CTO Consulting Services

J.D. Lowry Computer Service

Click here to edit subtitle

IT Security Alerts

Meltdown And Spectre Exploits Have A Major Affect On All   Computer Chip Architectures -AMD, ARM & Intel- Also All Major OS's That Run On  Them: Windows, Apple, Unix Linux, Android & Etc.

Basically, the exploit involves reading memory locations that are supposed to be protected and reserved for use by the computer kernel. It exploits an architectural technique known as “speculative execution” which is a key feature of things such as look-ahead instructions and data, which significantly improves computer performance.

Russian hackers used Russian-made Kaspersky anti-virus software as a gateway to invade the National Security Agency and collect information on America’s cyber-defense.

The largest hack in history just got three times worse for the faded internet pioneer.

Yahoo now says all 3 billion of their web accounts hit in 2013 data breach! 

MAJOR EQUIFAX SENSITIVE DATA BREACH EXPOSING MOST EVERYONE IN THE UNITED STATE'S SOCIAL SECURITY NUMBER, CREDIT CARD NUMBERS, BIRTH INFO, AND ETC.

Ransomware Is On Pace To Be A
$1 Billion Dollar Year Crime This Year Says The FBI
*NotPetya Ransomware,*WannaCry Ransomware
*Petya Ransomware,*Mitcha Ransomware
*GoldenEye Ransomware

This Is A Virus Disguised As Ransomware, Beware

Mitcha Does Not Require Admin Access Of Computer To Infect it, Beware

Designed To Attack Human Resource Computers

Backup your information using a local, network or Web based hard drive. Backup as often as possible, this is the key to surviving Ransomware.


Be very careful what links or images you click on in e-mails,  make sure they are from a known source,  that is how this exploit works.  

No matter what software or hardware is put in place to prevent Ransomware and Exploits they are not 100% effective, it is more critical than ever to train and test your users on preventing social media exploits, contact JD Lowry Computer Services for details: Contact Us


The FBI estimated that Ransomware will be a one billion dollar criminal business this year.  The link below is a free, easy to install product, from one of the leaders in anti-ransomware, Malwarebytes, that will help prevent ransomware on your computer. Click Here to get it.


“These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers,” said FBI Cyber Division Assistant Director. 


DARPA To Eliminate “Patch & Pray” By Baking Computer Chips With Cybersecurity Fortification

SSITH specifically seeks to address the seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration, a crowd-sourced compendium of security issues that is familiar to the information technology security community. These classes are: permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection.

Beware Of This Latest IRS Scam

"There is an insidious new IRS scam doing the rounds. They send you a phony IRS CP 2000 form and claim the income reported on your tax return does not match the income reported by your employer. This is meant to get you worried. To confuse you further, the bad guys claim this has something to do with the Affordable Care Act.

You might receive emails with attached phony forms, text messages and even live calls to your phone about this! You need to know that the IRS will never initiate contact with you to collect overdue taxes by an email, text message or phone call.

If you get any emails, text messages, old-time snail mail or even live calls about this, do not respond and/or hang up the phone. If you receive a "CP 2000" form in the mail and doubt this is legit, you can always call the IRS at 1-800-366-4484 to confirm it is a scam."

Standard Internet Security, SSL And Early TLS  Are No Longer Secure And Not PCI 3.1 
Compliant, Here Is What To Do: Upgrade To TLS 1.1 or 1.2, Replacing SSL and TLS Connections:

This Important Web Site haveibeenpwned.com Will Check Your Email Address Against Most Public Data Breaches To See If Your Personal Information Has Been Exposed And Where

Image by IDG

A Combination Of Machine-learning AI And Human Intervention Promises 85 Percent Cyberattack Detection

Apple Ends Support For QuickTime For Windows On 4/14/16, Apple Will No Longer Supply New Security Patches 

Exchange Server 2007 Losing Support Next Year, Microsoft No Longer Supplying Security Updates After 4/11/2017

