Monthly Archives : March 2016

Sophos, Did you say.. Free?

You heard right. Sophos is offering free commercial grade security software for users. Sophos free security

Sophos is a security software and hardware company that develops products for encryption, network security, mobile and email security as well as threat management. Although mostly geared toward large enterprise organizations, they haven’t forgot about the security needs of home users.

In addition to their free Sophos Cloud, which can be used in business, commercial, or government organizations, Sophos offers free home protection, a great tool for users. This free version of Sophos Home lets you manage and protect up to ten computers per account. A huge advantage for anyone looking to better protect sensitive data from their home base.

The free security software protects against malicious software and inappropriate websites and viruses. In a world where malware is at the forefront of security concerns, it is best to ensure added protection for all your Mac and PC devices. As an added cherry on top, you can manage security settings for the entire family from any browser.

If you want software that is trusted by IT professionals, we highly recommend trying the new free version of Sophos.

To find out more information about Sophos and sign up for Sophos Home please visit their website:

https://www.sophos.com/en-us/lp/sophos-home.aspx

 

Ransomware seeks victims via TeamViewer

Download-TeamViewerAnyone use Teamviewer? If so, sorry to say,  you may have been hacked.

A new ransomware has been discovered appending the .surprise extension to encrypt important files. Further research into the extension revealed the loader had EDA2 ransomware from memory, and was only attacking those who also had TeamViewer installed. The victim logs showed that TeamViewer had been utilized as a means to reach computers. Someone connected via TeamViewer and proceeded to download the encrypted surprise files onto the unsuspecting desktop.

The two TeamViewer IDs used by the attackers were  479441239 and 479440875.

This surprise ransomware is unique in that it has successfully bypassed AV signature definitions as well as behavior detection. Rather than containing the more typical encryption functions seen in ransomware, this surprise ransomware encompassed an encrypted BASE64 encoded string. This string is loaded into memory and functions from there.

The ransomware scans all fixed disks on the computer for files that contain a particular file extension. When it finds a matching file, it will encrypt it with the AES encryption key and append the .surprise extention to it. The targeted file extensions are a hefty list. It will skip any files containing the $ symbol or contain the c:/windows and c:/program strings in the filename.

Bleeping Computer discovered the 3 files the ransomware creates are as follows:

  • %Desktop%\DECRYPTION_HOWTO.Notepad ransom note.
  • %Desktop%\surprise.bat, which executes the vssadmin.exe Delete Shadows /All /Quiet to remove Shadow Volume Copies.
  • %Desktop%\Encrypted_Files.Notepad file that contains a list of encrypted files

Sadly for those encrypted there is no alternative method to gain access to the files at this time without paying the ransom.

If you would like to educate yourself in greater detail about the material presented in this blog post please visit:

http://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/

Nextbit: No Robin Phone for Verizon, Sprint

nextbit robin phone Bad news for those who thought they were going to get the Nextbit Robin smartphone for Sprint and Verizon customers. Nextbit announced that they have decided to cancel plans to launch a CDMA version. Originally, Nextbit was not planning to release a CDMA version. Due to high customer demand, the company decided to try to launch a CDMA version when they started receiving a high influx of user requests.

Nextbit CEO, Tim Moss, said the idea was rushed, and the answers were not clear. The Kickstarter campaign was only 30 days long. The decision to start investigating a CDMA version did not begin until two days into the campaign.

Moss explains that because of the late decision the company was not prepared to meet the demand, “We had to go with the best information we could get before the campaign was over, and over time it turned out that this information was not accurate,”. He goes on further to reveal the cost was much higher than anticipated, from estimated thousands to estimated millions. With little knowledge of when the device would be complete and ready to ship, the company decided to cancel the request altogether.

