Tag : Data

Is WiFi Assist Swallowing your Data?

wifi assist iphone apple If your iPhone software is up to date, meaning iOS 9 and the most recent iOS 10, then you have “WiFi Assist”. WiFi Assist is a feature that allows you to stay connected to the internet even when the WiFi connection is poor. Meaning that if a webpage is having trouble loading or your Instagram won’t refresh due to poor internet connection, the cellular data on your smartphone will step in to bridge the gap. When this feature is turned on you will see the cellular data icon in the status bar on your device. Apple’s website warns that because of the obvious (the feature is using cellular data here) you might use more cellular data than usual, but should only be a “small percentage higher than previous usage”. Despite what Apple recommends, I read a decent amount of hoopla from consumers outraged by the increase in data usage when their phone bill arrived at the end of the month.

I turned my WiFi Assist feature off, and I have noticed no difference in my performance. However, I have a strong WiFi connection both at my house and my office – hey I do work for an MSP after all :) !

I will be interested to see how it holds up in other environments. Regardless I can always turn the feature back on.

Want to turn off WiFi Assist and maybe save a little cash? Watch my video!

Settings > Cellular > Scroll alllllll the way down till the end of your apps > WiFi Assist toggle


If you would like to learn more about the information presented in this blog post please visit: https://support.apple.com

Lets agree to not use Yahoo anymore

Yahoo Breach

A hacker responsible for breaches of both LinkedIn and MySpace, has reportedly stolen 200 million login credentials for Yahoo accounts.  The hacker goes by the name peace_of_mind and claims to have also stolen credentials for Tumblr as well.  He is selling the Yahoo information on the darknet in a marketplace called TheRealDeal, where for 3 bitcoins, or US $1,824 anyone can buy them. Motherboard reported that a Yahoo spokesperson told them that the company was aware of the credentials being stolen online, but did not confirm whether Yahoo itself had been hacked in order to obtain the login credentials.

In a statement to Motherboard Yahoo states,

“We are committed to protecting the security of our users’ information and we take any such claim very seriously,” a Yahoo spokesperson said. “Our security team is working to determine the facts.”

The biggest oddity of the news appears to be the credibility of the login credentials. Many of the accounts appear to be disabled or otherwise inactive when Motherboard attempted to test 100 of the posted email addresses, most came back “undeliverable”. When Motherboard contacted peace_of_mind  posting on TheRealDeal, he explained most of the stolen credentials were from 2012. Peace_of_mind has posted a sample of the stolen Yahoo database, including passwords and email addresses that have been hacked using the MD5 algorithm.

As many may remember, this is not the first time Yahoo has been put in a bad spot due to a security breach. In 2012 a breach exposed 453,000 passwords while in 2014 a breach involved what the company called a “coordinated effort” to gain access to Yahoo email accounts. In May of this year the United States House of Representative  blocked Yahoo access on it’s network due to concern that the company was a target for hackers. Rightfully so apparently.

The company told PCmag in a statement,

“[Yahoo] works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Regardless of whether or not Yahoo confirms the breach, users should most certainly change there credentials, and in my own opinion, jump ship to Gmail.

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com  www.pcworld.com

Webcam Malware aimed at company employees

aaaaayaaaaa

Attacks face many working employees as the newest form of malware has been aimed at webcams in the workplace. The new malware is used to record employee’s private moment sin order to extort information out of them later. Sounds like everyone’s worst nightmare. The malware is called Delilah, a sweet sounding name for something so morally compromising. Delilah is the world’s first insider threat Trojan. It allows operators to capture sensitive and compromising footage of victims, which is then used to pressure victims into leaking important company secrets. The malware is being delivered via multiple popular adult and gaming sites. Thus far it is not clear if any engineering or software vulnerabilities are the source of the installed malware. The bot comes with a social engineering plug in that connects to the webcam operations so you never know you are being filmed. The attackers are using encrypted channels to communicate with victims. The bot itself needs a high level of management from a human to know who to recruit, choosing who to scam effectively. The bot, once installed, seeks to gather as much personal information about the candidate as possible, in order to bully the victim into complying with attacker requests. This can span to family and friend information as well. At the moment, not much has been accomplished as to checking for the malware. All that is known is that the bot is still buggy, and that because of the number of screenshots it is taking, often makes the screen freeze momentarily.

