Uncategorized

How to Stop Spam from Ever Hitting Your Inbox

June 6th, 2019 by Julie Lough

Spam Emails

Spam emails can be incredibly annoying. Not only that, it can be downright dangerous, considering the phishing schemes and other email scams that are prevalent today. We can’t avoid spam completely and hope to have any kind of digital life, because so many services require an email address as part of the sign-up process. These can tend to clutter our inboxes with (technically not spam) promotional emails, and the less scrupulous of these may send real spam. That’s not to mention the frequency with which these companies’ databases are breached, creating a whole new layer of spam potential.

How to Avoid Seeing Spam

All of the most prevalent email services offer some degree of spam protection. Great spam protection is one of the reasons Gmail rose to such prominence a decade ago. Most services enable spam filtering by default, but check your email service’s settings to ensure that this setting is turned on.

If you’re still seeing a lot of spam, or if you’re using a service that doesn’t offer much in the way of spam filtering, here are some other suggestions.

Create Filters or Rules

You can create your own rudimentary spam filter by setting a filter or a rule. The terminology varies based on your email service, but you should find something by a similar name. You can create rules that auto-route email based on certain characteristics. For example, you can create a rule that sends any message containing NSFW language straight to the trash. Simply insert all those explicit terms in the field “message contains” and select “move to trash” as the action that is taken.

You can use filters or rules to move less important messages to a folder, too. If you still want to know about the latest sales at a few retailers, but you don’t want to be inundated right alongside emails that are actually important, create a rule that sends these emails to a “Retail” folder that you can check when you get the shopping urge.

Block Addresses

In the same area of settings, you should also have the option to block specific email addresses or even all addresses from a particular domain. Granted, it’s rare these days for spammers to frequently reuse the same address, but this function can still help with overly persistent individuals as well as companies or domains that refuse to take you off their mailing lists.

How to Stop Spam from Ever Arriving

There are other tools available to stop spam from ever showing up in your inbox.

Use “Report Spam” Button

The spam filters from email services like Gmail aren’t static. They can actually learn from you. When a spam message leaks through, you can help the spam filter learn. Look at the menu options available on the message. You should see one that looks like a stop sign with an exclamation point. Click this button to report to Gmail that the message is spam, and you should never see a similar message again.

If Gmail recognizes that your spam message is actually from a mailing list, it will try to unsubscribe for you if you click that option.

Set Up a Spam or Throwaway Account

Another savvy way to avoid spam is to set up a “spam account” that you use only for email signups, website logins, and the like. Give your main email address only to those personal and professional contacts you actually want to hear from, and sign up for everything else using your “spam account.”

If your current account is beyond hope, turn it into your spam account. Create a new main account, and let all your real-life contacts know about the switch.

These tips should help cut down on the chaos in your inbox. Got your own tips? Let us know!


Sign In With Apple

June 6th, 2019 by Julie Lough

Apple IOS 13

Sign In With Apple…Should You Use It?

Apple recently reported that its new “Sign in with Apple” feature will be part of the iOS 13 release in the fall of 2019. It promises to protect your privacy, and authentication experts say it could have an enormous impact on data privacy.

What Is Sign In With Apple?

With Sign In With Apple, you’ll be able to log into your applications. It offers a single-sign-on functionality, much like other sign-in buttons such as Facebook’s, Google’s and Twitter’s.

What Are The Benefits Of Using Apple’s Sign In?

When you sign onto apps, Apple will mask your personal information and email address. But the application will still be able to contact you.

Unlike with Google, Facebook and Twitter, your email won’t be passed on to the developer. You can opt not to allow this, but you won’t be able to use their sign-in service. If you do choose to let Google, Facebook or Twitter track your email, they will also be able to see the applications you use.

Aaron Peck from Oauth explains:

“The way most “sign in with [blank]” systems work is that the app you’re signing in to will get your username on that service and likely also your email address,” he explained. “These apps can sell your email address to advertisers, or correlate your activity between unrelated applications by matching your username.”

