Malware Archives - Smeester & Associates - Denver, Colorado USA

Category Archives for Malware

Are Outdated Browsers Leaving Your Business Vulnerable?

Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?

outdate-browsers-vulnerable-statistics

WHY ARE EXPLOITS POPULAR AMONG CYBERCRIMINALS?

As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.

WHY DO I NEED PROACTIVE PATCH MANAGEMENT TO PROTECT AGAINST EXPLOITS?

A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.

WHY SHOULD I WORK WITH AN MSP FOR THIS?

Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.

Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.


Tech Stuff :: What You Need to Know About Pokemon GO

Pokemon GO is creating some major mobile security concerns.

Pokemon GO is creating some major mobile security concerns.

If you haven’t already heard, Pokémon GO has quickly become the biggest mobile game in U.S. history. However, the game’s rapid rise in popularity has also raised some major mobile security concerns. Its millions of users may not be aware of the many data vulnerabilities that lay hidden within the game and its privacy policy. Are you one of them? Here are the answers to your most pressing Pokémon GO questions.

  1. What Is Pokémon GO’s Privacy Policy?

Like most apps out there, Pokémon GO does collect data about its users. When first downloading the app, users need to sign in with a Google account and grant access for the app to use your camera, data and contacts. According to the Pokémon GO privacy policy, Niantic may also collect your username, email address, IP address, the web pages you were using before logging into the game and your entire Google account. In addition, the privacy policy gives the company wide latitude for using all of this information. Niantic can hand personally identifiable information (PII) over to law enforcement, sell it off and even share it with third parties.

This full access can be a huge security risk, and Niantic recently addressed this concern with a statement saying they are fixing the bug that allowed the app to gain full access to users’ accounts.

  1. Why Is Pokémon GO a Target for Cybercriminals?

Niantic’s gigantic database of data is full of information provided by its users, which makes it the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your personally identifiable information (PII). The company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect the large database of PII – the type of information that hackers have been increasingly targeting.

  1. What Are Other Major Security Concerns with Pokémon GO?

The public nature of Pokémon GO has caused some unforeseen side effects and attracted other cybersecurity concerns. Many fake versions of the app have been uncovered, which contain malware that can lock your smartphone and cause more harm. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This shows that although the new game has received an abundance of positive feedback, there are some major dangers that players aren’t aware of.

  1. What Problems Can Pokémon GO Present with the Rise of Bring Your Own Device (BYOD) in the Workplace?

The vulnerability of mobile data within Pokémon GO means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high. If your employees are using unprotected devices when using the game, it could lead to exposing sensitive business data in the event of a hack.

  1. How Can I Stay Protected When Using Apps Like Pokémon GO?

Pokémon GO is a prime example of the various security risks that are presented with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a solution like mobile device management (MDM), you can greatly reduce these risks. MDM gives you the ability to remotely wipe an individual’s data if a device is compromised. An MDM solution will also allow you to implement app management policies and put restrictions on app purchases from non-validated markets.

Holiday Cyber Scams – How to Avoid The Grinch Who Stole Christmas

Hacker On Your Computer

Now that we’re officially in the middle of the holiday season, there’s a flood of emails flying through cyberspace from family, friends, online retailers and charities. This heavy online traffic makes it easier than ever to sneak in malicious emails, targeting unsuspecting users looking to connect with old friends and find holiday deals. Whether it’s a phishing scam that is trying to snag your credit card number or a malware campaign that installs unauthorized code on your system from an email link, ‘tis the season to protect yourself.

Taking Precautions

So where, exactly, do these seasonal cyberscams come from? Many of these malicious Grinches send emails from fake URLs, disguising them to appear legitimate. Faux charities are another common scam designed specifically to take advantage of your generosity during the season of giving. Even friends and family may send what looks like an innocent forward your way, only to discover that they inadvertently launched some decidedly un-cheery, unpleasantness to your inbox instead.

However, if you take some basic online protective measures you’ll be in a lot better shape to avoid the latest cyberscams this holiday season:

  • Change your email settings so that attachments aren’t automatically downloaded. This gives you more control over what gets into your system.
  • Never open attachments or click URL links in emails from unknown or unverified senders. Even be cautious of known senders.
  • Remember that cyberscammers can spoof return addresses; their malicious emails might look like a holiday e-greeting from Grandma judging from the subject line alone. If there’s nothing specific in the subject or body of the message (i.e. “Check out the great Holiday pics I took!”), it’s worth verifying with the sender before opening the attachment.
  • Never respond to requests for financial information that arrive via email. Instead, visit the applicable site or account directly from your web browser to verify any claims.
  • Always research charities and other organizations before you donate a penny.
  • Keep your antivirus and anti-malware software updated and run regular scans to keep your system squeaky clean.  Also assure that patches are applied regularly to the operating system.
  • Listen to your intuition. If something seems fishy about an email, even if it’s from someone you know, don’t download any attachments or follow embedded URLs. Again, return addresses can be spoofed to look authentic and familiar, so use caution even with trusted senders.

Spread Cheer, Not Fear

There’s no better time than the holidays to wrap up a nice bit of malicious code masquerading as an online promotion for a major sale or a holiday e-card. That’s why the U.S. Computer Emergency Response Team (US-CERT) has released asecurity alert that focuses specifically on how to avoid holiday-related cyberscams. Additionally, the Anti-Phishing Working Group (APWG) offers a comprehensive list of suggestions on avoiding phishing scams that are good any time of year.

The holidays should be a time for celebration. Use smart online practices to help spread seasonal cheer, and stay safe this holiday season.