Blog – Page 6 – PowerOne

Nearly 1 Million Windows Computers Have Serious Vulnerability

If any of your business’s computers are running older versions of Windows, you need to make sure they receive a patch that fixes a vulnerability known as BlueKeep. Discover what Windows versions have this dangerous vulnerability and where you can find the patches.

Nearly 1 million computers have this security hole, according to one report. To make matters worse, the proof-of-concept code demonstrating how the vulnerability can be exploited was partially released.

The vulnerability is found in Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. It lies in the pre-authentication system used for Remote Desktop Services (formerly known as Terminal Services). This security hole is so serious that Microsoft has even released patches for Windows Vista, Windows XP, and Windows Server 2003, which have reached the end of their lifecycles and therefore are no longer officially supported.

Why the Vulnerability Is So Serious

BlueKeep has been rated as a critical vulnerability. One reason for this rating is that it’s “wormable”. This means that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” said Simon Pope, the director of incident response at the Microsoft Security Response Center, in a TechNet blog.

Pope reiterated this concern in a subsequent blog, adding that it only takes one vulnerable computer connected to the Internet to provide a gateway into a company’s network. Once inside, malware could spread from the initially compromised machine to other computers, even those that are not online. “This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed,” said Pope.

What to Do

No matter what versions of Windows your business is running, you should disable Remote Desktop Services if it is not being used. This is true even for Windows 10, Windows 8, Windows Server 2019, Windows Server 2016, and Windows Server 2012 machines — which do not have the BlueKeep vulnerability. Disabling this service will reduce your business’s attack surface.

Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003 machines need to be patched, even if you disable Remote Desktop Services on them. Here is the information you need to know:

Let us know if you need assistance in checking for or installing the patches to fix the BlueKeep vulnerability.

Virus flickr photo by Yu. Samoilov shared under a Creative Commons (BY) license

by powerone

5 Ways the May 2019 Update Can Make You More Efficient When Working with Windows 10

Microsoft has released the Windows 10 May 2019 Update. Here are five enhancements in this latest feature update that can improve your productivity.

On May 21, 2019, Microsoft released the Windows 10 May 2019 Update (version 1903). Learning from past mistakes, Microsoft did not rush to get the update out the door. Instead, it kept the update in the preview stage for a longer time in an effort to discover and fix all the major installation kinks.

To distribute the May 2019 Update, Microsoft is using a phased rollout through the automatic update feature in Windows Update. As a result, it might be several months before it reaches your computer. If you do not want to wait, you can manually initiate the installation process.

Since the May 2019 Update is a feature update, it includes many enhancements to Windows 10’s functionality. Here are five of them that can make you more productive:

Update When It Is Convenient for You

Feature updates take a while to install, which can be a problem if you are busy much of the time. The May 2019 Update includes enhancements that give you more control over the Windows update process. For starters, all Windows 10 users will be able to pause feature updates for up to 35 days. Previously, only users of the Windows 10 Pro and Enterprise editions had this capability. Plus, when you click the “Check for updates” button in the Windows Update page of the Settings app, feature updates will no longer automatically install. You will have the option to download and install them immediately or schedule a time.

The May 2019 Update also enhances the Active Hours feature in Windows Update. You use this feature to let Windows Update know when you typically use your computer. That way, it won’t install updates or perform reboots during that time. The active hours are set from 8 am to 5 pm by default, but you can manually change them. After the May 2019 Update is installed, you will have another option: let Windows Update automatically adjust your active hours based on your machine-usage patterns.

Search Without Cortana Bugging You

In the May 2019 Update, Cortana and Windows Search are going their separate ways. The task bar now has a Cortana button for voice queries and a search box for text searches rather than an all-in-one box.

The separation involves more than just a cosmetic change, though. Cortana and Windows Search are now distinct functions under the skin. As a result, Windows Search behaves more like its old self, before Cortana was introduced. The separation also means the settings to manage Windows Search’s permissions and history have moved. You can find them in the “Search Windows ” section of the Settings app.

Automatically Turn On Focus Assist for All Apps Running in Full-Screen Mode

In Windows 10, a box periodically pops up letting you know that an email, text, or another type of message has arrived. These notifications can disrupt your concentration and even stop you from working since they cover the lower right corner of your screen. Focus Assist lets you block these notifications so that you can work more efficiently.

Up until now, you could either manually enable Focus Assist or configure it to run automatically:

During a certain time period each day
When you are duplicating your display (e.g., mirroring your computer screen for a business presentation)
When you are playing a game that uses DirectX technology in full-screen mode
When you are at home

The May 2019 update adds another option to that list. You can now configure Focus Assist to turn on when you run any app in full-screen mode.

Remove More Unwanted Preinstalled Apps with Just Two Clicks

Like most operating system software, Windows 10 comes with apps that either Microsoft or the computer manufacturer preinstalls. Removing the built-in programs you do not want will clear up space on your computer, which can help boost your computer’s performance. When your machine works faster, so do you.

