security Archives - Page 17 of 49

How Do Cookies Affect Your Cyber Security?

cookies, Ophtek, Security, Trackingcookies, Ophtek, security, trackingOphtek, LLC

Oct 2019

We’ve all seen a pop up on a website which asks you to accept cookies. And we tend to click yes. But do we know what we’re agreeing to?

Cookies have been part of the internet since the dawn of the world wide web, but most internet users are unclear on what they are. Yet, concerns have been building about them for several years now. 2011 saw the European Union (EU) passing the Cookie Law which states that websites need to seek consent before exposing you to cookies. Most popular websites attract users from the EU, so even US based websites, in theory, need to seek this consent.

The Cookie Law has heightened concerns around cookies, so it’s time to brush up on exactly what a cookie is and how it can affect your security.

What is a Cookie?

The simplest explanation of a cookie is that it’s a piece of code used to track your online activity. Naturally, this sounds sinister and contributes towards the concern over cookies. But most cookies have harmless motives. Their main objective is to remember useful information about specific users e.g. login details to keep you logged into websites and credit card details to autocomplete online forms. These ‘authentication’ cookies are useful allies for online life. But ‘tracking’ cookies receive considerable cynicism.

A tracking cookie records and broadcasts your web history, a rough location of where you are and the device you’re using. These are all pieces of data which help to identify personal information. And no internet user wants to reveal this to anonymous strangers. But these details can be shared by third-party software such as Google Analytics. This is why we live in age where personalized online ads crop up with an alarming regularity.

Keeping Safe with Cookies

Cookies carry a security risk, but as with most online activities it’s possible to negate and reduce these risks. To protect yourself for the more dangerous aspects of cookies make sure you do the following:

Always be careful when sharing personal information. Cookies can transmit this information, so tread carefully. And if you’re using a public computer then do not send any personal information.

Disable the storage of cookies in your internet browser. This reduces the amount of information being shared and can be adjusted in your browser’s privacy settings.

Browser add-ons are available that block third-party software such as cookie trackers and ensure that your browsing habits remain private.

Always make sure you have anti-malware software installed on your PC as malware can often disguise itself as harmless cookies or infiltrate advertising networks.

If a website asks you to accept cookies and you’re unsure of its legitimacy then leave the website immediately.

Final Thoughts

There have been calls for cookies to be banned, but this is unlikely to happen any time soon. There will always be some form of online tracking in our internet experience, especially while it is being pushed by Google, but you can still remain safe by being vigilant and clever.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Panda Malware Continues to Thrive and Make Money

malware, Ophtek, Panda Malware, Securitymalware, Ophtek, Panda, ransomware, securityOphtek, LLC

Oct 2019

One of the biggest threats to data security over the last few years has been crypto-malware. And, as the Panda malware proves, it can be a persistent danger.

We may think of pandas as gentle, beautiful creatures but that notion only applies when we’re talking about mammals. When it comes to malware, Panda is far from gentle. The malware in question has been active in the digital landscape since 2018 and, since then, has managed to secure close to $100,000 in cryptocurrency ransoms. And it has achieved this by constantly reinventing itself and modifying its structure. Staying one step ahead of the security experts is crucial for malware and Panda has done this with aplomb.

Understanding the motives and mechanics of Panda is important in strengthening your organization’s security, so let’s take a closer look at how it works.

What is Panda?

First identified in 2018, Panda is a form of malware which combines crypto-malware with remote administration tools (RATs) to render any infected PC under complete control of the hacker. Not only is the victim at the risk of having their data encrypted, but there’s the added danger of unauthorized access to their PC at any time. Panda achieves all of this by exploiting web applications, spreading via infected Word documents and unauthorized downloads by compromised websites. Web applications that have been found to be infected include a wide variety of industries such as social media, financial, web services and digital analytics.

How has Panda Managed to Persist?

Most malware has a relatively short lifespan due to design flaws and the talents of security experts, but Panda has persisted for over a year now. It owes this longevity to its coders and the speed at which they evolve Panda. The malware has always been an expert in stealth and this has allowed it to escape the attentions of antivirus software. Most concerning, however, is the number of additions that have been added to Panda’s arsenal since it first appeared. Reports have indicated that Panda now includes highly sophisticated exploit tools originally designed by the NSA. It’s that most dangerous form of malware: one that continues to grow in strength.

