Call-A-Geek http://www.call-a-geek.com Tue, 27 Sep 2016 15:49:45 +0000 en-US hourly 1 https://wordpress.org/?v=4.4.5 New Virus Poses As Dropbox Invoice http://www.call-a-geek.com/2016/09/27/new-virus-poses-as-dropbox-invoice/ http://www.call-a-geek.com/2016/09/27/new-virus-poses-as-dropbox-invoice/#respond Tue, 27 Sep 2016 15:49:42 +0000 http://www.call-a-geek.com/2016/09/27/new-virus-poses-as-dropbox-invoice/ Dropbox is no stranger to hacking attacks, and in recent months, they’ve been made a target once again. In this instance, hackers have launched a phishing campaign aimed at Dropbox users. They ...]]> newxvirusDropbox is no stranger to hacking attacks, and in recent months, they’ve been made a target once again. In this instance, hackers have launched a phishing campaign aimed at Dropbox users. They send out poisoned emails that, by all outward appearances, look like invoices.

The note that accompanies the link to the “invoice” says that it’s for translation work completed, and if a user clicks on the link, it gives the hacker access to their Dropbox files and folders.

This year, security researchers from all over the web are reporting that the instances of phishing attacks are up several hundred percent this year. It seems to have become the hacking community’s preferred method for trying to fool users into clicking links that will either install malware, or in some way give hackers access to their computers or selected files on them.

The immense upsurge in phishing attacks only serves to highlight the importance of email security and proper education where your employees are concerned. The most common means by which hackers gain access to corporate networks are lapses in judgement by employees. All it takes is a single moment of carelessness, one thoughtless click on an email from an unknown or untrusted source, and your network could be infected and at risk.

Recent industry surveys indicate that more than half (51%) of IT execs have experienced and dealt with between one and five phishing and/or ransomware incidents over the past twelve months. Almost a quarter have had to deal with six or more.

According to the best available statistics, there are more than four thousand ransomware attacks occurring each and every day, which is more than triple the number that occurred in 2015.

All of this further exhibits the importance of proper employee training as a vital component of your overall digital security plan. If you’re not sure your current digital security is as good as it could be, give us a call today and one of our knowledgeable team members will be happy to speak with you about it.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/27/new-virus-poses-as-dropbox-invoice/feed/ 0
SSD Drives Are Becoming The Standard For Laptops http://www.call-a-geek.com/2016/09/26/ssd-drives-are-becoming-the-standard-for-laptops/ http://www.call-a-geek.com/2016/09/26/ssd-drives-are-becoming-the-standard-for-laptops/#respond Mon, 26 Sep 2016 15:36:51 +0000 http://www.call-a-geek.com/2016/09/26/ssd-drives-are-becoming-the-standard-for-laptops/ Since their initial release, the smart money has been betting on the idea that SSD (Solid State Drives) would ultimately replace the aging, conventional hard drive as the storage medium of choice, ...]]> ssdxdrivesSince their initial release, the smart money has been betting on the idea that SSD (Solid State Drives) would ultimately replace the aging, conventional hard drive as the storage medium of choice, especially in laptops. Why not? They’re smaller, slimmer and faster. They provide everything a power laptop user wants, and let’s face it, current hard drive technology is positively ancient. It’s long past its prime, and overdue for some kind of replacement.

SSD appears to be that replacement, and the shift is happening much more quickly than pundits have estimated. If the current trend continues, then by the end of this year, SSDs will be on track to be standard in fully one third (33%) of newly manufactured laptops.

Should the trend continue beyond this year, then the trajectory sees them as standard equipment in half of all laptops by the end of 2018. That’s a remarkable shift, and a fairly fast rate of adoption.

SSDs are obviously not perfect, however. No technology is, but they offer such vast advantages in speed, and their small form factor makes their inclusion in new laptops a no-brainer. Of course, this isn’t the absolute death knell of current hard drive technology. The one area where the current tech still holds a compelling advantage in is price.

Dollar for dollar, the existing technology can provide more storage for less money, so for the foreseeable future, data centers that deal with mass quantities of data are going to be reluctant to spend the money necessary to upgrade to SSDs, regardless of the speed advantages.