Windows 10 has always let you uninstall a few of the built-in apps from the Start menu by right-clicking the unwanted program and then clicking “Uninstall”. Thanks to the May 2019 Update, you can uninstall even more of the preloaded programs in this manner, including 3D Viewer, Calculator, Calendar, Groove Music, Mail, Movies & TV, Paint 3D, Snip & Sketch, Sticky Notes, and Voice Recorder.

Insert Symbols Quickly

Including symbols such as dashes (—) and plus-minus signs (±) is common when writing emails, reports, and other business documents. However, getting those symbols into documents can be time-consuming because you need to open and click through several windows to find and insert them.

The May 2019 Update adds a quick way to access symbols. You just press the Windows and period keys (Win+.) on your keyboard at the same time and select the “Symbols” tab. You will also find “Emoji” and “Kaomoji” tabs, which let you insert emoticons.

Windows update flickr photo by campuscodi shared into the public domain using Creative Commons Public Domain Dedication (CC0)

by powerone

Watch Out for This Direct Deposit Scam

Cybercriminals are trying to scam businesses into depositing employee paychecks into their bank accounts. Learn about the variations of the scam and what you can do so that your business does not become the next victim.

Most companies use direct deposit to pay their employees. In the United States, for example, more than 80% of workers have their paychecks deposited directly into their personal bank accounts. This is providing many opportunities for cybercriminals to perpetuate their latest scam — trying to get businesses to deposit employee paychecks into their accounts.

Variations of the Scam

Different variations of the direct deposit scam have been surfacing. Most recently, cybercriminals have been posing as employees.

In some instances, the digital con artists use a multi-stage attack. First, they send an email to a member of a company’s HR department asking how to change the direct deposit information for their paychecks. After the HR staff member responds and explains how to make the change, the cybercriminals wait a short while and send a second email. In it, they tell the HR staff member that they tried to make the change as instructed, but it did not work. They then ask the person to make the change for them and include the new bank routing number and account number in the email.

In other instances, the cybercriminals take a more direct approach by sending a message such as:

“I need to change my direct deposit info on file before the next payroll is processed. Can you get it done for me on your end?”

If the HR rep takes the bait and agrees to make the change, the cybercriminals provide the person with the new bank routing and account numbers.

In earlier versions of the scam, the cybercriminals posed as HR staff members rather than employees. The cybercriminals sent emails to employees, instructing them to click a link. The link took the employees to a spoofed (i.e., fake) HR website, where they were asked to enter their login credentials to confirm their identity. The hackers then captured the credentials and used them to access the real HR site and change the employees’ direct deposit information.

The Same Tool

In all the versions of the direct deposit scam, the cybercriminals used the same tool to execute their attacks: spear phishing emails. These emails are similar to traditional phishing emails in that they use a convincing pretense to con recipients into performing an action. However, spear phishing emails take the scam up a notch. Cybercriminals take the time to perform reconnaissance so that they can personalize the email. When it comes to spear phishing, the more personalized the email, the less likely the target will become suspicious and question its legitimacy.

Despite being personalized, spear phishing emails often have one or more of the following common elements:

A request to update or verify information. Spear phishing emails often ask the recipients to update or verify account information. For example, as the direct deposit scam demonstrates, the recipients might be asked to change information in financial accounts. Or, they might be asked to log in to a spoofed web page to verify account information, allowing the hackers to steal their login credentials.
A deceptive URL. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. Deceptive links often lead to spoofed websites, where cybercriminals try to steal sensitive information or install malware.
An attachment. Hackers sometimes attach files that contain malicious code. Opening these attachments can lead to a malware infection.
A spoofed name in the “From” field. To trick the email recipient into thinking the message is from a trusted contact, digital con artists often spoof the name that appears in the “From” field so that it shows the contact’s name.

Don’t Let Your Employees Get Scammed

Some spear phishing email recipients fell victim to the direct deposit scam, but your employees do not have to share the same fate. Educating employees about spear phishing emails and the elements commonly found in them can help staff members spot these types of scams. Employees should also learn how to check for deceptive URLs and spoofed names in an email’s “From” field.

There are other measures you can take as well. You should make sure that employees’ names, email addresses, and job positions are not publicly available. Similarly, you should warn employees of the dangers of posting details about their jobs on social media sites. Limiting the amount of publicly available information will make it harder for cybercriminals to find the details they need to personalize the emails.

It is also important to keep the company’s security and email filtering programs up-to-date. These programs can catch many spear-phishing emails but not all. The more personalized and polished an email is, the less likely it will be caught by these programs.

More advanced solutions designed to catch spear phishing and other types of malicious emails are available. We can help you determine whether or not that is a good option for your business.

email flickr photo by Skley shared under a Creative Commons (BY-ND) license

by powerone

Don’t Let Your Phone Stalk You

Stalkerware is legal but often considered unethical. Find out what stalkerware is and how it can get on your smartphone.

The idea of someone tracking your whereabouts and eavesdropping on your conversations can be unsettling. Yet, more than 58,000 Google Android users had this happen to them. That’s because these individuals had stalkerware installed on their smartphones.

Stalkerware is not limited to Android phones. It can be installed on smartphones of virtually any make or model. (It can even be installed on other computing devices such as tablets and laptops.) To protect against this threat, you need to know what stalkerware is and how it can get on your phone.