Protecting Your Business from Panda

Panda is a dangerous piece of malware, but it’s not one that you need to live in fear of. Instead, make sure you remain vigilant by implementing the following:

Regular training for your staff is essential in keeping your defenses as strong as possible. The knowledge that these training sessions provide is invaluable for keeping your staff up to date on current threats.
Crypto-malware’s main objective is to encrypt your data and then demand a ransom. Therefore it’s important that you establish a backup routine that ensures your files are kept securely in more than one location.
Monitor any unusual network activity. Panda may be highly skilled when it comes to stealth, but its operation is likely to lead to unusual traffic in and out of your network. Identifying this early on may allow you to limit the damage caused.

For more ways to secure and optimize your business technology, contact your local IT professionals.

New Domen Malware is Highly Advanced and Dangerous

Domen, malware, Ophtek, pop ups, Security, Security ThreatsDomen, malware, Ophtek, pop ups, securityOphtek, LLC

Sep 2019

There’s only one thing worse than malware: clever malware. If it’s clever then it will to be difficult to detect and remove. And Domen is exactly that.

You probably haven’t heard of Domen before, but that’s because it’s a brand new toolkit. And it’s a toolkit which is fiendishly clever. What a hacker classes as ‘good’ malware is one that is deceptive and skilled in the art of subterfuge. If it can adapt to different scenarios and conditions that it’s even better. And, again, Domen ticks these boxes.

It certainly doesn’t sound appealing, does it? And I’ll bet my bottom dollar that you don’t want your organization to fall victim to it. Well, to help you avoid the perils of Domen, let’s hold it up to the light and see what we can make of it.

What is Domen?

Social engineering is a key part of the modern hacker’s arsenal, so it’s no surprise to see Domen clutching it so closely to its digital chest. A toolkit, of course, is much more than one single application. As the name suggests, it’s packed full of different applications that can work individually or side by side to maximize its impact. Domen is most likely to be found housed within the code of a compromised website – sites based upon WordPress are particularly affected – where it lurks discreetly and quietly.

However, Domen will not lurk discreetly for long. Nonetheless, when it does make an appearance it takes a keen eye to spot that anything is amiss. The infected website will generate a pop-up window that contains a link to a malicious download. This download will initiate a PowerShell attack that leaves your PC at the mercy of hackers who will gain full control of it. Dangerous pop-up windows are nothing new, but Domen differs in that it’s adaptive to the PC it’s attacking.

Domen has been designed so that it identifies the operating system, the user’s location and their browser. It’s at this point that the social engineering aspect comes into play. Domen uses this unique data to tailor a specific pop-up window that urges the user to download a necessary update. So, for example, if you’re using a Chrome browser then a pop-up will appear for a Chrome update. And, if you’re based in France, for example, the content will be written in French.

Protecting Your Organization from Domen

It’s important that you practice vigilance when working with PCs as malware is so prevalent in the digital age. Evidence of malware such as Domen being present can include:

Your default browser homepage changing to something new without your authorization
New software installed and loading at startup
Evidence of remote access to your PC taking place

Thankfully, the PowerShell attack – initiated by the download of a .hta file – can be thwarted by protecting yourself with any good cyber-security suite. The tools contained with these suites should be able to identify the malicious .hta file and prevent it from executing on your PC. However, this can all be prevented by being vigilant and ignoring any suspicious pop-ups.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Out-of-Office Auto-Replies: A Major Threat to Security

Best Practices, cyber attacks, Cyber Security, Data Security, Ophtek, out-of-office, Safety, Security, spam emailemail, Ophtek, out-of-office, security, vulnerabilityOphtek, LLC

Sep 2019

If you’ve worked away from the office then it’s likely you’ve set an out-of-office auto-reply on your emails. However, this could be very dangerous.

The problem with most out-of-office auto-replies is that they’re usually teeming with sensitive data. And this is data that anyone can harvest simply by sending you an email. There’s no filter on who receives the auto-reply. It’s sent to everyone. And this opens you up to a whole world of danger.

Let’s take a closer look at what these dangers are and how you can avoid them.

The Dangers of Auto-Reply Emails

The type of out-of-office auto-reply email you’re likely to have sent in the past looks like this:

I will be out of the office during the week of October 21 – 27 at the Networking Conference in Houston, Texas. During this time please contact my assistant Ralph Smith on 555-2820 with any service-related issues. If you need to reach me directly then please call me on my cell at 555-1234 and leave a message

Peter Jones – Service Manager – Plant Manufacturing – Jones.Peter@plantmanf.com

This is an informative auto-reply and one that will help anyone that has a genuine interest in working with your business. But it also provides far too much information. It could compromise your safety and also the security of your organization. Social engineering is a criminal’s best friend and, in the above example, you have provided them with several pieces of valuable information:

Availability: It’s not recommended that you reveal where you are and how long you will be there for in an auto-reply. In the example above it advises that Peter will be away from the office and his home for a set amount of time. Criminals, therefore, could plan to rob his home or, even more audaciously, turn up at his office and try to gain access.

