Tag archive for "security" | Sarsfield Technology (page 4)

Chinese Hackers Exploit IE Vulnerability in a Concerted Attack – Make Sure your Browser is Protected

Early January, Google released a report detailing attacks on its infrastructure which it claimed to have originated from China. In the wake of its announcement, another report came out detailing what is purported to be an “organized espionage operation” originating from China. Known as “Operation Aurora”, the attack attempted to siphon information from 33 companies in the US, including Google. The attackers are believed to have exploited a vulnerability in Internet Explorer (IE). The vulnerability affect IE 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and IE 6, IE 7, and IE 8 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. In the wake of the attacks Microsoft released a patch to address the vulnerability. If you are unsure if this patch has been applied to your systems, contact us for help. Related links: More Security Flaws Found in Internet Explorer (Mashable)

RealPlayer Users Beware

RealNetworks , developers of RealPlayer, a popular real-time streaming media player, recently released an advisory about vulnerabilities that when exploited could trigger remote code execution attacks. The firm reports at least 11 critical vulnerabilities that expose Windows, Mac, and Linux users to malicious hacker attacks. RealPlayer is a favorite target for malware and fraudware writers, and users are advised to download the latest software update. If you don’t use RealPlayer, you’re best advised to uninstall it immediately. Need help in making sure your applications are safe to use? Contact us today. Related links: Bogus IQ test with destructive payload in the wild (zdnet) Tor project suffers hack attack (zdnet) RealPlayer Exploit Infecting Windows Machines (eweek)

Phishing Alert for QuickBooks Customers

IMPORTANT UPDATE FOR QuickBooks Customers: Intuit is receiving reports of individuals receiving fraudulent emails from QuickBooks or QuickBooks Online. The two separate emails ask customers to either download a plug in to assess their security or download a Digital Certificate. Customers should delete either of these emails. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down. More at the Intuit website

New Study Reveals Extent of Losses Due to Phishing Attacks

Trusteer , a security solutions vendor, recently released the results of their study which shows how successful phishing attacks are, how many users respond to phishing attacks, and how many users submit their login information to criminal websites. The results are alarming. Among them: Each phishing attack involves a very small percentage of customers (0.000564%), but due to the large number of phishing attacks, the aggregated number is significant 45% of bank customers redirected to a phishing site divulge their personal credentials 0.47% of bank customers fall victim to phishing attacks each year, translating to $2.4M-$9.4M in annual fraud losses per one million clients Each financial institution was targeted, on average, by 16 phishing websites per week, translating to 832 phishing attacks per year per bank brand Despite efforts by browser developers and security vendors to protect users from phishing attacks, a small number apparently are still able to bypass anti-spam/phishing protection – and when they do, the results can be damaging. Let us help you protect yourself from phishing attacks. To find out more contact us today. Related articles: Garlik’s UK Cybercrime Report 2009 Released (pindebit.blogspot.com) Chat In the Middle Online Banking Threat (pindebit.blogspot.com) PC Users Targeted As Online Fraud Soars (news.sky.com) Less than 0.5% of online banking clients fall for phishing scams each year, report says (seattlepi.com)

Majority of firms struggle with security as new technologies are adopted

New research from the Ponemom Institute and Lumension , shows that a majority of firms are struggling to secure data as users quickly adopt new and emerging technologies such as mobile, cloud computing, and collaborative Web 2.0 technologies. The study, which surveyed IT security and IT operations practitioners, shows that many (44 percent) feel that their IT network is less secure than a year ago or that their IT security policies are insufficient in addressing the growing threats arising from the use of new technologies. Budgets are also a limiting factor, with many feeling that IT security budgets still aren’t what they need to be to fully support business objectives and security priorities. Other findings from the report: 56% said mobile devices are not secure, representing a risk to data security 49% said data security is not a strategic initiative for their company 48% said their companies have allocated insufficient resources to achieve effective data security and regulatory compliance 47% cited a lack of strong CEO support for information security efforts as a reason for ineffective data security programs 41% said there was a lack of proactive security risk management in their organization Just as large companies worldwide struggle to keep up with security, many small businesses do so even more. If you need help understanding the security implications that new technologies bring to your organization, contact us so we can help. Related articles: Companies face IT attacks in uncertain economy: Ernst & Young (newswire.ca) Keeping America’s information safe offers a secure career (techburgh.com) Cloud Security and Privacy (oreilly.com) Computer Security Challenged By Web 2.0 ‘Endpoint’ Growth (Investor’s Business Daily via Yahoo! News) (slumpedoverkeyboarddead.com)