Sooner or later, though, economies of scale are going to kick in for SSD manufacturers, and much of the cost advantage that the current tech enjoys will vanish. Not long after that, the old hard drives will vanish as well. They can simply no longer keep up with today’s blindingly fast computing world.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/26/ssd-drives-are-becoming-the-standard-for-laptops/feed/ 0
Need A Bank Account? Take A Selfie http://www.call-a-geek.com/2016/09/24/need-a-bank-account-take-a-selfie/ http://www.call-a-geek.com/2016/09/24/need-a-bank-account-take-a-selfie/#respond Sat, 24 Sep 2016 15:13:02 +0000 http://www.call-a-geek.com/2016/09/24/need-a-bank-account-take-a-selfie/ Banks are embracing technology in new and innovative ways, or at least, some of them are. One of the biggest headaches and hassles of dealing with a bank comes when you want ...]]> needxaBanks are embracing technology in new and innovative ways, or at least, some of them are.

One of the biggest headaches and hassles of dealing with a bank comes when you want to open a new account. There are forms to sign, paperwork to fill out and a variety of hoops to jump through. That has now changed at HSBC, which has become the first bank in history that allows business customers to open a bank account with a selfie.

Using facial recognition software, the bank can now use your selfie to verify your identity, no forms, ID, or extraneous paperwork necessary. To make it work, you simply download the HSBC app from their website, and take a selfie using your phone’s camera.

The image is uploaded to HSBC’s database where it is compared to an image of your photo ID that you upload to the system (driver’s license, passport, etc.), and that’s it. That’s all there is to it.

The strategy appears to be working out quite well for the bank. In 2013, only one new account in ten was opened online. Since implementing this new strategy, nearly half of their new accounts have been opened on the web.

This is an excellent example of a company finding innovative ways to leverage existing, well-established technology to simplify and streamline its processes for its customers. There are probably opportunities like this one you can apply to your business to create a strategic advantage for yourself.

If you’re struggling to come up with innovations such as the one referenced above, give us a call today. One of our knowledgeable team members will be happy to talk with you about how we can help you apply technology you may already have deployed. By using it in unusual and unexpected ways, you can increase your firm’s market share and profits.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/24/need-a-bank-account-take-a-selfie/feed/ 0
Running Linux? You May Be Next For A Ransomware Attack http://www.call-a-geek.com/2016/09/23/running-linux-you-may-be-next-for-a-ransomware-attack/ http://www.call-a-geek.com/2016/09/23/running-linux-you-may-be-next-for-a-ransomware-attack/#respond Fri, 23 Sep 2016 16:11:34 +0000 http://www.call-a-geek.com/2016/09/23/running-linux-you-may-be-next-for-a-ransomware-attack/ Typically, people running some flavor of Linux have little to fear from the hacking community. By and large, Linux users have been ignored or passed by in favor of other targets. Unfortunately, ...]]> rsz_running_linuxTypically, people running some flavor of Linux have little to fear from the hacking community. By and large, Linux users have been ignored or passed by in favor of other targets. Unfortunately, not even Linux users are safe anymore. There’s a new ransomware variant making the rounds called “Fairware,” and it is specifically targeting Linux users.

Most people who run Linux use it to host their own websites, or do other kinds of development work. It’s an ideal OS for those purposes, and the hackers are striking right at the heart of this part of the ecosystem.

The first indication of trouble that most of Fairware’s victims see is that the website they host mysteriously goes down. When they log on to find out why, they discover that the entire web folder is missing, having been deleted from the system. In its place, there’s a simple text file labeled “Read Me,” which explains that Fairware has deleted the folder, and all the data it contained, and if the user wants his files back, he’ll need to send a payment of 2 Bitcoins to the address in the text file.

It gets worse, however. It has been discovered that this malware is being distributed using hacked Redis servers, and there is no indication that the malware is actually making a copy of the deleted files, or taking any steps to back the data up. It’s simply gone, so if you don’t have a backup copy, you’ve lost the data. To add insult to injury, you’re also out the two Bitcoins if you pay the fee to get your files back.

So far, Fairware attacks have been few and far between, but the fact that they’re happening at all should sound alarm bells and put Linux users on notice to start guarding against this kind of attack. Be sure you’ve got a good backup system in place, just in case.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/23/running-linux-you-may-be-next-for-a-ransomware-attack/feed/ 0
iOS Users: Apple Says Update Immediately http://www.call-a-geek.com/2016/09/22/ios-users-apple-says-update-immediately/ http://www.call-a-geek.com/2016/09/22/ios-users-apple-says-update-immediately/#respond Thu, 22 Sep 2016 15:55:55 +0000 http://www.call-a-geek.com/2016/09/22/ios-users-apple-says-update-immediately/ There is a large and growing body of evidence that hackers and their attacks are increasing in sophistication. Hardly a month goes by that there isn’t a headline somewhere in the world ...]]> iosxusersThere is a large and growing body of evidence that hackers and their attacks are increasing in sophistication. Hardly a month goes by that there isn’t a headline somewhere in the world about a new attack vector. The level of innovation and cunning is staggering.

