Category Archives: Support Blog

Home   Support Blog

Why You Should Use a VPN on Public WiFi

blog-thumbnail

Working remotely? It only takes a moment on a free WiFi connection for a hacker to access to your personal accounts. While complimentary WiFi is convenient, protecting your connection with a VPN is the best way stay safe on public networks, keeping your data and browsing history secure.   What is a VPN? VPN stands for “virtual private network” and is a technology that can be used to add privacy and security while online. It’s specifically recommended when using public WiFi which is often less secure and is often no password protected.   VPN’s act as a bulletproof vest for your internet connection. In addition to encrypting the data exchanged through that […]

Security Weakness Found In Intel Processors

blog-thumbnail

There’s some bad news if you own a computer driven by an Intel processor.  Recently, a dangerous, catastrophic security flaw has been discovered in Intel’s X86-64 architecture that allows hackers to access the kernel, which sits at the heart of your OS.  By accessing the kernel, a hacker can gain access to virtually everything on the targeted machine. This is accomplished by way of a little-known feature called “speculative execution” which allows the processor to perform operations before it’s received definitive instructions that they need to be done.  It’s a way of milking more speed out of the system. Unfortunately, any such system runs the risk of giving programs permission […]

Something’s phishy: How to detect phishing attempts

blog-thumbnail

These days it’s hard to tell a phish apart from a foul, if you catch my drift. Modern-day phishing campaigns use stealthy techniques to target folks online and trick them into believing their messages are legit. Yet for all its sophistication, phishing relies on one of the basest of human foibles: trust. Detecting a phish, in its various forms, then requires you to hone a healthy level of skepticism when receiving any kind of digital communication, be it email, text, or even social media message. In order to understand how we got here, let’s go back to the first instance of phishing. The Nigerian prince and early phishing Back in […]

A Number Of Linksys Routers Are Vulnerable To Attack

blog-thumbnail

It’s not an overstatement to say that Linksys, to a large degree, powers the web. The company makes a broad range of routers that lie at the heart of everything from small home networks to keeping small and medium sized businesses interconnected. Unfortunately, a pair of researchers from IOActive recently discovered a total of ten different security vulnerabilities that impact the company’s popular EA3500 router, and more than two dozen other models as well, including models from the company’s Smart Wi-Fi, Wireless-AC and WRT series. The common theme here is that all of the impacted routers have web-based admin interfaces. Not all of the security flaws that were found are […]

Snake malware ported from Windows to Mac

blog-thumbnail

Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac. Fox-IT International wrote about the discovery of a Mac version of Snake on Tuesday. It’s not known at this point how Snake is spread, although the fact that it imitates an Adobe Flash Player installer suggests a not-very-sophisticated method. (I mean, come on, there are other pieces of software out there! Why are the bad guys so hung […]

3 Tips for Securing Your Home WiFi Networks

blog-thumbnail

 Once your home WiFi network is up and running and your family’s devices are connected, it’s normal to turn a blind eye to your router. After all, it’s mostly out of sight and out of mind. Unfortunately, that small, seemingly harmless box isn’t as secure as you may think. Your router is your gateway to the internet. Once it’s compromised, cybercriminals may be able to view your browser history, gain access to your login information, redirect your searches to malicious pages, and potentially even take over your computer to make it part of a botnet. Attacks like these are becoming all too common. Last year, we saw a prime example […]

How to create an intentional culture of security

blog-thumbnail

In this day and age, companies great and small are vulnerable to potential attacks that they are exposed to every day. From insider threats to simple phishing, one is always left guessing if they know enough to handle them or are well prepared to face the risks. Educating your staff about basic computing hygiene is one thing, but ingraining in them security practices that they do almost naturally, even beyond the confines of the office, is another. The latter involves being part of a culture where people think, act, and behave the same way. And we’re not just talking about an organic culture, but one that was created with intentionality […]

Mac malware OSX.Proton strikes again

blog-thumbnail

The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website. At this time, it is still unknown how long their website was providing the hijacked app. Proton was silently added to Apple’s XProtect definitions in early March, and not much was known about it at the time. Then, in May, one of the servers responsible for distributing the popular Handbrake software was hacked, resulting in the distribution of a Proton-infected copy of Handbrake for a four-day period. Now, Eltima Software has fallen victim to a similar attack. Researchers discovered the […]