As security researchers look into this type of malware, more preventative information should follow.

 


 

If you would like to learn more about the information presented in this blog post please visit : www.zdnet.com

Why your business should be utilizing DRM

drmDigital rights management, often known as enterprise DRM, gives companies control over the sharing capabilities of their documents. Nothing about this technology is necessarily new, rights management versions have been in Windows Server since 2003. For businesses, its generally surprising that many are unaware of the benefits of employing DRM. Data control is enforced over networks, mobile devices, and applications so why not documents. DRM allows companies to share quotes and prices with clientele, monitoring the number of times the document has been opened. You can also set documents to expire, such as with prices and quotes so only the most current document is available. In addition DRM allows for control of sharing, making it possible to send documents to clients without them being forwarded to your competition.

Companies are beginning to see that protecting the perimeter and devices is no longer enough, and that a data-centric approach is necessary, says Dan Plastina who runs Microsoft’s rights management offerings. He goes on to to describe rights management as “identity-bound data protection; you encrypt the files so only the right person has access to it”. Although most of the companies that have DRM capabilities enforced are in finance, automotive, or manufacturing, data rights management is important for greater range of companies than it is currently reaching. What companies need to understand is the importance of control. Data goes to the cloud, to clients, to vendors, forwarded to partners, passed around without any central control of what is being sent, changed, or if the data is current. DRM eliminates the mess of rogue data.

The most important thing to acknowledge with DRM is flexibility of control. Rights management works well if you begin by identifying the basic needs, classifying, labeling and protecting. This way you can ensure that digital rights management is working to the benefit of your company.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: Why you need DRM for your documents

 

Storage and Backup Products that Save the Day

Nasuni Cloud Storage – Leveraging the cloud as a primary storage component, Nasumi Cloud NAS combines local storage controllers and cloud storage to provide global access to data with local performance. The only file system of its kind that can scale from hundreds to hundreds of billions of objects without any degradation of performance. If your company is having trouble taking on highly data-intensive projects because of limited storage capacity that is costly to upgrade, NAS is the right solution.pic

DataCore’s SANsymphony-V – This software-defined storage option maximizes IT infrastructure performance by virtualizing storage hardware in a universally compatible format. The SANsymphony-V software runs on standard x86 servers, providing one set of common storage services across all storage devices even allowing communication between unlike storage devices. Customers and IT techs rave about the increase in performance and especially the 75% reduction in storage costs. “[It] meets our replication needs — replicates all critical data between two data centers. Also provides rich SAN capability.”says David Blaisdell, assistant IT director at the New London, NH, college.

Intermedia SecuriSync – Backup and File sharing with Intermedia SecuriSync is made easier by providing real-time backup and point-in-time restore for PCs and Macs. When data is the core of your business, you need to be able to retrieve and analyze data without delay. SecuriSync provides both consolidated file management and continuous backup of documents, while securing access to sensitive data. Going beyond read-only access, employees can edit documents from mobile devices without having to worry about version control. Real time backups give users the comfort of being able to easily restore corrupted files.

CloudBerry Managed Backup – This flexible and cost effective solution allows the user to choose the storage providers as well as provides remote management capabilities. For small to mid-sized businesses this is the perfect option. Cloudberry provides all of the benefits of cloud based storage, scalability, reliability and security but at a size attainable for small businesses. Backups are made both easier and less costly.


If you would like to educate yourself in more detail about the information presented in this blog post please visit: Go-to storage and disaster recovery products

 

Who’s in Charge of Your Cybersecurity?

