AARP presents a webinar to help you ID the “bad guys”

I highly recommend anyone sign up and watch these webinars. Be smart and protect yourself!

They look like the real thing, but they’re really just impostors after your identity and your money. It’s not too late to learn how to recognize and protect yourself from these clever con artists.
Don’t wait—sign up for AARP’s free, two‑part webinar today. Experts from AARP and the FTC will answer your questions live and teach you about romance scams and government impostor scams—two of the most common varieties. You’ll learn how they target people on dating sites and how they pretend to be government representatives.
Discover the local and national resources available to you. Protect yourself by registering now for this must‑see webinar from AARP.


The Impostors: Keeping Yourself Safe From Scammers
Part 1: Valentines, Candy & Online Romance Scams
Tuesday, February 5, 2019, 7 p.m. ET
Part 2: Fake Tax Bills: Protecting Yourself From the IRS Scam
Thursday, February 7, 2019, 7 p.m. ET

AARP Membership Newsletter

Register here

Even if you cannot attend the live webinar, register anyway and they will email you the recording and you can watch it anytime!

“I’m too little; I have nothing of value…”

An all too frequent refrain from customers when I approach them about securing their network with a firewall or a software based Security Suite. However, you ARE valuable to the bad guys and the “little guy” is the new “ripe” target as the “bad guys” have now aggressively automated their attacks with bots. They no longer care about making dollars off of your data (although you’d be surprised what some “insignificant” data is worth) — it’s all about the cents. Your data bundled together with enough others starts adding up to real money. Remember — it’s computers doing all the sorting; one “bad guy” can launch A LOT of attacks and make a nice bit of money on the side.

Don’t want to believe me? How about what Dale Drew of CSO magazine had to say in October 2017:

“But here’s a sobering thought: every second, potential cyber victims are hit with roughly 15,000 malware attempts, 15,000 phishing attempts and 8,000 scans for known vulnerabilities or exposures..”

“So, while we may not always see them, cyberattacks are nevertheless ongoing. In fact, we’re witnessing a sharp and sustained increase in attacks over the public internet just within 2017.”

Source: https://www.csoonline.com/article/3235028/security/no-target-too-small-no-industry-untouched.html

Mr. Drew continues: “A recent Incapsula report found more than 50 percent of all web traffic is botnet traffic, rather than traffic initiated by human beings. While roughly 23 percent of botnet traffic is attributed to “good” bots like search engines and feed fetchers, approximately 29 percent of bot traffic is classified as the handiwork of bad actors or automated systems scanning for exposures.”

“In the last month or so, alone, automated attacks hit some honeypots upwards of 750,000 times in a single day.”

“In other words, the bad guys don’t even have to keep their fingers on their keyboards to successfully infiltrate as many networks and machines as possible; their bots are doing it for them.”

I would encourage you to read his entire article and start considering security on your computer the same way you think about it for your home or other property. The Internet is a wondrous place full of information but it is also still the “wild west” — you need to be cautious.

daviestrek Consulting is here to help you “secure the ranch.” we can assist with helping you make your passwords more secure, install a Security Suite on your individual machine, or install a Firewall for your network that’s far more robust than a big box store router or the router provided by your ISP. All of these items are very affordable and can even be billed out monthly if that fits your budget better.

Coldroot will have you seeing red

As reported by Zach Whittaker at ZD Net’s Zero Day (http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/) Macs have been targets of the “Bad Guys” for years. Only recently has a very old Trojan seen the light of day: Coldroot.

These types of Trojans can act as key loggers (logging everything you type) and even act as the user with full remote control.

Antivirus vendors should be scanning for this in the near future.

 

Read the full article here: http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

Another Day, Another Ransomware Attack: “Nyetya”

The Bad Guys know no shame. It appears they’re going to try every one of the tricks that was leaked from the NSA tool kit. Oh, goody. I’m saying “nyet” to “Nyetya”.

If you have servers (or even one server) you need to make sure you have all the latest patches from your Server Software Vendor — besides Microsoft that also extends to Linux (and all the variants) and even Apple products. There is no “safe” operating system from these latest attacks. Your computer (workstation) is the perfect delivery mechanism for the server attack so it’s important you keep whatever Security Suite you have up to date and fully patched. (I’m assuming you’re already keeping up with all the Microsoft and other Operating System Vendor updates regularly, right?!?)