Apple used to be largely immune to such attacks, a fact brought about by virtue of a greater emphasis on security, and because Apple’s share of the desktop and laptop market was quite small, and generally seen as not worth going after on a large scale. There were bigger, easier targets.

That changed with the release of the iPhone, and suddenly Apple found itself increasingly targeted by hackers from around the world.

Recently, an exotic, highly complex chained attack was uncovered that relies on a trio of “zero day exploits,” which are as bad as they come. Note that these attacks were found being used in the wild, so this is not some theoretical musing about what could happen. It’s an attack that has already occurred.

The attack is not something that a casual hacker could pull off, which means that there isn’t a huge number of people who could do it, but the fact that it happened at all sent Apple scrambling to release an emergency patch that addressed all three zero day vulnerabilities found.
The attack works like this:

A link (URL) is sent to the user via SMS. This link opens a web page which loads JavaScript, and executes a binary inside the Safari web browser.

This leads to the second event in the zero day chain, where another exploit allows it to bypass KASLR protections that would normally prevent malware from identifying where the core of the OS is found in memory.

Armed with this information, the third exploit in the chain kicks off, which corrupts the memory in the kernel. This incapacitates iOS, leaving it incapable of blocking software from running that hasn’t been signed by Apple. From here, the hacker has unfettered access to the phone.

All that is to say if you’re running a version of iOS older than 9.3.5, patch it immediately, or risk losing control of your device.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/22/ios-users-apple-says-update-immediately/feed/ 0
Samsung Phones Recalled Due To Battery Issue http://www.call-a-geek.com/2016/09/21/samsung-phones-recalled-due-to-battery-issue/ http://www.call-a-geek.com/2016/09/21/samsung-phones-recalled-due-to-battery-issue/#respond Wed, 21 Sep 2016 16:30:52 +0000 http://www.call-a-geek.com/2016/09/21/samsung-phones-recalled-due-to-battery-issue/ Consumer electronics giant Samsung just released its latest update to its flagship product, the Galaxy Note 7, two weeks ago, as of the writing of this piece. The company has sold some ...]]> samsungxphonesConsumer electronics giant Samsung just released its latest update to its flagship product, the Galaxy Note 7, two weeks ago, as of the writing of this piece. The company has sold some 2.5 million units worldwide, and now, they are issuing a global recall order, and promising to replace all units that have been sold.

At issue is a critical flaw with the batteries in the new devices. While the exact nature of the problem is not yet known, using the new devices for an extended period has led to overheating to the point of melting, and/or outright exploding in some cases.

There’s never a good time for an event like this to occur, but Samsung was hoping to build on the success of its wildly popular release of the Galaxy S7 with strong sales of the new Note. With Apple soon to be releasing their latest update, Samsung’s position in the market is suddenly in jeopardy.

Replacing more than 2.5 million faulty units will be a monumental task, and a lot is going to depend on how swiftly the suddenly embattled company can move to correct the issue and satisfy their existing customers.

If they fail or falter in their response, the company could be in serious financial trouble. As it stands, the not inconsiderable expense of replacing that many devices will definitely have a negative impact on the company’s bottom line.

If you’ve recently purchased a new Note from Samsung, be sure to visit the company’s website for all the latest information on the replacement procedure. If you were planning to make a purchase in the coming weeks, you may want to look into other alternatives, or delay your purchase until the company gets the issue sorted out.

While this is hardly the first product recall we’ve seen from a major tech manufacturer, it is definitely one of the largest and most impactful in recent memory.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/21/samsung-phones-recalled-due-to-battery-issue/feed/ 0
Redis Database May Open Door To Ransomware Attack http://www.call-a-geek.com/2016/09/20/redis-database-may-open-door-to-ransomware-attack/ http://www.call-a-geek.com/2016/09/20/redis-database-may-open-door-to-ransomware-attack/#respond Tue, 20 Sep 2016 15:03:01 +0000 http://www.call-a-geek.com/2016/09/20/redis-database-may-open-door-to-ransomware-attack/ As you probably know by now, ransomware is a particularly insidious form of hacking attack whereby a target computer’s files are locked or held hostage in some way, and besides restoring from ...]]> redisxdatabaseAs you probably know by now, ransomware is a particularly insidious form of hacking attack whereby a target computer’s files are locked or held hostage in some way, and besides restoring from whatever backups you have, the only way to get the files back is to pay the ransom demanded by the hackers.

