If so, we have bad news. The struggling company recently announced that when they attempted to migrate all user data to new servers, something in the process went wrong. As a result, massive amounts of user data was lost. The only way to describe the loss is catastrophic, with the company reporting that most user-uploaded videos, songs and photos added to the site between 2003 and 2015 are gone with no hope of recovery. More than a decade's worth of content, gone in the blink of an eye. The company's official announcement reads as follows: "As a result of a server migration project, any photos, videos and audio files you uploaded more than three years ago may no longer be available on or from MySpace. We apologize for the inconvenience. If you would like more information, please contact our Data Protection officer." That's it. Even worse, the migration happened more than a year ago, in February 2018. At that time, users took to Reddit to complain about not being able to access content that was more than three years old. Eventually, the level of complaints grew to the point that the company could no longer ignore it and finally came clean. IT managers and business owners should take notes on this incident. This is possibly one of the worst handlings of a data loss incident we've seen in recent history. Not only was the company completely uncommunicative for more than a year, when they did finally make an announcement, it was terse. Describing that level of data loss as an 'inconvenience' is not just insensitive, it's bad business. If the company was struggling before, that goes double now and worst of all, it was, from start to finish an entirely self-inflicted wound. In any case, if you are, or were a MySpace user at some point, most of your older data is probably gone forever.
Millions of Facebook Usernames and Passwords Stored by Accident - April 15, 2019
Are you a Facebook user? If you are, it may be time to change your password. KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200, 000 and 600, 000. That's a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company's massive user base. Although there's no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly. The investigation to this point has revealed that no less than 2, 000 engineers and developers made more than nine million internal queries to the file. Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue: "We've not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data. In this situation, what we've found is these passwords were inadvertently logged but that there was no actual risk that's come from this. We want to make sure we're reserving those steps and only force a password change in cases where there's definitely been signs of abuse." This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of. While the company is wrestling with making changes to prevent such incidents in the future, that's small comfort to the millions of users that have been adversely impacted over the last year. According to the official company statement, unless you receive a notification from them, there's nothing you need to do and no need to change your password. But given the importance of data security, if you'd rather be safe than sorry, it certainly couldn't hurt.
Recent Breach Targeted Mypillow and Amerisleep Customer Data - April 13, 2019
If you've purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ. The hacking group Magecart appears to be behind both breaches, which is bad news for both companies and their customers. That is because Magecart is one of the most talented and active hacker groups on the scene today, having launched a number of successful attacks against high profile targets that have included Ticketmaster, Feedify, Shopper Approved, Newegg, and British Airways. MyPillow entered into Magecart's crosshairs in October 2018, when the group compromised MyPillow's e-commerce and sales platform and began skimming credit card information submitted by the company's customers. The group also registered a similar domain, mypiltow.com and utilized' Let's Encrypt' to implement an SSL certificate. Unsuspecting visitors to the site had no idea they were on a domain controlled by the hacking group. According to RiskIQ researcher Yonathan Klijnsma,"...this type of domain registration typosquatting means that the attackers had already breached MyPillow and started setting up infrastructure in its name. "Within a month's time, the hacking group moved onto the second phase of its attack, registering a new website called livechatinc.org, which mimicked the Live chat used by MyPillow. With a poisoned script already running inside the company's infrastructure, Magecart was able to mimic the genuine tag used by the live support service. This was so that by all outward appearances, customers believed they were chatting with an actual MyPillow employee. The attack on AmeriSleep dates back a bit further to April 2017, but followed a similar pattern. The skimmer remained in operation between April through October of 2017. The company rid themselves of Magecart's malicious software, only to come under attack again in December 2017. In both cases, the skimmer domains have been taken offline, but both companies are still dealing with the malicious code injection issues. RiskIQ notes that given Magecart's history, even when both companies clear their servers of malicious code, they're likely to be re-infected in short order. Watch your credit card statements if you've made a purchase from either company.
Windows 10 Will Get New Update Feature - April 12, 2019
A small but significant update is coming in the next version of Windows 10, which should have the company's massive user base breathing a sigh of relief. The company is experimenting with a new feature that it can use to trigger automatic uninstalls of buggy updates. This happens in the background, so there's nothing the user must do. This is significant, given the recent trouble Microsoft has been having with its updates. Unfortunately, the company made some radical changes to its testing procedures last year. Since that time, they've released several updates that have been problematic. Most recently, a Windows 10 update wound up deleting user files for a small but vocal percentage of the company's user base. The company is working hard to improve their process. However, the fact that they're even considering a feature like this (much less actively experimenting with it) is a clear signal that they're not confident in their ability to release a clean, relatively problem-free update. It should be noted that at present, the new experimental feature is only visible to Windows Insiders users and it is unclear when it will be released to the general public. Odds are excellent, however, that it will happen soon. Given the problems we outlined above, industry insiders generally regard this as a positive development. Of course, the hope is that Microsoft will be able to avoid releasing a buggy update, but given the company's recent track record, the inclusion of this feature is an excellent fallback position. In any case, if you're a member of the Windows Insider program, you may be able to see it in action now and in the weeks ahead. If not, you'll have to wait a while.
End of Support Notifications Being Sent to Windows 7 Users - April 11, 2019
If you're still clinging to your old Windows 7 machine, you should know that the day is relentlessly drawing closer when Microsoft is going to stop supporting the OS altogether. In fact, in the near future, you're going to start seeing reminders pushed out by the company that the end is drawing near. They're calling this a "courtesy reminder" and recommending an upgrade to Windows 10. If you're dead-set on continuing to use Windows 7 past the date when official support ends, Microsoft is offering an additional three years of paid support for the platform. However, the price of that support will double with each passing year. The company has taken pains to continue supporting what is still a surprisingly popular operating system. However, given all of the above, the writing on the wall is pretty clear to see at this point. If you haven't yet begun to make plans to move away from your legacy systems that require Windows 7 to function, it's well past time to do so. When the support stops, you're going to find yourself at increasing risk. The hackers around the world are going to find flaws in Windows 7's armor and Microsoft isn't going to be around to fix them. Even worse, an increasing percentage of modern software simply won't run on those older systems, which puts you in an increasing bind on that front. You would have to buy separate systems to run the newer software you need, while maintaining a few of the older boxes to house and run the software that depends on the older OS. That complicates things, to say the least. The longer you delay, the worse those risks are going to become. Painful as it might be to consider moving away from the platform, the alternative is worlds worse. Time and technology have simply moved on.
Some HP Laptops Being Recalled for Battery Fire Risk - April 10, 2019
The US Consumer Product Safety Commission (USCPSC) has recently issued a statement concerning HP's recall of more than 78, 000 laptop batteries. This is being issued in addition to the 50, 000 laptop batteries the company recalled in January 2018 for the same issue. According to the company, the batteries in question are prone to overheating and pose fire and burn hazards. The USCPSC's statement comes on the heels of eight new reports of overheating battery packs. Note that the actual recall announcement occurred back in January of this year. The reason it's only now getting press is because of the recent government shutdown. If you personally own HP equipment, or if you've purchased some for company use, be sure to head to HP's website for a full listing of the models that have been impacted by the recall. In terms of scope and scale, this is hardly the biggest equipment recall we've seen in recent times. Last year, Panasonic's entire" Toughbook" product line had to be recalled, just to cite one example. This isn't the first time HP has had hardware problems in the recent past and it certainly won't be the last. However, from what we can tell, this incident isn't the leading edge of some type of systemic issue for the company. It's unfortunate, yes, but on its own we don't see any reason to consider switching to some other hardware vendor. After all, just about every major PC manufacturer has suffered similar issues at some point. Even so, make sure the people in your employ who are using HP laptops are aware of the potential problem. Again, be sure to head to the company's website to see if your equipment is at risk or not.
Hackers Continue To Attack POS Transactions And Systems - April 9, 2019
Have you heard of DMSniff? If you're in the restaurant, entertainment, or retail business and you haven't heard of it, this article is likely to dismay you. It's the latest threat being deployed against those industries. Researchers from the cybersecurity company Flashpoint now believe that DNSniff malware has been lurking in the wild since at least 2016. It has proved to be notoriously hard to detect, which explains why we're just now hearing about it. Even worse, the hackers behind the software have been specifically targeting small to medium-sized companies that rely heavily on credit card transactions to survive, These companies don't typically have the resources to deploy state of the art security measures. One of the key features of this malware strain is that it uses a DGA (Domain Generation Algorithm) to create command and control domains on the fly, which makes it incredibly resistant to blocking mechanisms and takedowns. For instance, if law enforcement officials raid a site, confiscate servers, and shut down a domain, DNSniff keeps doing its thing. It will simply spawn a new command and control domain and continue to transmit stolen data. Although DGA's are employed by other forms of malware, finding it built into the core functionality of code designed to be injected and run on POS machines is a new twist the researchers hadn't seen coming. In addition to that, DNSniff also utilizes a string-encoding routine, which enables it to hide even when actively searched for. This makes it more difficult for security personnel to uncover the inner workings of the code. The goal for the hackers, of course, is to siphon off as many credit card numbers and as much other payment information as they can. They then bundle the stolen data and resell it on the Dark Web. The group behind DNSniff has been wildly successful. If you're in any of the businesses we mentioned at the start, make sure your staff is aware of this latest threat, and stay on your guard.
Pixel Phones Have The Update For Newest Android OS - April 8, 2019
The latest version of the Android OS is now available in beta form. The catch is, you've got to own a Google Pixel phone to use it at this point. The rest of Google's massive user base will get to see Android Q later this year. In an unusual move, the company limited access to their latest work in progress to Pixel owners, including those still using the Pixel 1 (which is technically no longer supported by the company). The latest version of the OS introduces a variety of advancements. Here are a few you'll be impressed with: Better split-screen support - Note that this also specifically improves enhanced support for foldable screens, which appear to figure heavily in Google's long-term plans. That's good news for some phone manufacturers. If you own a Galaxy Fold, for example, when Q is released for your device, the change will have a big impact. Improved Privacy and Permission Features - Any time you see a popup driven by an app seeking permission to access a portion of your data (location data, for example), you'll see three options: Allow All The Time. Allow Only While The App Is In Use. Deny. Improved Security - On the privacy front, Android Q does not allow apps to launch any activity while in the background, which means that malicious apps can't do anything nefarious without user input. Big Improvements To The Share Menu - One of the most persistent user complaints about previous versions of Android has been the OS's sub-par share menu. It's getting a major overhaul that makes it more intuitive and includes an option for developers to publish "Sharing Shortcuts" which should make the menu even more useful. Do you own a Pixel? If so, check out the new features and start playing around with them today!
