212-242-2949

System Security

All the posts published

Earlier this week, Microsoft released a major update for Windows that includes fixes to 48 separate vulnerabilities.  Microsoft releases security updates every month but this week’s update includes two fixes to issues rated with the highest security rating.  Updates rated at the “critical” level are flaws that could be exploited by malware if left unsecured. The most serious vulnerability is related to how Windows handles objects in memory. By exploiting …

Read More →

Windows 10 S has started to roll out on Microsoft’s new Surface Laptop with a bold claim; the computers are immune to all current ransomware.  The boast comes up a time when ransomware attacks have started to peak after a five month low.  Unfortunately, in order to provide a secure platform, Microsoft has taken extreme measures to lock down their operating system. The reason that Microsoft can make the claim …

Read More →

The WannaCry ransomware spread quickly last week and has infected over 200,000 users in 150 different countries.  Like most ransomware, once infected, WannaCry will encrypt a user’s files and demand payment to unlock them.  What is strange, however, is how quickly WannaCry has spread from system to system. Most ransomware relies on social engineering tricks to get users to infect themselves with the malware.  Campaigns usually spread through phishing emails …

Read More →

Last week, IBM issued a security alert over malware that was accidently shipped to customers.  Infected USB devices were distributed with IBMs Storwize data center products.  IBM warns that the infected USB drives should be reformatted or destroyed to prevent infection. IBM has not specified exactly how many devices contain the malware but has disclosed that the infected USB drives are all from a single batch with the part number …

Read More →

It’s no secret that most computer users have password fatigue; many people are forced to remember numerous passwords, each with their own set of requirements and often with mandated refresh cycles.  The result is that security is actually made weaker as users stumble to create easy to remember passwords or simply write down their passwords on physical media.  A new set of standards put forth by the National Institute of …

Read More →

TorrentLocker, also known as Cryptolocker, was a notorious variant of ransomware that targeted Windows users back in 2014.  Thanks to awareness articles and security updates, the ransomware slowly became less effective and was largely abandoned back in 2015.   Unfortunately, it appears that the outdated malware has been updated with a bevy of new features and is currently making rounds once more. Most people are aware of how ransomware functions at …

Read More →

A massive security flaw in the Cloudflare client has led to what may be the biggest data breach of 2017.  Cloudflare is a web infrastructure company that provides hosting and security services for hundreds of popular websites.   A security flaw in the software known as Cloudbleed was discovered and patched last week, but because of the nature of the security breach, the repercussions could be long lasting. Cloudfare got its …

Read More →

An exploit that targets the Safari internet browser has surfaced that can overload a computer’s memory and cause a system crash.  When the exploit activates, a user’s email client will activate and attempt to open hundreds of blank emails until system resources are exhausted.  MAC OS users are advised to use caution when following links or to switch away from Safari as their default browser. The Safari browser exploit is …

Read More →

A group of Russian based hackers are stealing an estimated $3 to $5 Million dollars every day as part of the most lucrative botnet ever discovered.  The White Ops security group discovered the botnet, dubbed “Methbot,” which exploits video advertising on a massive scale. YouTube receives nearly a billion unique visits every month, so it is no wonder that it has become one of the primary advertising platforms for marketers.  …

Read More →

Yahoo is in the spotlight again, this time over the security breach of more than one billion user accounts.  Most alarming is that this breach is separate from the data theft event that was disclosed back in September, which on its own consisted of 500 million accounts.  This latest breach couldn’t come at a worse time for Yahoo, as the email giant is currently looking at buyout offers from Verizon. …

Read More →

A Chinese company has admitted that it intentionally planted spyware on newly manufactured android smartphones.  This malware has been used to gather personal information about users, as well as to log calls and other data.  The malware was authored by a Chinese company called Shanghai Adups Technology Company, whose software is said to run on more than 700 million devices around the world. Earlier this week, researchers at Kryptowire …

Read More →

Google is often the first line of defense for users when it comes to online protection.  For years, Google has placed warnings on websites that are known malware hosts.  Unfortunately, malware distributers have learned ways to get around the Google enforcement.  Google now hopes to crack down on repeat offenders and offer longer lasting restrictions. The Google search engine is based around the use of automated web bots.  These web …

