powerone

Nearly 1 Million Windows Computers Have Serious Vulnerability

If any of your business’s computers are running older versions of Windows, you need to make sure they receive a patch that fixes a vulnerability known as BlueKeep. Discover what Windows versions have this dangerous vulnerability and where you can find the patches.

Nearly 1 million computers have this security hole, according to one report. To make matters worse, the proof-of-concept code demonstrating how the vulnerability can be exploited was partially released.

The vulnerability is found in Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. It lies in the pre-authentication system used for Remote Desktop Services (formerly known as Terminal Services). This security hole is so serious that Microsoft has even released patches for Windows Vista, Windows XP, and Windows Server 2003, which have reached the end of their lifecycles and therefore are no longer officially supported.

Why the Vulnerability Is So Serious

BlueKeep has been rated as a critical vulnerability. One reason for this rating is that it’s “wormable”. This means that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” said Simon Pope, the director of incident response at the Microsoft Security Response Center, in a TechNet blog.

Pope reiterated this concern in a subsequent blog, adding that it only takes one vulnerable computer connected to the Internet to provide a gateway into a company’s network. Once inside, malware could spread from the initially compromised machine to other computers, even those that are not online. “This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” said Pope.

What to Do

No matter what versions of Windows your business is running, you should disable Remote Desktop Services if it is not being used. This is true even for Windows 10, Windows 8, Windows Server 2019, Windows Server 2016, and Windows Server 2012 machines — which do not have the BlueKeep vulnerability. Disabling this service will reduce your business’s attack surface.

Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003 machines need to be patched, even if you disable Remote Desktop Services on them. Here is the information you need to know:

Let us know if you need assistance in checking for or installing the patches to fix the BlueKeep vulnerability.

Virus flickr photo by Yu. Samoilov shared under a Creative Commons (BY) license

by powerone

5 Ways the May 2019 Update Can Make You More Efficient When Working with Windows 10

Microsoft has released the Windows 10 May 2019 Update. Here are five enhancements in this latest feature update that can improve your productivity.

On May 21, 2019, Microsoft released the Windows 10 May 2019 Update (version 1903). Learning from past mistakes, Microsoft did not rush to get the update out the door. Instead, it kept the update in the preview stage for a longer time in an effort to discover and fix all the major installation kinks.

To distribute the May 2019 Update, Microsoft is using a phased rollout through the automatic update feature in Windows Update. As a result, it might be several months before it reaches your computer. If you do not want to wait, you can manually initiate the installation process.

Since the May 2019 Update is a feature update, it includes many enhancements to Windows 10’s functionality. Here are five of them that can make you more productive:

1. Update When It Is Convenient for You

Feature updates take a while to install, which can be a problem if you are busy much of the time. The May 2019 Update includes enhancements that give you more control over the Windows update process. For starters, all Windows 10 users will be able to pause feature updates for up to 35 days. Previously, only users of the Windows 10 Pro and Enterprise editions had this capability. Plus, when you click the “Check for updates” button in the Windows Update page of the Settings app, feature updates will no longer automatically install. You will have the option to download and install them immediately or schedule a time.

The May 2019 Update also enhances the Active Hours feature in Windows Update. You use this feature to let Windows Update know when you typically use your computer. That way, it won’t install updates or perform reboots during that time. The active hours are set from 8 am to 5 pm by default, but you can manually change them. After the May 2019 Update is installed, you will have another option: let Windows Update automatically adjust your active hours based on your machine-usage patterns.

2. Search Without Cortana Bugging You

In the May 2019 Update, Cortana and Windows Search are going their separate ways. The task bar now has a Cortana button for voice queries and a search box for text searches rather than an all-in-one box.

The separation involves more than just a cosmetic change, though. Cortana and Windows Search are now distinct functions under the skin. As a result, Windows Search behaves more like its old self, before Cortana was introduced. The separation also means the settings to manage Windows Search’s permissions and history have moved. You can find them in the “Search Windows ” section of the Settings app.

3. Automatically Turn On Focus Assist for All Apps Running in Full-Screen Mode

In Windows 10, a box periodically pops up letting you know that an email, text, or another type of message has arrived. These notifications can disrupt your concentration and even stop you from working since they cover the lower right corner of your screen. Focus Assist lets you block these notifications so that you can work more efficiently.

