Designer. Photographer. Filmmaker. Dreamer.
No matter who you are, Creative Cloud gives you the world’s best creative apps so you can make just about anything you want, wherever inspiration takes you.
Go from blank page to brilliant.
The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.
FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses in Phoenix and other cities.
The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.
There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.
Tips for Businesses:
◾Be wary of e-mail-only wire transfer requests and requests involving urgency
◾Pick up the phone and verify legitimate business partners.
◾Be cautious of mimicked e-mail addresses
◾Practice multi-level authentication.
Article and images reposted from krebsonsecurity.com
If you use an Apple iPhone, iPad or other iDevice, now would be an excellent time to ensure that the machine is running the latest version of Apple’s mobile operating system — version 9.3.1. Failing to do so could expose your devices to automated threats capable of rendering them unresponsive and perhaps forever useless.
Reported earlier by respected security researcher Brian Krebs, Manually setting the date of your iPhone or iPad all the back to January. 1, 1970 will permanently brick the device (don’t try this at home, or against frenemies!).
Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”
For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.
From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.
Read the full article at kerbsonsecurity.com/
For about a decade, the way in which Intel released new generations of processors was known and referred to as the Tick-Tock cycle. It’s a two year cycle, with the Tick reducing the size of the die, and the Tock being an optimization year where we see performance improvements and lower power chips, but the die size stays the same.
However, back in mid-2015, Intel admitted that its 10-nanometer technology was in rough shape and wouldn’t go into production at the end of the year as expected. Recentky it went ahead and officially declared “Tick-Tock” dead.
“We expect to lengthen the amount of time we will utilize out 14 [nanometer] and out next-generation 10 [nanometer] process technologies, further optimizing out products and process technologies while meeting the yearly market cadence for product introductions.”
The company even includes a visual aid to contrast the differences between the previous methodology and the current one:
IMAGE CREDIT: INTEL.
Intel says that its third 14-nanometer product, known as Kaby Lake, will have “key performance advancements as compared to [its] 6th generation Core processor family.” The extent of these enhancements is clear, but leaks to the Web suggest enhancements to graphics and media.
Many poeple don’t think twice about their wireless router after setting it up. And it might be tempting to rush through the set-up process. Here’s why you should pay close attention while setting up your router, and afterwards.
Heard of ASUSTeK? Among other things, they sell ASUS-branded wireless routers for home use. Some of their routers come with features — called AiCloud and AiDisk — that allow people to attach a hard drive to their routers and create their own “cloud” storage. According to the FTC’s complaint, ASUS routers had major security flaws that allowed hackers to harm consumers in several ways, including getting access to sensitive personal information — like tax documents — that people stored through these “cloud” services.
If you have an ASUS router, take these steps right away:
- Download the latest security updates for your router. According to the FTC, the ASUS router update tool often indicated that software was current when it wasn’t, putting people’s home networks at risk. Moving forward, ASUS is required to provide accurate information about software updates. So check the router’s software update tool and the ASUS support site again for the newest security updates.
- Check if access to your network storage is limited. Make sure access to AiCloud and AiDisk is limited to what you want. The FTC took issue with the default option during AiDisk’s set-up, which gave anyone on the Internet access to your storage. For more privacy, choose “limited” or “admin rights” access instead of “limitless.”
- Change pre-set passwords. According to the FTC, ASUS pre-set weak default passwords on every router. So create new passwords that are strong and unique for both your router and any “cloud” services — something only you know. This can help prevent hackers from getting easy access to your network.
If you need professional advice or assistance in securing your business networks, contact CS2K today.
Microsoft will be pulling the plug on Internet Explorer 8,9 and 10 next week. The company has announced a final patch which will deliver the last few bug fixes to Internet Explorer on January 12th 2016, as well as an “End of Life” notification telling users to upgrade to IE11 or Microsoft Edge. This should be no surprise since March 2015 IE has been deprecated, mostly sticking around for the sake of enterprise compatibility.
If you are still using Internet Explorer 8, 9 or 10 for your business applications contact CS2K to discuss your options including migrating your application or switching to a modern browser.
Source – Microsoft KB
In Windows 7 if a specific update or driver caused problems on your computer, you had the option to open the list of Windows Updates, Right click on the problematic update, then select Hide Update. This would prevent that update from installing on the computer in future.
Unfortunately for now, Windows 10 does not have this capability. Instead you must download a separate Tool that will scan for updates then provide the option to block, hide or uninstall them.
You can find the tool at the MS Support KB Article KB3073930
Microsoft continues to warn that scammers are calling Windows users and duping them into putting malware on their machines or paying for worthless help.
More than a year after the U.S. Federal Trade Commission (FTC) heralded a major crackdown on fraudsters posing as Microsoft technical support personnel, consumers continue to receive calls from scammers. Since 2011 Microsoft has been tracking this con and reports that 22% of people called by phony support technicians fall for their scam.
The scammers try to trick users into believing that their computer is infected — often by having them look at a Windows log that typically shows scores of harmless or low-level errors — then convince them to download software or let the “technician” remotely access the PC. The con artists charge for their “help” and often get people to pay for worthless software. In actuality, the software is malware that steals online account information and passwords.
If you have fallen victim to this scam, please do not hesitate to contact CS2K to discuss your best options.
You can learn more about this and some tips directly at Microsoft’s website – http://www.microsoft.com/security/online-privacy/msname.aspx or in the original Computer World Reports
Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.
Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.
What is HIPAA?
HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.
According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:
- Access Control
- Audit Controls
- Person or Entity Authentication
Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.
What Type of Security is Necessary?
When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.
While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.
When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.