Important Cybersecurity Warning

Have you been following the news lately?

The recent events between the United States and the Islamic Republic of Iran are causing some concerns across the cybersecurity community. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a very important alert focused on Iran’s historic use of cyber offensive activities as retaliation for attacks against their state.

Read more here

Iran Cybersecurity Threats

Patterns of known Iranian threat techniques include: credential dumping, obfuscated files or information, data compressed, PowerShell, user execution, scripting, registry run keys/startup folder, remote file copy, spearphishing link, and spearphishing attachment.

As your trusted IT services provider, we want to make you aware of this information shared so you can protect yourself, your company, and your customers. The CISA recommends taking the following actions:

  • Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
  • Increase organizational vigilance. Ensure security personnel is monitoring key internal security capabilities and that they know how to identify anomalous behavior.
  • Confirm reporting processes. Ensure personnel knows how and when to report an incident. The well-being of an organization’s workforce and cyberinfrastructure depends on an awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system.
  • Exercise organizational incident response plans. Ensure personnel is familiar with the key steps they need to take during an incident. Do they have the access they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel is positioned to act in a calm and unified manner.

Critical Update From Microsoft: Remote Desktop Services

CVE-2019-0708

Impacted Systems:

  • Windows Server 2003
  • Windows XP
  • Windows7
  • Windows Server 2008

Nonimpacted Systems:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

CVE-2019-0708

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

  • If you don’t need the Remote Desktop Services, you can disable it.
  • Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
  • Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.

Urgent Tech Tip: Disable Facetime On Your iPhone

Apple Facetime

Apple Facetime

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.

For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.

What is the FaceTime Flaw?

The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.

At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.

News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.

What Is Apple Doing About the Issue?

Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.

The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.

What Should I Do About FaceTime on My Device?

Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.

For iPhones

1. Go to Settings .

2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.

3. Click on the FaceTime bar.

4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.

Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.

For Macs

1. Launch the FaceTime App.

2. Select the FaceTime menu bar from the top-of-the-screen navigation.

3. Select Turn FaceTime Off. Command-K also turns the feature off.

Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.

How Did This Happen?

It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.

On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.

It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.

Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.

SCAM ALERT: Google Play Gift Cards

Google Play Gift Cards

If there’s a will there’s a way when it comes to scammers, especially with gift cards. Everyone loves gift cards. Consumers love how easy it is to purchase gift cards, use gift cards and even give gift cards. It’s as simple as buying a card at a brick and mortar store or clicking a few buttons and almost instantly having the funds needed to play. Scammers love gift cards too. Gift cards can immediately be activated and spent by these scammers even before the owner of the card knows what happened.

Google Play gift cards are targets right now. Scammers love how easy they are to steal so consumers need to stay one step ahead of these online crooks. Here’s one of the latest Google Play Gift Card Scam that is scouring the internet.

Google Play Gift Cards

Scam Alert: Currently there is an email scam occurring where thieves, posing as someone the recipient knows and are phishing for personal, financial, and other private information. This includes requests for Google Play Gift Cards. For example, the message will read, “I need you to pick up a couple of gift cards. Can you make this happen? The type of gift card I need is Google Play gift cards. I need 4 cards in $500 denominations…scratch the back of the card to reveal the card codes and email me the gift card codes.”

Take away: Never provide any personal information including gift card codes like Google Play in an email. What seems like the information is going to a trusted source, it could be a scam.

6.8M Facebook Users Hit By New Photo Bug

Facebook Bug

Facebook has just announced that a Photo API bug gave app developers access to user photos outside of the scope intended for 5.6 million users. This includes granting apps access to Facebook Stories, Marketplace photos, and photos that were uploaded but not shared. The bug was in effect from September 13th to September 25th.

Facebook Bug

As of now, Facebook is working on releasing tools to allow app developers to determine if they were impacted by this bug, and will work with them to delete unauthorized photos. Facebook will also be notifying any users they suspect may have been affected.