Stalkerware 101

Stalkerware is commercial spyware offered by companies, not cybercriminals. Usually marketed as a solution to track employees or monitor children, it is set up like a Software as a Service (SaaS) offering. Customers pay a monthly fee to access data collected by a client app they installed on the phones they want to stalk. Although legal in many countries, stalkerware is increasingly being considered unethical because of the types of information it collects and how the data is gathered.

If a stalkerware app is installed on your phone, it will collect information on pretty much everything you do. For example, besides tracking the places you visit in both the physical and digital realms, it will log your calls, stockpile the photos you take, and amass the emails and text messages you send and receive.

All this information is sent to and stored on the stalkerware company’s servers. The customer (aka stalker) will have access to it as long as they continue to pay for the service. It typically costs between $16 and $68 per month, according to one report.

While some stalkerware apps will display a visible marker on the phone’s screen to let people know they are being watched, most operate in stealth mode. Several apps even go to great lengths to avoid detection, such as masking themselves as a system service in a phone’s installed applications list. Thanks to tactics like these, stalkerware victims are often unaware they are being tracked.

How Stalkerware Gets on Phones

Although stalkerware is legal, official app stores like Google Play and the App Store typically ban it. (Parental control software and programs designed to find lost phones are not considered stalkerware, which is why you will find them in app stores.) However, an Internet search will quickly reveal websites of companies that offer stalkerware.

The main method in which stalkerware apps get on phones is manual installation, according to security experts. The installation process is pretty straightforward — stalkers do not need to be techies to get the apps working. A few companies will even deliver phones with their stalkerware apps preinstalled to customers who are technically challenged.

The Dangers

Few people will contest that the kind of information gathered by stalkerware can be dangerous. Case studies have shown that it can lead to stalkers harassing, blackmailing, and even physically abusing their victims.

There are also other dangers that aren’t as obvious. Outsiders might see the captured data one of several ways:

Since the data gets stored on the stalkerware company’s servers, staff members might access and look at the data.
The data might get inadvertently leaked to the world at large. For example, millions of records collected by the mSpy stalkerware app were leaked because the company failed to properly protect its database. The leaked records included call logs, text messages, contacts, and location data.
Hackers might breach the data. For instance, Retina-X Studios was breached twice by the same hacker. The hacker accessed and exposed the photos collected by two of its stalkerware apps.

Help Is on the Way

Efforts to crack down on the stalkerware industry are being led by the Electronic Frontier Foundation (EFF). One action the EFF is advocating is for security software companies to treat stalkerware as a serious threat. Often, that’s not the case. A 2018 study found that most security programs do a poor job of detecting and flagging stalkerware as a dangerous app.

Partnering with EFF, Kaspersky Lab has taken the first step toward cracking down on stalkerware. Previously, its Internet Security for Android software flagged stalkerware apps as suspicious but then displayed a “not a virus” message, which was confusing for users. Now there is no question about the dangers. The software displays a large “Privacy alert” message for any blacklisted stalkerware apps it finds installed on phones. After explaining what the app can do (e.g., eavesdrop on calls, read text messages), the security software gives users the option to delete or quarantine the program. Alternatively, users can decide to leave the app on their devices.

How to Protect Yourself in the Meantime

The EFF hopes that other security software companies will follow in Kaspersky Lab’s footsteps. In the meantime, the best way to protect yourself from stalkerware is to prevent its installation on your phone. Since manual installation is the primary way it gets on devices, there is a simple but effective preemptive measure: Lock your phone when you are not using it.

Smartphones usually provide more than one authentication method to unlock them, so you can use the method with which you feel most comfortable. For example, you might want to use a password or biometric authentication (e.g., iPhone’s Face ID). If you use a password, be sure it is strong and unique — and do not share it with anyone.

If you suspect your phone already has stalkerware on it but your security software does not specifically flag this type of program as a threat, you can check the phone’s activity monitor for suspicious processes. We can help, as it is not always easy to determine which processes are of concern.

phone privacy flickr photo by stockcatalog shared under a Creative Commons (BY) license

by powerone

Hackers Are Hunting for Bigger Game with New Version of Ransomware

Pinchy Spider and GandCrab sound like scoundrels in a super-hero comic book, but they are real-life villains in the business world. Learn how to defend your company against the Pinchy Spider hacking group’s latest tactics and its newest version of the GandCrab ransomware.

Back in January 2018, a hacking group known as Pinchy Spider launched the GandCrab ransomware. It quickly became a dangerous form of ransomware, thanks to the group continually making adaptations to it.

Pinchy Spider has not slowed down in its quest to make GandCrab more deadly. Researchers recently discovered that a new version of the ransomware is making the rounds. Just as important, they discovered signs that Pinchy Spider is trying to catch bigger prey with it.

The Growing Trend of Big Game Hunting

Big game hunting is a growing trend among cybercriminals. To quickly increase revenue, hackers are turning to more targeted attacks of bigger game. For example, instead of sending phishing emails to the masses to spread malware, cybercriminals are using reconnaissance and sophisticated delivery methods to reach specific targets that will yield more profits.

