fbpx

News

Tech Talk – Feb 21 Edition

It’s that time again, the latest edition of Tech Talk has arrived.  In this edition:

  1. Boost your productivity with Microsoft Teams
  2. Make remembering passwords a thing of the past
  3. Win a $50 JB Hifi Gift Card

Tech Talk Monthly – Jan Feb 21

 

Managed Updates vs. Automatic Updates: What’s the Difference?

Any PC user is familiar with the frequent interruption and nuisance caused by update notifications. You’re probably so used to dismissing them by now that it has become a reflex action. However, those updates are essential for your device’s productivity and security. Ignoring these updates only slows down and jeopardizes your device.

Automatic updates

There are two ways to install these updates: automatic and manual. Automatic updates seem like the obvious choice because of how handy they are. All modern operating systems have the option for automatic updates. You can simply set your device to update automatically every time there’s a new patch or update without having to think twice about it. As perfect as it might seem, the automatic update system has its drawbacks and can even cause more harm than good.

Drawbacks of Automatic Updates

  • Updates are not guaranteed for all the software on your system. Some applications may not have an auto-update facility. As a result, they get left out of patches. Thus, automatic updates can create a false sense of security.
  • Manual updates are needed for firmware and special types of files.
  • Updates that haven’t been properly vetted can cause serious problems.
  • Updates can take long to download and install, leading to significant downtime.

Managed Updates

To safeguard yourself against these issues and to ensure efficient, up-to-date systems, it’s important to have a comprehensive plan for updates. A routine management strategy for testing and deploying updates can save you from a lot of frustration and security vulnerabilities. You can manage updates manually or by using group policy or use management tools for large organizations. Begin by having an update policy.

Update Policy

An update policy ensures efficient, predictable update processes. This can help users avoid downtime by planning their work and incorporating updates during inactive times. It also sets protocols in place for dealing with unexpected issues, including rolling back failed updates. The policy addresses several types of updates, like Patch Tuesdays, firmware updates, and feature updates.

In order to generate an update policy, consider the following aspects:

  • When to install monthly updates: Monthly cumulative security and reliability updates are downloaded and installed within 24 hours of their release on Patch Tuesday. You can also defer these updates for up to 30 days. This gives you time to test the update for compatibility and not simply to procrastinate.
  • Restarting PCs to complete installation of updates: Most updates require a restart to finish installation, and usually, this takes place outside of the Active Hours setting of 8 am-5 pm. However, if your active hours differ, you can change the setting to an interval that suits you, up to 18 hours.
  • Pending updates and restart notifications: Users have limited control over these settings. However, more options are available using Group Policy settings.
  • Out-of-brand updates: Sometimes, Microsoft releases security updates outside of normal Patch Tuesdays. Make sure you have a plan regarding these infrequent updates.
  • Update failures: Have a plan to deal with a situation in which an update fails to install or causes problems.

Managing Manual Updates

Small businesses, including individual-run businesses, can configure Windows Update manually. Just go to Settings > Update & Security > Windows Update.

You can select the Change Active Hours option to schedule restarts that will help you avoid downtime. You can also go to Advanced Options and regulate the settings under Choose When Updates Are Installed.

Feature updates can be deferred by a maximum of 365 days, and monthly updates can be deferred by 30 days. For version 2004 and later, these options are not available. You need to adjust Group Policy settings to adjust delays in installations.

Managing Updates Using Group Policy

All of the manual settings can be applied using Group Policy, and it enables you to go beyond what’s available in Settings. These policies are almost exclusively available for Windows 10. You can check out the Windows Update for the Business feature in Computer Configuration. With this feature, you can:

  • Choose a servicing channel and set delays for feature updates.
  • Set delays for quality updates.
  • Manage preview builds.
  • Choose a specific feature update version for subsequent scans.

Additional configurations include:

  • Remove user access from the “pause updates” feature to avoid interference with the installation.
  • Prevent users from changing any Windows Update settings.
  • Allow updates to be downloaded automatically or on devices using a metered connection.
  • Prevent Windows Update from installing device drivers.

Conclusion

While automatic updates may seem like a quick fix to newly discovered performance and security issues, they are not perfect. If handled incorrectly, automatic updates can wreak havoc. Managed updates, on the other hand, strike a balance between staying up-to-date and avoiding chaos. Thus, the wise choice would be to make some effort for your system’s health and manage your updates.

