encryption

We invest so much time on our devices that we forget they contain some of our most sensitive information.  Here are 3 data encryption options to consider.

Encryption is a method of transforming your data into something that is illegible to anyone without a key. The key, often a long series of letters and numbers, is what returns your data back to its original state so you may access it again.

There are a number of methods for you to protect your sensitive information on your device.

Whole Disk Encryption

This type of encryption encrypts your entire drive and everything on it. You can encrypt any number of volumes or drives that are connected to your computer. If your hard drives are physically stolen out of your computer, the thieves wont be able to access them without the right key. This is good practice for businesses that keep their data locally on a server. If you happen to have the Enterprise version of Windows on your device then you have the built in Bitlocker software bundled with your OS for free that can encrypt all your drives. There are also free open source options for you if you do not have the right version of Windows.

veracrypt

A great free option is VeraCrypt, the spiritual successor to the wildly popular but now defunct TrueCrypt.

File Encryption

A drawback of whole disk encryption is that your device may take a slight performance hit for being entirely encrypted. For some that is not worth it if they only have a few files or folders to encrypt. If you often have to share your computer with family members or friends this is a great solution. This option lets you encrypt files and folders with just a few clicks. It puts a password on the folder in before allowing access to it. In most cases all you have to do is right click on the file or folder and press the encrypt button. You are then shown steps to follow to complete the encrypting process.

axcrypt

AxCrypt is a great free utility that seamlessly integrates with Windows so encrypting your folders are just a few clicks away.

Compression Encryption

This is very similar to file and folder encryption. It’s possible that most users who have come by a .zip or .rar file already software to see the file contents. What you may not know is that these programs can compress your file size and encrypt that file at the same time. They also seamlessly connect to windows explorer making it just a few clicks effort to encrypt and compress files.

7-zip_encryption

Popular compression software which supports encryption includes 7-zip and WinRAR.

Encrypting your sensitive information is good practice for anyone with critical or sensitive information. Once the device has been stolen or the data accessed by a third party, it’s too late.

For more ways to protect your sensitive business data, contact your local IT professionals.

Read More


Flash Player 0-Day Vulnerability Yet to be Patched

Learn all about the latest 0-Day Flash Player Vulnerability. By following this practical advice, you can improve your chances of staying protected.

An overview

Adobe has recently released a security update for Flash Player that fixes the exploited vulnerability in the attacks. Adobe investigated the threat and reported that an exploit has been developed, which gets around the latest update.

Kafeine, a security researcher, posted on a blog to convey the Flash vulnerability discovered by exploit kits. These kits are software tools that work on automation. The actual exploit packs help hacked sites to send out the malicious code. Kaffiene’s blog disclosed the Angular Exploit Kit, a popular crime-ware package that targets Flash player vulnerabilities. It’ll cleverly adapt to work in a certain way according to the version of Internet Explorer it detects in a Windows system.

The Flash Vulnerability

The vulnerability also exists in the Linux and Mac versions of Flash Player; however, the attackers targeted Windows and Internet Explorer users as well. Flash users must update the player as soon as possible. It is possible that the update might not fix all the holes in Flash.

An Adobe patch was developed to address the exploited Flash vulnerability; however it doesn’t address another active vulnerability that’s available for it.

Although the exploit, known as CVE-2015-0310 was downgraded, it was still used in the attacks related to the previous versions of Flash. The earlier versions of Chrome are also safe to use. Internet Explorer 10, IE11 and Firefox were supposed to update automatically to the latest versions of Flash. As for Google Chrome, its latest version is 40.0.2214.91, and currently runs Flash version 16.0.0.257.

Internet Explorer users would need to apply the patch twice. For instance, one on IE and the other on any alternative browser such as Opera or Firefox.

A word about dynamic website content

Since many websites rely on Flash player to display dynamic content, it would be easier if such sites opt to only use HTML5 to load multimedia. The click to play is one option to limit Flash content on the browser whilst it automatically renders.

An example of Flash click to play.

An example of Flash click to play.

At the same time, it’s impractical for most web users to remove Flash player completely, except for Internet Explorer which usually blocks Flash from rendering its content. The click to play feature is often preferred by many users.   It allows users to see the blocked content with only a click over the boxes. However, this will enable Flash content but bear in mind that the click to play feature will also block JavaScript from loading.

Stay updated

It is important to keep Flash Player updated to avoid being a potential target of attack. The latest versions of Flash are available, but be cautious of the unwanted add-ons that come with the Flash player versions. Once you un-check the pre-checked box, before downloading the Flash Player, the potential ad-on will not be included in the download.

For more ways to secure your data and systems, contact your local IT professionals.

Read More


Windows 8.1 Administrator Access

Google publicly disclosed a Windows 8.1 bug that allows administrator access to PCs. The disclosure highlight a vulnerability affecting millions of users.

This has left Microsoft outraged, especially considering that they were about to release a patch for it.

The news originated from Forshaw, one of Google’s researchers who found the bug and published it online. The bug is backed up by the Google’s POC (proof of concept) scheme, which was tested on an updated version of Windows 8.1. It’s not entirely clear whether earlier versions of Windows, such as Windows 7 operating systems, are also affected by the bug.