Read More →

Wix.com is a cloud-based website provider with a simple drag-and-drop interface which has made it a popular choice for small businesses and private users.  Unfortunately, a cross-site scripting (XSS) vulnerability has been discovered in the platform that can lead to compromised admin accounts and a host of other problems. The Wix vulnerability was first discovered in October by Matt Austin, a senior researcher at Contrast Security.  Despite multiple attempts by …

Read More →

National Cyber Security Awareness Month (NCSAM) is an annual campaign to raise awareness about cybersecurity.  This month, organizations all around the country have been stepping up to provide helpful advice to prevent cybercrime and we would like to do our part as well. Whether we realize it or not, the internet touches almost all aspects of daily life.  Businesses and private users alike are in a constant battle with online …

Read More →

Following in the wake of the Yahoo Security breach we have yet another large scale leak, this time aimed squarely at businesses. Modern Business Solutions (MBS), a data management and monetization services provider, has been hit by a security breach that has exposed at least 58 million accounts. Information leaked in the breach includes names, IP addresses, birth dates, e-mail addresses, occupations and more. The MBS leak is the result …

Read More →

For all of their potential usefulness, portable USB hard drives, or Thumb Drives as they are commonly called, are already a serious security concern for businesses.  From spreading malware to leaking company data, the Thumb Drive has become synonymous with risk.  As if not wanting to leave bad enough alone, a Chinese manufacturer has taken things a step further and introduced USB Kill 2.0. USB Kill 2.0 is a small …

Read More →

If you’ve ever downloaded a piece of software, there is a good chance you have encountered pack-in or pay-per-install software.  As it turns out, pay-per-install software is a highly lucrative market that walks a thin line of legality and is often more aggressive and equally as disruptive as malware. Researchers at Google conducted a yearlong study in conjunction with New York University’s Tandon School of Engineering to crack open the …

Read More →

The HTTP/2 protocol for websites was officially launched in May of last year as a way of improving website performance.  The new protocol was quickly adopted and supported by all major browsers, but unfortunately, it looks like a few flaws exist in the system. Cybersecurity firm Imperva released research into a number of high-profile flaws in the HTTP/2 protocol at the Black Hat USA conference on Wednesday.  The vulnerabilities allow …

Read More →

Cisco researchers have discovered vulnerability in the way that Mac devices process image formats.  TIFF image files are data rich and typically used by publishers or designers, unfortunately, these images can contain more than just image data.  Because of how Apple processes image data, TIFF files can be used to run malware automatically, without being detected. While TIFF images impose the greatest risk from this vulnerability, the Cisco researcher stress …

Read More →

Proactive defenses and employee education are the best ways to protect against ransomware, however, accidents happen and sometimes malware sneaks through even the best defenses.  We’ve discussed ransomware disasters in the past but you may wonder how things would turn out with proactive solution in place.  Quite recently, our technicians remediated just such an occurrence. About two weeks ago our support team received a call from a client who had …

Read More →

Individuals and businesses alike turn to Symantec for system security but a recently discovered exploit reveals that some versions of the software may do more harm than good.  Tuesday, researchers discovered a bug that affects the majority of the Symantec product line and exposes millions of users to the threat of automatically propagating attacks. The news leaked shortly after Symantec issued its own advisory on vulnerabilities found in 17 Symantec …

Read More →

The recent credential leak from LinkedIn revealed that a large percentage of users continue to use common or weak passwords.  While many people may not consider LinkedIn security a top priority on its own a more troubling statistic was discovered. Nearly a third of the leaked accounts on LinkedIn used the same password/username combination on another of the user’s online accounts.  These shared account credentials open up a whole new …

Read More →

Back in 2012, LinkedIn admitted that their social network had seen a breach that led to millions of compromised accounts.  At the time, it was believed that the breach was limited to around 6.5 million leaked passwords, but recent events has put that number at over 117 million.  While alarming on its own, the four year old security has some greater repercussions today.  As of this week, the credentials for …