Spoofing Professional Identities Has Never Been Easier Due To LinkedIn

LinkedIn — one of the world’s most influential platforms for business professionals — has progressed over the past few years. However, with its rapid growth, LinkedIn has experienced a budding problem with fraudulent profiles.

In the majority of the cases, these fake profiles have attempted to collect information from other legitimate profiles, along with a good-looking photo, to make the request look valid. But connecting with a fraudulent account can provide scammers access to vital information about you, including the details about your company, addresses, and professional contacts.

Scammers can use this powerful information to craft detailed and convincing phishing and other scams. Because of these risks, it’s best to know how to spot fraudulent LinkedIn accounts, and to ensure you do not connect with them. However, before we proceed onto the steps to avoid falling prey to phishing attacks, let’s understand what phishing is.

Image by Tumisu from Pixabay

Phishing Attacks

Phishing is a fraudulent attempt to collect confidential information online, including professional contacts, usernames and passwords, company information, and bank and credit card details. Most phishing attacks are conducted with the scammers impersonating themselves as a trustworthy individual in digital communication.

LinkedIn now has over 760 million users, with more than 260 million monthly active users. It is one of the largest professional and trustworthy platforms used by businesses and people for career progression. But it also consists of people who carry out criminal activities.

LinkedIn Phishing Attack Methods

Put simply, LinkedIn is one of the most popular sites for criminals to obtain user information and other sensitive information with phishing attacks.

Lately, there has been a rise in LinkedIn phishing attacks. Given below are some of the most common methods for conducting LinkedIn phishing attacks that you need to look out for. Scammers might use some or all of these tricks.

Connections with Fake LinkedIn Accounts

On LinkedIn, users are motivated to develop connections and engage with them on a professional level. However, not everyone has good intentions. Social media platforms are filled with fake profiles, and this form of scam is popular on LinkedIn because of the professional nature of the platform.

What’s wrong with fake LinkedIn members? Phishing attacks. These scammers are known to develop a rapport with their targets via posts/emails/comments/messages. As LinkedIn is a professional platform, it’s easier to trust all the profiles in the platform.

Pretending to be an Authentic Profile on LinkedIn and Obtaining Information

If you are active on LinkedIn, you might be familiar with getting tons of emails. Scammers and attackers have used this to their advantage by forwarding messages pretending to be LinkedIn. This type of scam will usually be in the form of a fake email sent from a profile impersonating a business professional. This email may comprise a hyperlink that is requesting more personal data. Once visited, you could be directed to a website that looks exactly like LinkedIn. This page will ask you for your personal credentials, and after entering it, your credentials will be forwarded to the scammer.

LinkedIn In Mail Scam

This scam is sent in the form of a direct message via the inbuilt messaging system and typically contains a link to a malicious website, which the hacker could use to collect personal information or to try and get you to download virus-infected software onto your laptop.

Final Thoughts

Given below are some of the few tips to help you protect against phishing attacks:

  • Avoid responding to emails asking you to install any suspicious software.
  • Avoid emails or direct messages containing poor grammar or writing.
  • Check the email address of any emails appearing to be forwarded from LinkedIn. Avoid the ones that are being from a profile other than LinkedIn.
  • Even if you click a link on a message or email, check the certificate of a website.
  • Check the validity of the email by logging into your LinkedIn profile; the notification should be present in there, too.

Newest Windows 10 Update to Remove Adobe Flash Player

Adobe announced in a statement that after December 31, 2020, it would no longer extend its support for the Flash Player. Moreover, it will also block Flash content from the player after January 12, 2021.

In this context, the most recent update to Windows 10 will bid a final goodbye to Adobe Flash Player for the majority of users, with the patch removing Adobe Flash Player from the operating system for once and for all. This update is currently optional and available on Microsoft’s Update Catalog, but it will be extended through Windows Update and Windows Server Update Services in the next few weeks. Microsoft stated that once the update has been applied, Adobe Flash Player cannot be downloaded.

But while the new Microsoft update will no longer support Flash Player, it won’t affect any versions of the software that have been downloaded as browser plug-ins. In any case, it is advised to uninstall versions of Flash manually, as soon as possible. Microsoft is planning another update to remove Flash from its Edge web browser, while Chrome had already removed Flash Player last year.

The Final Goodbye

Even though Adobe Flash Player holds several good memories for internet users of a particular age, the tool’s farewell has been in the headlines for a long time. Adobe announced that it would stop supporting Flash way back in 2017 and netizens had been moving away from the media tool even before then.