More trouble in Google Play land

blog-thumbnail

After our mobile security experts repeatedly discovered adware on several apps on the Google Play store, our friends at Symantec have unearthed at least eight malicious apps that are found capable of adding affected mobile devices to a botnet. According to their blog post, the apps have been downloaded and installed onto 2.6 million smartphones, tablets, and possibly some IoTs. Threat actors behind the bogus apps have banked on the popularity of Minecraft, a sandbox video game with a user base of 100 million. They specifically targeted Minecraft: Pocket Edition (PE), which launched in 2015. Symantec explained how the malicious apps work: The app connects to a command and control […]

Top 10 Nastiest Ransomware Attacks of 2017

blog-thumbnail

 We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path. While NotPetya and WannaCry were first uncovered in 2017, the other ransomware attacks on our top 10 list made their debuts last year. These attacks either continued into 2017 or returned with a vengeance. This top […]

Infected CCleaner downloads from official servers

blog-thumbnail

In a supply chain attack that may be unprecedented in the number of downloads, servers hosting CCleaner, a popular tool for cleaning up the PC, has been delivering a version of the said software with malware. Threat actors have managed to change the files that were being delivered by Avast servers hosting CCleaner updates. In case you are wondering why they were on those servers, Avast acquired Piriform, the original publishers of CCleaner, a few months ago. Piriform is aware of the situation and is acting to prevent further damage. They are also investigating how the files coming from their servers were modified before being released to the public. It […]

Crowdsourced fraud and kickstarted scams

blog-thumbnail

Crowdsourced funding opportunities via Kickstarter, Patreon, and GoFundMe have removed many structural roadblocks for people to access capital quickly and conveniently. But they’ve also lowered the barrier to entry for many very old scams. So how do you tell the difference between a great cause or project to contribute to and a digital confidence scam? What’s outright fraudulent, and what’s just a company with poor organizational skills? Let us take a look at pitfalls on two crowdfunding platforms. Gofundme.com primarily serves personal projects and donation pages, or other campaigns that otherwise don’t fit the more common commercial model found on Kickstarter. Funding requests cover a wide range of needs, from […]

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

blog-thumbnail

Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores. The first hints of a breach at Oklahoma City-based Sonic came last week when I began hearing from sources at multiple financial institutions who noticed a recent pattern of fraudulent transactions on cards that had all previously been used at Sonic.   The accounts apparently stolen from Sonic are part of a batch of cards that […]

Deloitte breached by hackers for months

blog-thumbnail

On September 25, 2017, Deloitte announced that they detected a breach of the firm’s global email server via a poorly secured admin email in March of this year. Further, the attackers most likely had control of the server since November of 2016. Deloitte’s initial statement indicated that only six of their consultancy clients were impacted by the breach, but insider sources later disclosed to the media that the attack most likely compromised every admin account at the firm. The startling severity of the breach has brought attention to Deloitte’s other cybersecurity practices, which, as we can see here with a likely Active Directory server, are not ideal. (There are valid […]

Netflix scam warning

blog-thumbnail

While we are used to receiving scam attempts pretending to be from banks, online shops, credit card companies, and international courier services that does not mean all the other emails are safe. Far from it. To demonstrate this point we will show you a scam aimed at Netflix customers which has been used in the Netherlands and is now doing the rounds in the UK but could just as easily spread to the US. The sender address, in this case, was supportnetflix@checkinformation[.]com and the content of the email informs us that there has been a problem with our last payment. Obviously to those of us who are not customers of […]

Equifax aftermath: How to protect against identity theft

blog-thumbnail

Who here is scrambling around in the aftermath of the recent breach at Equifax to figure out if you’ve been compromised? Who here is wondering what to do about it if you are? If you’re one of the 143 million Americans whose data was accessed by cybercriminals, then you probably raised your hand. Even if you weren’t one of the 143 million, you might still want to take some precautions. You could instead be part of the millions of folks who’ve had their data stolen over the course of online history. Basically, if you have a social security number, have ever run a credit check, or have a pulse, you should listen […]

Equifax Hackers Stole 200k Credit Card Accounts

blog-thumbnail

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. Equifax says the accounts were all stolen at the same time — when hackers accessed the company’s systems in mid-May 2017. Both Visa and MasterCard frequently send alerts to card-issuing financial institutions with information about specific credit and debit cards that may have been compromised in a recent breach. But it is unusual for these alerts to state from which company the accounts were thought to have been pilfered. In this case, however, Visa […]