Hundreds Of Apps Loaded Adware Onto Millions Of Android Phones - April 6, 2019
How many malicious apps would you need on the Google Play Store to infect more than one hundred and fifty million Android devices? Unfortunately, we have a good answer to that question, courtesy of SimBad adware, which can be found in 210 different Android apps. Taken together, they've made their way onto nearly 150 million devices. If that was the only strain of adware in existence it would be bad enough. Of course, SimBad is only one form of malware. Granted, it's a significant strain with a hefty footprint, but the statistics above only demonstrate the sheer scope and scale of the problem. The internet is awash in malware of all types, and the problem is only getting worse. On top of that, hackers are getting increasingly sophisticated in the way they deploy their poisoned code. Even worse, they're sharing secrets and adopting each other's most effective strategies. They're creating a kind of' Black Hat Best Practices' that enable even hackers with only a moderate level of skill to cause real damage. If all of the above wasn't bad enough, even worse is the fact that the larger hacking groups have begun serving as hired guns. On the Dark Web, it's easy to find a massive botnet for hire, or to rent out someone else's malware and leverage their resources to launch your own devastating campaign. Arrayed against these forces are a motley collection of industry insiders, independent researchers, corporate IT staff members, and security company professionals. They are all trying gamely to keep up with the ever-shifting threat matrix. Unfortunately, it's a battle these forces are losing. 2018 was another record setting year in terms of the number of successful data breaches, and 2019 will almost certainly beat last year. Stay vigilant.
Social Security Administration Seeing High Number Of Scams - April 5, 2019
The Federal Trade Commission (FTC) recently issued a public service announcement regarding the growing number of Social Security related scams they've been getting reports about. In 2017, just 3, 200 people called to report instances of SSA Voice Phishing (called 'vishing'), with total 2017 losses amounting to some $210, 000. In 2018, that number swelled to more than 63, 000 with losses in excess of $16.60 million. Even worse, these statistics don't tell the full extent of the story or the amount of growth. That's because of course, not everyone who falls victim to such scams calls in to report them. So the overall number and the corresponding dollar amount lost is no doubt much higher. As to the scam itself, there are obviously a number of variations, but broadly speaking, they all follow the same basic script. A scammer calls, pretending to be someone from the Social Security Administration. They inform the person they're speaking to that they're calling because suspicious activity was spotted as relates to the person's account (credit applications and the like). This, they inform the potential victim, has caused their social security to be blocked and suspended, and warn the victim that it's possible that their bank accounts may be seized as a result of the suspicious activity. It's ham-fisted and transparent, but it works a shocking percentage of the time. Fearful of being cut off and potentially locked out of their life savings, the victims proceed to gladly hand over any and all information the phony SSA official says they need to put the matter right. That of course includes verification of the victim's social security number and all their banking information. Needless to say, it doesn't end well for the person who hands over all this information. Be aware of it, and make sure any seniors you know are aware of it too. Anything we can do, collectively, to help stem this tide is a very good thing.
Ransomware Attackers Targeting Larger Companies For More Money - April 4, 2019
If you haven't heard of the GrandCrab ransomware strain, it's something you should put on your company's radar. It first emerged as a viable threat in early 2018. Since that time, its creators have been constantly tweaking and honing their approach, turning it into a devastatingly effective strain. The latest version GrandCrab 5.2 was released in February 2019, and researchers at Crowdstrike have been digging into both the software and the operating tactics of the group responsible for it. Their findings are disturbing to say the least. The creators of GrandCrab are essentially operating their software under and affiliate scheme, where the owners of the software deploy it on behalf of hacker clients, offering it as a service for hire in exchange for 30-40 percent of the profits. The company is even advertising on black hat forums and across the Dark Web, using ads designed specifically to pique the interest of other hackers in the community. In addition to that, GrandCrab's creators are ramping up their own efforts. They are increasingly ignoring smaller targets in preference for large companies with sprawling global networks, seeking a greater infection percentage (and a correspondingly higher payday). The plan works like this: Once they get a hold inside a corporate network, rather than triggering the infection immediately, they explore the space and try to use their beach head to expand the number of machines their infectious software resides on. Only when they've achieved deep network penetration that spans a large percentage of the company's networked machines do they trigger the infection. This results in the mass encryption of files across much (if not all) of the target network, instantly bringing the company to its knees. The researchers have taken to calling this approach 'Big Game Hunting' for obvious reasons., It is proving to be brutally effective because statistically, infected companies are more likely than not to pony up the ransom money being demanded. All that to say the hackers are getting increasingly savvy and organized. Don't let your guard down.
New Windows 10 Update May Cause Gaming Issues - April 3, 2019
If you've installed Microsoft's March 1st update for Windows 10, version 180G, be aware that a growing percentage of users are reporting performance issues that impact graphics quality and mouse movement. Granted, the issues seem to have the biggest impact on games, with gamers who play games like Destiny 2 and Call of Duty 4. Of course, performance issues are likely to crop up in a variety of other applications as well. Microsoft engineers are tracking various discussion forums and Reddit threads where the issue surrounding the KB4482887 update is the topic. They have concluded that the biggest performance impacts come from users who are playing older games (upwards of ten years old), but don't seem to impact people who play newer games nearly as much, which is curious to say the least. It's not at all surprising that gamers are the first to report performance issues. After all, gaming tends to demand quite a lot from a computer system's resources in ways that mucking around in a spreadsheet simply doesn' t. Then there's the fact that gamers live and die based on in-game lag and latency, so even small blips are very noticeable. Even so, there are several resource intensive Enterprise applications that may suffer similar performance issues. For their part, Microsoft is on the case and is currently scrambling to provide a fix for the update. Although to this point, they haven't provided users with a timeframe for when it might be released. This latest incident follows on the heels of several months' worth of problematic Windows 10 updates which have left the company with egg on their faces and prompted them to revisit the way they handle QA/QC prior to the release of an update. Despite the fact that they've been working hard to improve their approach, it seems clear that they're not quite where they need to be yet. If you haven't installed the KB4482887 update yet, and you make frequent use of resource-intensive programs, it may be worth holding off until Microsoft issues an update to the update.
Survey Shows Identity Theft Is Common For Americans - April 2, 2019
How big of a problem do you imagine identity theft to be? What percentage of Americans do you think have been impacted by it? If you're like most people, whatever number you selected probably underestimated its impact. In a recent survey conducted by nCipher, it was discovered that nearly 29 percent (17.6 percent) of respondents admitted that their identities had been stolen. As a percentage, that may not seem like all that much, although it's certainly disturbing. When you consider that the United States is home to some 330 million people, taking 17.6 percent of that yields the depressingly large number of 58, 080, 000. Compare that figure to the 2017 estimate of 16.7 million instances of identity theft, and the rampant growth of this type of crime suddenly comes into striking and dismaying focus. If that wasn't bad enough, a further 16.5 percent of survey respondents said that they had no idea whether they'd had their identity stolen or not. It's certainly not fair to conclude that all of the people in this group have had their identities stolen and simply aren't aware of it. The simple fact that such a large group of people seem to have little to no awareness of their digital footprint and who might have access to it is beyond disturbing. The two biggest takeaways from the survey are these: One: Identity theft is a rapidly growing crime that impacts tens of millions of Americans and it's growing more common by the day. Two: A shocking percentage of people have almost no awareness about how secure their digital footprint is, which means they have no real understanding of how to protect themselves from identity theft. Given the rapid growth in this type of crime, it's fair to say that sooner or later, most of the people in the second statistic will wind up as part of the first. Make sure you're not in either group!
Creator Of Popular Kids App Fined For Privacy Violations - April 1, 2019
The Federal Trade Commission just issued an enormous fine to a Chinese app developer for illegally collecting the personal data of the children who used it. The company was handed a staggering $5.70 million fine when the FTC filed a complaint alleging that the video-sharing app was in violation of the Children's Online Privacy Protection Act. Their mistake was that the app did not require parental consent from users under the age of 13 before collecting personal information. As with many apps of this type, this one (called Tik Tok) collected vast amounts of information. This included user names, email addresses, first and last names, phone numbers, profile pictures, user-entered biographical information, location data, and more. In addition to the obvious COPPA violations, the app's development team came under fire when it was discovered that much of each user's account information remained visible to the general public, even if the user opted to make their profile private. Worst of all, in the FTC filing, it was noted that adults had made numerous attempts to contact children via the app. It also stated that until the company released an update in 2016, there was a feature in place that allowed a user to view all other signed-in users within a fifty-mile radius of their location. The general state of app security and permissions is quite poor, but even given the relatively low standards in today's market, the Tik Tok app sets new lows on several different fronts. The hefty fine levied by the FTC was not only wholly justified, but it is hoped, will serve as a warning shot across the bow of app developers to start cleaning up their collective acts a bit, especially when marketing apps to children. John Fokker, the head of Cyber Investigations at McAfee applauded the ruling, but also cautioned: "...the responsibility also lies with parents to ensure their children are only signing up for services they're old enough and wise enough to use." Wise words indeed, and kudos to the FTC.
2018 Was The Record Breaking Year For Data Breaches - March 30, 2019
We knew fairly early in the year that 2018 was on track to beat 2017 and set a new record for the number of data breaches in the year. Afterall, 2017 had shattered 2016's record the year before. Now that the final numbers are in though, we can see just how big an increase we've seen in the number of data breaches from one year to the next. The numbers aren't pretty. With 12, 449 reported data breaches in 2018, we've seen a staggering 424 percent increase year over year. 2019 is already shaping up to be another record-breaking year. All that to say, our problems with hackers and data security are getting worse, and there's no end in sight. As with last year, the United States leads the pack in terms of the total number of records exposed by data breaches. Although in terms of raw numbers, the US's total was fairly modest. It's simply that all of the year's biggest breaches occurred here. At least part of what's driving the phenomenon of the steadily increasing number of breaches is the fact that there are a staggering number of user login credentials for sale and re-sale on the Dark Web. These are purchased for modest sums and used by hacking groups all over the world to try their hand at breaking into various networks. Unfortunately, given the sorry state of password security, it's often months before a hacked account sees its password changed. That gives nefarious elements plenty of time and loads of opportunities to inflict whatever damage they will, and they're only too happy to comply. With the grim statistics above firmly in mind, it's time to make data security at your firm your top priority. Based on the numbers, it's not a question of whether you'll be hacked. It's only a matter of when.
