Category : Antivirus

Hotfix applied to XG Firewall v17.5 for Exim vulnerability

Screen Shot 2019-06-14 at 12.56.45 PM

Some of you may be aware that security researchers recently discovered a security vulnerability in a popular email server, Exim. Exim is used by XG Firewall v17.5, specifically if a customer has enabled Email Protection. There is no need to worry, Sophos has you covered.
On Friday 7 June 2019, Sophos released and automatically applied an over the air hotfix to all XG Firewalls with auto-updates enabled to address this issue. If your XG Firewall does not have auto-updates enabled, please review KB134199 and contact Sophos Support.

Exim mail servers patching: https://nakedsecurity.sophos.com/2019/06/07/action-required-exim-mail-servers-need-urgent-patching

US Government Bitcoin Ransomware Attack

5224

More than 20 municipalities in the US have been hit by ransomware attacks this year alone, the software has grown rapidly by an internet worm that spreads copies of itself by hacking into other computers on a network. These attacks can be expensive, costing not only the company, but the public time.  Especially if those targeted say they won’t pay. In 2018 hackers demanded the City of Atlanta to pay about $50,000 in bitcoin in ransomware, the city refused and the attack actually ended up costing the city about $17 million to fix the damages. These ransomware attacks have not only recently been in Atlanta but other local governments across the US demonstrate that as these attacks spread more common targets will include schools and hospitals. Can you imagine not being able to graduate or not being able to have your MRI results because all your patient files are being held by these attackers? That’s exactly what happened in Baltimore, May 7th 2019 hackers targeted and digitally seized 10,000 government computers and are demanding around $100,000 in Bitcoins to free them back up. Not only are government employees locked out and are un able to have access to their computers, files and emails, the cities public residents are effected. Services that are utilized for paying water bills are not able to be accessed, paying parking tickets, or property tax payments. Last year Baltimore’s 911 Operating System was down for about a day from a separate ransomware attack.
“Ransomware” attack, where hackers deploy malicious software to block access to or take over a computer system. The basic idea behind ransomware is simple: A criminal hacks into your computer, scrambles your files with unbreakable encryption, and then demands that you pay for the encryption key needed to unscramble the files until it forces the owner of that system to pay a ransom to get their own files back. If you have files that are very important on your computer, you might be willing to pay a lot or succumb to the demands to avoid losing them. The most effective way you can protect your computer from these ransomware attacks is to do regular backups, the malware can only encrypt and delete files that are on your computer. If you are implementing a regular backup of your files, either to an external hard drive or using an online service  and your computer is targeted then you can wipe your infected computer clean. Once clean simply reinstall its software and then restore your files from the backup copy you have. The unfortunate difficulty is most people don’t keep adequate and routine backups so they are more likely to be impacted by these attacks so negatively.

Dangerous USB Cable – Hacker Tool

Screen Shot 2019-02-24 at 11.50.44 AM

Some hackers are getting creative in getting into people’s system by leveraging USB cables that have a Wifi Card in them which hallway the hacker the ability to access remotely and be in your local system.  Once in the hacker can browse the network and servers at their leisure to capture any intellectual property without anyone knowing.  The only left over signature would be the local device the USB cable is plugged into.  It’s important to be mindful of the USB devices your are leveraging in your business community to ensure a better degree of security.  There are also system tools that can be installed on all systems to notify your local admin when a device of this nature is within the network.

 

Screen Shot 2019-02-24 at 11.35.50 AM

Antivirus – Top 4 on the Market in 2016

 

Keep your computer healthy and your stress low, with an easy to manage antivirus software. A wealth of options exist, so with the help of researcher Neil Rubenking at PCMag, we have comprised a list of the top antivirus programs. Each product has been reviewed and lab tested in order to provide real results and data. In times of trouble no one wants a program that can’t handle the pressure.

Top 4 Commercial Antivirus Software on the Market

Kaspersky Anti-Virus (2016)1444039371_kaspersky-antivirus-2016-16.0.0.424

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan

 

 

Bitdefender Antivirus Plus 2016

Both Bitdefender and Kaspersky performed at the top of the scale in independent Lab tests.