Apple solved this problem with its single-use anonymous email address. You’ll be able to share the information you choose with the application. Apple creates a random, anonymous, single-use email address for each application. Apple then forwards emails sent to that address on to you. You have the option of deactivating the single-use email address whenever you want.

By using Sign in with Apple and the single-use email address, your true email address won’t be tracked. Apple is offering this to provide a more private option for use. And they are offering developers a way to provide a fast one-step login without forwarding their user’s data to another company. Apple’s button will also work on websites.

Can You Use Apple’s Sign In With Any Application?

No… only applications that integrate their systems with Apple’s Sign In button. Some may opt not to because they won’t be about to use your information for marketing purposes.

What Phones Can Use iOS 13 & Sign In with Apple?

These are the devices that will be able to use iOS 13:

  • iPhone XS
  • iPhone XS Max
  • iPhone XR
  • iPhone X
  • iPhone 8
  • iPhone 8 Plus
  • iPhone 7
  • iPhone 7 Plus
  • iPhone 6s
  • iPhone 6s Plus
  • iPhone SE
  • iPod touch (7th generation)

Is There Anything Else To Consider When Using Sign in with Apple?

If you are a developer, there may be. There are some concerns surrounding Apple’s terms and conditions for application developers. If they offer Google, Facebook or Twitter’s sign in, they must also offer Sign in with Apple.

And there’s more. According to Reuters:

Apple will expect developers to place their login button above Google’s or Facebook’s.

Apple Inc will ask developers to position a new “Sign on with Apple” button in iPhone and iPad apps above rival buttons from Alphabet Inc’s Google and Facebook Inc, according to design guidelines released this week.

The move to give Apple prime placement is significant because users often select the default or top option on apps […]

Apple’s suggestion to developers to place its login button above rival buttons is part of its “Human Interface Guidelines,” which are not formal requirements to pass App Store review. But many developers believe that following them is the surest way to gain approval.

This means that some app developers won’t have an incentive to actually add the Sign in with Apple feature. But Apple is getting around this by mandating that if developers what to place their app in the Apple App Store, and they already offer a third-party sign in, they must offer Apple’s.

Apple’s terms and conditions don’t require this for applications with a dedicated login system, and those that don’t use third-party buttons from Google or Facebook.

What’s The Benefit For Apple?

Sign in with Apple will improve users’ privacy and provide a far better experience than others.

Will LaSala, director of security services and security evangelist at OneSpan, tells us more:

Apple is going one step further than traditional single sign-on, they are forcing their users to use stronger authentication, such as Apple’s FaceID and TouchID,” he said, noting that Sign in with Apple will ask mobile app users to use the biometrics functions.

The use of adaptive authentication is what should be celebrated – the ability to prevent login tracking or protect a user’s information is a secondary benefit. Any way that we can get users to move to adaptive authentication that is easy and portable across many sites and platforms is a security win for the internet.

Apple is positioning themselves as the privacy provider. So when we want more privacy, Apple hopes we’ll choose to use their technology. It’s a great marketing strategy…something that Apple excels at. We think many people will want to use Sign in with Apple due to its privacy features.


Watch Out: File Hijacking and Malware Possible Through Slack Bug

June 5th, 2019 by Julie Lough

Software Bug Slack

On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.

Discovery and Reporting

Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.

Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.

What the Bug Can Do

Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.

The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.

The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.

Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.

The Danger Level

A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.

One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.

Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.

How to Protect Yourself

The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.

IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.

More Good News: No Real-World Impact, Yet

There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.

Conclusion

Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.


8 Ways Cybercriminals Make Your Firewall And Antivirus Useless

May 29th, 2019 by Julie Lough

Cyber Security Solutions

Having the right cybersecurity technology is just a part of doing business in today’s world.

In fact, security solutions like firewalls and antivirus software accounted for $23 billion in annual revenue – it’s likely that you contributed to that in some small way.

But are they really worth your money?

There’s no disputing the need for an effective firewall or antivirus solution, regardless of the size or specialty of the business in question.

But, given that they are such a standard in the business setting today, have you ever stopped to figure out what you’re paying for?