 

The first step in successful cyber-security is getting every employee on board. It is pretty obvious that some hardware goes into creating a security shield around important data. As an Information Technology company ourselves, we already know the value Firewall, and anti virus software have on making your network more secure. However, in order to adopt a more proactive protection policy, the groundwork needs to be laid, starting with company culture and communication. It is increasingly important to enforce awareness and education in order to save a lot of headache later down the line.

The CEO of the company needs to take interest in cyber-security before any of the employees can get on board. Simple risk analysis is a great start. Buying products online is not sufficient. A knowledgeable IT professional should be on hand. You need someone who is going to leverage the right equipment as well as set security measures that fit your establishment.

“The cyber threat cannot be solved by buying products” says Tim Holman, president of the Information Systems Security Association in the UK. Holman has the right idea, if your company is not equipped with the right skills to manage these products they are basically junk. It is important to attack cyber-security the way a hacker does. Common sense leads us to find that reducing the amount of sensitive data stored will always be a great measure. Restricting access to information and getting cyber liability cover is another way to lessen the probability of attack.

As information continues to flow in and out of your business remember that with any exchange over the internet comes a great deal of risk. Ensure your company professionals understand how to practice good security efforts. Never open an attachment that is unfamiliar, back up data in two separate places, and utilize solid Firewall and anti-virus software. Keep all platforms up to date with the latest patches and security fixes. Top to bottom, cyber-security is the responsibility of all.bva_withninja_teal-centered

 


 

 

If you would like to educate yourself in more detail about the information presented in this blog post please visit: The CISO, the CIO, the CEO, or you: Who is really responsible for cybersecurity?

Ransomware seeks victims via TeamViewer

Download-TeamViewerAnyone use Teamviewer? If so, sorry to say,  you may have been hacked.

A new ransomware has been discovered appending the .surprise extension to encrypt important files. Further research into the extension revealed the loader had EDA2 ransomware from memory, and was only attacking those who also had TeamViewer installed. The victim logs showed that TeamViewer had been utilized as a means to reach computers. Someone connected via TeamViewer and proceeded to download the encrypted surprise files onto the unsuspecting desktop.

The two TeamViewer IDs used by the attackers were  479441239 and 479440875.

This surprise ransomware is unique in that it has successfully bypassed AV signature definitions as well as behavior detection. Rather than containing the more typical encryption functions seen in ransomware, this surprise ransomware encompassed an encrypted BASE64 encoded string. This string is loaded into memory and functions from there.

The ransomware scans all fixed disks on the computer for files that contain a particular file extension. When it finds a matching file, it will encrypt it with the AES encryption key and append the .surprise extention to it. The targeted file extensions are a hefty list. It will skip any files containing the $ symbol or contain the c:/windows and c:/program strings in the filename.

Bleeping Computer discovered the 3 files the ransomware creates are as follows:

  • %Desktop%\DECRYPTION_HOWTO.Notepad ransom note.
  • %Desktop%\surprise.bat, which executes the vssadmin.exe Delete Shadows /All /Quiet to remove Shadow Volume Copies.
  • %Desktop%\Encrypted_Files.Notepad file that contains a list of encrypted files

Sadly for those encrypted there is no alternative method to gain access to the files at this time without paying the ransom.

If you would like to educate yourself in greater detail about the material presented in this blog post please visit:

http://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/

Ransomware

 

Ransomware Malware Ransomware is the devilish and extremely debilitating program designed to lock and encrypt files in order to extort money from consumers, business owners, and even government officials. It seems that no one is safe in the fight against ransomware. Most ransomware programs are targeted at the most popular operating system, Windows. Ransomware programs can and will target other systems such as Android applications, Mac OS X and possibly even smart TVs in the near future. Not only is this an unsettling forecast for consumers, but also a call to action for preventative measures to protect your most important data files.

What can be done? Most users have learned the hard way that it is better to back up sensitive data to an external hard drive. However, this type of malware is tuned in to this. When a ransomware program infiltrates a computer, it infects all accessible drives and shared networks, encrypting all files found. This makes for a very irritating discovery of locked data across the board.