Read More →

Microsoft Office is ubiquitous among businesses, so it is not surprising that it is also one of the most common attack vectors for malware.  Macro viruses are a type of malware that makes use of the macro scripts that run in many programs within the MS Office Suite.  Last week, Microsoft delivered an update that allows organization admins to control the macro settings of files. Macro based malware was almost …

Read More →

Security firms Heimdal and Securi have now both reported a huge high spike in malware across a variety of legitimate WordPress websites.  The compromised websites have been taken over by a sophisticated variant of Ransomware that locks a user out of their computer and demands payment. The compromised websites are injected with fraudulent JavaScript code that’s leads visitors to a unique malware distributing website.   What makes this malware difficult to …

Read More →

Oracle has announced plans to retire the Java internet browser app on September 2016. Outdated versions of Java are one of the leading risk factors for the spread of browser based malware.  The discontinuation of Java should be a great boon for IT security but it also creates a problem; many large businesses still use Java as backbone for custom software. Java has long created a problem for IT departments …

Read More →

In our previous articles, we have shown examples of typical threats and taken you through the process of choosing a penetration test vendor.  This week we will guide you through the long-term goals of penetration tests and explain some of the repercussions of not maintaining your penetration test procedures and regulatory compliance. Often in discussions with customers, questions arise about why penetration tests are necessary when they already have other …

Read More →

Data breaches occur every day and most never get reported.  Automated attack programs are constantly on the lookout for weaknesses in network security systems and inherent vulnerabilities in software. Over the course of a single day we recorded and compiled attempted attacks made against a Next Generation Firewall.  When an attempted attack takes place, the Next Generation Firewall not only blocks the intrusion, but outputs a report to let the …

Read More →

In last week’s article, we covered the basics of what a penetration test is and why they should make them part of your regular security regiment.  This week we will to cover things to look out for when choosing your penetration test vendor.   Not all penetration test vendors are created equal; many service providers are more interested in selling a false sense of security than genuine protection.  A …

Read More →

Antivirus software producer, AVG, has made some big and surprisingly open changes to its Privacy Policy.  The new policy boldly admits that AVG will collect user browsing and usage data to improve their products and even sell “anonymous” user data to advertisers.  While data collection is quite common among social networks and search engines, it is a bizarre admission from a cybersecurity company. The revamped Privacy Policy, which goes into …

Read More →

Flash has always been a security liability for users but this week, two major corporations drew attention to how unacceptable the web plugin has become.  Following the most recent Flash security vulnerability announcements, heads of both Facebook and Mozilla Firefox have come out against the hack prone web app. HTML5 has adopted most of the functionality once unique to Flash, so it probably shouldn’t come as a surprise that people …

Read More →

Next Generation Firewalls protect your business through intelligent application awareness and thorough port inspection to ensure that only authorized content reaches your internal network.  Protect your business against viruses, spam, spyware, intrusions and other threats that can enter the corporate network hidden in web traffic with a Next Generation Firewall solution. – Richard Keene IT Computer Support of New York Webmaster and Lead Designer

A new type of malware has been making rounds in the last couple weeks as fraudsters hijack routers and use them to inject ads and pornography into legitimate websites.  The malware hack, discovered by Ara Labs, alters a user’s DNS router settings.  The newly hacked router then intercepts Google Analytics tags and replaces them with advertisements or other unwanted content.  Once a user has been compromised, unwanted content can be …

Read More →

Adobe Flash Player has become synonymous with constant security faults but this month the threat level has reached a sad new low.  Adobe Systems issued a warning on Monday that hackers are exploiting a new vulnerability in Flash Player, the third such vulnerability in roughly a months’ time.  The vulnerability allows for drive-by download attacks and targets users of Internet Explorer and Firefox. The Flash Player exploit makes use of …

Read More →

Computer tech support scams have plagued users for years, but this week, the FTC managed to shut down a scam ring that has conned people out of more than 120 million dollars. The scam involved two business, Boost Software Inc. and OMG Tech Help, as well as a developer that made “PC Cleaner” software.  All parties are facing FTC scrutiny for their involvement in the scams and for continued operation …

