Category: Security

Security Category

Kill Your Java Plugin Now!

Java Plugin Security Information

Kill your java plugin as soon as possible.

A new Java zero-day security vulnerability is already being actively exploited to compromise PCs. The best way to defend against the attacks is to disable any Java browser plugins on your systems.

The offending bug is present in fully patched and up-to-date installations of the Java platform, now overseen by database giant Oracle, according to Jaime Blasco, head of labs at security tools firm AlienVault.

“The exploit is the same as the zero-day vulnerabilities we have been seeing in the past year in IE, Java and Flash,” Blasco stated.

“The hacker can virtually own your computer if you visit a malicious link thanks to this new vulnerability. At the moment, there is no patch for this vulnerability, so the only way to protect yourself is by disabling Java.”

The exploit targets Java 7 update 10 and prior versions. No fix is available and early indications suggest that exploitation is widespread. Brian Krebs reckons the exploit has found its way into crimeware toolkits, such as the Blackhole Exploit Kit, which will uses the hole to infect victims with software nasties.

Java vulnerabilities were abused by the infamous Flashback Trojan, creating the first botnet on Mac OS X machines in the process last year. In the years before that attacks on Java and Adobe applications have eclipsed browser bugs as hackers’ favourite way into a system.

In all but a limited number of cases Java support in web browsers is not mandatory for home users, unless required by a banking website or similar, so disabling plugins even as a temporary measure is a good idea. Businesses, on the other hand, that rely on Java for particular applications are not so fortunate.

While waiting for a patch from Oracle to plug the gaping hole, you can contact South Jersey Techies by emailing support@sjtechies.com to make sure your systems are protected.

Java Update Coming Tuesday

Oracle says Java Update Coming Tuesday!

Oracle is working on an update to address a flaw in its Java software.

The company says it will release a patch that will fix 86 vulnerabilities in Java 7 on Tuesday.

The Department of Homeland Security last week said computer users should disable the program in web browsers because hackers were using a zero-day vulnerability to attack computer systems. Criminals were using the flaw to stealthily install malware on the computers of users who visit compromised websites.

The problem, which affects Oracle Java 7 update 10 and earlier, can allow an untrusted Java applet to escalate its privileges, without requiring code signing.

Java, which is running on 850 million computers, is a computer language that lets programmers write software using just one set of codes for computers running Windows, Apple OS X and Linux. Internet browsers use it to access web content and computers and other devices use it to run a plethora of programs.

In fact, Java is so ubiquitous that the software has become a major bull’s-eye for hackers. Last year, Java overtook Adobe Reader as the most frequently attacked software, according to computer security firm Kaspersky Lab.

Mac users probably don’t have to worry because Apple already removed Java plug-ins from OS X browsers. Apple apparently learned a lesson last year when it took its time making a Java patch available and as a result more than 600,000 Macs were infected with malware.

Last February, Oracle released a fix for a targeted vulnerability identified as CVE-2012-0507 and included it in an update for the Windows version of Java. However, since Apple distributes a self-compiled version of Java for Macs, it ports Oracle’s patches to it according to its own schedule, which can be months behind the one for Java on Windows.

Mozilla also has blacklisted all current releases of Java.

Tight Budget? 10 Great Tools If You Are on a Budget

Takeaway: From diagnostic tools to antivirus to backup utilities, this list of freebies will help you do more with less.

If you’re trying to stretch a thin IT budget, you probably can’t afford a lot of pricey tools. Luckily, a number of highly useful tools are available for free. Some of them even work better and are more efficient than their costlier alternatives.

1: ComboFix

When the standard antivirus/malware software can’t seem to find the problem, ComboFix almost always does. It also looks for and removes most rootkits and Trojans. To use this tool, you must completely disable all antivirus solutions (and you should completely remove AVG). Caution: If ComboFix is not used properly, it can wreak havoc on the machine you’re trying to fix.