What is a Firewall?

Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

A firewall inspects and filters incoming and outgoing data in the following ways:

    • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
    • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
    • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

What about Antivirus?

Antivirus ProtectionAntivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation. The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.

Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.

If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – that recognizes it as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against suspicious behavior.

Is this type of cybersecurity software effective?

Short answer?

To an extent.

Sorry for the underwhelming answer, but it’s a bit of a difficult question to answer.

A next-generation firewall and up to date antivirus solution are great at doing specifically what they’re designed for.

The problem is that they are not the end-all, be-all of cybersecurity in the modern world.

You could have the best firewall and antivirus software on hand, and still be vulnerable in any number of other ways…

The top 8 ways that cybercriminals get around firewalls and antivirus

Cybercriminals target your employees.

As important as cybersecurity technology is, on its own, it simply isn’t enough. The key to truly comprehensive cybersecurity is simple, yet often overlooked: the user.

Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is.

Even the most effective digital security measures can be negated by simple human error, which is why conventional solutions are simply not enough to make sure you’re safe.

Much of cybersecurity is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct.

The more your workforce knows about the security measures you have in place and how they can contribute to cybersecurity, the more confidently they can use the technology is a secure manner.

Well trained employees become a part of cybersecurity, and are capable of:

  • Identifying and addressing suspicious emails, phishing attempts, social engineering tactics, and more.
  • Using technology without exposing data and other assets to external threats by accident.
  • Responding effectively when you suspect that an attack is occurring or has occurred.

Cyber Criminal

Cybercriminals target your offsite devices, outside of business hours.

This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.

In addition to having a detailed Acceptable Use policy in place at the office to stop your staff from using work devices to use unauthorized software and visit dangerous websites, you also need a mobile device policy in place to protect your data that may be on personal devices.

The right monitoring software for mobile devices will protect you from a number of dangerous scenarios, including:

  • Jailbreaking and rooting company devices
  • Unauthorized access to company data
  • Lost or stolen devices that need to be remotely wiped

Cybercriminals figure out your passwords – because your passwords are weak.

Users, both at home and at work, tend to be horrible at selecting and maintaining strong passwords.

Did you know, for instance, that 81% of data breaches in 2017 came down to stolen and/or weak passwords?

Are you confident in your password strength?

Find out for sure by reviewing these common password mistakes:

  • Length and Complexity: Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
  • Numbers, Case, and Symbols: Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  • Personal Information: Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself.The same methodology applies to your pet’s name, your mother’s maiden name, etc. However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
  • Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess. Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are simply not strong or complex enough. Passwords protect email accounts, banking information, private documents, administrator rights and more – and yet, user after user and business after business continues to make critical errors when it comes to choosing and protecting their passwords.

Keep these tips in mind when setting your passwords:

    • Password Strength: It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters. Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack. For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “m4ryh4d4l1ttl3l4mb.”
    • Password Managers: These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.The downside of using a password keeper program is if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts.
    • Multi-Factor Authentication: Multi-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using MFA in 2018, compared to 25% the year prior.By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to make sure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Cybercriminals penetrate your unpatched, out of date networks.

Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

This is why it’s imperative that you keep your applications and systems up to date.

Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.

Comprehensive and regular patch management is a crucial part of proper IT security. Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.

Data Backup Services

Cybercriminals target data that hasn’t been backed up.

Do you have a data backup policy in place?

If not, then you’re vulnerable, right now, to ransomware.

Ransomware has quickly become one of the biggest cyber threats to businesses today – remember the Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries?

That was ransomware, and it could happen to you too. Unless that is, you get a data backup solution put in place.

If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

  • Back up data on a regular basis (at least daily).
  • Inspect your backups to verify that they maintain their integrity.
  • Secure you backups and keep them independent from the networks and computers they are backing up.

Cybercriminals trick your staff into installing dangerous software.

One of the most popular cybercrime tactics is to trick users into downloading malware, under the assumption it’s a type of software they need.

This could be hidden in a large downloaded file that users may think is a work program, a video game, or even a mobile app.

This is further reason why you need an Acceptable Use policy and content filter in place on work devices. These types of measures will protect you against your unsuspecting employees.

Cybercriminals trick your staff with phishing emails.

A popular cybercrime tactic among hackers today is “phishing” – a method in which they send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.

It’s more effective than you might assume. That’s why the rate of phishing attacks increased by 65% in recent years – businesses keep making it easy for cybercriminals to get away with.

Share these key tips with your employees to make sure they know how to spot a phishing attempt:

  • Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company – but talk is cheap.It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
  • Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
  • Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
  • Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
  • Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
  • Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.

Cybercriminals cut out the middle man and pretend to be you.

With the amount of personal data that people put online today, it’s not as difficult for cybercriminals to impersonate you as you might think.

By mining your social media, your LinkedIn and your company website, it can be pretty easy for a hacker to figure out your email address and reset your password.

Or maybe instead they spoof your email address and use it to contact a subordinate or a business contact to gain further information and access to use against you.

Put simply?

You need to protect yourself as a matter of privacy, and with the right processes:

    • Never give out private information: A basic cybersecurity rule is knowing not to share sensitive info online. The trusted institutions with which you do business will not ask you for your private information.They already have your account numbers, social security number, and your passwords. They won’t have any good reason to ask for it again, right? If an email from a superior or external contact asks for that info, it is likely a scam, so be sure to confirm the request by phone or in person.
    • Set standard protocols for requests: Have steps put in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they’re less likely to be fooled by a hacker posing as their supervisor.

Are your firewall and antivirus worth the money?

Yes.

Security software is a vital part of your cybersecurity – but the key word in that statement is part.

You should definitely invest in the usual cybersecurity solutions, but they are not enough on their own. Cybercriminals have so many tactics and methods for penetrating an organization like yours that you can’t settle for defending yourself on one front alone.

That’s why you need a comprehensive defense, that combines cybersecurity solutions, employee training, best practices, and detailed policies.

Anything less and you will have left a gap in your armor, making only a matter of time before cybercriminals find their way in.


How to Copy Cells in Microsoft Excel

May 28th, 2019 by Julie Lough

Today’s quick tech tip covers one of the basic functions in Microsoft Excel.

Watch the video below or click here.

 

Here’s how to copy cells in Microsoft Excel, plus one of the advanced copy and paste features available in the application.

Step 1: Select the Cell or Cells You Want to Copy

If you want to select a single cell, you simply need to click on it. If you want to select a range of cells—whether that’s a partial or full column or row, or a wider range—click and hold on one of the cells you want to copy and drag to the other end of the range.

You can also select an entire column or row in one click by placing your cursor outside the grid, on top of the letter or number corresponding to the column or row. Your cursor will change to a rightward or downward arrow. Click to select the entire column or row.

Step 2: Copy

To copy the selected cells, click the “Copy” button in the Clipboard section of the ribbon. In your default view, the Clipboard section is in the upper left. You can also use a keyboard shortcut to copy: press Ctrl + C on a PC or Command + C on a Mac.

Step 3: Select Destination and Paste

All that’s left is to click on the cell where you want the copied information to go and paste. If you’ve copied a single cell, simply click on the cell where the copied content needs to go. If you’ve copied a range of cells, you don’t have to select an identical range of cells to paste. Simply select the cell that’s in the upper left corner of your range.

To paste your content, click the “Paste” button in the Clipboard section of the ribbon, or use a keyboard shortcut. This time, the keyboard shortcuts are Ctrl + V (PC) or Command + V (Mac). Your content will appear in the new location, and you’re ready to move on to the next task.

A Few Notes

Now that we’ve covered the basics, here are a few warnings and advanced tips.

Formulas

If you copy a cell with a formula in it, Excel will automatically copy that formula to the destination. If this isn’t what you want, click the down arrow below the Paste button. Excel gives you a dozen or so special methods of pasting. If all you want is the raw number, no formula attached, then use “Paste Values” instead.