Read More →

There have been almost 600 reported data breaches this year, a rise of over 25% over the same time period last year.  Most analysts expect that this number will only grow higher as consumers and business leaders become more dependent on internet based transactions.  With this in mind, the question becomes, “Are security breaches just part of doing online business,” and “Have users become desensitized to their existence?” JP Morgan …

Read More →

A new threat for Linux-based machines jumped into public attention earlier this week with a threat that could end up being worse than the Heartbleed scare.  The security vulnerability, which has gained the moniker “Bash Bug”, or “Shellshock” affects the shell commands of Linux-based computers, servers and even Macs. Systems use Bash to execute “shell” commands; basically, this means that it translates user commands into something an operating system can …

Read More →

A list of nearly five million Gmail login credentials was posted on a Russian forum earlier this week.  Initial reports led to the speculation that Google itself had been hacked.  The good news is that doesn’t appear to be the case, the bad news is that the list is real, and your account might be on it. The leaked list contains millions of account names that have been collected from …

Read More →

USB has become an industry standard over the last ten years, largely in thanks to how versatile and seamless the interface is at connecting with computer hardware.  Unfortunately, a flaw has been discovered within the USB architecture that allows malware to be programed into a device’s firmware, making it nearly undetectable and impossible to patch. The versatility of USB is also the problem when it comes to the newly discovered …

Read More →

Security researchers have discovered a phishing campaign that has run uninterrupted for five years and has allowed attackers to steal login credentials for Google, Yahoo, Facebook, Dropbox and Skype.  The malware, known as NightHunter, dates back to 2009 and has infected the oil industry, educational institutions, hospitals, charities and many other organizations.  Direct damages caused by NighHunter are still unknown; however, the malware has compiled an enormous database of stolen …

Read More →

Take full advantage of our business planning and computer support services. Watch our video overview and discover how IT Computer Support of New York can help bring your company or organization into the forefront of its field. – Richard Keene IT Computer Support of New York Webmaster and Lead Designer

Internet Explorer 8 remains the most used browser version in the world, so it should come as a surprise that a vulnerability discovered back in October 2013 has remained unpatched.  The vulnerability was made public earlier this week by Hewlett-Packard’s bug bounty program when Microsoft failed to address the problem. Hewlett-Packard’s Tipping Point Zero-Day Initiative (ZDI) is a bounty program that rewards researchers who discover and report vulnerabilities so that …

Read More →

Late last week, Microsoft confirmed the existence of a new zero day vulnerability that affects all versions of Internet Explorer.  As of 2013, Internet Explorer accounted for as much as 26% of the global browser market, which leaves a substantial percentage of the world’s computer users at risk.  The vulnerability allows for remote code execution and can be used to force malicious code onto a targets system or gain complete …

Read More →

Within the last month, the number of Facebook, email and phone scams have risen significantly.  Since ignorance is the biggest factor in falling prey to a scammer, this article will shed some light on a few of scams currently in circulation.   “Click Bait” Social Media Scams “Click Bait” scams have become a popular method of distributing spam and malware on social media platforms such as Facebook and Twitter.  The …

Read More →

A vulnerability introduced back in 2011 has left people all over the internet in danger of password and sensitive data theft.  The recently discovered “Heartbleed” security flaw is part of OpenSSL, an open source encryption technology present in as much as two-thirds of all Web servers.  If you regularly visit any website that processes payments or maintains user accounts, there is a good chance you have been exposed to this …

Read More →

Two weeks from now, Microsoft will discontinue support for Windows XP. The end of support means big changes in the way older systems are maintained and administered. Is your business prepared for when Windows stops receiving security updates and fixes? – Richard Keene IT Computer Support of New York Webmaster and Lead Designer

Earlier this week, computer security software firm Kaspersky Lab, released details about “The Mask”, a type of cyber-espionage malware.  The Mask, also known as Careto, ran undetected since 2007 and has infected more than 380 high profile targets from 31 different countries. The Mask malware campaign used techniques and code that surpassed any previously seen nation-state spyware.  The malware’s primary targets were government institutions, diplomatic offices and embassies but also …