Learn More

If you have any questions or concerns about this latest Facebook bug, please don’t hesitate to contact me directly at {phone} or {email}.

DHS/FBI Issue Critical Alert: SamSam Ransomware

Critical FBI & DHS Warning Issued (1)

Critical FBI & DHS Warning Issued (1)

The FBI and Department of Homeland Security (DHS) have issued a vital ransomware alert for the SamSam ransomware also known as MSIL/Samas.A.

The FBI and DHS alert, issued on November 3rd, 2018 describes how hackers armed with SamSam ransomware have targeted multiple industries, including some within critical infrastructure. Those victimized by SamSam have been located predominately in the United States. However, some international attacks also occurred.

This alert comes few days after the Justice Department charged two Iranians as the masterminds behind the recent SamSam ransomware attacks.

Read more about this critical FBI and DHS warning.

Click Here

Stay tuned to our blog for more information.

Marriott 500 Million Person Data Breach (Questions/Answers)

Marriott Data Breach

How Marriott Got Caught In A 500-Million Person Data Breach

Marriott Data Breach

Were You Affected? (Your Questions Answered)

What Do We Need To Know About The Marriott Breach?

Another big corporation got hooked. This time it was Marriott International. They just revealed that their Starwood reservations database of 500 million customers was hacked and that the personal information of up to 327 million guests was stolen. And, this has been going on since 2014!

How Did This Happen?

  • On September 8, 2018, Marriott was alerted about an attempt to access the Starwood guest reservation database.
  • They contacted leading security experts to help them determine what occurred. Marriott said that the hacker copied, encrypted and removed their customers’ data.
  • On November 19, 2018, Marriott was able to decrypt the data and learned that it was from the Starwood guest reservation database.

Marriott acknowledged that the encryption security keys for this data may have fallen into the hands of hackers. This allowed them to access the massive amount of data. Secure systems lock up data and should store the encryption keys in a location that’s separate from the confidential information.

Some good questions to ask here are:

“How did the criminals get Marriott’s encryption keys?

“Why did it take so long for Marriott to reveal the breach?” They learned about it in September which is over two months ago.

And, this was a 4-year long breach! “Why didn’t Marriott know that their customers’ data was being stolen over this long period?”

Maybe we’ll find out the answers to these questions, and perhaps not. What’s for sure is that you are on your own when it comes to protecting your confidential data.

How Do I Know If My Data Was Stolen?

If you are a Starwood Preferred Guest member and your data was stored in the Starwood property’s database (which includes Sheraton, Westin and St. Regis hotels, among others) you need to be on alert.

As mentioned, this data breach goes all the way back to 2014 and includes names, passport numbers, email addresses and payment information for approximately 327 million travelers – a “big catch” for any hacker. Even your date of birth, gender, reservation dates and communication preferences may be included in the breach.

Should I Contact Marriott?

Marriott set up a website and call center for customers who were impacted by the data breach. Email notifications are also being rolled out.

Marriott is also offering affected customers the option to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert if your personal information is found. If you live in the U.S., you’ll also be offered fraud consulting services

What Else Should I Do?

If your data was stolen, you should observe for incidents of identity theft. Also, watch for phishing emails where hackers try to impersonate someone you trust to take information or money from you.

Arrange For Security Awareness Training For Your Employees

If your business data was involved, make sure that you arrange for Security Awareness Training for your employees to train them to recognize phishing attempts. This includes:

  • Baseline Testing to assess the Phish-prone percentage of your employees through a free simulated phishing attack.
  • Training For Your Users with content that includes interactive modules, videos, games, posters, and newsletters.
  • Simulated Phishing Attacks that utilize best-in-class, fully automated, simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
  • Reports with statistics and graphs for both training and phishing for your management to review.

Whether your business was involved in the breach or not, Security Awareness Training for your employees is always a good idea.

