Wednesday, May 29, 2019

Chrome Will Offer More Ways To Control Web Tracking

Google announced a pair of important security features of upcoming versions of its Chrome browser at this year's I/O Developer Conference.

Both changes are designed with the same goal in mind:

To give users some additional tools to block or at least mitigate the threat of online tracking.
The first of the two new features is called Improved SameSite Cookies, and as the name suggests, it's an attempt to improve cookie handling.  As you probably know, cookies are created when a user visits a particular website.  Cookies are the mechanism by which that site remembers information about a user's visit. It stores information such as preferred language, items you may have in your shopping cart (if the site has an eCommerce element), your login information, and the like.

Unfortunately, cookies are often used to identify users and track their movement and activities. That is not only by the owners of the site, but also by any third-party the site shares data with.  As an example, cookies are the reason that re-targeting ad strategies work. Worse, there's currently no good way to categorize and identify how websites are using cookies.  To every browser in use today, they're all considered to be the same thing. That is why when you go into your browser settings page and clear your cookies, it automatically logs you out of all websites where you've saved your login credentials.

Google's new feature would change that, allowing you to selectively delete cookies based on what they're doing. That means you'd be able to preserve your saved logins while blocking or deleting cookies used for other purposes. In a similar vein, the company's planned Fingerprinting Protection feature seeks to make it harder to fingerprint people that are using the Chrome browser. That is a tactic commonly used to track user activity without their knowledge and consent.

It remains to be seen how robust these new features will be, but if they live up to expectations, they'll be two powerful new additions to Google's growing suite of user controls.  That's a very good thing.

Call SpartanTec, Inc. for more information about information and computer security. Our expert IT consultants are always ready to help.


SpartanTec, Inc.
Greenville, SC 29601
(864) 326-5914
https://spartantec-greenville.business.site/

Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Friday, May 24, 2019

Email Providers Found To Have Signature Vulnerabilities


A team of security researchers have uncovered a serious flaw in several major email clients you need to be aware of.

The flaw allows hackers to fake verified signatures, which gives their phishing and other email-based attacks the appearance of legitimacy.

According to research conducted by the team, the following email clients are vulnerable to this exploit:
  • Thunderbird
  • Apple Mail with GPGTools
  • iOS Mail
  • Microsoft Outlook
  • Mailpile
  • Roundcube
  • K-9 Mail
  • Airmail
  • MailMate
  • Evolution
  • KMail
  • GpgOL
What The Risks Are

Ostensibly, an email signature is supposed to provide end-to-end authenticity, legitimacy, and integrity.  When you receive an email containing a verified signature, it's a sign that it's from a safe, trusted source. Unfortunately, now that several of the largest and most widely used email clients have been found to be vulnerable to signature spoofing attacks, that's out the window.  If you've been in the habit of scanning for a verified signature and then, upon finding one, assuming the email is safe, it's simply no longer safe to do that.

The research team described their research in part, by saying the following:

"In our scenario, we assume two trustworthy communication partners, Alice and Bob, who have securely exchanged their public PGP keys or S/MIME certificates.  The goal of our attacker Eve is to create and send an email with arbitrary content to Bob, whose email client falsely indicates that the email has been digitally signed by Alice.

Our attack model does not include any form of social engineering.  The user opens and reads received emails as always, so awareness training does not help to mitigate the attacks."

That's dark news indeed, and even worse, a raft of CVE's have been opened to account for and fix the vulnerabilities that make this type of signature spoofing possible. However, there are no easy fixes here, and there's no timetable at this point from any of these email providers on when or if the issues will be resolved.

SpartanTec, Inc. provides training for your employees to protect your emails from outside spamming. Call us today to schedule a time to discuss how we can help protect your company data.

SpartanTec, Inc.
Greenville, SC 29601
(864) 326-5914
https://spartantec-greenville.business.site/

Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer



Friday, May 17, 2019

Windows Update May Fail With External Storage Devices

Microsoft recently issued an important support document that your IT staff needs to be aware of.

In part, their notice reads as follows:

"Inappropriate drive reassignment can occur on eligible computers that have an external USB device or SD memory card attached during the installation of the May 2019 update.  For this reason, these computers are currently blocked from receiving the May 2019 update."

If you have one or more machines on your company network with USB-connected drives or SD cards attached, you'll get an error message explaining this as a reminder, and you will not be able to proceed until those devices have been unplugged.  The company has also assured users that the inappropriate drive reassignment issue will be addressed in a future build.

By and large, this isn't a major issue because few (if any) machines actually run their OS's from such a drive. So, the workaround is a fairly simple one, but there is an added wrinkle to consider.  The blocking mechanism only works if you're running the April 2018 or October 2018 builds (versions 1803 and 1809, respectively).  If you're running an older version of Windows 10, even if you have a USB-connected drive, you won't be blocked from receiving the update.

At this time, it is unclear what exactly caused the issue in the first place and the company has not established a firm time frame for when it will be addressed. Again, it's not something that is especially difficult to get around, although it will add slightly to the overhead needed to keep the machines on your company's network completely up to date.

Note that as the name implies, the updated is slated for release in May 2019, and Windows 10 users can delay the company's semi-annual update if they wish to do so.

Call SpartanTec, Inc. if you want to make sure that all the machines in your company network are safe at all times. 


SpartanTec, Inc.
Greenville, SC 29601
(864) 326-5914
https://spartantec-greenville.business.site/

Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Wednesday, May 8, 2019

Hackers Use Remote Desktop Services For Ransomware


Ransomware continues to be the weapon of choice for hackers around the world, but their distribution methods are evolving.  Recently, a new strain of the ransomware known as CryptoMix was found in the wild, sporting a new distribution methodology.

Hackers are beginning to target publicly exposed remote desktop services and installing their poisoned software manually.

In the case of the remix of CryptoMix, once installed, the malware appends the .DLL extension to all encrypted files and predictably demands a ransom from the victim to get his or her files back. Despite the evolving delivery method, the threat remains the same, so perhaps it's time for a review.

Here are several things your staff can do to minimize your risk of being taken offline by a ransomware attack:
  • Backup your data up religiously. This isn't so much a prevention strategy as it is an insurance policy.  It should go without saying, but too many SMBs don't do this, so we wanted to list it first.
  • Make sure your employees are absolutely phobic when it comes to opening attachments from people they don't know and trust. Even in cases where they recognize the sender, it's always best to take the step of phone verification before actually opening the file.
  • All attachments should be scanned with a robust antivirus tool before opening
  • Be sure your people know not to connect Remote Desktop Services directly to the internet. Everyone using such services should do so via a VPN.
  • Make sure all Windows updates and security patches are installed in a timely fashion. Many a problem can be avoided simply by keeping your software up to date.
  • If you're not using some type of security software that relies on behavioral detection or white list technology, you're not doing your company any favors.
None of these things (even taken together) will absolutely ensure that you don't fall victim to a determined hacker, but they will dramatically reduce your risk.

The best advice is to hire a professional IT Management company like SpartanTec Inc.  We provide peace of mind by ensuring the above practices are put into place and more. Just a few of the services we provide are:

Business Continuity Planning - are you prepared in the event of a disaster? From hurricanes to hackers.

Email and Spam Protection

Managed Firewalls

Anti-virus and Ransomware Protection


Contact us today for a complete review of your company's online security.


SpartanTec, Inc.
Greenville, SC 29601
(864) 326-5914
https://spartantec-greenville.business.site/

Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer