September 10th, 2014
Despite the inherent dangers, many users continue to use the same password over and over again for all of their online accounts. Doing so makes it significantly easier to break into those accounts and, when one account is compromised, it greatly increases the risk to other accounts as well. That issue is the reason that a recent theft of Gmail addresses and passwords could potentially lead to millions of compromised accounts. As Lucian Constantin reports for PC World, 5-million email addresses and accompanying passwords were dumped in plain text on an online forum, recently.
The Gmail addresses all have a corresponding password with them, but that password isn’t necessarily the password to the user’s Google account. Instead, it’s suspected that rather than hacking Google to steal this information, cyber criminals have hacked other sites over the span of months or even years to compile this list. By hacking other sites that require an email address to register, the criminals were able to compile a list of Gmail accounts with a possible password that that user has used in the past.
So, for those users who re-use passwords, an unknown number of people could now know both their Gmail address and the password they need to log into it. Thanks to Google’s all-inclusive nature of accounts, compromising an individual Gmail account could also mean compromising their Google+ page, YouTube account, Google Drive and any other Google service being used.
It’s unconfirmed how many of the 5-million addresses and passwords are valid, but it’s estimated that at least 60-percent could be used successfully. That means that about 3-million Gmail users have their log-in credentials available online in plain text. Even if you don’t re-use passwords, this still seems like an ideal time to change not only your Gmail password, but also your password to other important online accounts as well.
At Geek Rescue, we have the expertise to enhance security at home or at the office and on any type of internet-ready device. If you have questions or concerns regarding the security of your devices, call us at 918-369-4335.
For other business solutions, visit our parent company JD Young.
September 2nd, 2014
It’s no secret that mobile devices, like smartphones and tablets, are becoming an increasingly attractive target for cyber attacks. Threats associated with mobile devices have increased exponentially over the past two years and will likely continue to increase as more users store more information on their phones and tablets and use them to access more. That’s why it’s more important than ever to know how to keep your devices safe and protected. A post at Spyware News details a few helpful tips for preventing malware infection and keeping your mobile devices safe from attacks.
- Texts from unknown numbers
Most smartphone users have received a text from a number they don’t have saved in their contacts. When these messages are from a friend whose number has recently changed, they’re perfectly harmless. However, when these messages contain links to websites, or inform you about services you don’t remember ordering, it’s a sign of a problem. The last thing you should do is click on the links provided or reply to these messages. If the message claims to be from a legitimate business, like your cell phone provider, you should contact them directly to find out about the message.
- Update your operating system
Updates for mobile operating systems come out fairly often. The reason for that is because of security flaws that are found and exploited by attackers. When you don’t update in a timely manner, you’re leaving a gaping hole in your phone or tablet’s security, which attackers already know how to exploit. It’s always a good idea to back-up your device before updating the OS, but be sure it doesn’t take you too long to implement the updates.
The apps you choose to install on your device are often the gateway for malware. Some apps are actually malicious programs, but others simply don’t have adequate security in the case of an attempted attack. If you’ve installed apps from outside the official app store for your device, there’s a better than average chance that you’ve opened yourself up to infection. Even official apps have been known to contain issues, however. So, you’ll want to update them regularly too and be sure you’re aware of the permissions each app is granted.
It’s common for users to leave their Wi-Fi capabilities turned on at all times. This way, their device connects automatically to available networks. It’s convenient, but it isn’t always safe. If your device is set to connect to any network within range, it could be automatically connecting to unsafe networks without you even knowing it. That could potentially allow others on the network to monitor your activity and gain access to your personal information. When you’re away from trusted Wi-Fi networks, it’s a good idea to turn off that capability.
Keeping information stored and accessed by your mobile device safe isn’t as easy as it once was, but with a few intelligent practices, you’ll be able to stay protected.
If any of your devices have been attacked or infected by malware, or you’d like to implement better security, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 21st, 2014
Google’s Chrome browser includes a number of useful features itself, but it also offers the opportunity to add features and capabilities through extensions. There are thousands of options for extensions offering a variety of functionality. Not all of these extensions are trustworthy, however. At Tech World, Jeremy Kirk reports that about 10-percent of Chrome extensions examined by security researchers were deemed either malicious or suspicious.