2: ProduKey

ProduKey will help you get product keys from installed applications so that when you need to migrate to a new machine, you can continue using those costly licenses. ProduKey will recover keys from more than 1,000 software titles, including Microsoft Office, Adobe, and Symantec. When you use this tool, you will have both the product ID and the product key; the ID is important because it will tell you which version of the software is installed.

3: Hiren’s BootCD

Hiren’s BootCD is a one-stop-shop Linux boot disk that can help you pull off a number of small miracles. Its tools include Antivir, ClamWin, ComboFix, Clonedisk, Image for Windows, BIOS Cracker, 7-Zip, Bulk Rename, Mini Windows XP, CCleaner, and Notepad++, among others. This single bootable disk could easily be the only tool you need.

4: Microsoft Security Essentials

Microsoft Security Essentials is one of the better free antivirus tools available. Its tagline, “The anti-annoying, anti-expensive, anti-virus program,” is true. When the firm I work with was looking for a new free solution, we tested Microsoft Security Essentials against AVG Free and Avast Free and found Microsoft Security Essentials to be superior, less intrusive, and less resource intensive.

Note: Microsoft Security Essentials can be used for free for up to 10 PCs. Beyond that, you can purchase the business version, System Center Endpoint Protection.

5: WinDirStat

WinDirStat is the program you need when you must know what is taking up the space on a hard drive. When C drives begin to fill up, performance degrades rapidly. It’s essential to have a tool to help you discern what is gobbling up the precious space on a machine, and WinDirStat is the foremost app for getting this information quickly.

6: CCleaner

CCleaner gets rid of temporary files and Windows Registry problems faster than any other tool. When a machine is having problems, this is almost always the tool I use first. CCleaner also helps ensure privacy by getting rid of traces left behind (such as cookies) by Web browsers.

Note: It is legal to use CCleaner Free for business use. However, CCleaner Business Editioncomes with a few more features (including one-click cleaning) than the free version.

7: Defraggler

Defraggler blows away the defragmenting application in all Windows operating systems. It’s faster, more reliable, and more flexible than the built-in tools. With Defraggler, you can defrag a single file or an entire drive. Defraggler supports NTFS and FAT32 systems.

8: 7-Zip

7-Zip is the best file archiver/compression tool (outside of Linux command-line tools). It’s open source and works on multiple platforms. Once you install it, you will find 7-Zip has Explorer support and a simple GUI tool that any level of user can manage.

9: SyncBack

SyncBack is a reliable, easy-to-use backup utility. No, you won’t be recovering from bare metal, but you can save your precious data. SyncBack can synchronize data to the same drive, a different drive or medium (CDRW, CompactFlash, etc.), an FTP server, a network, or a zip archive.

10: FileZilla

FileZilla reminds you that the cloud has not made FTP useless. There are plenty of reasons you might need FTP, so why not use one of the best and most cost effective FTP clients? And if you need an easy-to-use FTP server to slap up on your Windows machines, FileZilla has one.

Doomsday – Windows XP End of Life

Takeaway: Risks with staying with Windows XP after April 8, 2014.

Since being release worldwide on October 25, 2001, Windows XP has become one of the most popular versions of Windows. OEM and retail sales of Windows XP ended in June 2008, while smaller OEMs continued to sell the Operating System until January of 2009.

On April 10, 2012, Microsoft officially announced that as of April 8, 2014 they will end extended support for Windows XP and Office 2003, after which no new bug fixes or patches will be issued.

Organizations may be taking a spontaneous risk and assume that Window’s XP’s prolonged life means major vulnerabilities have been acknowledged and dealt with. If XP were secure, there still might be application-level vulnerabilities. Even the ranges of security breaches are inadequate to persuade some organizations that are still using Windows XP to upgrade. The dynamics that have safeguarded XP’s success are now working against the organizations that stuck by the operating system.

