Tag archive for "security" | Sarsfield Technology (page 5)

Small US Firms the Target of Online Fraud

Organized criminals believed to be based in Eastern Europe are robbing small to midsized US businesses of millions of dollars via an elaborate scheme aided by malicious software . Recent reports reveal that over the past few months, several businesses have fallen victim to unauthorized fund transfers whereby hundreds of thousands of dollars from the businesses’ bank accounts have been transferred to accounts in Europe, and in some cases, to the accounts of willing or unwitting accomplices in the United States. According to the reports the victims, usually the company CFO or owner, were sent malicious software as attachments to email, which when opened remained resident on the victims’ machines and stole the victims’ passwords to their online banking websites. The cybercriminals used this information to initiate transfers from their accounts of up to US $10,000 at a time to evade notice and detection from their bank’s anti-fraud or money laundering detection systems and protocols. Your business might be at risk. Make sure you are protected from this type of fraud by securing your PC and network from malicious software. Do not open suspicious-looking attachments and make sure you have the necessary protection in place, such as firewalls, antivirus software, and other methods of protection. Need help? Contact us today. Related articles: Comment: online banking? No thanks Know When Something is Being Installed on Your Machine Cybercrime victim? 3 telltale signs and what to do

Phishers Siphon Off Hundreds of Thousands of Dollars in Minutes

Another reason to keep your computer malware free: cyber-pirates raided several businesses as well as a school in recent attacks through the Automated Clearing House (ACH) Network. The losses, which ranged from $150,000 to more than $400,000, were accomplished by the crooks in mere minutes. Luckily for these companies, the banks managed to reverse some of the transfers. If they hadn’t, the losses would have amounted to $700,000 up to a whopping $1.2 million. The modus operandi of the hackers is simple. Making use of the ACH network, they send out “phishing” emails to account holders. When the recipient clicks on the link, malicious software – a Trojan horse or virus – automatically downloads itself to the recipient’s computer, allowing the hacker to infiltrate the system. Keylogging software (software that tracks keystrokes) is installed, which gives phishers access account numbers, names, and passwords. They then divert the company’s funds into their own accounts. ACH fraudsters can also use the same method to not only siphon off money into their own pockets, but also to establish “ghost employees”, which they insert into the payroll and qualify to receive regular paychecks. While banks are doing their best to strengthen the system, they can only do so much, and experts admit that the ACH network is a very old system compared to today’s standards. The volume of money that flows through the ACH is also so massive that it is difficult to keep track of specific amounts for specific accounts. Despite its shortcomings, the ACH system still remains widely used, and the best defence is to guard your system well. For our clients, we have firewalls and anti-malware software in place, but you should also make sure your bookkeepers and staff are briefed on how to avoid being the victim of fake phishing emails. If you have any questions or concerns please give us a call. For more details about this story, visit http://www.computerworld.com/s/article/9136334/Cyber_attackers_empty_business_accounts_in_minutes?taxonomyId=17&pageNumber=1.

Fake Security Software Could be Compromising your Security

A new report by PandaLabs , Panda Security’ s malware analysis and detection laboratory, examines the proliferation of so-called “rogueware” – malicious software that attempts to convince people that their computers are infected with malware in order to trick them into buying their “security software”. Rogueware misleads users in that it tells them that it is protecting them from annoyances (such as online ads) or harm (such as from viruses or other malware) – even if it’s not. Often these programs themselves are not malicious beyond displaying false information. However, in some cases they can be the source of harm themselves, creating a backdoor for other Trojans or viruses to enter the system. According to Panda’s research, as many as 35 million computers are newly infected with rogueware each month, many through social networking websites such as Facebook , MySpace , Twitter , Digg . Ads featuring free downloadable software are often featured, containing links or reminders to get the paid versions after first use—which earn the fraudsters as much as $34 million per month, Panda estimates. To ensure you use only legitimate security software, make sure you only use systems from trusted software vendors that are vetted by your IT advisor. For advice and help, contact us today! Related articles: Cyber-criminals targeting social networking sites Blog – Can Twitter and Facebook be Both Social and Secure? Forget about malware, rogueware is where its at!