Rather than rely on the external hard drive method for backups, it is suggested that consumers adopt a new best practice. Ensure at least three copies of sensitive data are made, and stored in two different formats. At least one of these copies should be stored off-site or offline. This way if ransomware locks files away consumers are not forced into a sticky situation of deciding whether to risk paying for the data retrieval or losing the data forever.

What to do when faced with ransomware? Not much can be done once ransomware has attacked. Most security researchers advise not paying for files to be unlocked, as there is no guarantee that the hackers will provide the deception key once paid. Security vendors also worry about the implications for fueling the fire. The more consumers give in and pay for the safe return of their data, the further encouraged ransomware criminals become to continue this practice of extortion.

If I haven’t said it enough already, I will say it again. Prevention is key. Know how ransomware reaches your computer. Be especially careful of email attachments, word documents with macro code, and malicious advertisements. Always keep the software on your computer up to date. It is especially important to ensure that OS, browsers such as Flash Player, Adobe Reader, and Java are always updated when available. Unless you have verified the senders, never enable the execution of macros in documents. Finally and most importantly, perform daily activities from a limited user account rather than an administrative one. And always, always, utilize a well running and up to date antivirus program.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcworld.com/article/3041001/security/five-things-you-need-to-know-about-ransomware.html

Not Even NASA’s data is safe!

For those of us who think we are pretty good at keeping our information safe, I would highly suggest you think again. Most leading government organizations have issues on keeping their data secure. Take for instance NASA. According to a recent article in Popular Science, NASA was targeted some 47 times last year by cyber criminals and they were successful 13 times giving hackers full control of critical NASA networks. They even lost the codes to control the International Space Station at one point.

NASA is often a target for cybercriminals and often NASA hardware is stolen. Between 2009 and 2011, 48 mobile computing devices were lifted from NASA or NASA employees. One of which containted those control codes for the ISS. Believe it or not, the device in question was not encrypted, and it appears that a lot of NASA devices are like this.

One would think that NASA, a pioneering government organization would have this type of stuff under wraps considering they have a 1.5 billion dollar a year IT security budget. It gives you the sense that if somebody really wanted to, they could easily get into your computer and get your personal information.

Furthermore, think of all of the companies and business that are not NASA, with much smaller IT budgets, that are targets all the time. Hackers could easily can access to these networks without anyone even knowing it and that often happens. A good recommendation is that you be very cautious with your personal information and where you put it. Doing research into security standards and checking to see if companies have had previous IT breaches.

You can also encrypt your hard drive with Windows BIT Locker or 3rd party software if you would like. You can use software such as Pretty Good Privacy (PGP), TrueCrypt, or CyberAngel.

You can never be too safe with your personal information!

Personal Cloud: WD My Book Live

Backup, backup, backup. Most of us rely on our computing technology for our work, home, and play to keep our data easily accessible. We’ve all experienced it, we’re working and all of a sudden our computer crashes, the hard drive goes bad, or the files we need becomes corrupted and guess what? There’s no backup! What do to now besides cry? We at BVA believe keeping a backup, whether daily or weekly is very important because you never know when something will go wrong. There are all kinds of backup solutions out there for businesses, from tape, disk, or even in the cloud. But not only do businesses need to keep backing up their files, but we as individuals with our personal data should keep backups. I backup my hard drive daily so that I always have the ability to back and grab a file, maybe I changed something and realized I need the original, or the disk I had a file on goes bad and I need to grab a different copy. I just found this new hard drive from Western Digital called My Book Live – WD 2go. This is Western Digital personal cloud storage device that gives you your own cloud hard drive so you can access your data where ever you are. Usually when we talk about cloud storage we generally refer to a service you purchase from some company and they store your data somewhere at their datacenter. With this new Western Digital device you can have your own personal 3TB of storage. The device rest on your personal network and you can access it anywhere. The WD 2go has fee-free remote access to your My Book Live to your computer. Another cool feature are the apps you can install on your smartphone or tablet that will give you access to your files stored on your My Book Live as well. So wherever you go, your files are just a click away.