Up until now, you could either manually enable Focus Assist or configure it to run automatically:

• During a certain time period each day
• When you are duplicating your display (e.g., mirroring your computer screen for a business presentation)
• When you are playing a game that uses DirectX technology in full-screen mode
• When you are at home

The May 2019 update adds another option to that list. You can now configure Focus Assist to turn on when you run any app in full-screen mode.

4. Remove More Unwanted Preinstalled Apps with Just Two Clicks

Like most operating system software, Windows 10 comes with apps that either Microsoft or the computer manufacturer preinstalls. Removing the built-in programs you do not want will clear up space on your computer, which can help boost your computer’s performance. When your machine works faster, so do you.

Windows 10 has always let you uninstall a few of the built-in apps from the Start menu by right-clicking the unwanted program and then clicking “Uninstall”. Thanks to the May 2019 Update, you can uninstall even more of the preloaded programs in this manner, including 3D Viewer, Calculator, Calendar, Groove Music, Mail, Movies & TV, Paint 3D, Snip & Sketch, Sticky Notes, and Voice Recorder.

5. Insert Symbols Quickly

Including symbols such as dashes (—) and plus-minus signs (±) is common when writing emails, reports, and other business documents. However, getting those symbols into documents can be time-consuming because you need to open and click through several windows to find and insert them.

The May 2019 Update adds a quick way to access symbols. You just press the Windows and period keys (Win+.) on your keyboard at the same time and select the “Symbols” tab. You will also find “Emoji” and “Kaomoji” tabs, which let you insert emoticons.

Windows update flickr photo by campuscodi shared into the public domain using Creative Commons Public Domain Dedication (CC0)

by powerone

Watch Out for This Direct Deposit Scam

Cybercriminals are trying to scam businesses into depositing employee paychecks into their bank accounts. Learn about the variations of the scam and what you can do so that your business does not become the next victim.

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts.

Variations of the Scam

Different variations of the direct deposit scam have been surfacing. Most recently, cybercriminals have been posing as employees.

In some instances, the digital con artists use a multi-stage attack. First, they send an email to a member of a company’s HR department asking how to change the direct deposit information for their paychecks. After the HR staff member responds and explains how to make the change, the cybercriminals wait a short while and send a second email. In it, they tell the HR staff member that they tried to make the change as instructed, but it did not work. They then ask the person to make the change for them and include the new bank routing number and account number in the email.

In other instances, the cybercriminals take a more direct approach by sending a message such as:

“I need to change my direct deposit info on file before the next payroll is processed. Can you get it done for me on your end?”

If the HR rep takes the bait and agrees to make the change, the cybercriminals provide the person with the new bank routing and account numbers.

In earlier versions of the scam, the cybercriminals posed as HR staff members rather than employees. The cybercriminals sent emails to employees, instructing them to click a link. The link took the employees to a spoofed (i.e., fake) HR website, where they were asked to enter their login credentials to confirm their identity. The hackers then captured the credentials and used them to access the real HR site and change the employees’ direct deposit information.

The Same Tool

In all the versions of the direct deposit scam, the cybercriminals used the same tool to execute their attacks: spear phishing emails. These emails are similar to traditional phishing emails in that they use a convincing pretense to con recipients into performing an action. However, spear phishing emails take the scam up a notch. Cybercriminals take the time to perform reconnaissance so that they can personalize the email. When it comes to spear phishing, the more personalized the email, the less likely the target will become suspicious and question its legitimacy.

Despite being personalized, spear phishing emails often have one or more of the following common elements:

• A request to update or verify information. Spear phishing emails often ask the recipients to update or verify account information. For example, as the direct deposit scam demonstrates, the recipients might be asked to change information in financial accounts. Or, they might be asked to log in to a spoofed web page to verify account information, allowing the hackers to steal their login credentials.
• A deceptive URL. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. Deceptive links often lead to spoofed websites, where cybercriminals try to steal sensitive information or install malware.
• An attachment. Hackers sometimes attach files that contain malicious code. Opening these attachments can lead to a malware infection.
• A spoofed name in the “From” field. To trick the email recipient into thinking the message is from a trusted contact, digital con artists often spoof the name that appears in the “From” field so that it shows the contact’s name.

Don’t Let Your Employees Get Scammed

Some spear phishing email recipients fell victim to the direct deposit scam, but your employees do not have to share the same fate. Educating employees about spear phishing emails and the elements commonly found in them can help staff members spot these types of scams. Employees should also learn how to check for deceptive URLs and spoofed names in an email’s “From” field.

There are other measures you can take as well. You should make sure that employees’ names, email addresses, and job positions are not publicly available. Similarly, you should warn employees of the dangers of posting details about their jobs on social media sites. Limiting the amount of publicly available information will make it harder for cybercriminals to find the details they need to personalize the emails.

It is also important to keep the company’s security and email filtering programs up-to-date. These programs can catch many spear-phishing emails but not all. The more personalized and polished an email is, the less likely it will be caught by these programs.

More advanced solutions designed to catch spear phishing and other types of malicious emails are available. We can help you determine whether or not that is a good option for your business.

email flickr photo by Skley shared under a Creative Commons (BY-ND) license

by powerone

Don’t Let Your Phone Stalk You

Stalkerware is legal but often considered unethical. Find out what stalkerware is and how it can get on your smartphone.

The idea of someone tracking your whereabouts and eavesdropping on your conversations can be unsettling. Yet, more than 58,000 Google Android users had this happen to them. That’s because these individuals had stalkerware installed on their smartphones.

Stalkerware is not limited to Android phones. It can be installed on smartphones of virtually any make or model. (It can even be installed on other computing devices such as tablets and laptops.) To protect against this threat, you need to know what stalkerware is and how it can get on your phone.

Stalkerware 101

Stalkerware is commercial spyware offered by companies, not cybercriminals. Usually marketed as a solution to track employees or monitor children, it is set up like a Software as a Service (SaaS) offering. Customers pay a monthly fee to access data collected by a client app they installed on the phones they want to stalk. Although legal in many countries, stalkerware is increasingly being considered unethical because of the types of information it collects and how the data is gathered.

If a stalkerware app is installed on your phone, it will collect information on pretty much everything you do. For example, besides tracking the places you visit in both the physical and digital realms, it will log your calls, stockpile the photos you take, and amass the emails and text messages you send and receive.

All this information is sent to and stored on the stalkerware company’s servers. The customer (aka stalker) will have access to it as long as they continue to pay for the service. It typically costs between $16 and $68 per month, according to one report.

While some stalkerware apps will display a visible marker on the phone’s screen to let people know they are being watched, most operate in stealth mode. Several apps even go to great lengths to avoid detection, such as masking themselves as a system service in a phone’s installed applications list. Thanks to tactics like these, stalkerware victims are often unaware they are being tracked.

How Stalkerware Gets on Phones

Although stalkerware is legal, official app stores like Google Play and the App Store typically ban it. (Parental control software and programs designed to find lost phones are not considered stalkerware, which is why you will find them in app stores.) However, an Internet search will quickly reveal websites of companies that offer stalkerware.

The main method in which stalkerware apps get on phones is manual installation, according to security experts. The installation process is pretty straightforward — stalkers do not need to be techies to get the apps working. A few companies will even deliver phones with their stalkerware apps preinstalled to customers who are technically challenged.

The Dangers

Few people will contest that the kind of information gathered by stalkerware can be dangerous. Case studies have shown that it can lead to stalkers harassing, blackmailing, and even physically abusing their victims.

There are also other dangers that aren’t as obvious. Outsiders might see the captured data one of several ways:

• Since the data gets stored on the stalkerware company’s servers, staff members might access and look at the data.
• The data might get inadvertently leaked to the world at large. For example, millions of records collected by the mSpy stalkerware app were leaked because the company failed to properly protect its database. The leaked records included call logs, text messages, contacts, and location data.
• Hackers might breach the data. For instance, Retina-X Studios was breached twice by the same hacker. The hacker accessed and exposed the photos collected by two of its stalkerware apps.

Help Is on the Way

Efforts to crack down on the stalkerware industry are being led by the Electronic Frontier Foundation (EFF). One action the EFF is advocating is for security software companies to treat stalkerware as a serious threat. Often, that’s not the case. A 2018 study found that most security programs do a poor job of detecting and flagging stalkerware as a dangerous app.

Partnering with EFF, Kaspersky Lab has taken the first step toward cracking down on stalkerware. Previously, its Internet Security for Android software flagged stalkerware apps as suspicious but then displayed a “not a virus” message, which was confusing for users. Now there is no question about the dangers. The software displays a large “Privacy alert” message for any blacklisted stalkerware apps it finds installed on phones. After explaining what the app can do (e.g., eavesdrop on calls, read text messages), the security software gives users the option to delete or quarantine the program. Alternatively, users can decide to leave the app on their devices.

How to Protect Yourself in the Meantime

The EFF hopes that other security software companies will follow in Kaspersky Lab’s footsteps. In the meantime, the best way to protect yourself from stalkerware is to prevent its installation on your phone. Since manual installation is the primary way it gets on devices, there is a simple but effective preemptive measure: Lock your phone when you are not using it.

Smartphones usually provide more than one authentication method to unlock them, so you can use the method with which you feel most comfortable. For example, you might want to use a password or biometric authentication (e.g., iPhone’s Face ID). If you use a password, be sure it is strong and unique — and do not share it with anyone.

If you suspect your phone already has stalkerware on it but your security software does not specifically flag this type of program as a threat, you can check the phone’s activity monitor for suspicious processes. We can help, as it is not always easy to determine which processes are of concern.

phone privacy flickr photo by stockcatalog shared under a Creative Commons (BY) license

by powerone

Hackers Are Hunting for Bigger Game with New Version of Ransomware

Pinchy Spider and GandCrab sound like scoundrels in a super-hero comic book, but they are real-life villains in the business world. Learn how to defend your company against the Pinchy Spider hacking group’s latest tactics and its newest version of the GandCrab ransomware.

Back in January 2018, a hacking group known as Pinchy Spider launched the GandCrab ransomware. It quickly became a dangerous form of ransomware, thanks to the group continually making adaptations to it.

Pinchy Spider has not slowed down in its quest to make GandCrab more deadly. Researchers recently discovered that a new version of the ransomware is making the rounds. Just as important, they discovered signs that Pinchy Spider is trying to catch bigger prey with it.

The Growing Trend of Big Game Hunting

Big game hunting is a growing trend among cybercriminals. To quickly increase revenue, hackers are turning to more targeted attacks of bigger game. For example, instead of sending phishing emails to the masses to spread malware, cybercriminals are using reconnaissance and sophisticated delivery methods to reach specific targets that will yield more profits.

Big game hunting fits well with Pinchy Spider’s “ransomware-as-a-service” business. In other words, it lets other cybercriminals (aka “customers”) use the malware it creates to carryout cyberattacks for a share of the profit. Typically, the hacker group uses a 60-40 ratio to split the profits, where 60% goes to the customers. However, Pinchy Spider is now advertising that it is willing to negotiate up to a 70-30 split for “sophisticated” customers. This change coupled with the fact that Pinchy Spider is actively recruiting hackers with networking, Remote Desktop Protocol (RDP), and virtual network computing experience is leading security analysts to believe that Pinchy Spider is hopping onto the big game hunting bandwagon.

GandCrab Well Suited for Big Game Hunting

GandCrab is well suited for targeted attacks of bigger game. While most ransomware is distributed through phishing emails, GandCrab takes a different route to its victims. It is distributed through exploit kits. Cybercriminals use these kits to find and exploit known software vulnerabilities in order to carry out malicious activities. In this case, Pinchy Spider created several exploit kits to look for weaknesses in the Java Runtime Environment, Adobe Flash Player, Microsoft Internet Explorer, and other software. If found, the kits exploit the vulnerabilities to launch VBScript, JavaScript, and other types of code that installs GandCrab.

Once the ransomware is installed on a computer, it does not immediately start encrypting the files on it. Instead, it lays dormant while the hackers try to use RDP and credentials they stole from the compromised machine to access and install the ransomware on other computers — preferably hosts or servers — in company’s network. In one instance, the cybercriminals were able to access a business’s domain controller (DC). They then used the IT systems management application installed on the DC to deploy GandCrab throughout the network.

When the hackers have finished infecting the targeted computers, they trigger GandCrab to start encrypting files with an RSA algorithm. GandCrab then demands payment in Dash (a form of cryptocurrency) to decrypt the files. While most ransomware blackmailers demand one payment to unlock the files on all the infected machines, Pinchy Spider and its customers request payment on a per-computer basis, especially if hosts or servers have been compromised.

How to Protect Your Business against GandCrab

Taking several measures can go a long way in protecting against a GandCrab attack:

• Patch known vulnerabilities by regularly updating all software on each computer in your company, including workstations, hosts, and servers. Patching will eliminate many of the vulnerabilities that exploit kits use to access machines.
• Make sure the security software is being updated on each computer. Even hosts and servers should be running security software. It can help defend against known ransomware threats and other types of malware attacks.
• Secure RDP. Hackers like to exploit RDP to access businesses’ hosts and servers, so it needs to be secured. There are several ways to do this, such as deploying an RDP gateway and limiting who can use RDP to log in to the network.
• Use two-step verification for the service and software accounts on your hosts and servers. That way, even if a password is compromised, it cannot be used to gain access to those accounts. If using two-step verification (also known as two-factor authentication) is not possible, at least use strong account passwords and implement an account lockout policy to foil brute force password-cracking attacks.
• Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a GandCrab attack, you won’t have to pay the ransom if the attack is successful.

We can help you implement these measures as well as provide recommendations on how to further protect against GandCrab and other types of ransomware.

Locky ransomware: source code flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license

by powerone

Are Your Employees Inadvertently Exposing Your Company’s Sensitive Data?

The ease in which employees can now share information coupled with current cultural trends is causing accidental data leaks in many businesses. Learn how to prevent employees from accidentally exposing your organization’s sensitive data.

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study.

The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided by both on-premises systems and cloud service providers (e.g., Google Gmail) topped the list. Examples of email-based accidents include sending emails to the wrong address (which can easily occur when the auto-completion feature is enabled) and forwarding messages that contain sensitive information.

Other technologies that are commonly involved in accidental data leaks by employees include:

• File-sharing services (e.g., Dropbox)
• Collaboration tools (e.g., Slack)
• Messaging apps (e.g., WhatsApp)

The common denominator among these technologies is that they all are tools for sharing information.

The Perfect Storm and Its Aftermath

The ease in which employees can now share information coupled with current cultural trends is causing “the perfect storm” for accidental data leaks, according to Mark Bower, Egress Chief Revenue Officer and NA general manager. “The explosive growth of unstructured data in email, messaging apps, and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections,” said Bower. “Combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” he said.

The damage caused by this perfect storm could be grim. For example, suppose an employee emails a sensitive file that is not protected in any way to several coworkers for review. One of the coworkers might review the document on an unsecured personal device (e.g., a smartphone), opening up the possibility that it could fall into hackers’ hands. Or, the coworker might mistakenly forward the message to another employee, not realizing that the person should not be looking at the file.

Sending sensitive documents via file-sharing services adds another risk. Some of these services offer a feature that synchronizes files put in a shared folder across all registered devices. If an employee places a sensitive file in a shared folder without knowing that folder’s members, the file might be sent to multiple people who should not be seeing it.

How to Avoid Getting Caught in the Storm

To minimize the number of accidental data leaks caused by employee errors, companies might consider taking some of the following precautions:

• Document the company’s rules regarding the sharing of sensitive data in a new or existing policy. If sharing is allowed, be sure to specify the conditions under which it is sanctioned and create procedures on how to properly share this data.
• Provide employee training. After documenting the rules and procedures, let employees know about them. Be sure to discuss what is considered sensitive data and how accidental leaks can occur.
• Use encryption. Encryption is one of the most effective ways to protect sensitive data that has accidentally fallen into the wrong hands. Various encryption strategies exist to meet different needs.
• Limit employee access to sensitive data. Employees might not realize or might forget that certain types of data are sensitive. By using access controls, you can prevent them from obtaining and sharing that data.
• Use a solution that automatically identifies sensitive files and prevents them from being copied into emails or other tools.

Every company should document its rules regarding the sharing of sensitive data and train employees. The other precautions to take, though, will depend on your business’s data, operations, and employees. We can explain the different encryption strategies, types of access controls, and other types of solutions so you can make an informed choice.

women entreprenurs serious brainstorming credit to https://1dayreview.com flickr photo by 1DayReview shared under a Creative Commons (BY) license

by powerone