We can provide assistance with patching all of your equipment and we also sell the Trend Micro Security Suite. We can cover your servers and your workstations (even your mobile devices) with some of the very best protection available on the Internet. You can book us online at http://connect.daviestrek.net and we’d be happy to assist you in keeping the Bad Guys at bay.

Want to know more about this latest round? Here are a couple of really good informational sources.

From Trend Micro: https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/?mkt_tok=eyJpIjoiWkdJMk16WXhOVFkyTkdFMCIsInQiOiJyTUtqZlJldHVOMVZIQjZMZDd1VGhzYVwvWTFLdGQ2Ym5CQWpIT2xPVUlJRTc4blRBdGVwelVFR1pPUW1RM0hocDYyS2loUnBPMXN0TWQ3V2hRbjl2WFwvRE9mRTd6OXJrT1dMTWQ5bmdxNGdzaWphTFwvWW5rV2tJUDNUMzZFbE1YSiJ9

From Cisco’s Talos Intelligence Group’s Blog: http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

The New Normal? The Bad Guys and You Part 2: The Smack Down

In Part 1 we talked about what the Bad Guys could potentially gain from targeting you and your “nothing worth stealing.” But I think you saw that maybe you do have something worth stealing after all.

“Great, guess I’ll throw out the computer and no more email!”
Probably not a good idea and certainly not practical. It’s better to understand what you can do to protect yourself. Please allow me to digress for a moment into an analogy. It used to be that one could leave their doors unlocked and not worry about getting robbed. You can still leave your doors unlocked, but if you do get robbed — what do you think is the first question the Police and Insurance Company will ask? How much help do you think they will really be?
So we all put locks on our doors. That involved us carrying keys. The hassle!! Some decided to leave them under the mat or in a fake rock (or fake dog poo) near the door. That’s pretty handy. The criminals think so too. That turned out to be almost as useless as just leaving the door open.
So we get fancier locks. Something with a punch code. That’s pretty great until the battery dies in the unit (you forgot to replace it) and you still need the key to get in. (Did I leave it under that suspicious looking dog poo?…)

“There’s no way to win so why bother?”
For the same reasons you still lock your door and hassle with the key, you should be taking the time to create yourself a password scheme that includes upper and lower case letters, special characters (!@#$%^&*), and numbers. Have a minimum of nine characters — 12 and above is much better. Having a passphrase is often quite helpful. Don’t include personally identifiable info in your password (e.g. names — yourself, significant other, kids, etc.) but make it meaningful to you. TheRock!3Mount@1ns is an example of an extremely simple passphrase. (Don’t use it — I just gave it to you and all the Bad Guys. I’m sure it’s in a list now used to crack passwords. If you were using it, I’m really sorry. I didn’t know!) The absolute BEST passwords are the randomly generated ones but that can get really hard to manage.

“I have too many passwords to remember as it is and now you want me to make them harder?! Are you CRAZY?!?!”
Well, I’m not quite right, but I wouldn’t call it crazy. 🙂
There are lots of ways to manage passwords. If you are like many of my home clients, you have a workstation or laptop that stays pretty much in one place and that’s where you go to access the Internet. I’m going to suggest something totally radical for you to use as a password manager: a small notebook kept in a drawer somewhere near (but not next to) the machine. Keep each site on a single page so you have room to change the password as you need to. I just made security nerds everywhere scream out in pain. Take heart security nerds, I’m suggesting the electronic solution next. This recommendation is playing the odds — I’m making the assumption that the chances of a physical break in and the criminal specifically looking for and taking that notebook is fairly low. (You had the door locked, right?!?) Way lower than the online Bad Guys.

“Fancy passwords are a real hassle”
There is an electronic management solution — lots of them actually. PC Magazine recently reviewed and proclaimed “The Best Password Managers of 2017“. Don’t want to invest in a management solution? There are free options like a product called Password Safe. Another even more secure option is presented by Felicia King at Quality Plus Consulting making use of Password Safe and a product called YubiKey. She outlines the strategy here.
If you use a product like Password Safe you will be able to randomly generate passwords and electronically store them in an organized fashion. It’s that notebook on your machine. Of course, you’ll want to keep a backup of your password file — but you’re backing up the important data on your machine regularly anyway, right?? Right??