Signature: When you’re actively communicating with someone else in business it’s recommended to use a signature block at the end of your emails. This helps to underline who you are in the organization and the various ways you can be contacted. It’s an excellent communication tool, but only when it’s used wisely. You don’t want this information being sent to just anyone, so it’s best to remove this from your out-of-office auto-reply.

Live Email Address: When it comes to email-spam there’s nothing the spammers love more than a confirmation that their spam has landed. And, when you set up an auto-reply, this confirms to any spammer that your email address is live. This information is then logged, automatically by spam bots, and your email address added to further spam lists as a worthy target.

Chain of Command: It’s important to limit the organizational details in your out-of-office auto reply message, so revealing that, for example, Peter’s assistant is Ralph Smith is not a wise move. This not only helps to leak a further individual’s contact details, but it reveals an insight into the chain of command that’s in place. And this could allow a criminal to impersonate Ralph Smith to gain further access to your data.

Final Thoughts

The key to a safer out-of-office auto-reply is to provide minimal specifics when it comes to your excursion. You shouldn’t provide contact details and it’s safer to simply state that you’re unavailable when it comes to your location. By reducing the amount of sensitive data in your auto-reply you should be able to thwart any criminals and any security risks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

What are the Most Common Computer Network Problems?

Data Security, Internet, IT Best Practices, Network, Ophtek, Windows Server, wireless networknetwork, office IT, Ophtek, security, ServerOphtek, LLC

Sep 2019

Getting to grips with problems relating to your computer network can be a frustrating affair, but it’s one which is likely to happen on a daily basis.

Computer networks are, after all, highly complex systems that comprise various components and are in use by multiple users. These structures may bring many benefits, but they can also be a recipe for disaster. And, if your network fails or experiences any issues, then your organization’s productivity is going to be affected.

Your main objective, with your computer network, should be to keep it online and functioning correctly. But you can only do this if you know what the most common computer network problems are, so let’s take a look:

Slow Connectivity: If there’s one thing that frustrates an employee then it’s slow connectivity over a network. PCs can grind to a halt and even the simplest task can take an age to complete. It’s often caused by large file transfers, so a limit should be put in place on the size that is permitted e.g. no email attachments that total more than 20mb as a standard rule. Sometimes this lag can also be caused by faulty network cards, so it’s important to investigate this possibility.

IP Conflicts: Each PC on your network should have a unique IP address such as 209.85.255.255, but sometimes two PCs can be assigned the same IP address. And this can create major connectivity issues for both parties. Sometimes these conflicts will work themselves out, but you can help speed up the process. Restarting the router is the simplest approach as it should assign new IP addresses to every PC on the network.

Unable to Connect to Local Printer: Printers on a network tend to be shared by multiple users, but occasionally an error can arise that leaves people unable to access the printer. This problem is often caused by a sharing issue whereby different security settings between PCs and the printers fail to agree with each other. When this occurs it’s recommended that you check firewall settings and that your Windows network adapters have printer sharing enabled.

Faulty Cables: A computer network relies on cables to facilitate its connectivity. And when just one cable fails it can have massive implications for your network. However, it’s easy to overlook cables as the source of network issues. People tend to concentrate on software and hardware troubleshooting first. Nonetheless, investigating the condition of cables in the affected network area is vital. Cables can easily become dislodged or damaged, so sometimes the fix can be as simple as plugging them back in or replacing.

Weak Wi-Fi Signal: If you rely on wireless connections in your organization then you will be well aware of the issues caused a weak signal. This can often be caused by environmental issues such as the presence of a microwave or even the layout of an office. It’s important to eliminate these factors to identify the cause of the fault. Alternatively the connection issues could be caused by out-dated firmware, so make sure all updates are installed.

For more ways to secure and optimize your business technology, contact your local IT professionals.

« Previous 1 … 15 16 17 18 19 … 49 Next »

Tag Archives: security

What is a Cookie?

Keeping Safe with Cookies

Final Thoughts

What is Panda?

How has Panda Managed to Persist?

Protecting Your Business from Panda

What is Domen?

Protecting Your Organization from Domen

The Dangers of Auto-Reply Emails

Final Thoughts