Thunderbolt Vulnerability Could Allow Hackers Access - March 29, 2019
A new vulnerability was revealed to the world at the 2019 NDSS security conference. It's a grim one with the potential to impact FreeBSD, Linux, Windows and Mac systems worldwide. Dubbed 'Thunderclap', the flaw can be exploited to impact the way that Thunderbolt-based peripherals connect and interact with a target system. If you' re not familiar with Thunderbolt, it's a hardware interface jointly designed by Intel and Apple that allows users to connect peripherals like chargers, keyboards, video projectors (and the like) to computers. The interface was originally available only in the Apple ecosystem, but subsequent generations of Thunderbolt expanded its reach. These days, Thunderbolt has hooks in every major OS in use today. At a high level, Thunderclap is nothing more than a union of various security flaws found in the interface. The main flaw stems from the fact that OS's tend to implicitly trust any newly connected device, granting it access to all system memory. A hacker attacking a system using this exploit can even bypass a system's IOMMU (Input-Output Memory Management Unit), which is specifically designed to counter such threats. Research conducted jointly at the University of Cambridge, SRI International, and Rice University discovered Thunderclap in late 2016. They have been quietly sounding the alarm since. Unfortunately, the companies that design and sell operating systems have been slow to act, in a classic case of passing the buck. The most common reason for failing to act is that the OS vendors say the responsibility lies on the peripheral side and vice versa. The issue is finally getting the attention it deserves, but to date, none of the OS development companies have published a timeframe for when they'll be issuing a patch to cover the security flaw. Until that happens, the best thing you can do is to disable Thunderbolt ports via your system's BIOS.
Social Media Is Big Business For Criminals - March 28, 2019
The rise of Social Media has been a game changer for businesses around the world, creating opportunities for customer engagement that were previously unimaginable. Unfortunately, business owners aren't the only ones reaping the benefits of Social Media. The hackers of the world are in on the game too, and for them, Social Media represents a giant piggy bank that they've only begun tapping into. Even now in the early stages of cybercriminal attacks on Social Media, the payoffs have been enormous. Social media attacks have been netting them a staggering $3.25 billion dollars a year. As shocking as that figure might be, it's important to remember that cybercrime on Social Media is a relatively new phenomenon. Between 2013 and now, the number of cybercrime incidents involving social media has quadrupled. The attacks take many forms, but one way or another, they come down to abusing the trust that is so essential for a functioning Social Media ecosystem. Some attackers set up scam pages hawking illegal pharmaceuticals. Others gravitate toward cryptomining malware, while others still ply the Social Media waters intent on committing digital currency fraud or feigning a romantic connection to get money and personal information from their victims. Even if you're one of the rare companies that doesn't have a significant Social Media presence yet, that doesn't mean you' re safe from harm. Gregory Webb, the CEO of Bromium, recently spoke on the topic, outlining a danger that many business owners are simply unaware of. "Social Media platforms have become near ubiquitous, and most corporate employees access Social Media sites at work, which exposes significant risk of attack to businesses, local governments as well as individuals. Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise's high value assets." In light of this, it's probably well past time to sit down with your employees and make sure they're aware of the risks they're exposing you to when they access Social Media accounts at work.
Nvidia Drivers Should Be Updated For Security Issues - March 27, 2019
If you use a Nvidia graphics card, be aware that the company has recently released their first security patch of 2019, bearing the ID # 4772. It's an important one in that it addresses eight security flaws that leave un-patched systems vulnerable to attack. It should be noted that none of the flaws addressed in this patch are rated as critical, but all are rated as high. The issues addressed in the patch run the gamut of protecting your system. This ranges from denial of service attacks, to remote code execution, and in six of the eight cases, an escalation of privileges. This patch is applicable across a range of Nvidia's most popular products, including their GeForce, Quadro, NVS and Tesla graphics cards. So if you use Nvidia graphics cards, then odds are good that this patch will be of benefit to you. This brings us to the topic of how to apply the latest patch. If your system is Windows based, then applying the latest patch via the Windows control panel should be the only action needed. If you're a Linux user, then the specific steps you'll need to follow will vary from one build to the next. It and may involve a bit of manual work, navigating to the Nvidia control panel after the driver has been updated. Also note that if you have Nvidia products on your system, you can download and install an app called the GeForce Experience, which will alert you when a new patch is available and guide you through its installation. In any case, this patch is important enough to warrant a special mention, as the issues it protects against are fairly high profile. Make sure your IT staff is aware so they can put this one high on the list of priorities.
Microsoft Account Email Phishing Attempt Looks Legitimate - March 26, 2019
Researchers have discovered a pair of nasty phishing campaigns that are making use of Microsoft's Azure Blob Storage in a bid to steal the recipient's Microsoft and Outlook account credentials. Both campaigns are noteworthy in that they utilize well-constructed landing pages that have SSL certificates and a windows.net domain, which combine to make them look totally legitimate. Given that most users don't pay close attention to the exact address they're navigating when they click on a link embedded in an email, these things are more than enough to fool many users. The first campaign relies on some basic social engineering to prompt the user to do something. The subject lines vary a bit, but fundamentally they are called to action like: "Action Required: (user's email address) information is outdated - Re-validate now!" The body of the email reinforces this point and helpfully contains a link to help you on your way to re-validating your account. Clicking on the link doesn't raise suspicion because the landing page is a carbon copy of the Outlook Web App that's complete with a box that allows you to "validate" your password. Of course, what you're actually doing is giving your email password to the hackers, who then have unfettered access to your inbox and contact list. The second campaign is the weaker of the two, although it's set up much the same way. The subject line indicates that you need to take action to re-validate your Facebook Workplace service account, but when you click the link, you're actually taken to a clone of Microsoft's landing page. This was no doubt a mix-up on the part of the hackers and will be addressed in short order. In any case, it pays to make sure your employees are aware of both of these, so they don't inadvertently wind up handing over the keys to their digital kingdom.
Iconic Software Adobe Shockwave Unavailable After April - March 25, 2019
It's the end of an era. Way back in 1995, a company called Macromedia released the iconic Shockwave player, which quickly became a mainstay on Windows-based machines. A decade later, Adobe purchased Macromedia, taking ownership of the Shockwave player and the company's other products (like Flash), both of which continued under the Adobe brand. Time has not been kind to the technology. Not only has the company struggled to keep them secure, but the web itself has moved on. While Flash and Shockwave were once instrumental to cutting edge web development, today's developers have migrated to WebGL and HTML5, leaving these products with a withering market share. Although there's not much current demand for the products, there are a surprising number of legacy websites that still rely on the aging tech. That's why Adobe's recent end of life announcement for Shockwave is sending ripples of panic through the internet. Adobe has begun sending out emails to their customers bearing the subject line "Adobe Shockwave Product Announcement" in a bid to give webmasters whose sites are built around the tech time to shift gears. The Shockwave Player will officially be retired as of April 8th, 2019, about a year before another iconic Adobe product called Flash Player is slated to retire. According to the official announcement, business owners with existing Shockwave Enterprise licenses will continue to receive product support until the end of their current contract. There will be no renewals. All that to say, the clock is ticking. If redesigning your company's website to migrate away from Shockwave and Flash is something you've had on the backburner for a while, it's time to move it to the front of the queue. Be sure your IT and web development staff are aware, and plan accordingly. The end is nigh.
Faster USB Standard Is Coming But There Are Complications - March 23, 2019
If you have a need for speed, you'll be thrilled to know that USB 3.2 is on its way. It offers incredible transfer speeds up to 20GB per second, but there's a catch that could throw a wrench into the works, or at least make things more complicated. At the most recent Mobile World Congress, it was announced that the new USB 3.2 specification will encompass both USB 3.0 and USB 3.1, which creates three different tiers of speed. The three speeds include: USB 3.2 Gen 1 will bear the moniker 'SuperSpeed USB' and will have transfer speeds of up to 5Gbps USB 3.2 Gen two will be called 'SuperSpeed USB 10Gbps, and as its name indicates, will offer transfer speeds that are twice that of the Gen 1 product USB Gen 2x2 will be marketed as 'SuperSpeed USB 20Gbps, with the promised 20Gbps transfer speeds Of particular interest is the SuperSpeed USB 20Gbps product, marketed as 2x2. It's able to provide its impressive transfer rate because it utilizes "two lanes" of 10Gbps data transfer, but only when utilizing Type-C cables. Fortunately, although Type-C cables got off to a bit of a rocky start, those issues are now a thing of the past. USB-IF is encouraging device manufacturers to copy their SuperSpeed nomenclature in an attempt to minimize end-user confusion. Despite it being a bit more complicated than is necessary, this is very good news. Transfer speeds have long been something of a bottleneck, and the new tech (USB 3.2 SuperSpeed Gen 2x2) is a welcome addition to the ecosystem. Look for it to start being available later this year. For the time being, there's nothing to be done, except perhaps to make sure you've got a little extra money in the budget to spring for the new tech when it becomes available.
Bots Are Attacking Retail Sites On A Large Scale - March 22, 2019
If you own a retail business, an attack known as "credential stuffing" is the latest online threat to be concerned about. If you're not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit. In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made. One of the web's largest retail sites suffered over 115 million bot-driven login attempts in a single day. A spokesman for Akamai had this to say about the report: "The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once. A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand. They'll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers." In most cases, the damage caused by credential stuffing attacks is limited. Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network. Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server. Even in cases where your business isn't directly impacted, an attack on your customers' accounts is still an attack on you. Unfortunately, with so many stolen credentials available on the Dark Web, it's a notoriously difficult problem to come to grips with. The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.