With other software tools being released on websites, particularly HTML5, there are all the more reasons to lower Flash usage, alongside playing traditional browser-native games. Moreover, some of the other reasons for switching to other software tools are Flash’s slow web-loading speeds, pop-up ads, and, most importantly, its security and privacy issues.

Even with the new Windows 10 update release, it’s highly likely for some Flash components to continue running on a person’s computer. Hence, it’s advisable to manually uninstall it as well, lest they continue to pose a privacy risk. Additionally, Microsoft has cautioned consumers that its latest update cannot be uninstalled once downloaded, so once Flash is removed, it will be removed for the best.

In case you have installed Adobe Flash Player from a source other than Windows, this update will not uninstall it from your PC. According to the latest Microsoft blog highlighting the end of Flash, the new update to remove Flash will be optional in the early months of 2021 but will be recommendable a few months later.

The Bottom Line

Adobe Flash has been in the news for all kinds of reasons over the last few years. While renowned for being a software tool that develops Flash games and creative content, the now obsolete media tool is enveloped with vulnerabilities.

The list of ‘Critical Vulnerabilities and Exposures’ with respect to the Flash media tool spans a number of pages — with several significant issues. Removing the software tool from operating systems and web browsers has been in discussion for a long time now, even if its elimination takes some early internet memories with it.

Flash Media Player will stop working because of the evolution of servers at present, which have taken up open standards like WebGL, HTML5, and WebAssembly. These tools have evolved to serve as viable options for Flash content.

Dark Web Marketplaces Are Selling Your RDP Credentials

Remote Desktop Protocol or more popularly known as “RDP” attacks have been the primary focus for attackers and hackers during the COVID-19 crisis because of the increased work from home (WFH) scenarios. RDP is a proprietary protocol, or a technical standard, developed by Microsoft that gives people remote access to a desktop computer by connecting to another machine or virtual apps through a network connection.

RDP credentials are being sold on dark web marketplaces for as low as $3. The credentials allow hackers and criminals to spy on companies without resorting to malware. The sale of RDP credentials is allowing attackers to retrieve data from firms in government, healthcare, retail, education, and other sectors.

Here’s everything you need to know to protect your confidential data.

Why Are Attackers Interested In It?

Hackers and attackers are aware of the fact that employees are spending their time working from home via remote access. This means that most organizations — both big and small — trust their confidential data to pass via RDP. While the proprietary protocol is reliable and effective, many IT companies fail to make security their priority.

When employees use easy passwords without multi-factor encryption and additional authentication layers, it becomes easier for attackers to use RDP to gain access to sensitive data. Besides, this opens the door for data breaches, espionage, and more. In forums on the dark web where RDP access credentials are being sold, merchants offer access to thousands of computers for as less as $3 for Windows XP to $9 for a Windows 10 system.

Attackers can gain access to a remote network with the correct password. Moreover, ransomware teams use this protocol to execute their attack, thereby promoting their status to admin, disabling the security software, and encrypting company networks.

A team of researchers at Flashpoint have been examining authentic criminal marketplaces that sell RDP data and have gained access to global networks up for sale.

One of the most popular underground forums selling access to such networks is ‘Ultimate Anonymity Services’. It offers over 35,000 RDP credentials for sale in different countries for a range of Windows Operating Systems (OS).

The group behind the store posts ads in Russian and English, and similar to most Eastern European-based operations, UAS doesn’t sell credentials of Russian accounts. The researchers found thousands of credentials in India, China, and Brazil for sale in the store. It mostly offered credentials for targets across the U.S., particularly around California, Virginia, and Ohio.

How Can You Make RDP More Secure?

The best way to protect your systems against this vulnerability is by using a blend of brute-force attack monitoring and dark web monitoring techniques. The former alerts the admin of failed login attempts, while the latter determines the employee login data that has already been sold online. However, to avoid vulnerabilities found in previous versions, it is crucial to ensure that the latest version of the protocol is being used.

Organizations can shift to Windows Virtual Desktop. Its robust management, inbuilt security, multi-session Windows 10 capability, and optimizations for Microsoft 365 apps makes it the perfect solution. On the other hand, OneDrive can also be installed to access files securely or for file-sharing purposes.

Other alternatives include a virtual private network (VPN) using MS Terminal Services Client. However, at the 2019 DEF CON hacking conference, the majority of security flaws in the most popular VPNs were revealed.

The Bottom Line

If your company is using RDP, you need to be in touch with cybersecurity professionals to ensure that your network has the highest level of security. Azure has some excellent inbuilt security options for Windows Virtual Desktop and is increasingly becoming the best choice for businesses to replace outdated and less secure RDPs. Secure remote network setups are available for businesses of all sizes — only if you know where to look.

Biometrics As-A-Service Allows For New Innovations, But At What Cost?

Biometrics as a Service: Innovation at a Cost

Modern technology and the internet have allowed businesses to provide virtually anything as a service. Everything-as-a-service is convenient for the customers and profits the enterprises, making it a trendy, feasible business model.

Biometrics is no exception. The application of analytics on biological data, biometrics is a trending vertex between technology and biology capable of identifying and verifying people. Biometric technologies such as fingerprint, retina, and facial scanners are already becoming a significant part of technology. From our phones to secure door locks, we see biometric technologies all around us.

However, companies today are selling biometric data to buyers, allowing businesses to track virtually any human they wish.

Biometrics as a Service is becoming a popular stream that’s home to countless innovations in the field of AI. But there are certain risks associated with BaaS that are a threat to your privacy.

In this post, we’re going to explore Biometrics as a Service, its advantages, its dangers, and the future of BaaS. Let’s begin!

What is Biometrics as a Service?

Biometric data such as fingerprint and retina scan are helping countless industries become more secure with reliable verification. As biometrics becomes alluring to an increasing number of businesses, Biometrics as a Service has become an alluring alternative to purchasing biometric technologies.

In a nutshell, Biometrics as a Service is a company that keeps records of everyone’s biometric data and maintain servers that run biometric software. This company leases the data and/or biometric software to other enterprises.

Taking advantage of cloud computing, companies can identify people using their biometrics without ever having to maintain their own biometric database and technologies!

The Benefits of BaaS

The main advantage of biometrics as a service is that businesses can quickly add and adapt to biometric data, software, and infrastructure with little investment of time and money.

A prevalent use case for BaaS is companies don’t have to keep any biometric database while they can easily verify the identity of employees and/or customers. They don’t require any software or infrastructure, and thereby no special biometric IT staff.

A more serious use case for BaaS is for the government and law enforcement agencies. Police can tie up with biometric service providers, using which they can simply upload a photo of the victim or a blood sample, and the biometric software can provide all the crucial details of the criminal.

The Dangers

While BaaS makes biometric data faster and easier to access, record, and maintain, there are serious privacy issues concerned with the same.

To begin with, promoting BaaS is also promoting the centralization of data. This means a single company has essential data of a lot of people in the world. In a world where data is empowering entire businesses, this can be dangerous.

Moreover, as an individual, you might not want to have your biometric data in the hands of a private organization. However, as BaaS becomes more prevalent and biometric companies gain access to your images on social media, your privacy becomes endangered.

Ultimately, BaaS without regulations will make you less valuable than your data. Any organization can get your biometric and other data and use it to manipulate your behaviour and influence your choices.

The Future of Biometrics as a Service

The market has grown by over 17% in 2020 and is predicted to grow more in the years to come. Given its important benefits and grave dangers, what does the future hold for BaaS?

At present, biometrics is almost entirely focused on market products such as phones and laptops that have fingerprint and facial recognition. However, law enforcement agencies such as American detective units in sex crimes are typing up with private companies such as Clearview AI to identify targets.

In the future, law enforcement will become much faster and easier thanks to biometric software and infrastructure made available as a service.

Nevertheless, it’s crucial that the governments worldwide set limitations to what a BaaS company can do with the sensitive data of its citizens.

BaaS must be limited to law enforcement and a select group of organizations; it needs to be kept away from private companies and malicious parties. As long as biometric data is kept away from unregulated third parties, BaaS can prove extremely useful for identity verification and tracing down convicts, amongst other applications.

But with the data in the wrong hands, BaaS will become an auction system where your sensitive data will be sold to companies that bid the most, making you less valuable than the data you produce.

Tech Talk – December 20 Edition

It’s that time again, the latest edition of Tech Talk has arrived.  In this edition:

  1. Three big ways to improve your IT next year
  2. Christmas Business Gadget Round-Up
  3. Win a $50 JB Hifi Gift Card

Subject Lines That May Indicate a Spear-Phishing Attempt

By now, even those who aren’t regular users of email know not to open messages from Nigerian princes or other similar scams. However, hackers have morphed these scams into comprehensive and targeted campaigns that are both effective and extremely hard to stop.