“I’m still confused and need more help.”
You’re in luck — we can help. You can schedule an appointment online here.

So Long Quicktime, It was fun.

We’re recommending you remove the Quicktime Player from any machines you have it installed on.

It was a not so “quick” ride that has come to an end. Windows 8 & 10 haven’t played well with Quicktime anyway. In fact the plugin was deactivated with the last Quicktime update received this past January. Trend Micro recently discovered two major security flaws in the software. When they reported it to Apple they were told that there would be no more development of the product and the solution was to simply remove the product from your Windows machines. This came as a surprise because there had been no announcement about depreciating the software. As reported by The Register:

“We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it,” said Christopher Budd, global threat communications manager at Trend Micro, on Thursday.

“In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it.”

The flaws were reported to Apple on November 11, 2015, and acknowledged the same day by Cupertino. The following March, Apple told Trend Micro that “the product would be deprecated on Windows and the vendor would publish removal instructions for users.”

There’s a whole new world of video playing available these days from Flash (also a security headache) to the HTML5 standard. It’s time to upgrade from XP (also depreciated and unpatched) and make the leap to a newer system. Yes, there’s a learning curve but that’s true no matter what you buy.

Have Evernote files you want to transfer to OneNote?

I still maintain that OneNote is the best FREE tool you’re not using. Especially if you have a touch or pen device — but any device will do. There’s a OneNote App for that (really!). One of the arguments against switching over to OneNote was the lack of ability to move those files over easily. Well, here goes that argument.

Microsoft has released a tool that will import your Evernote files into OneNote from the Evernote Plus ($25/yr) and Evernote Premium ($50/yr). No word on the ability to import from the Basic (free) or Business ($120/yr/user) versions.

This is version 1 of the tool, so I’m sure there will be glitches and imperfections. I would also anticipate that, if successful, the tool will be upgraded to include all versions. In order to use this new tool, you’ll need Windows 7 or later. There currently is no Mac version of the converter tool.

Once you’ve run the tool, the files you import will be available across all devices (Win, Mac, iOS, and Android). Microsoft offers up a graph with the features gained by doing the import.

Microsoft also provides more details on how to use OneNote importer on this support page.

Remember – -this is a Version 1 tool. Your mileage may vary — but I still suggest you do it!

Source: Mary Jo Foley from All About Microsoft

Microsoft announces new tool to help Enterprises fight the Bad Guys

Windows Defender Advanced Threat Detection is the new tool being released by Microsoft to help Enterprises to fend off cyberattacks. Like its “Daddy” Windows Defender, it will be “baked in” to Windows 10 and will therefore be updated on a regular basis with the rest of the Operating System. The new tool is designed to detect advanced attacks and provide response recommendations. It will work in concert with Microsoft Advanced Threat Detection Solutions like Office 365 Advanced Threat Protection and Microsoft Advanced Threat Analytics.

Microsoft says this tool is already “protecting 500,000 endpoints”.

Just like we developed Windows 10 with feedback from millions of Windows Insiders, we worked with our most advanced enterprise customers to address their biggest security challenges, including attack investigations and day-to-day operations, to test our solution in their environments. Windows Defender Advanced Threat Protection is already live with early adopter customers that span across geographies and industries, and the entire Microsoft network, making it one of the largest running advanced threat protection services.

This does look like a promising tool. It is always nice to have a “fresh set of eyes” keeping and eye on the Bad Guys.

Source: https://blogs.windows.com/windowsexperience/2016/03/01/announcing-windows-defender-advanced-threat-protection/

Be careful with your App downloads

CBS News did a piece this morning on how the Bad Guys are using Apps to steal your data and money. Games, Flashlight Apps, etc. all generally ask for WAY more permissions than they need.

Be careful. Be aware.

http://www.cbsnews.com/videos/cyber-thieves-hacking-victims-through-mobile-apps/