4 Keys to Avoiding Malware

From annoying to destructive, malware is a bane to any computer system and the person who uses it. The benevolent Wikipedia defines malware (short for malicious software) as: “software designed to infiltrate or damage a computer system without the owner’s informed consent.” The good news though, is that there are simply ways to avoid getting infected by malware. Clearly having the right anti-virus and security installed and up to date is critical – that’s where we help. But it’s also important to know how you can make a difference. Here are few simple tips to help you keep your system malware-free: 1. Never click indiscriminately These days, there are ads and pop-ups, designed to induce a PC user to click on them. From sexy models to seemingly too-good-to-be-true offers and promotions, many web advertisers are counting on people’s curiosity and the impulse to click away. The thing is, many of these ads lead you to unsecure sites filled with malware. 2. Cancel Autorun. When you plug in a portable hard disk or flash drive, you computer automatically opens a window with preset options to enable file viewing for that drive. Immediately opening a flash drive allows infections to access your system, so cancel the window and scan first before opening the drive or any file inside it. 3. Never open suspicious emails. Unsolicited email is always best unopened and deleted immediately. If you don’t know who sent it, send it straight to the trash bin and delete it forever. 4. Only download if you must and only from trusted sites. Installing peer to peer downloads may be a great source of free music, media and software. But it’s not only piracy and is probably prohibited by your company policy – it’s also a fertile breeding ground for files embedded with Trojans, worms, and other forms of malware. Download files only when necessary and only do so from legitimate and trusted sites. You make the difference Your behavior online plays a big factor in making your PC and your system malware free. Especially if you’re on a network, failing to exercise caution not only compromises your system, but everyone else who’s connected to the same network. A simple click on a wayward link or ad can cause your whole company to be bombarded by spam, so always be careful in what sites you go to and what files you open and download. If you’d like us to come in and talk to your staff about this and other safe-computing habits just let us know.

Small Businesses Struggling with IT Security

New research suggests that small and midsized businesses are struggling to keep up with securing their IT applications and infrastructure. The IT Effectiveness Index report , or ITEI, provides business owners and IT executives at small and midsized businesses with a free online benchmarking tool to help them compare the effectiveness of their IT systems with companies in the same industry and peer group. Executives who take the survey are given a grade from A through F, along with a brief description of what their grade means. Nearly one in four SMBs received an “F” or failing grade in IT effectiveness, the study says. According to the report, this failure stems largely from a lack of security, a high level of downtime, and the absence of disaster recovery programs. The report revealed that about 37 percent of SMBs received a “C” grade, which indicates they are just barely getting by; only 30 percent have a fully implemented security program; and only 26 percent have fully implemented a disaster recovery/continuity plan. Is your business struggling with security? Do you want to increase the effectiveness of your IT? Consider outsourcing it to us so you can focus on your business and leave the worrying to us.

Protect Your Systems from Organized Crime Networks

While software companies have made significant progress in protecting customers from malicious online threats, these threats continue to evolve, and now a new player has entered the game: organized crime. Malware, short for “malicious software,” is designed to infiltrate a computer system without the owner’s consent. It includes viruses, worms, trojan horses, spyware, and even adware. The total amount of malware removed from computers worldwide grew more than 43 percent during the first half of 2008, according to a security intelligence report by Microsoft. According to the report, based on the type of malware most frequently found, financial gain appears to be attackers’ top motivation. And it may only get worse, because now organized crime networks are distributing malware. Don’t think American mafia; this type of organized crime is more typically loosely organized criminals from underdeveloped parts of the world. Australia’s Verizon investigative response team, which handles data breaches on behalf of that country’s major corporations, has reported that 91 percent of the breaches it found in 2008 could be traced to organized crime activity rather than insider or other threats. These organized crime networks plot to infiltrate computers—primarily American ones, which have information from which they can profit—and steal data. They may also seek out intellectual property for its potential value. “If a single piece of intellectual property is compromised, and it happens to be the secret formula to your company’s product, then that’s a business-changing event,” said the Verizon report. Although most of the malware Verizon found could not be detected by current antivirus products, around 87 per cent of breaches could have been avoided by using simple controls, according to Verizon, whose report stated that “on the whole, criminals are still not required to work very hard to breach corporate information systems.” Here’s what you can do to help protect your systems: Enable a firewall. Install and maintain up-to-date anti-virus and anti-spyware programs that provide increased protection from malicious and potentially unwanted software. Almost 40 per cent of victims Verizon investigated in 2008 did not regularly update their security software. Check for and apply software updates on an ongoing basis, including updates provided for third-party applications. Open links and attachments in e-mail and instant messages with caution. Need help implementing these safeguards? We’re here to assist!