Big game hunting fits well with Pinchy Spider’s “ransomware-as-a-service” business. In other words, it lets other cybercriminals (aka “customers”) use the malware it creates to carryout cyberattacks for a share of the profit. Typically, the hacker group uses a 60-40 ratio to split the profits, where 60% goes to the customers. However, Pinchy Spider is now advertising that it is willing to negotiate up to a 70-30 split for “sophisticated” customers. This change coupled with the fact that Pinchy Spider is actively recruiting hackers with networking, Remote Desktop Protocol (RDP), and virtual network computing experience is leading security analysts to believe that Pinchy Spider is hopping onto the big game hunting bandwagon.

GandCrab Well Suited for Big Game Hunting

GandCrab is well suited for targeted attacks of bigger game. While most ransomware is distributed through phishing emails, GandCrab takes a different route to its victims. It is distributed through exploit kits. Cybercriminals use these kits to find and exploit known software vulnerabilities in order to carry out malicious activities. In this case, Pinchy Spider created several exploit kits to look for weaknesses in the Java Runtime Environment, Adobe Flash Player, Microsoft Internet Explorer, and other software. If found, the kits exploit the vulnerabilities to launch VBScript, JavaScript, and other types of code that installs GandCrab.

Once the ransomware is installed on a computer, it does not immediately start encrypting the files on it. Instead, it lays dormant while the hackers try to use RDP and credentials they stole from the compromised machine to access and install the ransomware on other computers — preferably hosts or servers — in company’s network. In one instance, the cybercriminals were able to access a business’s domain controller (DC). They then used the IT systems management application installed on the DC to deploy GandCrab throughout the network.

When the hackers have finished infecting the targeted computers, they trigger GandCrab to start encrypting files with an RSA algorithm. GandCrab then demands payment in Dash (a form of cryptocurrency) to decrypt the files. While most ransomware blackmailers demand one payment to unlock the files on all the infected machines, Pinchy Spider and its customers request payment on a per-computer basis, especially if hosts or servers have been compromised.

How to Protect Your Business against GandCrab

Taking several measures can go a long way in protecting against a GandCrab attack:

Patch known vulnerabilities by regularly updating all software on each computer in your company, including workstations, hosts, and servers. Patching will eliminate many of the vulnerabilities that exploit kits use to access machines.
Make sure the security software is being updated on each computer. Even hosts and servers should be running security software. It can help defend against known ransomware threats and other types of malware attacks.
Secure RDP. Hackers like to exploit RDP to access businesses’ hosts and servers, so it needs to be secured. There are several ways to do this, such as deploying an RDP gateway and limiting who can use RDP to log in to the network.
Use two-step verification for the service and software accounts on your hosts and servers. That way, even if a password is compromised, it cannot be used to gain access to those accounts. If using two-step verification (also known as two-factor authentication) is not possible, at least use strong account passwords and implement an account lockout policy to foil brute force password-cracking attacks.
Regularly back up files and systems, and make sure the backups can be successfully restored. Although having restorable backups will not prevent a GandCrab attack, you won’t have to pay the ransom if the attack is successful.

We can help you implement these measures as well as provide recommendations on how to further protect against GandCrab and other types of ransomware.

Locky ransomware: source code flickr photo by Christiaan Colen shared under a Creative Commons (BY-SA) license

by powerone

Are Your Employees Inadvertently Exposing Your Company’s Sensitive Data?

The ease in which employees can now share information coupled with current cultural trends is causing accidental data leaks in many businesses. Learn how to prevent employees from accidentally exposing your organization’s sensitive data.

The number is eye-opening: 83% of companies believe that employee errors have put sensitive business and customer data at risk of exposure, according to a study by Egress. More than 1,000 security professionals at US-based companies participated in this study.

The study also identified the technologies that most often involved in this type of accidental data leak. Email services provided by both on-premises systems and cloud service providers (e.g., Google Gmail) topped the list. Examples of email-based accidents include sending emails to the wrong address (which can easily occur when the auto-completion feature is enabled) and forwarding messages that contain sensitive information.

Other technologies that are commonly involved in accidental data leaks by employees include:

File-sharing services (e.g., Dropbox)
Collaboration tools (e.g., Slack)
Messaging apps (e.g., WhatsApp)

The common denominator among these technologies is that they all are tools for sharing information.

The Perfect Storm and Its Aftermath

The ease in which employees can now share information coupled with current cultural trends is causing “the perfect storm” for accidental data leaks, according to Mark Bower, Egress Chief Revenue Officer and NA general manager. “The explosive growth of unstructured data in email, messaging apps, and collaboration platforms has made it easier than ever for employees to share data beyond traditional security protections,” said Bower. “Combine this with the growing cultural need to share everything immediately, and organizations are facing the perfect storm for an accidental breach,” he said.

The damage caused by this perfect storm could be grim. For example, suppose an employee emails a sensitive file that is not protected in any way to several coworkers for review. One of the coworkers might review the document on an unsecured personal device (e.g., a smartphone), opening up the possibility that it could fall into hackers’ hands. Or, the coworker might mistakenly forward the message to another employee, not realizing that the person should not be looking at the file.

Sending sensitive documents via file-sharing services adds another risk. Some of these services offer a feature that synchronizes files put in a shared folder across all registered devices. If an employee places a sensitive file in a shared folder without knowing that folder’s members, the file might be sent to multiple people who should not be seeing it.

How to Avoid Getting Caught in the Storm

To minimize the number of accidental data leaks caused by employee errors, companies might consider taking some of the following precautions:

Document the company’s rules regarding the sharing of sensitive data in a new or existing policy. If sharing is allowed, be sure to specify the conditions under which it is sanctioned and create procedures on how to properly share this data.
Provide employee training. After documenting the rules and procedures, let employees know about them. Be sure to discuss what is considered sensitive data and how accidental leaks can occur.
Use encryption. Encryption is one of the most effective ways to protect sensitive data that has accidentally fallen into the wrong hands. Various encryption strategies exist to meet different needs.
Limit employee access to sensitive data. Employees might not realize or might forget that certain types of data are sensitive. By using access controls, you can prevent them from obtaining and sharing that data.
Use a solution that automatically identifies sensitive files and prevents them from being copied into emails or other tools.

Every company should document its rules regarding the sharing of sensitive data and train employees. The other precautions to take, though, will depend on your business’s data, operations, and employees. We can explain the different encryption strategies, types of access controls, and other types of solutions so you can make an informed choice.

women entreprenurs serious brainstorming credit to https://1dayreview.com flickr photo by 1DayReview shared under a Creative Commons (BY) license

by powerone

Malvertising Is Likely Coming to a Browser Near You

Cybercriminals are increasingly posting malicious ads on legitimate websites to obtain data and spread malware. Discover how malvertising works and what you can do to protect your business from it.

Cybercriminals do not take holidays off — in fact, they often use them to their advantage. That's how a group of hackers celebrated President's Day in the United States. They launched a massive malicious advertising (malvertising) campaign that involved more than 800 million ad impressions on legitimate websites between February 16-19, 2019, according to Confiant security researchers. The ads were designed to trick users into entering personal and financial information in order forms for fake products.

A Serious Problem

Malvertising is a serious problem. Avast notes that it is one of the top five endpoint threats affecting small businesses. That's because cybercriminals are increasingly posting malvertising on legitimate websites in order to:

Obtain sensitive data. Like in the President's Day campaign, hackers use malvertising to obtain sensitive data, such as payment card or bank account information.
Deliver exploit kits. These kits are designed to find known vulnerabilities in systems. If a vulnerability is found, it is used to install malware or carry out other types of malicious activities.
Deliver malicious payloads directly. Pop-up ads, for example, can deliver malware as soon as they appear or after people click the "X" button to close them.

The Devious Ways in Which Malvertising Works

To understand how malvertising works, you need to know how web browsers render web pages. When you visit a web page, your browser automatically receives the page's content so it can display the page. So, for example, when you visit your favorite business news website, all the articles, pictures, ads (malicious or not), and other elements on the page are automatically sent to your browser.

What the malvertising does next depends on whether it includes malicious code. For instance, suppose hackers want to deliver an exploit kit. One way they can do this is to create ads that try to lure you into clicking a link. The ad itself does not contain any malicious code. However, if you click the link, you will be sent to a server that delivers an exploit kit. If the kit finds a vulnerability, it is used to install malware on your device.

Even worse, some malicious ads deliver exploit kits without you doing anything other than going to your favorite website. In this case, the malvertising contains code that automatically redirects your browser to a server, which delivers the exploit kit. The redirection occurs behind the scenes, without you clicking a single link.

How Hackers Get Malicious Ads on Legitimate Websites

Hacking into legitimate websites and inserting malicious ads is a lot of work. That's why cybercriminals typically pose as businesspeople to get their malvertising online. This ruse is successful because there are many different ways to get ads on websites (e.g., through advertising agencies, using advertising networks) and there is no standard vetting process. The groups involved in getting ads often do not request much information from the people submitting them. Plus, while some groups check ads before accepting them, others do not.

Even if the ads are checked, hackers find ways around the screenings. For example, sometimes they submit their ads with the malicious code disabled and then enable it after the ad is accepted and put online. In addition, hackers often remove the malicious code from their ads shortly after they are posted to make it more difficult to detect and track their attacks.

How to Protect Your Business

While the digital ad industry knows about malvertising and is taking steps to mitigate the problem, it will be awhile before these ads are no longer a threat. Thus, you need to proactively protect your business. Here are some of the measures you can take:

Educate employees about malvertising. Be sure to discuss the dangers of clicking links in ads, as the ads might be malicious.
Tell employees about the dangers of allowing pop-ups and redirects. Most modern web browsers block pop-ups and redirects by default, but this functionality can be manually disabled. Let employees know this is dangerous since malvertising sometimes uses both pop-ups and redirects. Similarly, let them know they should not enable web content that has been disabled by their web browsers or security software, as it might contain malicious ads.
Uninstall browser plug-ins and extensions not being used. This will reduce the computers' attack surface. For the plug-ins and extensions being used, consider configuring web browsers so that plug-ins and extensions are automatically disabled but can be manually enabled on a case-by-case basis.
Update software regularly, including browser plugins and extensions. Exploit kits look for known vulnerabilities in software. Patching these vulnerabilities helps eliminate entry points into devices.
Install ad blockers. Ad blockers remove or modify all ad content on web pages. However, they might unintentionally block non-ad content, causing a web page to display improperly or not at all.