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan
  • Website Ratingbd2016-boxshots-av-online-en_1_2

McAfee AntiVirus Plus (2016)

A single subscription of McAfee AntiVirus Plus allows you to install protection on all of your Windows, Android, Mac OS, and iOS devices.

  • On Demand Malware Scan Product_Page_Product-Overview_Pack-image_AntiVirus-Plus_320x430
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Bonus – Vulnerability Scan
  • Website Rating

 

 

 

Webroot SecureAnywhere Antivirus (2016)

Webroot SecureAnywhere Antivirus uses an  unusual behavior based detection technology. This makes Webroot the tiniest antivirus on the market today. This is both good and bad. In theory this Antivirus can protection you from malware, but it can also flag legitimate behaviors made by legitimate users.

  • On Demand Malware Scan
  • On Access Malware Scan
  • Malicious URL Blocking
  • Phishing Protection
  • Website Rating

Antivirus program

 

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit:The Best Antivirus Utilities for 2016

Transmission BitTorrent App Infects OS X with First Ransomware…

If you recently installed the Transmission BitTorrent App, most likely you are one unhappy user.

WP15The recently released version of Transmission BitTorrent for OS X contained the embedded KeRanger ransomware, the debilitating program designed to lock and encrypt files in order to extort money from consumers. In case you didn’t read our previous post about ransomware, this malware is extremely debilitating to consumers and business owners alike. It locks files and infiltrates all external hard drives and shared networks, making external hard drive back up prevention useless in protecting sensitive data.

The March 4th version 2.90 of the application contained the malware. The Transmission’s website is encouraging all users who have downloaded this version to upgrade to version 2.91 or at a bare minimum delete the 2.90 version from their computers. If you would rather, wiping and restoring your system to an earlier time period is also an option. Make sure if you utilize this option, that you restore your device to a period before the Transmission 2.90 installation.

Now if you find yourself infected, resist paying the $400 asked to restore your files. There is no guarantee that paying this fee will result in any data retrieval and could possibly be a complete waste of your money. If you decide to do nothing, at least remove the malware installed. Leaving the installation only allows the ransomware more opportunity to further exploit your system.WP14

If you would like to do a little investigating of your own, a new blog post from Palo Alto Networks’ threat intelligence team lists the steps for finding out if you have been infected with the KeRanger ransomware.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcmag.com/article2/0,2817,2500391,00.asp?mailing_id=1587787&mailing=DailyNews&mailingID=510C4584BD5C3E3CDD5A15D97D2B87C0

 

Top Security Suites of 2015

The Best Security Suites for 2015

Malware, hacks, and data breaches are unquestionably possible if you do not tend to your security needs. Keep yourself and your computer protected from harmful intrusions by investing in top notch security. Take a look at the list compiled below as these are the leading security suites of 2015.

 

Bitdefender Total Security 2016 $69.95

  • Scored Excellenbitdefender1t in anti-malware, anti-spam, and anti-phishing tests.
  • No hassle firewall
  • Parental control
  • System tune-up
  • Advanced startup optimization
  • File encryption
  • Anti-theft
  • Password Manager
  • Secure browser

 

 

Kaspersky Internet Security $79.99

  • Spam Filterkap
  • No hassle firewall
  • Parental Control
  • Remote monitoring and management
  • Bonus features

 

 

 

 

 

Symantec Norton Security Deluxe $69.99

  • symantecBest at malicious URL blocking and antiphishing
  • Spam filtering
  • Password Management
  • Performance Optimization tools
  • Online Management
  • Powerful protection for Android and Mac

 

 

 

 

Bitdefender Internet Security 2016 $59.95

  • Accurate spam filterbitdender2
  • Tough firewall
  • Revamped parental Control
  • Password Management
  • Secure browser
  • Ransomware protection

 

 

 

 

Comodo Internet Security Complete 8 $69.99

  • Live remote tech support/Remediaticomodoon for any security problems
  • Virus free guarantee
  • VPN for protection on public networks
  • Local and online backup system
  • 50GB of hosted online backup

 

 

 

 

 