Microsoft Releases Fixes and a Workaround for Several Vulnerabilities

The web is indeed becoming a dangerous place. These days, your PC could become infected with malware or vulnerable to a hacker attack just by innocently browsing a website or opening an email. Last July 14th, Microsoft released six bulletins with fixes for at least nine known security vulnerabilities that put users at risk in a range of Microsoft products. Many of the vulnerabilities, if not patched, can allow “remote code execution” or allow a hacker or malicious software to take over your PC and run unauthorized commands. ZDNet’s Ryan Naraine has posted a helpful summary of the released fixes: MS09-029 : This update covers two privately reported vulnerabilities in the Microsoft Windows component Embedded OpenType (EOT) Font Engine, which could allow remote code execution. Rated “critical” for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. MS09-028 : This update fixes three separate vulnerabilities ( one publicly disclosed and under attack! ) in Microsoft DirectShow, which could allow remote code execution if a user opens a specially-crafted QuickTime media file. MS09-032 : This update resolves a privately reported vulnerability in Microsoft Video ActiveX Control. The vulnerability could allow remote code execution if a user uses Internet Explorer to view a specially-crafted Web page that uses the ActiveX control . This vulnerability is currently being exploited in the wild! Rated “critical” for all supported editions of Windows XP and “moderate” for all supported editions of Windows Server 2003. Some of the vulnerabilities, notably one in Microsoft Office Web Components, do not yet have a patch. An attacker who successfully exploits this vulnerability could potentially gain the same user rights as a local user, allowing the attacker to modify or remove files on the PC remotely. This could potentially happen simply by using Internet Explorer to visit a website. A workaround exists by downloading a free utility from Microsoft called FixIt , which prevents the Microsoft Office Web Components from running in Internet Explorer. Users, as always, are advised to immediately download the updates and utilities, or use Microsoft’s Windows Update service. If you need help installing the patches or workarounds, or if you feel your PCs are at risk, contact us immediately. Related articles: Microsoft Security Advisory 972890 Released Microsoft warns of Internet Explorer security hole Microsoft issues patches, including one for IE exploit Internet Explorer’s ActiveX Security Mitigations in Use Microsoft Warns of Security Hole

Hackers Launch Cyber-Offensive Against American and South Korean Sites

Last July 4th and 5th, a massive denial-of-service attack was launched against several government and commercial websites in the United States and South Korea. According to security researchers, the attacks were the work of malware that infected PCs and routed traffic to government and commercial sites during the July 4 weekend in an attempt to take them down with the flood of simultaneous requests hitting them. Among those affected were the U.S. Department of Treasury, the Secret Service, the Federal Trade Commission, and several others. The attacks, which hit South Korean sites a few days later on July the 7th, are widely believed to have been carried out by an updated version of the MyDoom worm which gained infamy when it first hit Windows machines last 2004. The motive for the attack is not yet known. In the meantime, users are advised to scan their machines and update their operating systems to protect against known vulnerabilities. Contact us to learn more about protecting your business from a similar attack. Related articles: Mysterious cyber-attacker hits at federal websites, crisis averted? Cyber Attack Targets Government Websites Who’s behind cyber assaults?

Do Your PCs Host Dangerous Apps?

New research from security firm Secunia reveals that the average PC user has over a dozen insecure applications on his or her computer. They found that the typical user installs over 80 applications on his or her desktop, and around 15% are vulnerable to attack due to failure to patch the applications in a timely manner. Vendors normally release updates or patches to fix known vulnerabilities in their applications. This is an acute problem for software which connects to the Internet, especially if it hosts sensitive or private data. Only 2% of users make it a point regularly update their applications. For businesses, the problem could be greater with the need to manage multiple PCs. Protect your network today by letting us implement software patch management tools to manage and automate this process for you. Related articles: Keep your software up to date with Secunia Personal Software Inspector Patch management no longer just an IT problem Another year of handwringing on cybersecurity

New Swine Flu Outbreak: This Time the Virus may be in Your Computer

As if the scare from the Swine Flu virus were not enough, some opportunistic and malicious hackers have started spreading a computer virus with emails of the same name. Otherwise also known as the Navia.a virus, it seems to have surfaced during the height of the Avian Flu scare. However, the computer virus may have started spreading again. Initial reports from Japan say that the country’s National Institute of Infectious Diseases (NIID) posted on its website that a suspicious Japanese-language email message purportedly coming from them has been circulating with an attached file called “information on swine flu”. The email, originating from senders in the “@yahoo.co.jp” domain, seemed to be sent to random Internet users, the institute said. Users, as always, are advised to avoid opening attachments from suspicious-looking emails to prevent infecting their PCs with malware.While we can’t protect you from the real swine flu virus, we can help you protect your PCs from its new malicious online cousin. Contact us today to find out how. Related articles: Internet flooded with swine flu spam As If Swine Flu Virus Is Not Enough – We Now Have Swine Flu Computer Virus

Prev 1 … 3 4 5 6 7 Next