Read More →

One of the newest features to be brought out by Google is the speech recognition API for its Chrome web browser.  While voice recognition was added to improve the experience of users, one developer has discovered a potentially serious security flaw introduced by the feature. Chrome speech recognition requires that a user give a website permission before access to a user’s microphone can be given.  The system was built in …

Read More →

Security researchers at Trustwave’s SpiderLabs have discovered that a Netherlands-based Botnet has stolen and collected approximately two million user logins.  The exposed Pony Botnet contains user login information for online services such Facebook, Twitter and Yahoo as well as more serious credentials for things like FTP accounts and ADP payroll.  While initial reports speculated that the stolen data was limited to users in the Netherlands, new findings have shown the …

Read More →

A new type of malware known CryptoLocker, has been popping up all over the internet and offers a diabolical new twist on an old scam. CryptoLocker encrypts all of the most important files on a victims PC — pictures, movie and music files, documents, etc. — as well as any files on attached or networked storage media.  After encryption, the malware demands a ransom before the files can be accessed …

Read More →

Fake software downloads are nothing new when it comes to malware distribution, but the sophistication of spoofed downloads has reached an all-time high in recent months.  Where in the past, fake software downloads, were relatively easy to spot, now they have convincing visual appearances and in some cases, even authentic security certificates. Malware downloads come in many forms but the most common in recent months have taken the form of …

Read More →

 Within minutes of the release of iOS7, users began to debate the security of the new finger print reader, but a more imminent threat was already being found.   The security vulnerability contained within the passcode lock screen allows anyone to gain access to the owner’s photos, email, Twitter, and more. The security flaw is simple to use and allows anyone with physical access to the device to quickly bypass the …

Read More →

Next generation firewalls provide the best defense for your business against viruses and web based security threats. Watch the first video in our YouTube series on business security.   – Richard Keene IT Computer Support of New York Webmaster and Lead Designer

This year’s Black Hat security conference in Las Vegas revealed a serious security threat for iOS users.  Researchers from the Georgia Institute of Technology demonstrated a charging device which can be used to invisibly install malware on a device running the latest version of Apple’s iOS.  The charging device is small and cheap enough to manufacture that it could be installed in public places without the knowledge of management and …

Read More →

Malware that was first spotted back in 2007 has made a comeback and is now propagating on Facebook.  The Zeus banking Trojan operates by infecting Web browsers, often by “drive-by download” from a corrupted website.  In this case, Zeus is spread via links posted on articles within Facebook.  Once clicked, the Trojan will download and infect a user’s computer. The Zeus Trojan has already infected millions of computers over the …

Read More →

We live is frightening times… A recent report from the Commission on the Theft of American Intellectual Property proposes the use of government-sanctioned ransomware to catch software pirates.  The IP Commission claims that packaging its own brand of ransomware within legitimate retail software would allow for better policing of online piracy and shut down the majority of cyber theft.  The problem with the proposal is that not only does it …

Read More →

A few months ago a relatively new kind of computer virus started to infect the computers of users around the world.  So called Ransomware (MoneyPak scam) computer viruses and malware take control of a user’s computer, locking them out of even the most basic functionality.  In addition to the computer lockout the malware puts up threatening messages that claim to be from various government agencies demanding money for the release …

Read More →

Well, it was in the news that we were under cyber-attack by China and that we were retaliating.  You might think that there would be pictures and videos and news at 11.  Instead it’s more like discovering a new galaxy. It has no impact on us, or does it? My company sits in a unique position where we support many SMB’s (small and medium businesses) client’s IT that include regulated …

Read More →

Mobile devices such as smartphones have spread to the point that it shouldn’t surprise anyone that they are now targeted by the types of malware once reserved for PC’s.  What should surprise is that the number of infections has increased from 41,000 infections to 175,000 since Q2 2012. Mobile malware has increased significantly in the past year. Trend Micro, a security software provider, has released its third quarter security …