Researchers began looking closely at extensions due to concerns that they are the next attacking point for cybercriminals because of the potentially valuable information available through compromised web browsers. After examining 48-thousand extensions, researchers found 130 that were outright malicious and another 4712 suspicious extensions.
The flagged extensions were capable of various misdeeds, including affiliate fraud, credential theft, advertising fraud and social network abuse.
Much like malicious apps, extensions are granted permissions that give them a great deal of power. Malicious extensions have been observed intercepting web requests from the browser and injecting JavaScript into web pages. Researchers hope that the results of this study help to make clear that extensions need to be more limited.
If you’ve installed a malicious extension, you also won’t know about it right away. The extensions are designed to stay dormant until you visit a specific type of website. Even then, a typical user may not notice any malicious or suspicious behavior.
Google has already reacted to these findings and is attempting to make it harder for unofficial extensions, like those found outside of their Web Store, to be installed. It’s likely more changes will be implemented soon so that Google can exert even more control over extensions.
While some of the flagged extensions weren’t harmful to users, they still displayed activity that was suspicious in nature, like changing ads on a site. Some of these extensions have been downloaded millions of times.
If you’ve installed any extensions from outside of Google’s Web Store, your safest option is to uninstall it immediately. If you feel your computer has been compromised and may still be infected by malware, call Geek Rescue at 918-369-4335.
For your business solution needs, visit our parent company JD Young.
August 18th, 2014
Cryptowall is the latest ransomware malware to be claiming victims. Much like CryptoLocker, Cryptowall encrypts the files on a victim’s computer and demands a payment to decrypt those files. This malware is usually spread as an attachment on spam emails. A post at Spyware News details the Bank of America email scam that’s currently spreading Cryptowall.
If you’re not a Bank of America customer, it’s easy to ignore messages claiming to be from the bank about your account. Those that do have active accounts find the messages more believable, however.
Users are reporting seeing emails claiming to be from Bank of America with an attachment. The emails are from “Andrea.Talbot@bofa.com” and advises the user to open the attachment because it contains information about their account. The email contains an office phone number and cell number with an 817 area code and even includes a standard confidentiality notice at the bottom. The email appears to be legitimate except for the fact that no bank, much less on the size of Bank of America, would send confidential account information to customers this way.
The attached file is named “AccountsDocument.zip” but those that download it quickly discover that it’s malware. Specifically, it’s the Cryptowall virus that encrypts files.
For the time being, be extra cautious about opening any emails from Bank of America and don’t download any attachments. If you have questions about an email, always contact the institution named in the email directly, rather than downloading attachments or following links provided.
Unfortunately, if you’ve become infected by Cryptowall, or a similar virus, there’s often no easy way around it. If you’ve recently backed-up your system, you can restore the encrypted files after the malware has been removed. Otherwise, you may not be able to recover the encrypted files.
If your device is infected with malware of any kind, call Geek Rescue for help at 918-369-4335.
For business solutions needs, visit our parent company JD Young.
August 15th, 2014
Google’s Chrome browser has always been a leader in safe and secure browsing. If you’ve used Chrome before, you’ve likely been confronted with a warning that a page you’re trying to visit isn’t safe. You may have even seen a warning about a potentially malicious file attempting to be downloaded. On the Chrome blog, Google recently announced their latest addition to their Safe Browsing service, which expands its protection against suspicious downloads.
In current versions of Chrome, users are warned if a file they’re attempting to download contains warning signs that it might actually be malware. Starting soon, Chrome will automatically block malicious downloads. This will also now include downloads disguised as helpful that make “unexpected changes”. That refers to applications that change your browser’s homepage, or desktop, or add tool bars without your knowledge or consent.
When Chrome recognizes any of these types of files being downloaded, a warning will be shown informing the user that the download has been blocked. There’s certainly the possibility that a blocked download was actually legitimate, however, so users will have the option of restarting the download from their Downloads list.
Tools like this help keep malicious files off of your computer, but users shouldn’t rely on them completely. The best way to stay safe and secure is to stay away from low quality websites and to be cautious about downloading anything. These tools are a good safety net, but your browsing habits should be the first line of defense.