No need to worry if you already pre-ordered your Nextbit CDMA version. The company has promised to credit each backer their entire pledge including any extras such as accessories and shipping costs. As an added bonus, Nextbit is offering each CDMA backer a 25 percent discount code on one order from the company’s online store.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/news/343017/nextbit-no-robin-phone-for-verizon-sprint?mailing_id=1646016&mailing=DailyNews&mailingID=4C40F34FE0DC8E21A3A653EEBB113330

 

Microsoft Pushes Back Windows 7/8.1 End Date

Windows 7 Windows 8 End of Support It appears Microsoft is trying to get users to upgrade to Windows 10 by finally pulling the plug on Windows 7 and 8.1. Well. Sorta.

The painstaking process of adapting older operating systems to Intel’s revolutionary architecture lead to the initial decision to withdraw support for 7 and 8.1 in 2017. Users have until July 17,2017 to upgrade. If the upgrade is not made, users will only receive security fixes deemed as most critical. After this date only users working with Windows 10 will  receive the most recent updates, patches, tweaks, and fixes. As you can imagine this irked consumers wishing to stay with older operating systems. This is the first time Microsoft has somewhat become demanding of its customers when it comes to making the switch to Windows 10.

Jeremy Korst, general manager of Windows marketing, reveals the shortened life span is “designed to help consumers purchase modern hardware with confidence, while continuing to manage migrations to Windows 10” . This makes sense considering upgrading to Windows 10 on Skylake devices ensures users are able to access the latest and greatest in terms of modern hardware and software.

Korst also explains in a blog post the obvious advantage of running Skylake on Windows 10, “Compared to Windows 7 PC’s, Skylake when combined with Windows 10, enables up to 30x better graphics and 3x the battery life.”

The end of life date for Windows 7 is January 14, 2020 and January 10, 2023 for Windows 8. The delayed deadline should hopefully make the transition smoother for customers. Another year will be allowed for Skylake to run on Windows 7 and Windows 8.1 while still receiving all major windows updates. Microsoft is also enhancing its overall policy to promise more security updates, in case the deadline alone doesn’t convince users to make the switch to Windows 10.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/news/343041/microsoft-extends-update-deadline-for-windows-7-8-1-skylake?mailing_id=1646016&mailing=DailyNews&mailingID=4C40F34FE0DC8E21A3A653EEBB113330

New on our radar…ads spreading crypto ransomware

Crypto Ransomware disguised within ads on big time sites

Ads featured on sites such as The New York Times, the BBC, MSN and AOL have exposed thousands of users to crypto ransomware. Angler, a toolkit that sells exploits for Adobe Flash, started the wave of encrypted ads last week pushing laced ads through a compromised network, according to researchers at Ars Technica.

 

The ads contained a JSON-based file with more than 12,000 lines of obscure codes. Angler attacks unsuspecting users with Bedep Trojan and the TeslaCrypt ransomware, a nasty combination. The three suspicious domains to be aware of are trackmytraffic[c],biz, talk915[.]pw and brentsmedia[.]com. The hacking has spread to answers.com, zerohedge.com, as well as infolinks.com. In addition, affected networks consist of those owned by big names such as Google, AppNexis, AOL, and Rubicon.

 

The best thing users can do at this point is enforce safe browsing. Decreasing the probability of attacks means decreasing the attack surface. Uninstall third-party extensions such as Adobe Flash and Microsoft Silverlight unless necessary. In addition to this, keep installations up to date by following updates as soon as they are made available. Using the 64-bit version of Chrome for browsing is one of the safer ways to browse. Microsoft users should work with Windows 10 and Microsoft’s Enhanced Mitigation Experience Toolkit.

Windows 7…on the way out

slug, windows 7 slow, sluggish Designed in 2005, over ten years ago, Windows 7 is still used among common user and business owners alike. Microsoft released the Windows 7 Service Pack 1, more than 5 years ago in 2011. A more recent Service Pack 2 has never been released despite the desire of devoted Windows 7 users. Lack of updates makes for a sticky situation for those users wishing to do a clean install. When you run Windows Update, you see a whopping 216 updates available. Mildly insane.