Progressive Web App Office Software Coming To Windows 10 - March 21, 2019
Microsoft has recently announced a new addition, coming soon to the Microsoft Store. A free Office progressive web app (PWA), which is slated to replace the My Office app that comes pre-installed on Windows devices. The new app is functionally similar to the Office App you're currently using, but it brings some exciting new features into play that users and IT managers alike will love. In addition to being a central window giving you a birds' eye view of your recent documents, contacts, and various Office files (Word, Excel, PowerPoint, Outlook), it also serves as a bridge between working offline and working online with Windows 10. Users will be able to access Office apps installed locally on their devices, as well as web apps. They will also have a view into locally stored files as well as files stored on the cloud, which in the Microsoft ecosystem, generally means SharePoint and OneDrive. In addition to that, because it's a Progressive Web App, it can work offline as well and be pinned to the taskbar, just as you can do with a native Windows App. The only catch is that you'll need to be running the 1803 version of Windows 10 (or later versions) to make use of the new capabilities. Although individual users will no doubt find a lot to be excited about, the company's own statements make it clear that they've designed it with IT managers specifically in mind. That is, given that it will allow managers to customize the Office app with company branding and allow users to access a variety of third-party apps through the lens of the Office app. In tandem with this announcement, Aaron Gustafson (from the Microsoft Edge browser development team) also announced that the next version of Edge will be built around Chromium and will allow users to install PWA's from the browser itself. That build brings Edge back to par with both Google Chrome and Mozilla's Firefox. These are all excellent moves, and we can't wait to start playing with the new app. Kudos to Microsoft.
Google Security Device Had A Microphone Nobody Knew About - March 20, 2019
Google has found itself in hot water for something they claim to be an honest mistake and oversight. Owners of the company's popular Nest Guard (the centerpiece to their Nest Secure home alarm system) have recently discovered a microphone hidden in the guts of the device. The microphone wasn't mentioned in the product's specification sheet, which has creeped out consumer groups around the country and the world. Google claims that their intention from the beginning was to incorporate Google Assistant functionality into the design. This of course would necessitate the presence of a microphone, making their failure to mention it nothing more than an oversight. Unfortunately, consumer groups don't seem to be finding that explanation convincing, which explains the push back the company is suddenly getting. To be fair, Google Assistant functionality would be a superb addition to Nest Secure, but people should be aware of what precisely they're getting when they open their wallets and buy a new product. Especially given the fact that there have been a number of high-profile instances where data captured by microphones embedded in a variety of consumer products has already been mishandled and misused. It ultimately doesn't matter how many people would or wouldn't have made the purchase had they known about the presence of the microphone. The central issue is that they purchased a product without realizing it could be used to record them. These days, privacy concerns are increasingly on everyone's mind and with good reason. Every day, what remains of our privacy seems increasingly under attack. Innocent oversight or not, this was an unnecessary invasion of that privacy, and advocacy groups are justified in calling the company out for it. If you don't yet own a Nest Secure, but have been considering buying one, be aware. There's a microphone embedded in it.
New Malware Is Coming Through Messaging Apps - March 19, 2019
As if your stressed IT staff didn't have enough to deal with, there's a new threat to be on the lookout for. Researchers at the antivirus company Avast have discovered a new strain of malware that can spread by way of Skype and Facebook Messenger spam messages. The malware, called "Rietspoof" is described as a multi-stage malware strain. It was first discovered back in August of last year, and until recently, didn't raise any eyebrows because it was seldom used. That has now changed. There's been a notable uptick in the number of instances of Rietspoof detected on the web. As malware goes, Rietspoof by itself isn't all that threatening. Its goal is merely to infect as many devices as possible, serving as a bridge between an infected device and a command and control server that allows other strains of malware to be systematically injected onto infected systems. Rietspoof accomplishes this goal by placing a shortcut (LNK file) in the Windows Startup Folder. This is one of the critical folders that Avast and other major antivirus programs monitor rigorously. However, Rietspoof has managed to slip through the cracks, bypassing security checks because it is signed with legitimate certificates. The malware's infection cycle consists of four discrete steps. Three of them are dedicated to establishing a Rietspoof beachhead on a target system, and the fourth is reserved for the downloading of more intrusive and destructive malware strains. According to the research team that discovered it, since they first began tracking the malware, it has undergone a number of incremental changes. That lead them to the conclusion that Rietspoof is a work in progress and currently undergoing testing and further development. Although it may have limited functionality now, that could very easily change as the hackers behind the code continue to modify it. Be sure your IT staff is aware, and stay vigilant!
Malware Stealing Usernames And Passwords At Alarming Rates - March 18, 2019
Much discussion has been had about the fact that hackers are becoming increasingly sophisticated, and their methods ever-increasing in their complexity. While that's certainly true, more complex isn't always better. Take, for example, the malware called Separ, which is a credential-siphoning bit of code, first detected in late 2017. Separ has benefitted from ongoing development by the hackers controlling it, but what sets it apart from other malware strains is that it's almost deceptively simple, and that simplicity is a big part of its success. The program is surprisingly good at evading detection, thanks to clever use of a combination of short scripts and legitimate executable files that are commonly used for completely benign purposes. This allows them to blend in and be utterly overlooked by most detection routines. The most recent iteration of the software is embedded in a PDF. When an unsuspecting user clicks to open the file, Separ runs a chain of other apps and file types commonly used by System Admins. The initial double click runs a simple Visual Basic Script (VBS), which in turn, executes a batch script. The batch script sets up several directories and copies files to them. Then it launches a second batch script, which opens a decoy image to high command windows, lowers firewall protections, and saves the changes to an 'ipconfig' file. Then, it gets down to its real work, again, relying on completely legitimate executables to collect passwords and move them to the hackers' command and control server. According to Guy Propper, (the team lead of Deep Instinct's Threat Intelligence group): "Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective. The use of scripts and legitimate binaries, in a 'living off the land' scenario, means the attacker successfully evades detection, despite the simplicity of the attack." Be sure your IT staff aware. It's not always the most complex forms of malware that can get you.
Apple Developers Will Make Apps Usable On All Devices - March 16, 2019
Apple recently announced an important strategic change in direction that's great news for developers. In their next SDK release, developers will be able to build a single app that will work on every iPhone, iPad, and Mac the company makes. The benefits to developers are obvious, with the biggest being a general reduction of development time. There will be no need to make three different variants of an app to cover the entire Apple ecosystem. It will also mean more potential customers if a development group has been focused on only one segment of that ecosystem. The change will also give Apple a powerful advantage in that eventually, the company will be able to merge the Mac App Store and the App Store for iOS. That will reduce their digital footprint and make managing their vast holdings easier. In addition to that, it will streamline the approval process, allowing developers to submit a single binary for all Apple devices. According to a statement recently published by the company, the new development kit could be pushed out by as early as June, which is generating a tremendous amount of excitement in the Apple development community. Obviously, consumers will see a big win here as well. Once the changes are complete and the two app stores are merged, there will be a single official hub where Apple users can get all their favorite Apps. They won't even have to worry about cross-device compatibility, which will improve the overall user experience. The bottom line is that it will make things easier for developers, make managing the process easier for Apple, simplify things, and improve the user experience for the legions of end users in Apple's ecosystem. Kudos to the company for making the move. Exciting changes are ahead!
Another Point Of Sale Data Breach Hits Retailers - March 15, 2019
Another week, another data breach. This time, the target of the breach was North Country Business Products (NCBP), a company that makes point of sale (POS) terminals for businesses. Although NCBP was the target, they weren't the ultimate victims of the breach. Hackers infiltrated NCBP's network and installed malware onto the company's POS terminals. These were then sold to businesses around the country. In all, according to the latest information published by NCBP about the incident, a total of 139 business locations received these poisoned POS terminals. This allowed hackers to gain control of any payment information processed through those terminals. In all, NCBP POS systems are installed in more than 6500 locations nationwide, meaning the scope and scale of this breach was approximately 2 percent of the company's installed terminal base. So far, North Country's handling of the incident has been admirable. The breach occurred on January 3rd, 2019. The company discovered it on January 30th, but noted that the attackers ceased all activity on January 24th when they began detecting investigators probing for their presence. NCBP has informed law enforcement, enlisted the aid of a third-party forensic investigator, and have published a list of all infected POS terminals on their website. All of the invested terminals are bars, coffee shops, or restaurants, with an even mix of standalone businesses and franchises. The investigation into the matter is still ongoing. As yet, NCBP and the agencies assisting them have not determined exactly what the impact is or has been for each of the affected businesses. All that to say, if you own an NCBP POS device, be sure to head to the company's website to find out if your business is on the list of impacted customers. If so, you may have already been contacted by the company.
Safari On Mac Now Vulnerable To Browser History Theft - March 14, 2019
There's a new macOS security flaw you and your staff need to be aware of. It was discovered by Jeff Johnson, the developer of the Underpass app for both Mac and iOS, and the StopTheMaddness Safari browser extension. Fortunately, the new flaw is not one that can be exploited remotely. Users would have to be tricked into installing a malicious app via social engineering or other tricks. On the other hand, the flaw is critical and impacts all known macOS Mojave versions. Mr. Johnson had this to say about the matter: "On Mojave, certain folders have restricted access that is forbidden by default. For example, ~/Library/Safari. In the Terminal app, you can't even list the contents of the folder. However, I've discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user. There are no permission dialogs. It Just Works. In this way, a malware app could secretly violate a user's privacy by examining their web browser history." Johnson reached out to Apple privately and shared the full details of the flaw, but refused to provide more details than the above to the general public, saying that since the issue has yet to be patched, he does not want to put macOS users at risk. Although Apple has formally acknowledged his report, the company has to this point provided no information on some things. This includes what level of importance they're giving a fix for the issue, and what their time frame might be in terms of issuing a fix. It's a serious issue, no doubt, but there's a lack of public details about it. The fact that it can't be executed remotely suggests it's not as big a threat as it could be. Even so, be mindful of it until Apple issues a fix.
Right Clicking In Gmail Will Unveil Its New Features - March 13, 2019
When is a right click more than just a right click? When Google reveals its latest changes to Gmail, of course! The tech giant has recently announced that they're going to be overhauling Gmail's right click menu options. This will enhance its value by adding more and better functionality, with an eye toward improving the overall user experience. The current right click menu offers the following functionality: Move to Tab. Archive. Mark as Read. Delete. The coming changes will expand to include: Search options. Reply and Forward functionality. Snooze. Mark as Unread. Movement Options. Labeling. The option to open an email in a new tab. You won't have to take any action to gain the benefits of these new features. The pending update will make them available to all Gmail users automatically. In terms of a time frame, Rapid Release domains will begin receiving the update on February 11th 2019 although it can take up to fifteen days for the new features to become visible.