We can help you develop a customized strategy to protect your business's devices from malvertising and other types of cyberattacks.

by Dobson

How the Models in the Samsung Galaxy S10 Series Stack Up

Samsung is launching four models of its flagship smartphone, the Galaxy S10. Discover when these smartphones will be released and how they differ from each other.

The Galaxy S10 (standard model), Galaxy S10+ (deluxe model), and Galaxy S10e (entry-level model) are expected to arrive in stores on March 8. Samsung will also be releasing its first 5G-ready phone, the Galaxy S10 5G, but it won't be available until the second quarter of 2019.

So, if you are in the market for a new Galaxy S phone, you have several choices. Here are some considerations to keep in mind when deciding which model would work best for you.

What the Galaxy S10 Models Have in Common

All four of the Galaxy S10 models ship with the Google Android Pie (version 9.0) operating system. The hardware powering this software is either the Qualcomm Snapdragon 855 processor (United States and China) or Exynos 9820 (Europe and India). Other features that the S10, S10+, S10e, and S10 5G share include:

Edge-to-edge display.One of the first things people notice about the Galaxy S10 phones is their edge-to-edge displays. To maximize the size of the phones' screens, Samsung trimmed the bezels and eliminated the selfie camera notch at the top. All the phones have Dynamic AMOLED Infinity-O displays. Samsungtouts that this type of screen reduces harmful blue light without changing the onscreen colors when the phones are being used in the dark.

Dedicated neural processing unit (NPU).For the first time, the Galaxy S phones have a dedicated NPU for artificial intelligence (AI) tasks. As a result, AI tasks are expected to run seven times faster in the Galaxy S10 models compared to their predecessors. The NPU uses machine learning, which enables the devices to recognize patterns, learn from experience, and make predictions.

Bixby. While the Bixby virtual assistant is not new to the Galaxy S10 models, it does have a few more tricks up its sleeve. For starters, the virtual assistant now includes Bixby Routines, which learn your habits in order to predict your needs and provide personalized recommendations. In addition, Bixby can connect to Galaxy Buds, Samsung's new wireless earbuds. Because of this connection, you can make calls and send texts from your earbuds using voice commands. Bixby also connects with Samsung's new Galaxy Watch Active smartwatch.

Wireless PowerShare. The new Wireless PowerShare feature lets you use a Galaxy S10 phone to charge other devices, such as Galaxy Buds, Galaxy Watch Active, and smartphones that support WPC Qi wireless charging. All you need to do is plug in the S10 phone, lay the phone down backside up, and place the other device on top of the phone.

Headphone jack.Unlike Apple's iPhone XS series, all four models of the Galaxy S10 have a headphone jack in case you do not want to use Galaxy Buds or some other type of wireless headphone. This seemingly insignificant feature is a big deal to many smartphone users.

How the Galaxy S10 Models Differ

There are many ways in which the four Galaxy S10 models differ from each other. Perhaps the most obvious difference is that the S10 5G is 5G ready, while the S10, S10+, and S10e do not support this new wireless networking technology. Other notable differences include:

Display size and type. Not surprisingly, the higher-end Galaxy S10 phone models have larger screens and better resolutions than the lower-end models. For example, the S10e has a 5.8-inch Full HD+ display, whereas the S10+ has a 6.4-inch QHD+ display, as Table 1 shows. QHD+ displays are longer than typical phone screens, which gives the appearance of a widescreen.

Table 1: Comparison of Features in the Galaxy S10 Models

	S10e	S10	S10+	S10 5G
Display size	5.8-inch flat display	6.1-inch curved edge display	6.4-inch curved edge display	6.7-inch curved edge display
Display resolution	Full HD+	Quad HD+	Quad HD+	Quad HD+
Display pixels per inch (PPI)	438	550	522	505
Fingerprint scanner	Capacitive scanner on the power button	Ultrasonic scanner built into the display	Ultrasonic scanner built into the display	Ultrasonic scanner built into the display
RAM options	6 GB or 8 GB	8 GB	8 GB or 12 GB	8 GB
Storage options	128 GB or 256 GB	128 GB or 512 GB	128 GB, 512 GB, or 1 TB	256 GB
MicroSD card slot	Yes	Yes	Yes	No
Fingerprint scanner	Capacitive scanner on the power button	Ultrasonic scanner built into the display	Ultrasonic scanner built into the display	Ultrasonic scanner built into the display
Front cameras	Selfie	Selfie	Selfie and RGB depth-sensing	Selfie and 3D depth-sensing
Rear cameras	Wide angle and ultra-wide	Wide angle, ultra-wide, and telephoto	Wide angle, ultra-wide, and telephoto	Wide angle, ultra-wide, telephoto, and 3D depth-sensing
Dual SIM option	Yes	Yes	Yes	No
Battery size	3,100 mAh	3,400 mAh	4,100 mAh	4,500 mAh
Base price	Starts at $750	Starts at $900	Starts at $1,000	—

Fingerprint scanner.Samsung has replaced Galaxy S9's iris scanner with a fingerprint scanner in Galaxy S10. While the S10e has a conventional capacitive fingerprint sensor on its power button, the other three S10 models feature an ultrasonic fingerprint scanner that is built into the display. The ultrasonic scanner captures 3D images of fingerprints, making it much harder for thieves to deceive this authentication system using a 2D picture.