As discovered by Ed Bott, for The Ed Bott Report, there is a way to avoid the delay partially. The KB3083710 and KB3102810 updates need to be downloaded before starting the installation process and copied to a USB flash drive. From this point you can install Windows 7 with SP1, leaving the network cable disconnected while you proceed to install the two saved updates from the USB flash drive. This saves time and allows you to then connect to the network again and run the Windows Update.

To increase frustration further, getting to the place where 216 updates are made available takes nearly eight hours due to the bug detected by Microsoft in fall 2015, making installing and searching for updates with Windows 7 and Windows Server 2008 extremely slow and painful.

Windows 10 utilizes cumulative updates in comparison to Windows 7. Rather than waiting hours for hundreds of updates to be installed, after one clean install only one update is needed, a great improvement. It appears that Windows 7 is on its way out, with lack of security updates and service packs. Although the extended support for Windows 7 does not officially end until January 2020, the outlook for shorter update times and less updates found in general is less than optimistic.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.zdnet.com/article/sticking-with-windows-7-the-forecast-calls-for-pain/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

Two-Factor Authentication Evaluation Guide

Two-factor Authentication is a type of multi-factor authentication that provides identification of users using a combination of two different components. These components are often something the user knows, possesses, or something that is inseparable from the user. This Guide has been adapted from Duo Security, and illustrates what to consider when deciding upon a vendor for Two-factor Authentication for your company.WP17

Security

 

In order to enforce this extra layer of protection it is important to consider the factors involved. Security and ease of implementation should be of first priority. The vendor in which provides your two-factor authentication should be secure by design. The cloud based service should use multiple, independent PCI DSS Level 1 and ISO 27001-certified, SAS 70 Type II-audited service providers and is split across multiple geographic regions, service providers and power grids for seamless failover. This ensures that you have a reliable vendor that has an infrastructure that is fully scalable and elastic enough to be able to accommodate any number of users. You should be able to add users as you need them without issue. The vendor should also be backed by a strong service level agreement and the service should offer 24/7 operational coverage.

Cloud-based authentication services are easy to use and tend not to require installation of hardware. Selecting a vendor with drop-in integrations for all major VPNs, Unix, and MS remote access points. Something to look for is deployment. The two-factor authentication process is best implemented when it leverages a platform users already have, such as cell phones. Make sure the service you employ works with landlines and tokens to save your IT administrator from having to manage tokens.

Usability

Usability and convenience are a major part of making two-factor authentication a productive solution. A vendor that keeps a lot of “clutter” such as extra steps gets in the way of the login path and makes for a large and unneeded distraction. Allowing users to easily enroll themselves and set their preferred devices to use for authentication makes the login process easier. This should be met by a vendor that supports a wide range of authentication methods including push to mobiles app, passcode and phone call back.

Administration

When choosing the ideal vendor, make sure the administrative needs are met. For instance, consider if the solution allows for visibility insight into user access of your network. Authentication logs should be provided for auditing and reporting. Systems that provide a centralized admin interface give a consolidated view of how the two-factor authentication is working, and allows for better maintenance. It would be best if the system managed the physical tokens rather than forcing you to manage such items. In addition if you are looking for a cost effective solution, cloud hosted vendors have the lowest costs and least amount of hassle because the infrastructure, upgrades and maintenance are all managed by the vendor.

 

 

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://hosteddocs.emediausa.com/duo-security-twofactor-evaluation-guide.pdf

Microsoft Finally Announces SQL Server on Linux

WP18After the long and rocky relationship between Microsoft and Linux, the dust has finally settled with the release of the Microsoft SQL Server, compatible with Linux.  The Microsoft SQL Server hosts an array of new features including end-to-end encryption, in-memory support, and more advanced business intelligence capabilities. The news broke when Executive Vice President of Microsoft, Scott Guthrie, released a blog post headlining the SQL Server as a cross platform performer, excelling both on premises and in the cloud.