Another good idea is to sign up for Dark Web Scanning Services.

Get Dark Web Scanning For Your Confidential Business Data

The Dark Web is a secret internet society that’s only accessible to a select group of criminals. Criminals use it to take stolen data (like the Marriott/Starwood customer information) and dump it on the black market for sale.

Dark Web Scanning is a sophisticated monitoring solution that helps businesses of any size detect cyber threats that expose their stolen business accounts, email addresses, payment information, and other confidential data that’s on the Dark Web. It also does this in real time and detects any of your compromised credentials or information before criminals can use it for profit or other crimes.

Don’t Count On The Marriott’s Of The World To Protect Your Business Data – You Must Do This Yourself

Contact us for information about Data Protection, Security Awareness Training and Dark Web Scanning. We have a Suite of IT Security Solutions to help you keep your business data secure.

 

 

 

Why is my Windows 10 Pro Deactivating?

Windows 10 Pro Deactivating

If you are experiencing problems with your Windows 10 Pro operating system, you are not alone. Thousands of users from the US, Japan, and South Korea flooded tech message boards late this week with complaints that their legitimately purchased software was deactivating itself.

Windows 10 Pro Deactivating

What Exactly Happened?

Starting on November 8, comments began to appear online from several users expressing frustration over the pop-up messages they received from Microsoft after booting up their computers. These messages included the error codes: 0xC004C003 or 0xC004C003, and incorrectly implied that the users were trying to run illegal copies of the Windows 10 Pro edition on their computers. Those affected by the glitch were then prompted to install the Windows 10 Home edition or to purchase a genuine copy of the Pro edition from the Microsoft store. Anyone who received a deactivation warning was still able to operate the computer using the Windows 10 Pro edition, although distracting watermarks were plastered across the screen.

Microsoft acknowledged that the company was fully aware of the DMR issue within hours of the first messages showing up online. A statement released from the company said it was still trying to determine the reason behind the deactivations to provide a fix, but at the time the exact cause was unknown. Engineers from Microsoft suspected that “some unspecified issue with the Windows Authentication servers” was the cause behind the deactivations.

On Friday, a day after Microsoft first address the deactivations, the company released an update about the bug:

“A limited number of customers experienced an activation issue that our engineers have now addressed. Affected customers will see the resolution over the next 24 hours as the solution is applied automatically. In the meantime, they can continue to use Windows 10 Pro as usual.”

As of Saturday, some users online were still reporting problems with their operating system.

Will This Affect Me?

The good news is that the deactivation problem seems to be affecting only a small portion of the total number of Windows 10 Pro edition users. Of the licenses which were affected, the vast majority of them were digitally updated from an early version of Windows. If you have not already received the warning after restarting your system, there is a good chance that your copy of the operating system is not affected by this bug. But for those who hit with the glitch, you have several options.

What Can I Do About It?

First, don’t panic and assume that you need to repurchase a new license for the Windows 10 Pro edition if you are still receiving a warning as of today. As long as you are using a genuine version of the operating system, there is no need to buy another copy, as the fix will automatically take effect. The best thing to do is just to wait. But if you are unwilling to wait, you can attempt to correct the issue on your own by running the Troubleshoot app. You can access the Troubleshoot app by going to Settings then clicking on Update & Security followed by Activation, and finally to Troubleshoot. This should correct the issue immediately.

PSA Alert! Sleeping While Phone Charges

Sleeping with smartphone

Read the following alert before charging your phone tonight and from this day forward. According to the Newton, New Hampshire, fire department’s PSA message posted on social media; it seems as though charging a phone in bed poses a serious health risk and lethal safety concerns for you and your loved ones. Now it is imperative you think twice before charging your tablet or smartphone in bed ever again.