What you may not have heard is that there’s a new variant of this type of attack making the rounds on the internet. It’s an especially cruel variant for a couple of different reasons.

First, the software, known as FairWare, doesn’t target traditional ransomware targets like health care companies. Instead, it specifically targets web servers. It gains a foothold onto a web server, deletes all the web content that was once there, and leaves a ransom note in the form of a text file, providing the owner of the server and the content with payment instructions if they want to get their files back.

Unfortunately, the ransom note is likely a scam. Researchers investigating these attacks have found no evidence of file copying, meaning that the hackers have likely simply deleted the files. If you pay the money, you still won’t get your files back, meaning you’ll have to rely on your backups, if you have them, or rebuilt your website from scratch.

For some companies, this would be an annoyance, but a fairly trivial affair. For others, it could have business-ending consequences.

So far, the researchers have found that the attacks seem to be originating from corrupted Redis servers that have been exposed to the internet. Normally, these servers have no direct connection to the internet, but some 18,000 server owners have decided to expose them in recent years. Of those, more than 13,000 have been found to be corrupted, compounding the problem and making it extremely likely that we’ll see more attacks like this in the weeks ahead.

If you don’t have a good backup system in place to help protect the data on your company’s site, it’s long past time to do so. If you’re unsure, or not confident in your current ability to recover from an attack like this, call us today and one of our experts will be happy to speak with you to see how we can best be of service.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/20/redis-database-may-open-door-to-ransomware-attack/feed/ 0
Single Hacker Convicted For Over 2 Million US Credit Card Thefts http://www.call-a-geek.com/2016/09/19/single-hacker-convicted-for-over-2-million-us-credit-card-thefts/ http://www.call-a-geek.com/2016/09/19/single-hacker-convicted-for-over-2-million-us-credit-card-thefts/#respond Mon, 19 Sep 2016 15:56:37 +0000 http://www.call-a-geek.com/2016/09/19/single-hacker-convicted-for-over-2-million-us-credit-card-thefts/ The story of the fall of the hacker going by the alias “Track2” is an absolutely riveting one. Track2, whose real name is Roman Valerevich Seleznev, is a thirty-one year old from ...]]> singlexhackerThe story of the fall of the hacker going by the alias “Track2” is an absolutely riveting one. Track2, whose real name is Roman Valerevich Seleznev, is a thirty-one year old from Russia. His criminal enterprise thrived from 2009 to 2013, when it was finally shut down, but unfortunately not before he did a considerable amount of damage on a global scale.

Among other things, Track2 was personally responsible for hacking POS (Point of Sale) terminals, and making off with more than 2 million US credit card numbers, selling the data on the Dark Web, and defrauding nearly four thousand financial institutions in the US alone for more than $169 million.

His attacks focused primarily on small to medium sized businesses, which lacked the funds to put robust security measures in place, and many of his victims have been forced to file bankruptcy as a consequence of his attacks. He was recently found guilty on numerous charges and could spend decades in prison.

This is remarkable, given the fact that his father is a highly-placed Russian legislator, and the story surrounding his capture sounds like something straight from the New York Times’ Bestseller’s List.

Seleznev was actually vacationing in the Maldives, and on attempting to leave, he was detained and flown by the Secret Service to the US territory of Guam, where he was formally arrested. Law enforcement refer to this kind of activity as “informal extradition.” The Russian government calls it kidnapping. Whichever term you prefer, the end result was that Track2 was flown from Guam to the US mainland to stand trial, and has now been found guilty.