Dow Chemical Balances Between Virtual Teamwork And Workplace Security

blog-thumbnail

Today’s post was written by Ron Markezich, corporate vice president for Microsoft. These are exciting times for one of the world’s largest chemical companies. This month, Dow Chemical expects to finalize its merger with DuPont, creating DowDuPont and spinning off into three global businesses that focus on material sciences, specialty products, and agriculture. Global changes at this level require a complete, intelligent, and secure workplace transformation supported by agile cloud services. We’re excited that Dow chose Microsoft 365 Enterprise to empower more than 60,000 employees to work together creatively in highly secure virtual environments. Mario Ferket, IT engineering director at Dow Chemical, explains why Microsoft 365 Enterprise is part of […]

Beware of Hurricane Harvey Relief Scams

blog-thumbnail

U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster. Here are some tips to help ensure sure your aid dollars go directly to those most in need. The Federal Trade Commission (FTC) issued an alert Monday urging consumers to be on the lookout for a potential surge in charity scams. The FTC advises those who wish to donate to stick to charities they know, and to be on the lookout […]

TD redefines banking in the digital age with the Microsoft Cloud to empower employees and transform the customer experience

blog-thumbnail

Today’s post was written by Jeff Henderson, executive vice president and CIO of TD Bank Group. Growing from Canada’s smallest bank to one of North America’s largest in just over 20 years, TD Bank Group (TD) is in the habit of planning for the future. As we continue to expand, we are taking bold steps to make sure that the technology we use grows with us. Transforming technology at TD starts with listening to our employees and creating a “Workplace of the Future” that supports enhanced mobility and collaboration across the organization. We are deploying Microsoft Office 365 to empower employees to be more mobile and productive, so they can […]

Four Steps To Improving Employee Trust While Securing Your Business

blog-thumbnail

With so many evolving threats from cybercriminals who employ a variety of tactics and techniques, there’s one element that many security pros consider to be the weak link in any security practice–humans. The challenge is to minimize the impact your users have on your well-laid plans to secure them. To help answer this question and inspire anyone else who is facing this same concern, I thought I’d share 4 key steps you can take within your business to help gain trust with your employees while accomplishing your mission. #1 Company Expectations: Your business needs to ensure it has spelled out (clearly) what is expected from your employees. Not just for […]

Adobe And Microsoft Release Critical Security Fixes

blog-thumbnail

Adobe has released updates to fix dozens of vulnerabilities in its Acrobat, Reader and Flash Player software. Separately, Microsoft today issued patches to plug 48 security holes in Windows and other Microsoft products. If you use Windows or Adobe products, it’s time once again to get your patches on. More than two dozen of the vulnerabilities fixed in today’s Windows patch bundle address “critical” flaws that can be exploited by malware or miscreants to assume complete, remote control over a vulnerable PC with little or no help from the user. Security firm Qualys recommends that top priority for patching should go to a vulnerability in the Windows Search service, noting that […]

Back To School Cybersecurity Tips For Parents And Kids

blog-thumbnail

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it’s their kid’s first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos step foot on the bus. And while they may not be begging you for new pencils and erasers, chances are they’ll turn on the puppy dog–eyed charm when it comes to new tech. Handing your young one their very own mobile device—a laptop, usually—that they can use in their studies almost seems like a rite of passage. In their […]

New Bill Seeks Basic IoT Security Standards

blog-thumbnail

Lawmakers in the U.S. Senate recently introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceived shortcomings in existing cybercrime law, was developed in direct response to a series of massive cyber attacks in 2016 that were fueled for the most part by poorly-secured “Internet of Things” (IoT) devices. The IoT Cybersecurity Improvement Act of 2017 seeks to use the government’s buying power to signal the basic level of security that IoT devices sold to Uncle Sam will need to have. For example, the bill would […]

Things Startups Should Know About Cybersecurity

blog-thumbnail

It’s hard to imagine any business that doesn’t use any form of technology these days. The problem is, any computing infrastructure or equipment can be exposed to various methods of cyberattacks. Just last May, the WannaCry ransomware affected more than 10,000 organizations of all sizes in more than 150 countries. The attack caused stoppages in critical services and operations such as the UK’s National Health Service and several of Renault’s automotive manufacturing plants. Last year, one billion Yahoo users saw their accounts hacked, costing the company dearly. While these reported ones were about large organizations, there were many anecdotal accounts of SMEs getting hit by the attack. Many of these […]

The Real Affect of Ransomware on Businesses

blog-thumbnail

Ransomware is a specialized form of malware that encrypts files and renders them inaccessible until the victim pays a ransom fee. The FBI estimated that ransomware payments were $1 billion in 2016, up from “just” $24 million a year earlier. 2017 will likely see another dramatic increase in extortion payments with tens of thousands of ransomware victims paying several hundred dollars each to recover their encrypted files. Despite the significant payments to the cybercriminals behind ransomware, research has found that most ransomware victims don’t pay the fee that cybercriminals attempt to extort from them. Since most organizations choose not to pay the ransom, the primary challenge stemming from a ransomware attack […]

More Former Employees Than You Know It Take Company Information With Them

blog-thumbnail

How safe is your company’s data? According to a new survey released by tech giant Dell, it is not very safe. The statistics revealed by the survey are dismaying. Be sure you want to know before reading any further, because once you do, it may well change the way you view your own employees. The survey’s key finding was that fully 35 percent of employees report that it’s common to take proprietary company information on leaving their firm. As bad as that is, the rest of the statistics in Dell’s survey were even worse, with 36 percent of employees regularly opening emails from unknown, untrusted sources, which make them extremely […]

FBI: Smart toys could harm children’s privacy and physical safety

blog-thumbnail

The Federal Bureau of Investigation has recently issued a Public Service Announcement (PSA), encouraging consumers—parents, in particular—to think twice before purchasing internet-connected toys. Smart toys and entertainment devices for kids are part of the Internet of Things, and as such, they have built-in Wi-Fi capabilities. This enables them to communicate with the cloud and with each other. Other than that, these are also equipped with sensors, cameras, microphones, and other bits that allow them to not just respond to their child owners but also store data and tag a child’s location for parents/guardians to keep track of them in real time. CloudPets, Hello Barbie, My Friend Cayla, i-Que Robot, and […]

Android’s new security system is now available

blog-thumbnail

Play Protect, a security suite for Android devices, was originally introduced in mid-May of this year during the Google I/O conference. And in just a couple of months, the tech giant has made it available for all their mobile users. Play Protect is the amalgamation of Google’s Android security features, such as Verify Apps and Bouncer, and it’s integrated into the Google Play Store app. As such, users don’t need to look up, download, and install a separate app. Here’s how Play Protect works: It scans and verifies all apps in the Google Play Store before users can download them. It also periodically scans for all apps already installed on […]

7 Tips To Stay CyberSafe

blog-thumbnail

You’ve probably already seen the back-to-school ads on TV and rolled your eyes a little bit. We’re with you: There’s still plenty of summer left. That’s why we want to remind you about some of the cybersecurity pitfalls you might encounter during the remainder of the summer season. Whether you’re home with the kids or heading out on vacation, here are some ways you can tighten up your security profile and avoid spending the rest of the summer reclaiming your identity or filing credit card insurance claims. 1. Monitor your children’s Internet habits. With homework and extracurricular activities for your students, parents may already enforce safe surfing habits during, but […]

Improving Business Leadership Through Technology

blog-thumbnail

Business leaders are tasked with the often tricky obligation of steering organizations to the financial ‘happily ever after’. This is a big responsibility, and as a business leader, you need to be able to foster cooperation across all the levels of an organization, be agile, and be flexible. All these will help you move towards a more lateral type of management. Good leadership is about being able to do away with the conventional, hierarchical structures that only end up in stagnation and bureaucracy and many business leaders are aware of this. Still, many organizations continue to hang on to familiar hierarchies as they always find themselves in some sort of […]

Get the most out of your day with new calendar features in Outlook.com

blog-thumbnail

New calendar features in Outlook.com help you stay on top of your family activities; automatically add dinner reservations, concerts and events to your calendar; follow your favorite sports teams; and share your calendar with others. Here’s a look at the features we’re releasing today, which make your Outlook.com calendar more intelligent and helpful: Microsoft Family calendar—Keep your family up-to-date with a single place for all of your events that everyone in the family can access. Improved calendar sharing—Easily share your Outlook calendar with anyone who has an Outlook.com or Office 365 account. Expanded support for events in your email—Outlook now automatically adds dinner reservations and other events to your calendar. […]

14M Verizon Customer Records Exposed

blog-thumbnail

A misconfigured server of a third-party vendor working with Verizon exposed names, addresses, account details, account personal identification numbers (PINs) and information fields indicating customer satisfaction tracking for as many as 14 million US customers If an attacker were to access the information on this misconfigured server it could allow them to pose as customers in calls to Verizon and gain access to a user’s account. Researchers described this scenario as “an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication.” In addition, researchers described the information being used in combination with internal Verizon account PINs to takeover customer accounts is not implausible as the weakest point […]

