Blog

Archive for Network Security

FBI: $2.3 Billion lost to CEO Email Scams

FBI: $2.3 Billion lost to CEO Email Scams

The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

FBI officials are warning potential victims of a dramatic rise in the business e-mail compromise scam or “B.E.C.,” a scheme that targets businesses and has resulted in massive financial losses in Phoenix and other cities.

The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.

There are various versions of the scams. Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments.

Tips for Businesses:
◾Be wary of e-mail-only wire transfer requests and requests involving urgency
◾Pick up the phone and verify legitimate business partners.
◾Be cautious of mimicked e-mail addresses
◾Practice multi-level authentication.

Article and images reposted from krebsonsecurity.com

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

New iOS threat can render your device unresponsive and forever useless.

New iOS threat can render your device unresponsive and forever useless.

If you use an Apple iPhone, iPad or other iDevice, now would be an excellent time to ensure that the machine is running the latest version of Apple’s mobile operating system — version 9.3.1. Failing to do so could expose your devices to automated threats capable of rendering them unresponsive and perhaps forever useless.

Reported earlier by respected security researcher Brian Krebs, Manually setting the date of your iPhone or iPad all the back to January. 1, 1970 will permanently brick the device (don’t try this at home, or against frenemies!).

Apple products like the iPad (and virtually all mass-market wireless devices) are designed to automatically connect to wireless networks they have seen before. They do this with a relatively weak level of authentication: If you connect to a network named “Hotspot” once, going forward your device may automatically connect to any open network that also happens to be called “Hotspot.”

For example, to use Starbuck’s free Wi-Fi service, you’ll have to connect to a network called “attwifi”. But once you’ve done that, you won’t ever have to manually connect to a network called “attwifi” ever again. The next time you visit a Starbucks, just pull out your iPad and the device automagically connects.

From an attacker’s perspective, this is a golden opportunity. Why? He only needs to advertise a fake open network called “attwifi” at a spot where large numbers of computer users are known to congregate. Using specialized hardware to amplify his Wi-Fi signal, he can force many users to connect to his (evil) “attwifi” hotspot. From there, he can attempt to inspect, modify or redirect any network traffic for any iPads or other devices that unwittingly connect to his evil network.

Read the full article at kerbsonsecurity.com/

Posted in: Network Security, Technology Trends

Leave a Comment (0) →

Got an ASUS router ? Read this.

Got an ASUS router ? Read this.

Reposted from the FTC Consumer Information Blog

 

Many poeple don’t think twice about their wireless router after setting it up. And it might be tempting to rush through the set-up process. Here’s why you should pay close attention while setting up your router, and afterwards.

Heard of ASUSTeK? Among other things, they sell ASUS-branded wireless routers for home use. Some of their routers come with features — called AiCloud and AiDisk — that allow people to attach a hard drive to their routers and create their own “cloud” storage. According to the FTC’s complaint, ASUS routers had major security flaws that allowed hackers to harm consumers in several ways, including getting access to sensitive personal information — like tax documents —  that people stored through these “cloud” services.

If you have an ASUS router, take these steps right away:

  • Download the latest security updates for your router. According to the FTC, the ASUS router update tool often indicated that software was current when it wasn’t, putting people’s home networks at risk. Moving forward, ASUS is required to provide accurate information about software updates. So check the router’s software update tool and the ASUS support site again for the newest security updates.
  • Check if access to your network storage is limited. Make sure access to AiCloud and AiDisk is limited to what you want. The FTC took issue with the default option during AiDisk’s set-up, which gave anyone on the Internet access to your storage. For more privacy, choose “limited” or “admin rights” access instead of “limitless.”
  • Change pre-set passwords. According to the FTC, ASUS pre-set weak default passwords on every router. So create new passwords that are strong and unique for both your router and any “cloud” services — something only you know. This can help prevent hackers from getting easy access to your network.

If you need professional advice or assistance in securing your business networks, contact CS2K today.