Cyber-crime through the ACH system continues to spread

If you are using an automated clearing house (ACH) system to manage your funds, then you had better be extra careful. The Federal Bureau of Investigation (FBI) has warned ACH users – particularly small businesses – to be on the lookout for ACH system fraud, which has already scammed as much as $100 million from unsuspecting victims. The FBI is working with the National Cyber Forensics and Training Alliance (NCFTA) to determine a solution for the problem and to catch the criminals behind these multi-million dollar scams. All it takes is a seemingly harmless email to an organization’s bookkeeper or accountant to give hackers access to all their accounts. In a technique called “phishing”, these criminals send electronic correspondence laced with attachments disguised as documents or genuine applications (like an update for Windows, for example), or links to supposedly legitimate websites. Once a recipient clicks on these links or installs the software, the hacker installs a keylogging program in their system, giving them access to passwords and other sensitive account information. The siphoning off of funds happens fairly quickly. Some hackers set up ACH transfers to unaware third party groups that typically do payroll processing tasks for international companies, which in turn transfer the money overseas. Others create fake names on a payroll system which automatically siphons off money into preset accounts enrolled in a similar system. According to the FBI, the usual victims are small businesses because of their tendency to work with smaller, less secure banks. It’s the FBI’s conclusion, indicated in a report by their Internet Crime Complaint Center (IC3), that smaller banks lack the proper security measures, which gives hackers the capacity to abuse the ACH system. “In several cases banks did not have proper firewalls installed, nor anti-virus software on their servers or their desktop computers. The lack of defense-in-depth at the smaller institution/service provider level has created a threat to the ACH system,” the IC3 report reads. More details about this story can be found here. (http://www.computerworld.com/s/article/9140308/FBI_warns_of_100M_cyber_threat_to_small_business?taxonomyId=17&pageNumber=1)

Survey Shows Poor Security Awareness Among SMBs

The National Cyber Security Alliance (NCSA) and Symantec recently released the results of a survey they did as part of National Cyber Security Awareness Month to assess the awareness and preparedness of small businesses (51 or fewer employees) in countering cybersecurity threats. Some notable findings: Only 28% have formal Internet security policies in place Only 25% provide even minimal Internet use/Internet security training to employees Those companies that do train spend less than 5 training hours per year on average 86% do not have an employee focused on Internet security More than 90% believe they are protected from malware and viruses However: Barely half of the businesses surveyed check their antivirus software weekly to insure they’re up to date 11% never check security tools to make sure they’re current For many, it seems, online security is simply not a top priority, falling far behind other issues such as meeting payroll and managing cash. But this is dangerous thinking, since more and more companies’ operations have become highly dependent on their IT infrastructure and the Internet for communications and business transactions. How about your business? Is it secure? Call us today and find out how we can help. Related articles: Fake security software ‘installed on millions of PCs’ (telegraph.co.uk) Celebrating National Cyber Security Awareness Month 2009 (googleblog.blogspot.com) Symantec lists “Dirtiest Web Sites” (canada.com)

Phishing scam targets Hotmail users

Hotmail, Microsoft’s free online email service, finds itself in hot water when 10,000 email accounts usernames and passwords were recently discovered posted in a code-sharing website. BBC News has reported that these Hotmail account owners, mostly from Europe, were victimized by a phishing attack. Microsoft is currently investigating the incident, and hinted that there may be more users who have inadvertently compromised the privacy of their email accounts. The total scale of the phishing attack has yet to be determined, since the 10,028 Hotmail usernames and passwords are only of users whose names begin with A or B. Microsoft has confirmed the accounts to be genuine. Microsoft has also taken action to remove the passwords and usernames from the website. As of now, there is no news regarding what action the software giant will take against the instigators of the attack, nor what the impact will be to the owners of the compromised accounts. Microsoft has advised users to immediately change their passwords, and warned email account holders to be more careful in responding to emails. Phishing is an online scam in which email accounts are sent fake emails disguised as legitimate correspondence from trusted websites. Once the recipient clicks on a link included in the email, his or her account is then compromised, allowing phishers to gain access to account information as well as other sensitive information, including bank passwords and credit card accounts. The original BBC story can be found here .

SMBs Investing More in Security Solutions

A recently released a report entitled “Voice of IT: State of SMB IT”, detailing purchasing, technology usage, and IT staffing trends among small and medium businesses worldwide. The report surveyed over 1,100 IT professionals working in SMBs, 80 percent of whom were decision makers or influencers within their respective companies. Not surprisingly, a substantial number (39 percent) of the companies surveyed cut their IT budgets in 2009, with an average cut of 22 percent from 2008 levels. Among the areas where companies are saving money is hardware, with the average planned lifespan for machines such as desktops, laptops, servers, and switches increasing by 26 percent. Despite this, a significant number (31 percent) report that budgets remained flat, while as many as 30 percent reported an increase in budget in 2009 from the previous year. Among the areas where companies are investing money is in software, specifically security software. 46 percent of SMBs indicated that they plan to invest in antivirus and antispam software, while 38 percent plan to put their money in data backup and recovery software. A growing trend is virtualization, with 30 percent of participants planning to invest in virtualization solutions. How does your company compare? Do you think your company is investing enough in IT security? Contact us now to see how we can help you invest your IT budget where it brings the most value.

Watch out for “dirty” websites

In a previous post, we pointed out how just browsing the web these days can possibly infect your PC with malware . To show how dangerous surfing can become, Symantec recently released their list of the “Dirtiest Websites of Summer” – the top 100 infected sites on the Internet based on number of threats detected by their software as of August 2009. The list identifies websites that could compromise security with risks including phishing , malicious downloads, browser exploits, and links to unsafe external sites. Some interesting findings from the study: The average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for most sites 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site 48% of the Top 100 Dirtiest Web sites feature adult content 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months Viruses are the most common threat represented on the Dirtiest Websites list, followed by security risks and browser exploits You can read more about this research at Symantec’s website. If you suspect your PCs are at risk, or if you want to ensure your website doesn’t get hijacked by cybercriminals, contact us. We can help. Related articles: Symantec lists “Dirtiest Web Sites” Virus Security By Leveraging Community And Clouds Smartphone users need more security

Prev 1 2 3 4 5 6 7 Next