We often think of hackers as being part of a big, globally based community, and while they do communicate and talk shop, they’re mostly lone wolves. Taking down a big, high-profile “wolf” like Track2 was a major accomplishment. It won’t do anything to help all those he has hurt in the past, but it will, at the very least, destroy his organization and keep him from harming others in the future.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/19/single-hacker-convicted-for-over-2-million-us-credit-card-thefts/feed/ 0
Malware On Your Mac May Be Caused By BitTorrent Client http://www.call-a-geek.com/2016/09/17/malware-on-your-mac-may-be-caused-by-bittorrent-client/ http://www.call-a-geek.com/2016/09/17/malware-on-your-mac-may-be-caused-by-bittorrent-client/#respond Sat, 17 Sep 2016 15:06:22 +0000 http://www.call-a-geek.com/2016/09/17/malware-on-your-mac-may-be-caused-by-bittorrent-client/ If you’re a Mac user who downloads files using the torrent software called “Transmission,” you may want to check your machine for signs of infection. It was recently discovered that a malicious ...]]> malwarexonIf you’re a Mac user who downloads files using the torrent software called “Transmission,” you may want to check your machine for signs of infection. It was recently discovered that a malicious copy of the torrent software had found its way onto Transmission’s website, which is where most people go to download the client.

As soon as the rogue copy of the software was discovered, it was removed, so if you go back to the site and re-download today, you should be fine. However, at a minimum, you’ll want to delete your current copy and scan your computer for viruses just to be sure you haven’t been impacted.

Unfortunately, this is not the first time the company’s website has been impacted in this manner. Several months ago, in another eerily similar incident, the Transmission website’s software was infected with Mac-based ransomware called KeRanger, which encrypted all of a user’s files, and demanded a payment in BitCoins to get the unlock code.

This infection, while not as initially damaging, is similar. The malware it installs is called OSX/Keydnap, which has been designed to steal passwords and leave a back door open on your computer that allows the hacker controlling the software to gain admin-level access.

ESET, the security company that found the malware on Transmission’s site, noted the remarkable similarities between the two instances of malware. While they are functionally different, the similarities in the code led researchers at ESET to conclude that they were likely developed by the same person or group.

Transmission has reported that they are investigating the incident, but has released no additional information. As a user, the best thing you can do here is be vigilant. If you’re a user, delete your current version, scan your system, get the latest install and then re-scan just to be safe.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/17/malware-on-your-mac-may-be-caused-by-bittorrent-client/feed/ 0
Your Keystrokes May Be Stolen Through WiFi http://www.call-a-geek.com/2016/09/16/your-keystrokes-may-be-stolen-through-wifi/ http://www.call-a-geek.com/2016/09/16/your-keystrokes-may-be-stolen-through-wifi/#respond Fri, 16 Sep 2016 15:01:36 +0000 http://www.call-a-geek.com/2016/09/16/your-keystrokes-may-be-stolen-through-wifi/ There have been papers written and demonstrations conducted in recent months to show how it’s possible to wirelessly log your keystrokes. All of those demonstrations have relied upon specialized gear you can ...]]> yourxkeystrokesThere have been papers written and demonstrations conducted in recent months to show how it’s possible to wirelessly log your keystrokes. All of those demonstrations have relied upon specialized gear you can make using off-the-shelf components, but given that requirement, it limits the pool of hackers with the technical skills to pull it off.

Recently, however, a new method has been devised and demonstrated by a joint research effort that combined the talents of team members from Michigan State University and Nanjing University in China. Their new method does not require the hacker to create anything new or exotic, but rather, to simply gain control over a router.

Wireless routers track and monitor the signals on your network, including signals sent by your wireless peripherals. If you’re using a wireless keyboard, each time you press a key, it sends a signal of a slightly different wavelength to the CPU, which translates that signal, and displays the appropriate letter or symbol on your screen.

The research team was able to reverse engineer an algorithm that could identify which keystrokes generated what frequencies, and use it to provide a map of every keystroke entered. Their first try yielded a result of better than 96% accuracy. No doubt, with additional refinement, this percentage could be pushed even closer to 100% than it already is.

The only real downside of their method is the fact that the range is fairly limited. If the router is more than 12 to 15 feet from the keyboard in question, accuracy falls off markedly, but this could also change with further refinement, and as routers themselves become more powerful and robust.

The bottom line is that researchers have now demonstrated a method of keystroke capturing which relies on traditional hacking targets (routers), and requires no specialized, custom-built equipment to pull off. Not a month goes by that some new, innovative hacking technique is brought to light, and a new threat is found to guard against. This is yet another of those.

Used with permission from Article Aggregator

]]>
http://www.call-a-geek.com/2016/09/16/your-keystrokes-may-be-stolen-through-wifi/feed/ 0