Guthrie writes, “SQL Server on Linux will provide customers with even more flexibility in their data solution.” Finally Microsoft and Linux have reached an understanding.

The collaboration stems from Microsoft CEO Satya Nadella, who has encouraged in full force that Microsoft and Linux can and will work well together. The company has now enabled support for Linux on Microsoft Azure, as well as partnered with companies such as Hortonworks and Ubuntu on Linux support. In addition to this Microsoft has also launched open-source efforts including open-sourcing ASP.NET. The lion’s share of Microsoft’s code has also been moved off of CodePlex and onto GitHub.

SQL Server for Linux is currently available in a private beta, and will roll out in early 2017.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/article2/0,2817,2500449,00.asp?mailing_id=1592938&mailing=SmallBusiness&mailingID=74D263B8F2379AE682EE8634F4F85239

Chrome 49 Update Increases Extension Visibility 

[caption id="attachment_5575" align="alignright" width="351"]WP 16 You may have noticed this new aesthetic in the top right corner of your screen.[/caption]

Google Chrome has a large fan base of users who have most likely noticed the changes made with the most recent update.  A string of icons now appears in the upper-right corner of the browser window due to Chrome 49. This icons should look vaguely familiar considering they are the extensions installed on your computer. This enforces that each extension has a persistent UI surface.

Google released a statement in which they describe protection as the most influential reason for the change. Hearing frequently that users are blind to the extensions they have installed due to sideloading and installation by phishing this update ensures users are knowledgeable about their extensions. Extensions utilize computing resources and can significantly impact performance and security.

You may notice the color change feature. The icons in your toolbar now change colors to show you which extensions have and do not have impact on your current activities. For instance, if the extension has no impact on the current page, then the icon turns gray to signal the lack of impact. The icon will light back up when the extension impacts the page you are working on again.

Tip for those of you who are wondering where the other icons have gone, your browser window might be small or you may have quite a few extensions installed. Click on the Chrome menu button on the far right of the toolbar. This will allow you to access the icons that have been dumped due to lack of space. You will no longer be able to delete these icons for good, so make sure you know how to access your hidden icons.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/article2/0,2817,2500377,00.asp?mailing_id=1587787&mailing=DailyNews&mailingID=510C4584BD5C3E3CDD5A15D97D2B87C0

Microsoft releases 13 security bulletins – 5 critical, yikes!

Eight of the bulletins released by Microsoft resolve remote code execution vulnerabilities.

Microsoft patches bulletins

The five critical patches released are for RCE flaws. MS16-023, 024, 026, 027, and 028 are the patches that reach Windows Media Parsing RCE bugs, Windows PDF Library holes, and Microsoft Edge corruption flaws. Included in these five are the codes for execution flaws for IE and to correct 13 memory corruption vulnerabilities. The monthly fix for Microsoft Edge is a part of the list, patching 10 memory corruption flaws that could lead to even more execution flaws as well as information disclosure bugs.

The other eight bulletins are listed as a notch down from critical, as “important” for both RCE and EoP. Although these patches are not needed immediately, without attention many lead to greater future problems and security errors. It would be best to identify which patches fit your immediate needs and which will become problematic in the future. For instance the MS16-030 is listed as important, though if left alone a hacker could exploit the two Windows OLE memory RCE flaws if the Windows OLE fails to validate user input. Unless your users are completely accurate, without fail, this should be patched.

If you would like to see the complete list of bulletins, in more detail, please visit:

http://www.networkworld.com/article/3041843/security/microsoft-released-13-security-bulletins-5-rated-critical-but-8-patching-rce-bugs.html?token=%23tk.NWWNLE_nlt_networkworld_security_alert_2016-03-09&idg_eid=b0bd995e2814d7f58c50105dd3327c12&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Security%20Alert%202016-03-09&utm_term=networkworld_security_alert#tk.NWW_nlt_networkworld_security_alert_2016-03-09