Overwriting Content

If you copy a range of cells, be aware that pasting that range will overwrite anything in the destination range. Make sure you have enough space there and won’t lose any important data.

Copy Paste Cells Microsoft Excel


Critical Update From Microsoft: Remote Desktop Services

May 16th, 2019 by Julie Lough

Impacted Systems:

  • Windows Server 2003
  • Windows XP
  • Windows7
  • Windows Server 2008

Nonimpacted Systems:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

CVE-2019-0708

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

  • If you don’t need the Remote Desktop Services, you can disable it.
  • Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
  • Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.


What Is PII Under GDPR?

May 13th, 2019 by Julie Lough

GDPR PII

The security of user data is of high importance, and that importance only grew with the implementation of the EU’s General Data Protection Regulation (GDPR). These sweeping new regulations went into effect on May 25, 2018. They are European Union regulations, but they have sweeping effects since they apply to any business that stores personal information of any EU citizen.

It’s important to comply with GDPR. The first step, though, is to understand what exactly GDPR requires for your business.

PII Under GDPR

The short answer to the question of what PII is under GDPR is that it’s not a thing. Personally, identifiable information is an American term. The rough European equivalent is personal data. It’s important to note, though, that the two are not identical. The European standards are more restrictive, and the European category (personal data) is, therefore, more inclusive.

Here’s the bottom line: don’t assume that if you’re PII compliant that you’re automatically GDPR compliant. You need to do more for the latter.

Defining Terms

If you’re asking the question “what is PII under GDPR?” there’s a good chance you know some of the lingo already, but it’s worth reviewing.

Personally Identifiable Information (PII)

This term refers to any number of pieces of information that a company might store that can be used to identify individuals. Bad actors who accumulate enough PII on an individual may be able to compromise the individual’s accounts or even steal the individual’s identity. Examples of PII include (but aren’t limited to) driver’s license numbers, social security numbers, full names, physical addresses, and credit card numbers.

Remember, this is an American term, not a global one.

Non-Personally Identifiable Information (non-PII)

Non-PII is what’s left that’s not PII, in the American way of viewing things. This is the kind of information that can be used in aggregate forms. It’s useful data, but it can’t be used to identify individuals on its own. Examples include IP addresses, device IDs, and cookies left behind on devices while browsing the web.

Personal Data

Personal data is the EU equivalent of PII. It’s the information that businesses store on customers that could be used to identify those customers. The important difference here is the breadth of the definition.

GDPR concludes that even non-PII can be personal data. Cookies and IP addresses, for example, can be used in conjunction with PII to help reconstruct a person’s identity. For this reason, even these forms of information are considered personal data and are protected under GDPR.

The ruling that even cookies can be considered personal data is why you’ve started seeing cookie warning messages all over the internet. Those companies are seeking to comply with GDPR by receiving permission from all visitors to use cookies.

Best Practices for Businesses

Given the changing landscape of privacy regulations, businesses must adapt and stay compliant. Here are a few best practices for complying with GDPR.

Survey What Data You Collect

The first step toward compliance is to know what your business is collecting. Conduct a comprehensive survey of the data that you collect and store through your site.

Keep Only What You Need

Second, ask the hard questions about what personal data your business truly needs. If it’s not providing real value, dump it.

Get Permission to Keep It

Whatever you decide is essential, ask permission to keep it. That’s what the cookie notices are doing, and you need to do the same.

Conclusion

Data privacy regulations are complex. You might not want to go it alone. If not, we’re here to help. Contact us today!


Are You Using Internet Explorer?

May 6th, 2019 by Julie Lough

Internet Explorer Security

Do you still surf the Web with Internet Explorer?  If so, you’re not alone. Even after Microsoft came out with their new Edge browser in 2015, some people are still using Internet Explorer.

The Problem?

Security experts have found serious security flaws in Internet Explorer’s code. This means that if you use it, you’re opening yourself and your business up to hacking and computer viruses.

Another Problem?

Microsoft won’t be fixing this for the foreseeable future.

What Are These Flaws?

The most recent of these was found by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way that Internet Explorer handles MHT files. MHT is a Web page archive file format.