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

Internet Explorer reaches “End of Life”

Internet Explorer reaches “End of Life”

Microsoft will be pulling the plug on Internet Explorer 8,9 and 10 next week. The company has announced a final patch which will deliver the last few bug fixes to Internet Explorer on January 12th 2016, as well as an “End of Life” notification telling users to upgrade to IE11 or Microsoft Edge. This should be no surprise since March 2015 IE has been deprecated, mostly sticking around for the sake of enterprise compatibility.

If you are still using Internet Explorer 8, 9 or 10 for your business applications contact CS2K to discuss your options including migrating your application or switching to a modern browser.

Source – Microsoft KB

Posted in: Network Security, Tech Tips for Business Owners, Technology Trends

Leave a Comment (0) →

Fake Microsoft “Tech Support” calls on the rise – again.

Microsoft continues to warn that scammers are calling Windows users and duping them into putting malware on their machines or paying for worthless help.

More than a year after the U.S. Federal Trade Commission (FTC) heralded a major crackdown on fraudsters posing as Microsoft technical support personnel, consumers continue to receive calls from scammers. Since 2011 Microsoft has been tracking this con and reports that 22% of people called by phony support technicians fall for their scam.

The scammers try to trick users into believing that their computer is infected — often by having them look at a Windows log that typically shows scores of harmless or low-level errors — then convince them to download software or let the “technician” remotely access the PC. The con artists charge for their “help” and often get people to pay for worthless software. In actuality, the software is malware that steals online account information and passwords.

If you have fallen victim to this scam, please do not hesitate to contact CS2K to discuss your best options.

You can learn more about this and some tips directly at Microsoft’s website – http://www.microsoft.com/security/online-privacy/msname.aspx or in the original Computer World Reports

 

 

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

Microsoft issues Fix for IE Zero-Day bug – even Windows XP

Microsoft has reported that later today it will make available and emergency security update to fix the now famous zero day vulnerability found in all versions of Internet Explorer. This was expected but most unexpectedly, Microsoft will also be making the fix available to Windows XP which is no longer supported since April.

CS2K will test this update as soon as it is made available and will prepare a deployment plan over the weekend.

Posted in: Company News, Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

IE Browser Vulnerability

In a rare move that highlights the severity of a security hole in Internet Explorer, US Computer Emergency Readiness Team (CERT) says some IE users may want to “consider employing an alternate browser” till flaw is patched.

The zero-day exploit (a term given to a previously unknown, unpatched flaw) allows  attackers to install malware on your computer without your permission. That malware could be used to gain control of your computer. The exploit is present in Internet Explorer 6 and above.

Please consult with CS2K to determine if you should be switching to FireFox, Chrome or employing one of these temporary workarounds suggested by Microsoft

 

 

 

Original US-CERT Article

 

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

Microsoft Security Advisory 2963983

Vulnerability in Internet Explorer Could Allow Remote Code Execution

 

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

Workarounds 

  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
    You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.
  • To raise the browsing security level in Internet Explorer, perform the following steps:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Security tab, and then click Internet.
    3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    4. Click Local intranet.
    5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
    6. Click OK to accept the changes and return to Internet Explorer.

     

    Note If no slider is visible, click Default Level, and then move the slider to High.

    Note Setting the level to High may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.

    Impact of workaround. There are side effects to blocking ActiveX Controls and Active Scripting. Many websites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Blocking ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in “Add sites that you trust to the Internet Explorer Trusted sites zone”.

    Add sites that you trust to the Internet Explorer Trusted sites zone

    After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect yourself from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.

    To do this, perform the following steps:

    1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
    2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
    3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
    4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
    5. Repeat these steps for each site that you want to add to the zone.
    6. Click OK two times to accept the changes and return to Internet Explorer.

     

    Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.

     

  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, perform the following steps:
    1. In Internet Explorer, click Internet Options on the Tools menu.
    2. Click the Security tab.
    3. Click Internet, and then click Custom Level.
    4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    5. Click Local intranet, and then click Custom Level.
    6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
    7. Click OK two times to return to Internet Explorer.

     

    Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some websites to work incorrectly. If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly.

    Impact of workaround. There are side effects to prompting before running Active Scripting. Many websites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in “Add sites that you trust to the Internet Explorer Trusted sites zone”.

    Add sites that you trust to the Internet Explorer Trusted sites zone

    After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.