Memory and storage.The memory and storage options for each of the S10 models vary, as Table 1 shows. The S10, S10+, and S10e have a MicroSD card slot, so they can support up to an additional 512 GB of storage.

Cameras. Samsung is known for its smartphone cameras, and the Galaxy S10 models do not disappoint. The number of cameras found in each model ranges from three in the S10e to six in the S10 5G. Table 1 lists each model's cameras.

The Bottom Line

The Galaxy S series has been around for nearly a decade, so the phones have many features and capabilities to offer. However, the phones are not cheap. The pricing starts at $750 for the S10e, $900 for the S10, and $1,000 for the S10+. (Samsung had not yet released the price for the S10 5G at the time of this writing.)

If you are interested in a 5G-ready phone, you will probably want to wait until the Galaxy S10 5G is released. The S10 5G will work with 4G LTE networks as well, according to experts. If the 5G feature does not interest you, you still have the Galaxy S10, Galaxy S10+, and Galaxy S10e from which to choose. If you have questions about any of these models, contact us.

by Dobson

IoT Devices Might Not Look Like a Computer, But They Can Be Just as Dangerous

Installing an IoT-ready security camera or outfitting a crucial production system with IoT technology can put a business in harm’s way. Learn about the security risks that IoT devices can pose and how to mitigate those risks.

On October 9, 2018, security researchers at SEC Consult revealed that millions of security cameras and other video surveillance equipment could be easily hijacked by cybercriminals. And just a few days later, numerous PlayStation 4 (PS4) owners reported that their gaming consoles were crashing after receiving a malicious message on them.

These events might seem unrelated, but they are the result of a common problem: inadequate security in devices that connect to the web, which are referred to as Internet of Things (IoT) devices. These devices connect to the Internet so that they can transmit and receive data. In some cases, products have IoT technology built into them, like security cameras and gaming consoles. In other cases, IoT technology is added to existing equipment or systems. For instance, IoT devices can be added to production processes and heating and cooling systems.

Companies are increasingly using IoT devices to monitor and control various elements in their businesses. However, many of them do not realize they need to protect those devices from cyberattacks. That’s because people usually envision computers and smartphones, not security cameras or thermostats, when thinking about cybersecurity.

Businesses taking advantage of IoT devices need to know about the security risks they can pose and how to mitigate those risks.

The Risks

IoT devices often have security vulnerabilities that make them easy targets for hackers. For example, the devices might ship with default passwords that are easy to crack or the manufacturers might issue firmware updates that are easy to spoof.

Sometimes, devices have multiple security issues. This is what the SEC Consult researchers found when they investigated the video surveillance equipment manufactured by Hangzhou Xiongmai Technology. They discovered that the company’s IoT-ready video surveillance devices have several vulnerabilities, many of which are related to a feature called the XMEye P2P Cloud.

Th XMEye feature enables device owners to view video feeds in a web browser or mobile app in real time. To take advantage of it, the owners have to create XMEye accounts. These accounts are riddled with problems, including:

All new accounts are admin accounts that have the default username of admin with no default password set. Device owners are not prompted to change the default username or add a password during the initial account setup process. Owners who do not change the username and add a password are leaving their accounts wide open to cyberattacks. Besides viewing video streams, hackers would be able to change the device’s configuration and issue firmware updates. Since Hangzhou Xiongmai Technology does not sign its firmware updates, cybercriminals could issue bogus updates that contain malware.
A second undocumented account exists. The account’s username is default and the password is tluafed (the word “default” spelled backward). Anyone logging in with this undocumented user account can view the device’s video streams.

These vulnerabilities are present in all the security cameras, digital video recorders, and network video recorders manufactured by Hangzhou Xiongmai Technology. However, the manufacturer’s name is not on any of the devices. Hangzhou Xiongmai Technology sells its devices to other companies, which put their logos on the equipment. Thus, people who have these IoT devices might not even realize they are at risk. (You can find a list of the 100+ brand names the devices are sold under on the SEC Consult researchers’ blog.)

Some manufacturers act responsibly and include security measures in their IoT devices. However, even these devices can be risky because of the actions (or inactions) of the device owners. For instance, IoT device owners might create weak account passwords or not install firmware updates. The PS4 incident provides a good example of the latter. Sony quickly released a firmware update to fix the bug that allowed the malicious message to crash the gaming console. However, users who do not have their consoles configured for automatic updates will still be at risk if they fail to manually install this update.

Help Is on the Way

Steps are being taken to address the fact that many IoT devices have security vulnerabilities. For instance, in September 2018, California became the first US state to pass an IoT security law. It mandates that IoT devices manufacturers include reasonable security features that protect the devices and any data contained in them. The law goes into effect on January 1, 2020.