How Do These Flaws In Internet Explorer Create Security Issues?

If you use Windows 7, Windows 10, or Windows Server 2012 and it comes across an MHT file, it will try to open the file using Internet Explorer. This presents an easy opportunity for savvy hackers.  All they have to do is to use an MHT file containing a malicious virus and present it to you via a phishing email or other form of social engineering. Once you take the bait, the malicious virus gets into your computer/server.

Are We Safe If We Use Another Type Of Browser?

Not really. Any Windows-based system is still very much at risk from infected MHT files. This is because Internet Explorer 11 still ships with all Windows-based PCs. This includes computers that use Windows 10.

What Can We Do To Prevent Being Hacked Due To Internet Explorer Flaws?

One good thing is that Internet Explorer isn’t enabled on Windows 10 computers. For it to be enabled, you need to set it up yourself.

For now, this is the simple solution — Just don’t enable Internet Explorer. And to be completely sure, it’s best if you uninstall Internet Explorer from your Control Panel altogether.

John Page reported the issue to Microsoft on March 27, 2019, and received the following reply from them:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed the case.”

Unfortunately, it looks like, for the foreseeable future, that Microsoft won’t be providing a fix regarding the flaws with Internet Explorer. As we said above, the answer, for now, is for you and your staff to uninstall Internet Explorer from your computers.


Ransomware Hits Popular Cable TV Network

April 30th, 2019 by Julie Lough

Weather Channel Ransonmware

For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.

In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.

While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.

  1. Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
  2. Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
  3. Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
  4. Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.

Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.


Foreign Hacker Steals Nearly Half a Million From City of Tallahassee

April 26th, 2019 by Julie Lough

Tallahassee Cyberattack

The Tallahassee Democrat reported on April 5th that a large sum of money had been stolen from the city of Tallahassee’s employee payroll. The perpetrator is suspected to be a foreign hacker.

What was stolen in the hack?

The breech diverted approximately $498,000 from the city payroll account. Still, all city employees have received their earned paychecks. This hack was the second time in less than a month that a breach of city security had occurred.

How did the attack occur?

The city of Tallahassee employs an out-of-state third-party vendor to host their payroll services. Their employees should be paid regularly through direct deposit. However, a foreign hacker apparently targeted this third-party vendor, effectively redirecting the direct deposits to their own accounts.

The city of Tallahassee found out about the breach when their bank alerted them. Of course, employees found out simultaneously when they awoke to realize they had not been paid on payday.

Is there any way to get the money back?

In the majority of large scale hacks, stolen funds or data is difficult or impossible to retrieve. Still, with help from their bank, the city of Tallahassee has managed to recoup approximately a quarter of the stolen money.

They continue to pursue criminal charges against the hackers with the aid of law enforcement and their insurance provider as well.

How do cyber attacks like these occur?

Successful cyberattacks usually start with some form of an email hack. This is usually achieved through phishing.

In fact, before the most recent hack of the city of Tallahassee, an email had been sent out that appeared to be from the City Manager. It was actually from an outside hacker who had included a virus disguised as a Dropbox link in the email.

While it is not suspected that this email was related to the stolen payroll funds hack, this does happen. “Phishing” emails can help hackers procure useful information about accessing in-network files and accounts.

How can you prevent hackers from attacking your business?

Large municipalities such as Tallahassee City are increasingly being targeted in cyber attack thefts. But the truth is, any business — or individual, for that matter — can fall prey to a cyber attack.

Unfortunately, the retrieval rate on hacking thefts is not high, meaning that prevention is key. The best way to prevent a hack is to prevent phishing, as this is how most hackers access your systems and accounts.

Make sure that everyone on your staff is keenly aware of what to look for in terms of phishing emails. When in doubt, suspicious emails should be left unopened. Or, at the very least, links should not be clicked, and personal or account information should never be handed over unless it’s sure the request is legitimate.

It’s also important for businesses to employ the services of a reputable and experienced IT services provider. Look for one who specializes in cybersecurity and has experience dealing with hacking prevention.