    To do this, perform the following steps:

    1. In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
    2. In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
    3. If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
    4. In the Add this website to the zone box, type the URL of a site that you trust, and then click Add.
    5. Repeat these steps for each site that you want to add to the zone.
    6. Click OK two times to accept the changes and return to Internet Explorer.

     

    Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.

  • Unregister VGX.DLL
    1. Click Start, click Run, type “%SystemRoot%\System32\regsvr32.exe” -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”, and then click OK.
    2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

     

    Impact of Workaround: Applications that render VML will no longer do so once vgx.dll has been unregistered.

    When a security update is available to address this issue, you should re-register vgx.dll after installing the security update. To re-register vgx.dll follow these steps:

    1. Click Start, click Run, type “%SystemRoot%\System32\regsvr32.exe” “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”, and then click OK.
    2. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.

     

  • Modify the Access Control List on VGX.DLL to be more restrictive To modify the Access Control List (ACL) on vgx.dll to be more restrictive, follow these steps:
    1. Click Start, click Run, type “cmd” (without the quotation marks), and then click OK.
    2. Type the following command at a command prompt make a note of the current ACL’s that are on the file (including inheritance settings) for future reference to undo this modification:cacls “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
    3. Type the following command at a command prompt to deny the ‘everyone’ group access to this file:echo y| cacls “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll” /d everyone
    4. Close Internet Explorer, and reopen it for the changes to take effect.

    Impact of Workaround: Applications and Web sites that render VML may no longer display or function correctly.

    How to undo this workaround. Before any security updates that fix this issue can be installed, this workaround must be reverted to the previous ACL configuration for vgx.dll. To revert to the previous vgx.dll ACL’s follow these steps:

    1. Click Start, click Run, type “cmd” (without the quotation marks), and then click OK.
    2. To revert to the previous ACL configuration for vgx.dll, type the following command and replace the ACL on vgx.dll with the ACL’s it previously had, which were recorded in step 2 of this workaround The command line to do so will vary depending on your environment:echo y| cacls “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll” /g original ACL’s
    3. Close Internet Explorer, and reopen it for the changes to take effect.

     

    Note If this workaround is applied, software that redistributes vgx.dll may fail to install. Before this software can be installed, this workaround must be reverted to the previous ACL configuration for vgx.dll.

  • Enable Enhanced Protected Mode For Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode Internet Explorer 11 users can help protect against exploitation of this vulnerability by changing the Advanced Security settings for Internet Explorer. You can do this by enabling Enhanced Protected Mode (EPM) settings in your browser. This security setting will protect users of Internet Explorer 11 on Windows 7 for x64-based systems, and all Windows 8 and Windows 8.1 clients.To enable EPM in Internet Explorer, perform the following steps:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
    3. Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
    4. Click OK to accept the changes and return to Internet Explorer.
    5. Restart your system.

 

 

Read the complete advisory at the source

 

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

Serious Internet Explorer flaw puts XP users especially at risk

Hopefully you have followed advice and ditched Windows XP in favor of a more modern operating system, because there’s a new security exploit that’ll leave XP users exposed.

In a security alert released on Saturday, Microsoft reports that there’s a serious vulnerability in Internet Explorer 6 through 11 that could allow hackers to take over your computer remotely if you happen to visit a malicious website.

According to reports, security researchers has already found evidence of an attack that targets IE 9 through 11 that uses a well-known Flash exploitation technique to gain access to your computer’s memory. Microsoft has already said it plans to roll out an IE security update for all modern versions of Windows, but if you’re using XP, well, you’re out of luck, as support for that OS ended a few weeks ago.

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →

Philippines Typhoon Disaster Email Scams and Phishing Attack Warning

After a natural disaster phishing emails and websites requesting donations for bogus charitable organizations begin to appear. Users should be aware of potential email scams and phishing attacks regarding the recent Philippines Typhoon disaster. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites.

CS2K and US-CERT encourages users to take the following measures to protect themselves:

 

Contact CS2K today for your complimentary site analysis. We will help you determine the weaknesses in your own network security.

Posted in: Network Security, Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 2 12