Cyber Crime Costs Expected To Reach Into the Trillions by 2020

blog-thumbnail

In todays times, cyber crime may be the greatest epidemic to every company in the world. The Wall Street Journal had estimated that the cost of cyber crime in the U.S. only was approximately $100 billion. Some have disputed this cost being up to ten times greater. The British insurance company Lloyd’s estimated that cyber attacks cost businesses as much as $400 billion a year. This includes direct damage and disruption to business operations. Some sources have put the cybercrime figure as high as $500 billion or more. Cyber crime costs have quadrupled over the last three years, and could quadruple by the time we reach 2020. Some researchers have noted that the cost of data […]

Can You Spot an ATM Skimmer?

blog-thumbnail

This past June marks the 50th anniversary of the automated teller machine — better known to most people as the ATM or cash machine. Thanks to the myriad methods thieves have devised to fleece unsuspecting cash machine users over the years, there are now more ways than ever to get ripped off at the ATM. Think you’re good at spotting the various scams? A newly released ATM fraud inspection guide may help you test your knowledge. The first cash machine opened for business on June 27, 1967 at a Barclays bank branch in Enfield, north London, but ATM transactions back then didn’t remotely resemble the way ATMs work today. The cash […]

Adobe and Microsoft Both Push Critical Security Fixes

blog-thumbnail

If you run Microsoft Windows or Adobe products. Microsoft issued a dozen patch bundles to fix at least 54 security flaws in Windows and associated software. Separately, Adobe’s got a new version of its Flash Player available that addresses at least three vulnerabilities. The updates from Microsoft concern many of the usual program groups that seem to need monthly security fixes, including Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange. According to security firm Qualys, the Windows update that is most urgent for enterprises tackles a critical bug in the Windows Search Service that could be exploited remotely via the SMB file-sharing service built into both Windows workstations and servers. […]

B&B Theatres Hit in 2-Year Credit Card Breach

blog-thumbnail

B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems. The acknowledgment comes just days after KrebsOnSecurity reached out to the company for comment on reports from financial industry sources who said they suspected the cinema chain has been leaking customer credit card data to cyber thieves for the past two years. Headquartered in Gladstone, Missouri, B&B Theatres operates approximately 400 screens across 50 locations in seven states, including Arkansas, Arizona, Florida, Kansas, Missouri, Mississippi, Nebraska, Oklahoma and Texas. In a written statement forwarded by B&B spokesman Paul Farnsworth, the company said B&B Theatres was made aware […]

Transform your organization with Microsoft Workplace Analytics

blog-thumbnail

Microsoft Workplace Analytics—a powerful new organizational analytics solution—is now generally available as an add-on to any Office 365 enterprise plan. According to a recent Forrester report, increasing employee productivity is the number one priority for C-level executives in the next year, with 96 percent of respondents citing it as a critical or high imperative. Workplace Analytics provides unprecedented behavioral insights that can be used to improve productivity, workforce effectiveness and employee engagement. Workplace Analytics taps into Office 365 email and calendar metadata, including to/from data, subject lines and timestamps, to shine a light on how the organization collaborates and spends time. It turns this digital exhaust—the data that comes naturally […]

Is it Time to Can the CAN-SPAM Act?

blog-thumbnail

Regulators at the U.S. Federal Trade Commission (FTC) are asking for public comment on the effectiveness of the CAN-SPAM Act, a 14-year-old federal law that seeks to crack down on unsolicited commercial email. Judging from an unscientific survey by this author, the FTC is bound to get an earful. Signed into law by President George W. Bush in 2003, the “Controlling the Assault of Non-Solicited Pornography and Marketing Act” was passed in response to a rapid increase in junk email marketing. The law makes it a misdemeanor to spoof the information in the “from:” field of any marketing message, and prohibits the sending of sexually-oriented spam without labeling it “sexually explicit.” […]

Be Careful—An Impostor May Be on the Other Side of the Phone

blog-thumbnail

Impostor scam complaints filed with the federal government soared as more and more crooks seek to separate Americans from their dollars with a simple phone call. That’s one of the findings of the Federal Trade Commission’s (FTC) annual Consumer Sentinel Network data book released earlier this year. The report’s authors warned, “The rise in impostor scam reports is due to an increase in complaints about government impostors. Impostor scams come in many varieties, but work the same way: a scammer pretends to be someone trustworthy, such as a government official or computer technician, to convince a consumer to send money.” Fraud including impostor scams resulted in the average victim paying […]