Similarly, in October 2018, the UK government published the finalized “Code of Practice” for IoT security. It contains 13 guidelines for IoT device manufacturers to follow to ensure that their devices are secure by design and compliant with the European Union’s General Data Protection Regulation (GDPR).

How to Protect IoT Devices in the Meantime

Although steps are being taken to encourage IoT device manufacturers to build more secure devices, many IoT devices have been and will continue to be built with no security features in place. If these devices are not secured properly, they can put a company at risk, especially when they are connected to the network that hosts the business’s critical data and applications.

As a result, companies need to secure their IoT devices, just like they secure the computers in their IT environments. A good place to start is to:

Change each IoT device’s default password to a unique, strong one.
Disable any features that are not being used in the IoT devices.
Place the IoT devices behind firewalls so that they do not connect directly to the Internet.
Isolate IoT devices from the business network.
Install patches or upgrades when the manufacturer provides them.
Use a virtual private network (VPN) if remote access to the IoT devices is required.
Include IoT devices in IT policies.

If your business is using any IoT devices, we can determine whether they are posing a risk to your business and help you develop a comprehensive strategy to protect them from cybercriminals.

by powerone

5 Things to Try in Windows 10 after the October 2018 Update Is Installed

The Windows 10 October 2018 Update includes many new features and enhancements. Here are five notable ones that you might find useful.

Microsoft officially released another major update for Windows 10 on October 2, 2018. Like previous updates, the Windows 10 October 2018 Update includes many new features and enhancements. Here are five notable ones you might want to try once the update is installed on your computer:

Souped-Up Clipboard

The October 2018 Update soups up the Windows Clipboard with new history and syncing features. Thanks to the history feature, you can now copy and store multiple items (text and images) on the Clipboard. When you want to paste one of those items, you simply press Win+V to open up the Clipboard’s history window and select the item you want to paste. (If you are unfamiliar with keyboard shortcuts, Win+V indicates that you press the Windows key and the letter v on your keyboard at the same time.)

With the syncing feature, you can copy text and images on one Windows 10 computer and paste them on another one. This can come in handy if you regularly use multiple devices, such as a Windows 10 desktop computer and a Windows 10 laptop computer.

Before you can take advantage of the history and syncing features, though, you need to enable them in in Windows 10’s Settings app. You can find them by clicking “System” in the Settings app and selecting the “Clipboard” option.

“Make text bigger” Slider

Before the October 2018 Update, you could make text bigger in Windows 10 by changing the overall scaling. This made everything bigger, including text and images. With the new “Make text bigger” slider introduced in the October 2018 Update, you can make just the text larger. The overall scaling remains the same. (You can still change the overall scaling, though, if desired.)

You can find the “Make text bigger” slider in the Settings app. After you open the app, select “Ease of Access” and click the “Display” option.

Snip & Sketch App

The new Snip & Sketch app lets you capture and mark up screenshots. It combines the functionality found in Windows 10’s Snipping Tool and the Screen Sketch app (which was originally part of Windows Ink Workspace).

Snip & Sketch lets you take rectangular, freeform, and full-screen shots of items on your screen. Once created, you can use a stylus (on touch-enabled devices) or a mouse to annotate the screenshot. There are various markup tools, such as a pencil and a marker, which you can customize by changing their color and thickness.

Although Snip & Sketch was designed to replace the Snipping Tool, the Snipping Tool will still be present after the October 2018 Update is installed, according to Microsoft. In the future, though, the Snipping Tool will likely disappear from Windows 10.

Your Phone App

After the October 2018 Update is installed, you will have an app named Your Phone on your Windows 10 computer. The app lets you link and sync a Google Android smartphone with your Windows 10 computer. When you do so, you can view and send Android text messages from your computer. You can also access your phone’s photos, which means you do not have to email photos to yourself to get them on your computer.

If this seems familiar, you are not having a case of de ja vu. Your Phone has been available in Microsoft’s App Store since August 2018. Plus, since the Fall Creators Update (which was released in October 2017), you have been able to link an Android phone or Apple iPhone to a Windows 10 computer in order to send web pages from your phone to your computer. This enables you to see the web pages on a larger screen without having to email yourself a link or manually search for the sites. You can continue to do this through the Your Phone app introduced in the October 2018 Update.

You can install the Your Phone app on an iPhone. However, sending web pages is pretty much all you can do at the present time. You cannot access photos or send text messages from your computer like you can with an Android phone. This might change in the future, though.

Power Usage Tracking in Task Manager

You can now see how much power each app and process is consuming on your Windows 10 computer, thanks to the October 2018 Update. Two columns have been added to the “Processes” tab in Task Manager:

“Power Usage”, which conveys how much power each app and process is currently using
“Power Usage Trend”, which indicates how much power each app and process has used in the past two minutes

Task Manager does not give you an exact measurement but rather an indicator such as “Very Low” and “Low”. This information can be helpful when you want to get an idea of how much power your apps are consuming. Plus, the new power usage columns might flag when a cryptojacking script is siphoning a computer’s processing power. In this type of attack, cybercriminals steal computers’ processing power to mine cryptocurrencies.

by powerone