Trend Micro Internet Security 2016 $79.95

  • Great Antivirustrend
  • Accurate spam filter
  • Optimizes PC health
  • Secure deletion
  • Scans social media security settings

 

 

 

 

 

 

Webroot SecureAnywhere Internet Security Complete 2015 $79.99

  • Small and light on Resowebrooturces
  • Quick install and scan
  • Good malicious URL block
  • Full feature password manager
  • Mobile support
  • Remote management
  • PC optimization
  • Online backup and Sync

 

 

 

Check Point ZoneAlarm PRO Antivirus $69.95

  • Powerful firewzoneall
  • 5GB of hosted online backup
  • Credit monitoring
  • Identity protection
  • Password Management

 

Can’t Install AV on a Hyper-V Host or it Breaks Networking… Wow

Problem: Antivirus and Hyper-V (Why can’t I start my virtual machine?)
A little while ago our support team ran into some problems starting virtual machines after they install antivirus software in the management operating system.  The root cause of the problem is that a number of these programs monitor file access in a way that interferes with Hyper-V’s attempts to open virtual machine files.  If you see this problem – you have two options:

  1. Don’t install antivirus.  If you are running a server core configuration, or a full server configuration, and you have nothing running in the management operating system other than Hyper-V, and you do not have people logging in and browsing the web in the management partition, etc… Then you do not really need to have antivirus software installed as there is limited risk of a virus.
  2. Install antivirus and set up the following exclusions (most antivirus programs allow you to exclude specific directories, files and processes from scanning to help deal with issues such as these):
  •         Default virtual machine configuration directory (Normally this is C:ProgramDataMicrosoftWindowsHyper-V)
  •         Custom virtual machine configuration directories
  •         Default virtual hard disk directory (Normally this is C:UsersPublicDocumentsHyper-VVirtual Hard Disks)
  •         Custom virtual hard disk directories
  •         Snapshot directories
  •         Vmms.exe
  •         Vmwp.exe

 

Windows Intune

Users always on the go? Having a hard time managing remote workstations? Need to ensure updates are installed on mobile workstations? Want to push apps to remote workstations? Well look no further, try Windows Intune. I recently came across a client that had many mobile users and we were having a very tough time managing them and ensuring they are up to date. What I came across was Windows Intune.

Windows Intune is essentially a cloud based management system for remote workstations. It gives you the ability to monitor antivirus activity using Windows Intune protection, as well as a web based update console that is much like WSUS on Windows server. It’s a very simple and easy project to use if you have many remote workstations. It literally took me about 10 minutes to get it setup and I was pushing agents out to the workstations. It even sent me an email alert when a computer detected malicious items on one of the PCs.

Furthermore if you sign up for Windows intune which is about $7 per workstation per month, you are given the ability to install Windows 7 Enterprise on your workstations. Microsoft essentially gives you a volume license key for the enterprise software for each pc using Windows Intune.

So if you are looking for an easy way to manage remote systems that never connect to the domain, I would recommend trying Windows Intune.

http://youtu.be/FidwAXN1mGQ

Antivirus Failing

According to the Microsoft Security Intelligence Report apparently not all PC users that have anti-virus actually get protected for malicious viruses 100% of the time. There is a great article that a team member here at BVA found that explains your chances of being at risk along with ways to help minimize your chances of having issues. Click here to read the full article from the folks over at PC Mag.

How Secure is your Dropbox?

On April 15th, Tech Republic ran an article of interest to those of you dealing with network security. Blogger Michael Kassner’s article “Dropsmack: Using Dropbox to steal files and deliver malware” detailed his discovery at this year’s European Black Hat convention of a presentation made by penetration tester Jacob Williams. Williams’ presentation was titled “Dropsmack: How Cloud Synchronization Services Render Your Corporate Firewall Worthless”. In it, he describes how he was able to spear-phish the CEO of a client company and access the CEO’s Dropbox account. From there, even though he could not read the files inside directly, he was able to install malware to them to be synchronized down to the CEO’s workstation, where they could cause damage or seek out data to send back out. The malware uses the Dropbox synchronization service as a “Command and Control” (C2) channel. Chilling reading!