Microsoft went on to express their displeasure by stating that such bug reports shouldn’t be released until after a fix has been made available.

According to Microsoft, for such a bug to cause problems, the perpetrator trying to access the computer would need to know the password of the local machine. This is still a big enough risk to have over a network, as any hacker will use this simple fact as motivation to steal passwords and ultimately gain elevated user privileges.

An unpopular decision?

Google’s Project Zero carries out research and bug testing on various systems. Once they find a bug, their policy is to give 90 days for the vendor to fix the issue.  The 90 days disclosure time had passed and Google went ahead and published their report a couple of days short of Microsoft releasing an update, on their patch Tuesday.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

It leaves little to guess why Microsoft recently pulled their ANS (Advanced Notification Service) from the general public and made it only available to paid Premier support clients. This means that only paying customers would know of the security issues before their scheduled release on Patch Tuesday.

The vulnerability: Briefly explained

An internal function exists within the Windows 8.1 operating system, known as AhcVerifyAdminContext. Google’s proof of concept tested this using a couple of programs and some commands to bring up the calculator in Windows as an administrator.

Vulnerability Overview:

  • The vulnerability in unpatched versions of Windows 8.1 has a function which consists of a token. The problem is that this token doesn’t correctly verify if the user logged onto the computer is an administrator.
  • It checks the footprints from user’s impersonation token and matches these between the user’s SID and the system’s SID.
  • What it doesn’t do is verify the token’s impersonation level against anything else.
  • This leads to the vulnerability where an identity token can be added from a local process on the system, and as a result, skip the verification stage.
  • This vulnerability only needs to be exploited by someone who knows that it’s available on an un-patched version of Windows 8.1.
  • The hack could be something like an executable that creates a cache, and uses a registry entry on the computer to reload itself.
  • All that would be required is to use an existing application on the computer to run and elevate these privileges.

The proof of concept Google used includes two program files and a set of instructions for executing it. This resulted in the Windows calculator running as an administrator. Forshaw states that the bug is not in UAC (user access control) itself, but that UAC is used as part of it to demo the bug.

Protecting Yourself and Your Business

We suggest keeping your anti-virus updated, along with Windows Security Updates to patch up known vulnerabilities on the computer. Depending on your office set-up, it is also a good idea to enable firewall on PCs too if not at least your network.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More


Virus Spreading over USB Thumb Drives

To stay safe from infections, we’re going to look at how viruses spread over USB thumb drives and how you can protect yourself and your business.

Why would anyone deny the comfort level enjoyed with using USB thumb drives to conveniently transfer data? Beneath it all, there’s more to that data transference than meets the eye.

How Viruses Spread over USB Thumb Drives

It starts with attaching a USB Thumb Drive to a device for it to infect the computer. The machine is then infected using the Windows AutoRun feature which is trigger when a storage device is plugged in. Not only is the data transferred, but the device in which the data goes in becomes infected with malware (virus) and malicious software, causing damage or data loss.

autoruninf_thumb

The virus likely originates from the infected device the USB was connected to before. The process of transferring viruses can stem back through a chain of infected hosts, bringing with it a trail of disruption.

At present, it’s highly likely that most USB Thumb Drives connected to an infected device or PC hoards a virus in it. For instance, a new virus threat known as “BadUSB” works off USB thumb drives and is claimed to be unstoppable, according to security researcher Karsten Nohl.

Types of Viruses

The following types of viruses can infect a computer when the user runs or installs the infected program. Infection can occur through something downloaded from the Internet, or in most cases, loaded onto the computer from USB thumb drives.

  • Worm –a program that replicates itself by exploiting vulnerability on a network.
  • Trojan horse -appears to serve a useful purpose, but actually hides a virus, thus infecting the computer by tricking the victim into installing it willingly.
  • Rootkit – makes itself difficult to detect by hiding itself within the system files of the infected operating system.
  • Spyware -designed to covertly spy on a user and report information back to the originator.
  • Spam – common method of transmitting malware onto a user’s computer, usually via unsolicited email messages containing infected attachments or links to exploited websites.

How to Protect Yourself and Your Business

The most effective means of transferring virus for the hackers are through public data bases. Firstly, it is extremely important for anyone to restrict the use of USB thumb drives on computers based at net cafés, coffee shops, copy shops and even at an airport or a hotel, as they are for public use.

You never know which computer might be infected so plan to use business or personal systems over public computers as they are more vulerable to infected USB Thumb Drive viruses. Secondly, it’s best to run a firewall and update to the latest virus definition on any personal or business computers.

Turnoffautoplay_thumb

We suggest disabling the Auto Run functionality of the drive and avoid downloading “free online software” to better protect any USB thumb drive from adopting those menacing viruses.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More


binary stream

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

Zero-day Internet Explorer Exploit CVE-2014-8967

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

Windows_XP_End_of_Support

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP.  An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

For more ways to secure your systems, contact your local IT professionals.

Read More