If any of your devices have been infected with malware, or just need a tune-up, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 13th, 2014
In the past, most forms of malware would not run on virtual machines, which was a way to avoid detection and study. That now seems to be changing, however. Jeremy Kirk reports at Computer World how malware has changed its tactics and why malware producers are now interested in infecting VMs.
To understand the reasoning behind wanting to infect VMs, you only need to understand that most malware is created to infect as many users and environments as possible. If there’s a limitation that the malware won’t run on VMs, that greatly limits the potential for infection. This is particularly true with VMs becoming more typical in many businesses’ infrastructure.
Instead of ceasing operations on VMs, malware now is being produced with the goal of moving from a virtual machine to its host server, which could then give it access to many more environments.
Malware is typically easy to detect if it begins executing immediately after being downloaded, however. So, to avoid detection on VMs, malware comes with a delay. Before decrypting and launching their payload, malware waits a few minutes, or until a specified number of left mouse clicks are made by the user. This is usually enough time for security programs to label the file as harmless and move on.
Over the past two years, security firm Symantec studied 200-thousand samples of malware and found that only 18-percent stopped working on a virtual machine. While this does introduce the possibility of malware spreading from VMs to servers, it also creates an opportunity for researchers. Now, they’ll be able to study malware in a detached environment.
Unfortunately, since 18-percent of malware still disappears on a virtual machine, hardware is still needed to be sure that all infections are found.
For help removing malware from your devices, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 11th, 2014
Having your smartphone stolen is bad news for a number of reasons. Beyond the fact that you now have to replace your phone, you also run the risk of having valuable data stolen from it. Texts, pictures, passwords and other files are all vulnerable when your smartphone is stolen or even lost. But, there are ways to protect your data before this scenario plays out. At Gizmodo, David Nield explains a few methods for securing your smartphone’s data so a thief can’t access it.
Every smartphone includes the option to lock the screen, but an estimated half of users don’t use any type of lock function. This becomes especially problematic when your phone is stolen, or you just leave it behind or unattended for a few minutes. Many users are reluctant to put a lock in place because they don’t want to have to enter their PIN each time their screen goes to sleep. But, for Android users, there are apps available that only put locks in place when you leave your house or workplace. Or, you could use a lock pattern instead of a number combination. Anything is better than leaving your phone completely vulnerable.
Much like lock screen functions, remote features that both wipe your smartphone’s data and locate the device are available to all users. They just need to be set up or activated. Unfortunately, many users either don’t know about them, or fail to activate them before they need them. Apple, Android and even Windows phones all have the capability to be remotely wiped and located in the event they’re lost or stolen. Do some research and make sure you’re prepared with your device.
Keeping strangers from poking through your phone is half the battle, but the other half is getting that data back. If you regularly create back-ups of your most important files, you’ll never have to worry about losing them. This comes in particularly handy if you find yourself needing to remotely wipe your phone. You can do so even if you’re not positive it’s been stolen because you’ll have back-ups of everything readily available.
It’s also a good idea to change passwords on accounts you have an app for, like social media or banking apps, to keep strangers out. You can also look into two-factor authentication to make accounts safer, but that won’t help as much in the event that someone else has control of your device.
If you need help securing any of your devices, or your having other issues with them, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
August 8th, 2014
Earlier this year, malware called Lurk was discovered infecting users with vulnerable versions of Adobe Flash. That same malware continues to count victims, but has altered its tactics slightly. At Dark Reading, Kelly Jackson Higgins reports how Lurk is embedding malicious code inside an image to infect users.
Steganography is the term used to describe this type of attack and it’s one that’s well-known in the intelligence and security community. In this particular scheme, iFrames on websites are used to infect users with security flaws in their version of Adobe Flash. This would be users who haven’t updated recently. Popular and legitimate websites were used to spread this malware. Rather than downloading a malicious file, which can be easily spotted by antivirus programs, Lurk is downloaded as an image with malicious code embedded within it.
Experts say this method isn’t complex, but because it’s difficult for security applications to spot it, it can be extremely effective. Attackers using this scheme have reportedly infected 350-thousand users over just a few months and netted hundreds of thousands of dollars in profit.