Phishing attempts via email or messages are one of the most common security challenges that both organizations and people face in keeping their information confidential and secure. Whether it’s getting access to credit or debit cards, phone numbers, passwords, or other confidential data, hackers use email and other communication platforms to steal sensitive data. Organizations, of course, are a valuable target.

Spear phishing, on the other hand, involves sending emails to particular and well-researched targets while claiming to be a trusted sender.

The hackers intend to infect devices with malware or convince targeted people to hand over sensitive data or money.

Traditional spear-phishing campaigns either consists of infected files attached to the email or a malicious zip file. Now, bad actors have more sophisticated methods. Many infected documents are now housed on genuine websites such as Dropbox, Google Drive, Box, or OneDrive, as bad actors are aware these sites are unlikely to be blocked by the IT department.

London Blue, the Nigerian criminal group, had previously gathered information on CFOs and other financial institutions through commercial lead generation sites. Social media platforms such as Twitter and LinkedIn provide other significant data, including a person’s professional relationship within a company, and are hence helpful sources for hackers to figure out the best target and impersonation. Official websites might provide insights into technology, operations, and suppliers, while Facebook and Instagram likes might provide insight into potential targets.

After studying around 360,000 phishing emails for three months, a team of researchers at Barracuda Networks have narrowed the list down to the most common subject lines used in spear-phishing attacks. These lines often have the most successful bait for reeling in targets.

Barracuda Network’s spear-phishing report suggested that the most common subject line used in attacks is ‘Request’ — which leads to more than one-third of all the phishing messages analyzed. ‘Follow up’ and ‘Urgent/Important’ stood next in the subject line.

The basic idea behind spear-phishing attacks is to make potential targets think they need to urgently open and respond to an email, especially when the email was designed to look as if it was sent from one of their team members or their boss. This would lead to the victim answering the email immediately, without thinking.

Given below are some of the most common subject lines based on the analysis by Barracuda Networks:

  1. Request
  2. Follow up
  3. Important/ Urgent
  4. Hello
  5. Are you available? / Are you at your desk?
  6. Payroll
  7. Payment Status
  8. Invoice Due
  9. Expenses
  10. Re:
  11. Purchase
  12. Direct Deposit

Threat actors use the ‘Are you at your desk?’ subject line to convince their target to open the email. Additionally, subject lines suggesting that the email is a part of the previous conversation are also designed to trick the victim into trusting the sender, thereby propelling them to respond to the email.

A majority of the subject lines have finance and payments backgrounds. If the victim thinks that they risk losing money if they don’t respond, they’re more likely to jump into it. The same goes for emails related to finance and payments. A person might think it’d be bad for their professional relationship if they don’t pay up, especially if the request comes from their senior or boss.

The Bottom Line

To avoid falling victim to spear-phishing attacks, cybersecurity specialists recommend implementing the DMARC authentication protocol to avoid domain spoofing. Additionally, users are suggested to deploy multi-factor authentication that provides an extra layer of protection. These protocols should be implemented alongside a security software and user training.

Why Work From Home Has Prompted A New Wave Of RDP-Based Hacks

The surge in RDP-Based Attacks

The number of cyber-attacks on Remote Desktop Protocol (RDP) servers has expanded amid the COVID-19 pandemic, as a significant number of employees are currently working from home.

To remotely get to Windows workstations and servers, companies have been depending on RDP servers which is Microsoft’s exclusive protocol. As a result, there has been an expansion in brute-force attacks, with hackers taking advantage of the pandemic to attack corporate assets accessible to remote workers.

The number of RDP ports exposed to the web increased from around 3,000,000 in January 2020 to more than four and a half million in March, McAfee found after running various searches. In these assaults, the cybercriminals are trying to penetrate the RDP protocol by attempting all possible credential combinations until they hit the right one. Analysts explained searches for username, and password mixtures depend on random characters or famous or compromised passwords.

How to prevent RDP-based Hacks?

First, exposing RDP directly to the internet is not the best security practice. Slow patching can generally allow vulnerable servers to be compromised through an RDP attack. RDP should only be available after first connecting to the companies VPN.

Final Thoughts

The speed that everyone went into lockdown due to Covid-19 along with the necessity to keep business moving resulted in some shortcuts taken, which compromised security. Setting up Remote Desktop without a corporate VPN to connect to first or an RDP Gateway is a recipe for disaster, and it’s only a matter of time before the network is compromised.

1 2 3 4