A major aspect attackers assess during their investigation is the operating system and the applications used within an organization. With Microsoft ending their support, the vendors for applications running on it will most likely end support.

On the other hand, those preparing to continue using XP after the cut-off date, are going to be in a unpleasant situation trying to protect their intellectual property, but can take certain steps to limit exposure to risk. There are specific technologies you could deploy that will permit you to remain using legacy systems. Mitigating technologies like Host-Based Intrusion Protection will be able to identify that a vulnerability exists and make that vulnerability difficult/impossible to exploit by applying a virtual patch to those non-supported environments.

However, XP’s acceptance is down to the technology itself and an operating system format that people are content with. The significant changes with Windows Vista, Windows 7 and especially Windows 8 are the reason people are resistant to change.

To protect and upgrade your home or business

please contact us 856-745-9990 or click here.

LivingSocial’s Cyber Attack

Recent victim of a cyber-attack is the local daily deal site, LivingSocial. Protected during the attack was merchant and customer banking and credit card information. Regrettably, 50 million subscriber names, date of birth, e-mail addresses and hashed passwords were compromised.

Steps to further protect your personal information:

An e-mail from LivingSocial will provide you with the necessary steps to create a new password.
If you are using the same password for multiple accounts it is strongly recommended to change all passwords.
After an attack, hackers try to use phishing to extract additional information. Before changing your password make sure that you are directed to www.livingsocial.com.
Always protect yourself by never sending personal information via e-mail to any person or organization.

Protection for WiFi

Takeaway: Five simple ways to protect your information when using WiFi and Hotspots.

WiFi is exchanging data through a wireless local area network (WLAN) from electronic devices including smartphones, laptops and tablets.

Also, WiFi is available in public places such as Airports and Restaurants. Identity Thieves, Hackers and Criminals take advantage of WiFi because it is convenient for users to access personal information.

1. Avoid accessing your bank accounts & online stores:

When using public WiFi, it is best to avoid using your credit card or banking information.

2. Double check the WiFi name:

Prior to connecting to a public network double check with an employee for their network name. Identity thieves can create a false Hot-Spot, have users connect and then steal personal information.

3. Turn-Off “Auto Connect”:

Stay in control of what networks you connect to, smartphones have a setting that automatically connects you to the closest open network. Simply, turn this setting off to decide what networks to connect to.

4. Never use the same Password:

An additional step you can take to keep online accounts safe is to use different passwords for each account. Using the same password makes stealing your information easier for criminals.

5. Check the Lock:

The extra layer of security is the locked padlock in the address bar of your browser or “https” which means that your information has been encrypted.

Implementing BYOD

Bring-Your-Own-Device (BYOD) is permitting employees to bring personal devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access company information and applications.

Create a Private App Store

Designing a private App Store provides the ability to manage custom and purchased apps. Businesses can manage apps by pushing mandatory apps, approving recommended apps and blocking rouge or unrelated apps.

Policy Compliance

Policies ensure security, productivity, protection of resources and reduce risks. Implementing a location-based service (LBS) such as Geo-Fencing and GPS will set limitations on access to data based on location.

Strong Security

There are many layers of security for a BYOD environment. Device enrollment can be a one-time passcode and/or Active Directory credentials. Applying user profiles will distribute policies, restrictions and Apps based on logical groups (department/location/device type). Other types of security are tracking device locations, Remote Lock, Complete Wipe and Corporate Wipe.

Track Usage

Usage thresholds can be monitored based on talk, text, data and roaming for each user. Setting up alerts and reports for misuse, excessive bandwidth, additional charges and security exposures will help track usage appropriately.

Banning Rouge Devices

Compromised devices such as “jail broken” iPhone or a rooted Android should be restricted from accessing enterprise data and resources. Compromised devices are susceptible to virus attacks.

For more information on Mobile Device Management

Contact us at 856-745-9990 or click here.

New Security Threat: CryptoWall

crypt

In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.