Email Provider VFEmail Had All Data Destroyed By Attacker - March 12, 2019
Do you use VFEmail? If so, we've got bad news for you. Hackers have successfully attacked the system and wiped all data from all of its servers in the US. All data on those servers has been lost. That means every email you had in your inbox and everything you had archived is gone. According to a company spokesman, "At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost. Every backup server is lost. "The hackers made no attempt to lock files and ransom them. They simply went in and destroyed, opting for maximum damage, and they succeeded. Although attempts are being made to restore the data, the outlook isn't good. Odds are overwhelmingly against anyone ever getting so much as a single email back. Even if some data is ultimately recovered, users should not expect to get more than a fraction of their data back. At this point, the company's website is up and running again, but all of its secondary domains are down. These include: Toothandmail.com. Powdermail.com. Openmail.cc. Offensivelytolerant.com. Metadatamitigator.com. Manlymail.net. Clovermail.net. Mail-on.us. Chewiemail.com. When you log onto your VFEmail account, you'll be greeted with an empty inbox. This isn't the first time that VFEmail has come into the crosshairs of a hacking group. In late 2015 a group called the Armada Collective targeted VFE and others with a massive DDoS attack, demanding ransom payments to halt the attack. Unfortunately, this time, the hackers weren't interested in taking prisoners or making money. Sadly, this isn't the first time a company has been brought to almost complete destruction. In 2014, a company called Code Spaces was forced to close its doors when hackers breached their system and did the same thing. If it can happen to Code Spaces and VFEmail, it can happen to your company too. Beware.
Photo Site 500PX Hit With Data Breach Recently - March 11, 2019
Do you use the photography network 500PX? If so, be advised that it has been breached by hackers. If you were a 500PX user on or before July 5, 2018, you are among the impacted users. The company discovered evidence of the breach on February 8th, and overall, to this point, their handling of the issue has been admirable. They promptly contacted and are presently working with both law enforcement and a third-party security firm. They have alerted all impacted users of the incident. By this point, you should have already received some type of communication from the company. According to the official statement put out by 500PX, when the hackers gained access, they were able to glean at least some, (and possibly all) information contained in the user's profile. This information includes user name, password, location, any biographical information you may have entered, your education, and your photo (if you've included one in your profile). The company took the step of force-resetting all user passwords, including those they do not believe to have been impacted by the breach. So the next time you log in, don't let that take you by surprise. It should go without saying, but if you're still using the same password across multiple web properties, it's a practice you need to stop immediately. If you've used the same password you use on 500PX on some other site, be sure to change it as well. Don't give the hackers an easy way to cause you further harm. Unfortunately, those are all the details we have about the breach currently. Although the company has promised to keep everyone updated as their investigation into the matter continues and as further details come to light. In the immediacy, the most important next step is to log in and reset your password.
New Linux Security Flaw Could Give Hackers Full System Access - March 9, 2019
Linux users, beware of the security flaw known as "Dirty Sock" and identified as CVE-2019-7304. This critical security flaw was discovered by security researcher Chris Moberly, who disclosed the details to the makers of the Ubuntu distribution last month. The flaw resides in the REST API for the Snapd service. That is a universal Linux packaging system responsible for making applications compatible with Linux across multiple distributions, and with no modifications to the executable necessary. Unfortunately, that means that Ubuntu isn't the only build impacted by the flaw. Literally every flavor of Linux is at risk. Moberly had this to say about the issue: "Snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. "If there's a silver lining to be found in Moberly's discovery, it is the fact that the nature of the issue prevents a hacker from exploiting it remotely. They'd have to have physical access to the machine or somehow trick the user into doing something that would trigger a program to escalate privileges on behalf of the hackers. Even so, the fact that the exploit can be used to gain total access and control to a target system means it's not something that can be ignored. The good news is that Canonical, the makers of Ubuntu, have moved quickly and have already issued an update that addresses this flaw, with other major Linux distributions having followed suit. Regardless of what build you're using, a fix is likely already available. So if it's been a while since you updated, now would be an excellent time to do so. Better to be safe than sorry.
Hackers Find Ways To Run Malware EXE Files On MacOS - March 8, 2019
In 2015, macOS Security Expert Patrick Wardle reported an almost shockingly simple method hackers could employ to get around the Mac Gatekeeper system, which is the first line of defense against malware. He simply bundled two executable files: One signed and one not signed. Apple promptly fixed this weakness when Wardle reported it, but the hackers did not stop looking for new ways to infect Mac systems. Recently, researchers at Trend Micro discovered an app on a popular Torrent site that was promised to install a macOS program called Little Snitch, which is a firewall app. Lurking inside the package, however, was an EXE file that could deliver a hidden payload. A spokesman at Trend had the following to say about the discovery: "We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design. We think that the cyber-criminals are studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cyber-criminals can use this information and routine." Normally, a Windows executable file can't and won't run on a Mac. The hackers have worked around this by bundling the EXE with a free framework called Mono. Trend's research team went onto say: "Currently, running an EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a Mono framework installed in the system is required to compile or load executables and libraries. In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS' security features. As for the native library differences between Windows and MacOS, Mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts." Long story short, Mac users have a new potential threat to worry about. Stay vigilant.
Hackers Hit Dunkin Donuts Accounts For The Second Time - March 7, 2019
America might run on Dunkin', but the company has just taken another big hit. For the second time in recent months, hackers have gained access to an unknown number of DD Perks user accounts. What makes this issue even worse is the fact that the hackers were able to breach the system in exactly the same way they did three months ago. They used a technique known as Credential Stuffing. It's not a sophisticated form of attack, but it is surprisingly effective. Basically, hackers will take combinations of user names and passwords gleaned from other data breaches and try them to see if any work on other sites. It's effective, because to this day, a shocking percentage of people use the same password across multiple web properties. That's even if their user names vary slightly. Unfortunately, when a hacker gains access to a DD Perks account, he or she can see all the details of that user's profile, which include the user's first name, last name, email address, and their DD Perks account code. While that's not enough on its own to steal someone's identity, the information certainly has value on the Dark Web, and is probably being sold there as you're reading these words. Of course, it also allows the hackers, or anyone who buys the account information, to start using the victim's hard-earned DD Perks points, getting freebies for themselves and denying them to the rightful account holder. A Dunkin' Donuts spokesman had this to say about the matter: "Dunkin' continues to work aggressively in combatting credential stuffing attacks, which have become increasingly prevalent across the retail industry given the massive volume of stolen credentials now widely available online." The spokesman reiterated that this was not a breach of the company's system, but of course, that's small consolation to those who have had their accounts compromised.
GPS Devices Could See Some Issues on April 6th - March 6, 2019
If you're like most people, the GPS function on your smartphone has become the one feature you use and value more than any other. Few people these days can even remember what life was like before the ascendency of GPS. Paper maps? Written directions? Those things seem as archaic in today's world as a stone axe. Unfortunately, your trusty GPS may go dark, malfunction, or experience difficulty starting on April 6th of this year (2019). The reasons are complicated, but in a nutshell, it amounts to GPS having the same kind of issue that some computers faced during the Y2K incident. The system encodes the week number in a 10-bit field, which allows the week to be assigned a number ranging from 0 to 1023. On week 1024, the system will revert back to week 0 and start again. On the week of April 6th, that's exactly what's going to happen. It should be noted that most modern GPS receivers won't be impacted by this, but there is a possibility that some older technology will interpret the rollover as the date suddenly shifting back to January 6th, 1980, or to some other incorrect date. If and where that occurs, problems will begin to manifest. In addition to the fact that impacted GPS systems will begin to report the incorrect date, but they'll also begin to report incorrect locations. This is because accurate timing is a critical component to determining precise location. If the timing is off by so much as a nanosecond, it can change your location data by about a foot. Now imagine what the timing being off by several decades would do! All that to say, if you rely heavily on your GPS, and you're using older technology, be prepared for potential problems beginning the week of April 6th, 2019.
Apple Struggles To Prepare Their Paid News Service - March 5, 2019
Apple CEO Tim Cook has been busy. Knowing that his company has little chance of dramatically increasing their market share in an increasingly saturated field for handheld devices, they've shifted gears. They are building a raft of new features and premium services into the Apple Store to make the product's ecosystem even more vibrant than it already is. Among the new services on deck is a premium news aggregation service, described as a "Netflix for News" which will allow subscribers to access unlimited content from all content providers feeding into the service. The new service is slated to be rolled out next month, but there have been some problems. At the core, the issue is that the prospective content providers are balking at Apple's terms. The company is demanding a staggering 50 percent of the revenue generated via subscriptions, with the remainder to be divided among the content providers (based on how much of each company's content is accessed and how long users stay engaged). On top of that, the company is refusing to share its customer data with publishers, which they're understandably eager to get access to. It's a valid criticism. Although Apple has been in talks with heavy hitters such as the Washington Post, The Wall Street Journal, the New York Times and many others, they've yet to attract enough takers for the service to reach critical mass. That leaves the future of the service very much in doubt, even before it launches. Apple certainly has a right to reap significant benefits from the creation of the news aggregation service. If they're not willing to bend somewhere, either on fees or on access to user data, they're going to wind up sabotaging their own service. Mr. Cook is obviously smart enough to realize this, so we expect that soon, the company will soften their terms and share more of the wealth. Netflix for News is very likely to become a reality in the near future. Used with permission from Article Aggregator.
Average Ransomware Attack Payments Total $6,700 Per Incident - March 4, 2019
How much does a successful ransomware attack cost a victim on average? The numbers will terrify you. Based on the latest statistics compiled by Coveware, each incident of a compromised computer costs a whopping $6, 733, which is a hefty 13 percent increase from just one quarter ago. Part of the increase stems from the fact that some strains known for demanding higher than average payments are seeing increased use. Among these are the SamSam and Ryuk families of ransomware. Another reason driving the increase is the fact that after the initial wave, hackers apparently compile statistics, enabling them to zero in on companies that are relatively easier to breach and more willing to pay. Put the two together, and they've got a virtually guaranteed, high profit, low risk enterprise. Bill Siegel, the CEO of Coveware explains that his company's Q4 data set is derived from 226 different ransomware attacks that were reported to and triaged by the company. He warns that companies that choose to pay the ransom aren't guaranteed to receive an unlock key that will decrypt their files and give them their files back. There's more than a little risk involved in giving the hackers what they're demanding. Unfortunately, many companies don't have robust backup routines, and if they don't pay, their files are lost forever. That's an awful position for any company to be in, but fortunately, there's a simple fix for that. With the number of ransomware attacks expected to continue to increase this year, if you don't already have a robust system of backups in place, it's well past time to make sure that you do. Afterall, $6, 733 per incident adds up quickly, and it's a punishing price to pay indeed. It is much more expensive than a rock-solid system of backups. The choice is obvious.
Software Similar to MS Office May Include Hacking Vulnerabilities - March 2, 2019
A small but growing number of people have been making the switch to MS Office clones like Apache's OpenOffice and LibreOffice. The thinking is that they can get the same core functionality but avoid many (if not most of) the costs, bugs, flaws and weaknesses that have plagued Microsoft's offering. This situation is often seen as low-hanging fruit by hackers around the world, given its enormous user base. Unfortunately, that strategy has its limits. Given the vast similarities in functionality all of these programs share, they're bound to have similar code in many areas. This is, in fact, what security researchers are discovering. Recently an independent Austrian researcher named Alex Infuhr discovered a vulnerability in both of the aforementioned programs that allowed attackers to co-opt the programs, via something called path transversal. That allows code to move beyond its current directory and into some other. This can be accomplished by sending poisoned files to an unsuspecting user. The only interaction that was required was for the target to hover their mouse over an invisible link, which is incredibly easy to do. Once word got out, another researcher, John Lambert, provided additional proof of concept samples of the same flaw. LibreOffice moved quickly to patch the bug, but so far, Apache's OpenOffice remains vulnerable. The bottom line here is this: If you're using an Office clone thinking that you might avoid many of the hacks used against MS Office, you're probably not as safe as you imagine yourself to be. Worse, the people in charge of the code bases of those clones may not respond to threats as quickly or as decisively as Microsoft does. That's not to say you should discontinue use of MS Office alternatives if you've already got them installed across your network. Just be mindful of the fact that they're just as vulnerable as Microsoft's solution.
Should I Shutdown My Computer Every Night? - December 7, 2018
Are you like me, where this question is routinely hanging out in the back of your mind every time you're jumping on or off your computer? I finally broke down and Googled it. For the most part, the internet seems united in its conclusion, but I thought I would also provide some additional insight on the issue itself. Enjoy! So, First Things First — What's the Problem Here? Well, we all know that pulling the power to a computer abruptly (via the wall outlet), without shutting down properly, could do damage. But the questions here are: A) "Is my computer at risk from routine shutdowns and startups?" B) "How do routine shutdowns and startups compare to just leaving the computer on all the time (important clarification: SLEEP MODE) ?" The Experts Say Apparently, it depends on how often you use it. If you use your computer multiple times per day, it's best to leave it on. However, if you use it for short periods of time (under a few hours), and once a day, then you should turn it off. And then the risks of course are greater the older your computer is. And a handful of other caveats like traditional hard disk drives vs. solid state drives, etc. etc. Advantages of the Shutdown While your computer still draws a little bit of power when shutdown (unless it's unplugged from the wall), it still remains a better energy-saving option than putting it to sleep. Sleep mode draws more power (most noticeably with the RAM), which means an increase in electricity usage. I know that's less about the computer than it is electricity, but it's a con nonetheless. Shutdowns also allow for the greatness of the reboot. These can be great ways for an operating system to clean itself out. These cleanings can take care of bugs, leaked memory, and unused network connections. Not to mention, if you have your computer set to auto-update, a shutdown is good for those installs that you always put off (is that just me?). Also, random power surges can damage your computer when powered on or in sleep mode. And we're talking file corruption, data loss, you name it. I know those surges are rare, but shutting down certainly lowers the odds of vulnerability. Advantages of Sleep Mode First and foremost, the ability to move your mouse around to wake it up and get to work is outstanding. It makes life so much easier. Waiting for your computer to boot up when you have stuff to do is such a beating. Background maintenance is also a plus. Your computer likes to run things like virus scans, disk cleanup, and system backups, particularly during evening hours while your computer is asleep. Unless you schedule these tasks to be done during daytime hours, shutting off your computer may interfere with these necessary programs, which may leave your computer more open to malware. In the End… It depends. It depends on your use. From what I've read, both are acceptable. Obviously shutting down cuts down on electricity, but as for your computer itself, both work. Computers today are built to withstand mode changes. Now of course, every once and awhile, you should shut down for the reasons mentioned above, and you shouldn't shutdown constantly like it's an ON/OFF switch, but if you're using your computer once a day and in small doses, shutting down is probably the way to do it. If you're always on it, just let it nap and it'll be fine.
Well-Known Tech Support Scam Traced to India - November 29, 2018
I think we've all seen those virus alerts to some degree or another that pop-up on our desktops telling us that we've been infected. They'll typically pretend to be from legitimate companies like Symantec or Microsoft (in some cases, even using a fake Microsoft logo to establish credibility), and they always want you to call a fake number — which leads to paying money for a fake service. I'd like to believe that anyone reading this blog is someone who can detect this kind of scam, but regardless, whether you've fallen for this in the past or not, new information on the source of this costly annoyance appears to have come to light. And it takes us all the way to India, thanks to The New York Times. The article begins by telling us that 1 out of 5 people who receive such alerts tend to contact the fake tech support centers, while 6% of users in general actually pay for the fake services – which is crazy in and of itself. Nothing about those alerts look legitimate, but hey, there are A LOT of people on this planet… The meat of the piece points to Microsoft and how they helped police trace who was behind these large-scale operations. Apparently, these scammers have their roots in New Delhi, the capital of India, which is also the epicenter of call centers in general. According to the software giant, more than 11,000 calls per month about fake security warnings were being received. And many people as a result, lost significant sums of money to the fraud. On Tuesday and Wednesday, police from two New Delhi suburbs raided 16 fake call centers and arrested more than 50 in connection with the scam. The Scam: Fixing the non-existent virus could involve calling a tech support center, where an operator would talk a victim through a fake fix and then charge them for the work. In other cases, the bogus tech support team would call their targets themselves and pretend to be a Microsoft employee, bringing to their attention a virus or false claim that his or her system could have been hacked. Eventually, they ask for anywhere from $99 to $1,000 to fix the problem that doesn't exist in reality. Courtney Gregoire, an assistant general counsel in Microsoft's digital crimes unit, perhaps said it best when she was quoted as saying, "This is an organized crime." No doubt. The scam is incredibly lucrative according to researchers at Stony Brook University. They published a detailed study of fake tech support services last year that estimated just a single pop-up campaign, spread over 142 web domains, could bring in nearly $10 million in just 2 months. Microsoft said it was working with other tech industry leaders such as Apple and Google, as well as law enforcement, to fight the digital epidemic, which is migrating beyond the English-speaking world to target other users in their local languages.
Holiday Shopping Scams! Look Out! - November 27, 2018
How was your Thanksgiving? Great, we hope! How about Black Friday? Cyber Monday? Are you in to those type of things? Personally, I typically avoid these shopping rushes in general, but there's no question they're incredibly popular and overwhelmingly successful. So if you do participate – heck, even if you simply plan on shopping at all online this holiday season (like 100% of us do), you have to beware: scammers want in on that holiday gift budget. Shoppers are expected to spend roughly 4.1% more this holiday season than in 2017, which equates to around $720.89 billion, according to the National Retail Federation. Good. Night. Can you imagine the criminal element's attraction to a number like that? Last year, according to Payments Next, online fraud attempts increased by 22% between Thanksgiving and New Year's Eve. Between Thanksgiving and Cyber Monday alone, malware infections jumped 123%, according to data released by Enigma Software Group. Here are some of the seasonal scams the Better Business Bureau (BBB) is warning consumers to watch out for, and how to fraud-proof your holiday shopping… Red Flags: Just as you wouldn't want to buy a designer watch from a guy in some dark and creepy alleyway, you don't want to buy anything online from a seller you haven't fully investigated. One place to start is by searching the BBB's online directory, which can tell you if the business is accredited, and whether or not the BBB has received complaints. Truth be told, you should probably check to see if they're even in the database. Because if not, well, that's a concern. You can also do a general Google search which will pull up a lot of information about that company and their website. In addition to checking the Better Business Bureau listings, the Federal Trade Commission says to make certain the website includes a physical address and a phone number, and verify them. That way you have a place to contact should things go wrong. Fake Shipping Notices: This year the BBB is also warning of fake email delivery notices that say you have a package on its way. It's probably common sense that an actual delivery company isn't going to email you about a package, right? How would they have your email address? But I suppose you can't be too careful during the time of year where you're conducting online orders left and right. Amazon emails begin to run together and suddenly an email claiming to be from a delivery service doesn't seem all that strange… But you have to keep your head on a swivel. DO NOT click on any links. It's most likely malware, or at the very least, going to ask you for personal information like credit card numbers or addresses. Before you know it, you've just participated in the theft of your own identity. Legitimate carriers will never ask you for personal information through email. Santa's Phishing: Several trusted companies offer charming and personalized letters from Santa, but scammers mimic them to get personal information from unsuspecting parents. Check with the BBB to find out which ones are legitimate. The big risk here isn't that your kid won't hear from Santa, but that you're providing key details to a phisher who will use it to perpetuate other fraud or identity theft. Charity Scams: Did you also know that scams come with philanthropy? The holidays are a wonderful time to support your favorite causes, but to ensure that your funds go where you desire, you've got to make sure the group is legit. According to nonprofit rating site Charity Navigator, roughly 40% of all charitable donations are made in the last few weeks of the year. So, you better believe scams pop up in the form of donation solicitations via email, social media and text. Common charity scams include look-alike sites or imposter websites, phony emails that are "phishing" for personal information or giving a check or cash to an individual as opposed to an organization. The BBB's Give.org is a great resource to research legitimacy.
IT Support: Hire In-House or Outsource? - November 21, 2018
Small business owners face an important question when it comes to IT support: should I hire an in-house IT employee or work with a vendor? We recently looked at reasons why companies should outsource their IT. Check out this infographic to break it down further. IT Support questions to ask when deciding between Full-Time Employee and Managed IT Department (MID): What is the cost for one full-time employee vs. going with a Managed IT Department? What do you get for what you're paying? What is additional? What are the advantages and challenges of both sides? What's the best choice for your business?