Sleeping with smartphone

What the Newton fire department shared is quite literally a wake-up call

The Newton Fire Department, in Newton, New Hampshire shared this photo. You will notice burned sheets and pillows next to a device charger’s cord. If the picture seems scary, you now have your proof. Without warning, if a child or teenager is sleeping next to their phone while it’s charging, this could happen to them, putting them in grave danger.

 

According to the fire department, a home fire is reported in the U.S. every 86 seconds. They also uncovered some recent research which indicates over 50 percent of children and teenagers charge their tablet or phone under their pillows. When you consider that everyday habit, you must ask yourself, “where does the heat go if the phone is covered up?”

We all know if the heat from that charger can’t evaporate you’re going to have a cord, charger, and device that’s hotter and to difficult to touch. If the charger and phone are under the pillow, then that pillow, mattress, and the entire bed could catch fire, and the whole house could go up in flames, putting all the family members in danger.

Should we be concerned, isn’t this an isolated situation?

Unfortunately, it isn’t. It continues happening.

It wasn’t that long ago a 10-year-old boy, in Northern Ireland woke up in shock. He was charging his new phone in his bedroom overnight. What awakened him was the smell of smoke, as his iPhone sat burning on his bed. The phone got overheated and severely singed. Fortunately, there was no fire outbreak.

Then there’s the incident where a family of a 15-year-old girl from Wales had to flee their home. They were not as lucky. The girl’s iPhone overheated while resting on the bedding. Next thing they know the bed quickly caught fire and engulfed the home. Fortunately, no one was hurt. But it took six months before the family could return to their home, due to the extensive fire damage.

But we can’t just look at children and teenagers who leave their tablets or phones charging overnight. Take the Alabama man, in his 30s that nearly lost his life getting electrocuted, after he fell asleep with his cell phone charging right next to him in bed.

As he slept, the charger disconnected from the phone. But in the morning he rolled over, and his military dog-tags around his neck got caught on the exposed prongs of the plugged-in phone charger. What happened next, nearly took his life. The dog-tags acted as a conductor so, the electricity traveled straight to his neck. Strips of flesh and skin were missing from his neck and his shirt got singed, where the metal dog-tag necklace had burned his throat.

What should you know moving forward?

It was pointed out in a 2017 Hartford Home Fire Index; there is a “high risk” when charging your phone on your bed overnight. They compared it to leaving a candle burning unattended or when your stove doesn’t get turned off after cooking.

There was more extensive research published by the American Medical Association (AMA), in their JAMA Pediatrics monthly peer-reviewed medical journal that shows roughly 89 percent of teens and 72 percent of children use, on average at least one device, tablet or phone, in their “sleep environment.” And quite often it’s used just before bedtime.

“The distinctly possible result is that the pillow or bed or both will catch fire,” the Newton fire department added. “This places the child or teen, as well as everyone else in the home in grave danger.”

What should you start doing today?

To quote Stuart Millington, senior Fire Safety Manager, of the New Wales Police department, “Turn chargers off. Unplug them before you go to bed,” His warning came after a similar incident where a phone caught fire while charging under a pillow of a North Wales family home. “Never leave items unattended or charging for long periods of time.”

If you are a parent or grandparent, warn your kids and grandchildren. Bring it to their attention to the dangers of sleeping next to a charging tablet or phone. Also, look to see where device charges are plugged in, and if not suitable recommend a designated charging zone in your home for all devices.

Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.

Facebook Data Breach

Facebook Data Breach

Are you aware of a potentially serious data breach involving Facebook? 

According to many top news outlets, 50 million users accounts may have been impacted and Facebook now faces potential huge fines in the EU.

Read more at https://www.theguardian.com/technology/2018/oct/03/facebook-data-breach-latest-fine-investigation.

Facebook Data Breach

Need steps to protect your Facebook account? Here’s an interesting article containing steps to protect your personal information and security. https://www.experian.com/blogs/ask-experian/facebook-data-breach-how-to-protect-yourself/

We are continuing to follow this news and will update more on our blog as we learn more.