The profit comes in the form of click-fraud. The image file that a user unknowingly downloads contains an encrypted URL, which is used to download more files. Those are used to earn clicks on ads and websites that in turn make the attackers money.
The Lurk attack remains active and experts believe steganography will be used in more attacks in the coming months. To protect yourself, make sure to update and patch all programs, especially Adobe Flash, each time an update becomes available.
If you’ve been the victim of an attack, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
July 30th, 2014
Even with up to date security tools in place, every internet user runs a constant risk of being hacked or infected with malware. Early detection of these issues can save you from a devastating outcome. InfoWorld recently published an article detailing some of the most common and easily spotted signs of malware infections and the action you should take to combat them. Many times, the suggested action is to restore your system to the last known safe point so it’s important that you’re regularly backing up your devices and creating good restore points.
While there’s fewer instances of this tell-tale sign of an infection than in the past, it remains one of the most recognized. Fake antivirus messages can pop up from your desktop or in a browser window. They claim to warn you about malicious files, but in reality the damage has already been done. Malware has already been added to your system. The message exists to entice you into more trouble. Clicking on it often opens a browser window that asks users to purchase security tools. These sites look legitimate, but are actually just a means to steal credit card numbers. The first step for users is to be familiar with what their actual antivirus messages look like. If they see a fake one, power down and restart in safe mode. Try to find the new applications that have been added and remove them. You’ll also want to run a full virus scan.
To be clear, not every browser toolbar is malicious. Google, Yahoo and other legitimate vendors all offer toolbar additions for browsers, but there are scores of toolbars that signal an infection. If you don’t recognize the name associated with the toolbar and don’t remember adding it, your system has likely been compromised. Most browsers offer ways to quickly remove unwanted toolbars and extensions, but some are trickier. You may need to restore your browser to a previous point or restore your entire system.
This often comes in tandem with unwanted browser toolbars. Conducting searches sends you to an unrecognized search engine, which often contains links to sites designed to further infect your device. You may also notice your homepage change. If this is happening, you’ll want to follow similar steps as above. Remove toolbars and other recently added applications, which may require restarting in safe mode.
- Fake Emails Sent From Your Account
If this hasn’t happened to you, you’ve surely received these emails from a contact. It’s a common problem for an email to be hacked and spew spam to the entire address book. What many users don’t know is that this is usually done through a malware infection on your computer. As soon as you notice emails you didn’t personally send in your sent folder, or are alerted by friends that you’ve sent them spam, you’ll want to run a full scan. Then, look around for recently added programs or anything that looks out of the ordinary.
In short, if your device is acting strangely, which can include pop ups, mouse movements, programs being added and more, it’s likely because of malware.
For help removing malware from any of your devices or to improve security, call Geek Rescue at 918-369-4335.
For your business solutions needs, visit our parent company JD Young.
July 22nd, 2014
Many times, wireless routers and modems are forgotten end points. While close attention is paid to securing PCs with appropriate security tools, these devices are often left unpatched and vulnerable to attacks. As Lucian Constantin reports at Computer World, owners of Cisco devices are currently in the crosshairs because of an exposed security flaw that affects nine wireless devices for both home and business use.
The vulnerability is described as “a buffer overflow that results from incorrect validation of input in HTTP requests.” This means that attackers can remotely inject and execute code on a user’s connected device, which would likely allow them to infect the device with malware. On the Common Vulnerability Scoring System (CVSS), this security flaw was given the highest score possible, a 10.0. That score denotes that successful exploits of the flaw “compromise the confidentiality, integrity and availability of the targeted device.”
The devices affected are capable of functioning as routers or wireless access points, but experts report that the devices are vulnerable regardless of which mode it’s currently operating in.
For many flaws found for routers, there are workarounds or quick fixes that temporarily fix the problem until a patch is made available, but not for this specific flaw. The only fix is to apply an update directly from Cisco.
The affected devices are:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
- Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Some of these models are distributed by service providers so you’ll want to check your device even if it was supplied by your ISP. If you’re currently using a device on this list, it’s vital that you apply a software update as soon as possible.
If you become the victim of an attack, or have any type of problem with your gadgets, call Geek Rescue at 918-369-4335.
For other solutions for your business, our parent company, JD Young, is here to help.