5 Reasons Why Your Company Should Outsource its IT Support - November 13, 2018
Companies commonly outsource its accounting and bookkeeping duties, customer service, and HR management… so why should technical support be any different? It shouldn't. Outsourcing provides a lot of benefits, especially to small businesses with limited resources. Plus, good IT support teams are especially hard for companies to build and maintain. Here are 5 reasons as to why outsourcing is a good business move: 1. Reduces Costs: Reducing labor and equipment costs is one of the major reasons why companies outsource IT services. Employing a company to do the work for you is cheaper than hiring a whole IT staff. The employees' initial training to get them onboarded, plus the regular training to ensure their knowledge is up-to-date, add to the cost as well. Buying all the equipment you need for a functional IT department and maintaining the system also costs a lot of money. Removing these factors and paying a fixed cost contract will help you manage your annual operating costs more easily. And If your operating cost is high, you will likely pass it on to customers by raising your product prices. This makes you lose your competitive edge. 2. Provides Support 24/7: If your business is one that needs to be open to customer calls 24 hours a day, that's one of the reasons to outsource. Instead of getting another IT staff, which will only cost you more, solely for answering calls outside of your normal working hours, outsourcing to a company will guarantee that someone is always available to help your customers. A 24/7 team will also allow you to recognize flaws and bugs even before they affect your infrastructure and business. 3. Adjusts According to Demand: When the demand suddenly increases, and more calls start coming in, what do you do if you have a permanent staff? Hiring temporary employees poses a lot of issues. You don't know when the demand decreases, which will force you to terminate them immediately. You're also not sure of the technical skills and personality if you're in a rush to get someone onboarded. Meanwhile, an IT company can easily scale up or down depending on your needs because of their access to vast resources. 4. Gives Access to Cutting-Edge Technologies and Industry Experts: Security of your data and your customers' data is paramount. That's why Facebook is in a lot of heat nowadays — its platform is vulnerable to third-party entities mishandling the users' data. Even large companies are susceptible to attacks, with hackers successfully gaining access to JP Morgan's 76 million households plus 7 million small businesses in 2014. To keep your data safe and secure, however, you must have the newest technologies and the knowledge of industry experts. You and your staff must be up-to-date with the industry standards, which might be hard to do if you're a small-time player. Outsourcing solves this problem. It's their job to get cutting-edge technologies and train their employees regularly so you don't have to do it. Getting access to these will also ensure that your systems are working smoothly. 5. Allows You to Focus on Your Business: When you no longer have to worry about the security and integrity of your system, it allows you to focus on what you need to do in order to grow your business. Your employees, without network interruptions and possibly the added IT responsibilities, will also be able to perform with their best for the company. You can focus on improving your products and services while the outsourced IT team deals with the technical issues so you and your staff can keep on working without worry.
Your Company's Data was Hacked – Are You Legally Responsible? - November 7, 2018
So, who should be held responsible when a company's data system gets breached? Historically, the CIO, the CISO, or both have shouldered the lion's share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don't happen in vacuums, and CIOs and CISOs don't operate in them, either. Many CIOs report directly to the CEO, and some security experts feel that CISOs should be elevated to the same reporting level. Whatever an organization's reporting structure, the bottom line is the same: the responsibility for everything that happens within the organization, positive or negative, ultimately falls on the CEO and the board of directors. This includes data breach responsibility. This has been reflected in the numerous CEO firings (or resignations) that have followed bad breaches over the past few years, including those at Target, Sony Pictures, and the Democratic National Committee. Apparently, Yahoo didn't get the memo about this a couple of years ago. After years of poor cybersecurity practices caught up with them, resulting in multiple breaches affecting over a billion user accounts, putting its acquisition by Verizon into question, and making the Yahoo brand name synonymous with the phrase "data breach," the company decided to fire its General Counsel, Ron Bell. Shockingly, CEO Marissa Mayer remained in place, albeit with a pay cut (she then went on to leave Yahoo after the Verizon acquisition, however, but it was of her own choosing). In Yahoo's case, the CISO and the rest of the security staff couldn't be fired. Fearing that a major security incident would eventually happen, they'd already run for the hills. The New York Times reported that former CISO Alex Stamos and his team had spent years warning Mayer of potential security issues, but Mayer insisted on putting "the user experience" ahead of cybersecurity and even cut the team's budget. Preventing Breaches Is Everyone's Responsibility: Cybersecurity isn't just an IT issue. It impacts every individual and department in an organization — from the board of directors all the way down to minimum-wage clerical and retail employees. The overwhelming majority of data breaches originate inside an organization, either because a negligent or untrained employee makes a mistake or a malicious insider decides to strike back against the company. No cybersecurity policy is complete unless it addresses the human factor behind data breaches by promoting a culture of cybersecurity awareness. This culture must start at the top of the organization; if the board, the CEO, and the rest of the C-suite do not take security seriously, front-line employees certainly won't. Yahoo's firing of Ron Bell certainly shook up the legal community and caused much debate over where data breach responsibility ultimately lies. While this may have served to light a fire under organizations with questionable cybersecurity practices, the focus should not have been on whose heads would roll if a breach happened; it should have been on implementing proactive cybersecurity and compliance measures to prevent hacks from happening in the first place. As for Yahoo, they settled in September a worldwide class-action lawsuit that alleged security issues dating back as far as 2003. Yahoo's attorney and lead plaintiffs' counsel told the U.S. District Judge in federal court that both sides had reached an "agreement in principle" — $47 million to be exact. Search So, who should be held responsible when a company's data system gets breached? Historically, the CIO, the CISO, or both have shouldered the lion's share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don't happen in vacuums, and CIOs and CISOs don't operate in them, either. Many CIOs report directly to the CEO, and some security experts feel that CISOs should be elevated to the same reporting level. Whatever an organization's reporting structure, the bottom line is the same: the responsibility for everything that happens within the organization, positive or negative, ultimately falls on the CEO and the board of directors. This includes data breach responsibility. This has been reflected in the numerous CEO firings (or resignations) that have followed bad breaches over the past few years, including those at Target, Sony Pictures, and the Democratic National Committee. Apparently, Yahoo didn't get the memo about this a couple of years ago. After years of poor cybersecurity practices caught up with them, resulting in multiple breaches affecting over a billion user accounts, putting its acquisition by Verizon into question, and making the Yahoo brand name synonymous with the phrase "data breach," the company decided to fire its General Counsel, Ron Bell. Shockingly, CEO Marissa Mayer remained in place, albeit with a pay cut (she then went on to leave Yahoo after the Verizon acquisition, however, but it was of her own choosing). In Yahoo's case, the CISO and the rest of the security staff couldn't be fired. Fearing that a major security incident would eventually happen, they'd already run for the hills. The New York Times reported that former CISO Alex Stamos and his team had spent years warning Mayer of potential security issues, but Mayer insisted on putting "the user experience" ahead of cybersecurity and even cut the team's budget. Preventing Breaches Is Everyone's Responsibility Cybersecurity isn't just an IT issue. It impacts every individual and department in an organization — from the board of directors all the way down to minimum-wage clerical and retail employees. The overwhelming majority of data breaches originate inside an organization, either because a negligent or untrained employee makes a mistake or a malicious insider decides to strike back against the company. No cybersecurity policy is complete unless it addresses the human factor behind data breaches by promoting a culture of cybersecurity awareness. This culture must start at the top of the organization; if the board, the CEO, and the rest of the C-suite do not take security seriously, front-line employees certainly won't. Yahoo's firing of Ron Bell certainly shook up the legal community and caused much debate over where data breach responsibility ultimately lies. While this may have served to light a fire under organizations with questionable cybersecurity practices, the focus should not have been on whose heads would roll if a breach happened; it should have been on implementing proactive cybersecurity and compliance measures to prevent hacks from happening in the first place. As for Yahoo, they settled in September a worldwide class-action lawsuit that alleged security issues dating back as far as 2003. Yahoo's attorney and lead plaintiffs' counsel told the U.S. District Judge in federal court that both sides had reached an "agreement in principle" — $47 million to be exact.
Passwords: Not as Secure as You Might Think - October 30, 2018
We've all heard that in order to protect our information and online accounts we need to create complex passwords with uppercase and lowercase letters, numbers, and special characters, right? Following such advice, does, in theory, produce passwords that are difficult to be hacked. Reality, however, tells us that while complex passwords provide better security, they also create new kinds of risks. First, due to the limitations of human memory, complex passwords are more likely to be written down than familiar, easily-remembered passwords. This means that utilizing complex passwords increases the risk of passwords being exposed through insecure storage. People who don't write down their passwords risk forgetting a complex password and having to go through a frustrating process of resetting it. Storing complex passwords in a smartphone app is not an ironclad solution either. Password storage apps place numerous pieces of sensitive information in one place, and as a result, must be properly secured. Properly protecting the app and the data that it stores can make looking up a password an infuriating process involving entering long, complex passwords and waiting for various decryption functions to run. Of course, if such an app — or the phone itself — were ever infected with malware, the impact could be devastating. In addition to the risks created by memory limitations, there is a major concern about how strong the complex passwords truly are, and how well they stand up to hacking tools. Research shows that the actual security provided by complex passwords is often far less than one would expect based on the password's theoretical strengths. One major issue with complex passwords was published last year by a research team from Carnegie Mellon University, which explained that predictable human tendencies often dramatically undermine the strength of complex passwords. For example, on systems that require passwords to include both upper and lowercase characters as well as a number, a widely disproportionate number of passwords created will follow such pattern: an uppercase character followed by lowercase characters, and then ended with a single digit. Similarly, the researchers found that when people are required to create long passwords, they often repeat a short password twice. As a result of these human tendencies, password cracking is easier than ever. So how should you best address these issues? I wrote a blog on passwords a couple of months ago discussing this very topic after The National Institute of Standards and Technology (NIST) had issued new guidelines regarding secure passwords. The 3 guidelines were (and please refer to the previous password blog for more detail): 1. Remove periodic password change requirements. 2. Drop the algorithmic complexity song and dance. 3. Require screening of new passwords against lists of commonly used or compromised passwords. Hopefully this helps! I know at the very least it should get you thinking about doing more to protect yourself in the password arena. I know it helped me and got me thinking smarter. Please contact us for any questions you may have on password screening! We're happy to help and point you toward software that can make this process simpler.