Read More →

This month Verizon Wireless started its Precision Market Insights program which sells marketers a surprisingly detailed look at how subscribers use their phones and other mobile devices.  Precision Market Insights compiles normal user information such as gender and age but also goes further and can compile information on hobbies, search history and even frequent dinning locations. Verizon has moved into a stance of defensive damage control on the issue and …

Read More →

VeriSign Inc, the company millions of businesses around the world depend on for website security has faced a security breach of its own and raised questions about security of businesses under its protection.  VeriSign’s domain-name system processes over 50 billion queries daily. This system allows internet users to confirm the legitimacy of the websites they visit and helps ensure safe online shopping transitions.  If the encryption from VeriSigns system is …

Read More →

While American households account for most of the new electronics market, they only contribute about 26% to the electronics recycling market. That means an awful lot of electronics still end up in our landfills.  Not only is this wasteful but it also presents serious security concerns for many electronics users who have not adequately cleared their devices of personal information.  The threat is made even more apparent when you take …

Read More →

Social media and social network website can be a great tool to promote your services or exchange contact information but there is a dark side to their services.  The growth in popularity of social media websites such as Facebook and MySpace has opened up new areas of revenue for marketers but has also opened the doors for malware distribution.   IT administrators now have to face the very real threat that …

Read More →

For the last couple months Microsoft has put forth a campaign to remind users that support for Windows XP SP2 will soon end. The official support end date for Windows XP Service Pack 2 will take place in the end of July 2010, roughly seven months from now. While this might seem like plenty of time it’s important to be prepared in the shift of support policy. Microsoft reported on …

Read More →

The Conficker worm may not have created a large scale disaster but the danger is still very real.

Read More →

The first version of the Conficker computer worm was released in late 2008 but experts expect that the infection will spread on April 1st. It is believed that the worm has already infected over 5 million machines. The infected computers act as a carrier for the worm, remaining dormant but capable of reactivation if the original author switches them on. According to the director of CA, a New York threat …

Read More →

Yesterday Microsoft released the final build of Internet Explorer 8 for public download. Since part of my job is to ensure that our websites are compatible against all I decided to be the company guinea. Let’s see how IE8 stacks up against the other top browsers today. After installing the new browser IE8 complied in true Microsoft fashion and crashed immediately. An auspicious start but I reopened the program and …

Read More →

Video sharing sites like Youtube and Google Video have become second nature and trusted by all web 2.0 users. The last two weeks has broken this trust, however, as Google Video have been targeted by blackhat SEO campaign operators. The site has been put to use to spread malware using Google’s own search engine rank algorithms against themselves. Because this method of infiltration is a new development in malware distribution …

Read More →

In the last two weeks there have been outbreaks of two Mac Trojans. That might seem fairly common place in the Windows world but Mac has a long history of being relatively immune to virus threats. This actually brings up an interesting issue as well. Apple has been trying to position themselves as a direct competitor to Microsoft for years and the tools they have marketed themselves on are ease …

Read More →

Earlier this week Microsoft released a number of critical patches for vulnerabilities contained in Microsoft applications. Microsoft releases Tuesday updates regularly but with 28 vulnerabilities, 23 of which are listed as critical, this is the largest Patch Tuesday release in five years. The number of vulnerabilities, while alarming, should be taken as a warning more than a threat and proves the importance of keeping up to date on system patching. …

Read More →

Using major holidays as a means to infect consumer computers is nothing new but in recent years the practice has become more elaborate and invasive. With greater access to content creating applications such as Flash and Photoshop the malware created by cybercriminals often rivals legitimate content in visual quality. The first batch of this year’s holiday malware has already been unleashed, and with it, nine possible exploits for your systems. …

Read More →

Back before the onset of Windows 95 Boot Viruses were all the rave for malware distributing hackers. Back then Microsoft saw the problem managed to solve the issue of the auto installing viruses. Now more then ten years later the same problem has again risen and it’s more dangerous than ever. Portable USB storage devices are now as common as floppy diskettes were ten years. USB devices offer fast reusable …

Read More →
System Security | IT Computer Support of New York