Millions of Passengers' Data Hacked in Airline Hit - October 25, 2018
One of Asia's top airlines, Cathay Pacific Airways, said a hacker accessed personal information of 9.4 million customers, becoming the target of the world's biggest airline data breach. Oh boy. The airline's shares sank dramatically, shaving $201 million off its market value, after the Hong Kong-based carrier disclosed the unauthorized access late Wednesday, 7 months after discovering the violation. While passports, addresses and emails were exposed, flight safety wasn't compromised and there was no evidence any information has been misused, it said, without revealing details of the origin of the attack. "This is quite shocking," said Shukor Yusof, founder of aviation consulting firm Endau Analytics in Malaysia. "It's probably the biggest breach of information in the aviation sector." "We are very sorry for any concern this data security event may cause our passengers," CEO Rupert Hogg said in a statement. The airline is in the process of contacting affected people, he added. It's the latest embarrassing data breach to hit a major international airline. British Airways said the hack on its system lasted for more than 2 weeks during the months of August and September, compromising credit-card data of some 380,000 customers. Delta said in April that a cyberattack on a contractor last year exposed the payment information of "several hundred thousand customers." The hackers who hit Cathay gained access to 27 credit card numbers but without the cards' security codes, and another 403 expired credit card numbers. They also accessed names, nationalities, dates of birth, telephone numbers, emails, physical addresses, numbers for passports (roughly 860,000), identity cards and frequent-flier programs, and historical travel information according to the airline. "Upon discovery, we acted immediately to contain the event and to thoroughly investigate," Hogg said. "We engaged one of the world's leading cybersecurity firms to assist us, and we further strengthened our IT security systems, too." Hong Kong's privacy commissioner expressed serious concern over the leak and said the office will initiate a compliance check with the airline. A dedicated website provides information about the event and what affected passengers should do next. Some local lawmakers criticized Cathay for taking so long to reveal the breach. Lam Cheuk-ting, a member of the Legislative Council's security committee, told reporters that many people in Hong Kong are angry and the airline should've taken the initiative the very first day it found out. Cathay's Chief Customer and Commercial Officer, Paul Loo, said the airline wanted to have accurate grasp on the situation and didn't wish to "create unnecessary panic." Cathay is in the midst of a 3-year transformation program, as part of which Hogg has reduced jobs starting with the carrier's head office in Hong Kong to cut costs and introduced better business-class services on long-haul flights to help lure premium passengers. Cathay was ranked as the 6th best airline in the world this year by Skytrax, a London-based firm that provides advisory services for carriers and airports. As I wrote earlier this month, IT problems in the airline industry seem to be growing. And while the causes are complex, when an airline cancels your flight and blames technology, you can't accept it with a shrug. It sounds like they need to be introduced to an unbeatable IT service with decades of experience and demonstrated expertise to solve their problems.
Being Ready for a Corporate Crisis - October 19, 2018
Imagine you're a top executive at a company hit by a major crisis within the last 72 hours. First, and most importantly, there may have been serious damage to the community in which you operate. Your customers may have suffered, people's livelihoods destroyed. The environment may be irretrievably damaged. What do you do? The threat is growing: Many incidents inside companies never hit the headlines, but recent evidence suggests that more are turning into full-blown corporate crises. Why is this a bigger problem now than it has been in the past? First is the growing complexity of products and organizations. A new pickup truck today includes computer controls programmed with more than 150 million lines of computer code, while the average deepwater well is the height of seven Eiffel Towers. Goods travel thousands of miles and move through supply chains that comprise multiple intermediaries and multiple jurisdictions. A second reason for the significance of the problem is a higher level of stakeholder expectations. Customers, often in response to messages on social media, are more willing to sue or shun a company they believe is unethical. Governments are more willing to seek redress from companies they believe are breaking the law, and shareholder activism is on the rise. Third, the changing social contract is driving anxieties and mistrust in institutions, making irreversible knee-jerk reactions more likely. Finally, the raw speed of business operations—from rapid communications to shorter product-development timelines—makes crises more likely. Understandably, companies spend more time trying to prevent crises than preparing for them. However, crisis readiness has become at least as important as risk management, takeover readiness, and vigilance over safety. Five parallel paths to resolution: It helps to think of a crisis in terms of "primary threats" (the interrelated legal, technical, operational, and financial challenges that form the core of the crisis) and "secondary threats" (reactions by key stakeholders to primary threats). Ultimately, the organization will not begin its recovery until the primary threats are addressed, but addressing the secondary threats early on will help the organization buy time. When a crisis hits (or is about to hit), one of the first actions should be to create a cross-functional team to construct a detailed scenario of the main primary and secondary threats, allowing the company to form early judgments about which path the crisis may travel. This helps the organization set out major decisions it needs to make quickly and is the first step toward wresting back control—improving the headlines of tomorrow, rather than merely reacting to the headlines of today. 1) Control the organization: An effective crisis team is central to mounting a satisfactory response. The best crisis organizations are relatively small, with light approval processes, a full-time senior leader, and very high levels of funding and decision-making authority. The team should be able to make and implement decisions within hours rather than days, draw a wall of confidentiality around the people who are responding, and protect those not involved from distraction in their day-to-day activities. A common error is to choose an external expert as leader of the company's crisis response. External hires typically struggle to motivate and organize the company in a crisis situation. The right leader usually will be internal, well known, and well regarded by the C-suite; will have served in an operational capacity within the industry; and will enjoy strong informal networks at multiple levels in the company. He or she should possess a strong set of values, have a resilient temperament, and demonstrate independence of thought to gain credibility and trust both internally and externally. 2) Stabilize stakeholders: In the first phase of a crisis, it's rare for technical, legal, or operational issues to be resolved. At this stage, the most pressing concern will likely be to reduce the anger and extreme reactions of some stakeholders while buying time for the legal and technical resolution teams to complete their work. For instance, an emergency financial package may be necessary to ease pressure from suppliers, business partners, or customers. Goodwill payments to consumers may be the only way to stop them from defecting to other brands. Business partners might require a financial injection or operational support to remain motivated or even viable. It may be necessary to respond urgently to the concerns of regulators. 3) Resolve the central technical and operational challenges: Many crises have a technical or operational challenge at their core. But the magnitude, scope, and facts behind these issues are rarely clear when a crisis erupts. At a time of intense pressure, therefore, the organization will enter a period of discovery that urgently needs to be completed. Frequently, however, companies underestimate how long the discovery process and its resolution will take. It's best, if possible, to avoid overpromising on timelines and instead to allow the technical or operational team to "slow down in order to speed up." This means giving the team enough time and space to assess the magnitude of the problem, define potential solutions, and test them systematically. 4) Repair the root causes: The root causes of major corporate crises are seldom technical; more often, they involve people issues (culture, decision rights, and capabilities, for example), processes (risk governance, performance management, and standards setting), and systems and tools (maintenance procedures). They may span the organization, affecting hundreds or even thousands of frontline leaders, workers, and decision makers. Tackling these is not made any easier by the likely circumstances at the time: retrenchment, cost cutting, attrition of top talent, and strategy reformulation. For all these reasons and more, repairing the root cause of any crisis is usually a multiyear exercise, sometimes requiring large changes to the fabric of an organization. It's important to signal seriousness of intent early on, while setting up the large-scale transformation program that may be necessary to restore the company to full health. 5) Restore the organization: Some companies spend years of top-management time on a crisis, only to discover that when they emerge, they have lost their competitiveness. A large part of why this happens is that they wait until the dust has settled before turning their attention to the next strategic foothold and refreshing their value proposition. By this stage, it is usually too late. The seeds for a full recovery need to be sown as early as possible, even immediately after initial stabilization. This allows the organization to consider and evaluate possible big moves that will enable future recovery, and to ensure it has the resources and talent to capitalize on them. In conclusion: Risk prevention remains a critical part of a company's defense against corporate disaster, but it is no longer enough. The realities of doing business today have become more complex, and the odds of having to confront a crisis are greater than ever. Armed with the lessons of the past, companies can prepare in advance and stand ready to mount a robust response if the worst happens.
Cybersecurity Tops ECRI's List of Top 10 Health Technology Hazards - October 5, 2018
Earlier in the week I wrote about how the airline industry needs us. Well, it would appear the healthcare field does as well. ECRI Institute has published its annual Top 10 Health Technology Hazards for 2019, and cybersecurity is atop the list as the biggest risk to patient safety. Researchers at ECRI say they're concerned about software vulnerabilities that could allow hackers or cyber criminals to gain unauthorized remote access to hospitals' networked IT systems and devices, disrupting operations, hindering care delivery and putting safety at risk. Why it Matters? Cyberattacks on healthcare have been steadily increasing, even as defenses have been stalling. ECRI noted that it has published 50 alerts and problem reports related to cybersecurity in just the past 18 months. With so many hospitals running legacy software, networked with vulnerable medical devices, security is no longer just about costly fines for HIPAA noncompliance or the embarrassment of publicized data breaches – it's a critical patient safety issue. ECRI's list is meant to help health system decision-makers plan and prioritize their efforts – including technology strategies and investments – to protect patient safety. What is the Trend? The risks of hackers exploiting remote access to connected devices and systems "remain a significant threat to healthcare operations," according to ECRI. "Attacks can render devices or systems inoperative, degrade their performance, or expose or compromise the data they hold, all of which can severely hinder the delivery of patient care and put patients at risk," researchers wrote. "Remote access systems are a common target because they are, by nature, publicly accessible." It's little surprise to see it lead ECRI's list of Top 10 Health Technology Hazards for 2019:1. Hackers Can Exploit Remote Access to Systems, Disrupting Healthcare Operations The remainder of the list in case you're interested: 2. "Clean" Mattresses Can Ooze Body Fluids onto Patients 3. Retained Sponges Persist as a Surgical Complication Despite Manual Counts 4. Improperly Set Ventilator Alarms Put Patients at Risk for Hypoxic Brain Injury or Death 5. Mishandling Flexible Endoscopes after Disinfection Can Lead to Patient Infections 6. Confusing Dose Rate with Flow Rate Can Lead to Infusion Pump Medication Errors 7. Improper Customization of Physiologic Monitor Alarm Settings May Result in Missed Alarms 8. Injury Risk from Overhead Patient Lift Systems 9. Cleaning Fluid Seeping into Electrical Components Can Lead to Equipment Damage and Fires 10. Flawed Battery Charging Systems and Practices Can Affect Device Operation On the Record: "The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," says David Jamison, executive director of ECRI's Health Devices program, speaking of the list's top cyber risk. "In critical situations, this could cause harm or death." This is quite scary. Contact us today.
UNI Computers has been rated "Best of Lawrence" three years in a row for our outstanding service in computer repair. Stop by and talk to any of our knowledgeable staff to get the answers and products that you need. We can even provide support to your business!