SQL Server 2005 Product Support Has Expired, Will No Longer Get Security Updates From Microsoft After 4/11/2016

OPEN SOURCE APPLICATION DEVELOPERS 
MUST USE THOROUGH CODE SECURITY SCANNERS
AND OPEN SOURCE LIBRARY EVALUATORS SUCH AS 'Black Duck Hub' OR THE OS APPLICATIONS ARE DOOMED TO FAIL IN TODAY'S HIGH VULNERABILITY WORLD 

'If you don’t know which open source libraries you’ve used or whether critical patches need to be applied, applications can remain permanently vulnerable to attack.'

EU-US Privacy Shield, Replaces Safe Harbor, & Will Make It Easier For Companies To Transfer Data Between Europe & U.S.

EMET (Windows Hardener)

(Enhanced Mitigation Experience Toolkit )
This Easy To Install Free Microsoft Windows Utility Will Make Your Windows Workstations And Servers Nearly Impossible To Be Hacked, 
Also Works On Old Windows Versions

Works On Older Windows Systems, Such As XP:  http://searchsecurity.techtarget.com/answer/Using-EMET-to-harden-Windows-XP-and-other-legacy-applications

Works On Newer Windows Systems, Such as Server 2003, Windows 7-10, Vista:   https://www.microsoft.com/en-us/download/details.aspx?id=54264

Image IDG

Linux Kernal Zero-Day Flaw Endangers Millions of PCs, Servers and Android Devices W/ Root Access

Patches are being distributed ASAP but many integrated Linux and Android devices will need to be manually patched, so be aware!

Urgent, Microsoft Will Only Supply Security Updates 
 To IE 11 and Edge After January 12, 2016, 
Make Sure You Have Updated All Your Computer Systems By Next Year!

Linux Server Applications Need To Get Serious About Creating/Applying Working Fast Patch Updates Or Become A Target Of Ransomware Malware Attacks!

Major Security Flaw In All Dell Laptops/Desktops Shipped Since August 2015

A Flaw in the Apache Commons Collections Component Puts Java Application Servers at Risk of Compromise

Apple Surpasses Microsoft....In Security Vulnerabilities in 2015

Apple led the way in 2015, with a total of 384 vulnerabilities for Mac OS X, closely followed by Apple's mobile  iOS  with 375. 

The highest-ranking Microsoft operating system was, in fact, Windows Server 2012 at 155 vulnerabilities. Windows 7, 8 and 8.1 had 147, 146 and 151, respectively .

Apples New OS X's Malware/Viruses Are Increasing 5 Times More This Year (Than The Last Five Years Combined)

Europeans Courts Shut Down The 
Safe Harbor Agreement, Beware, You Do Not Want To Be Sued Over Data Storage By Your European Customers

New Windows 10 Enterprise & Education Are The Most Secure Windows Ever!

Device Guard and Credential Guard are the two standout security features of Windows 10 -- they protect the core kernel from malware and prevent attackers from remotely taking control of the computer. Click on the button below for details.
 

If In Mexico Don't Drink the Water Or Use The ATM's (ATM's Are Hacked By Criminals)

Health Insurer:  Excellus BlueCross BlueShield IT Systems Compromised: Exposing 10 Million Peoples: Social Security Numbers, Financial Account Information,  Names, Addresses, Telephone Numbers, Dates of Birth, Member Identification Numbers, & Medical Claims Information

 

All Home Routers: Insecure Access To The Web, Use These Steps To Secure

 

Lost Or Stolen Android Phone, No Problem!  Use  https://www.google.com/android/devicemanager to Remotely: Find, Lock, and Erase Your Phone 

Adobe Flash Updates Exploited by Malware As Quickly As They Are Created

Best strategy is to disable Flash from all web browsers or allow it to run on demand, see link below for further details:

 

More than 80% of Healthcare IT Leaders Say Their Computer Systems Have Been Compromised 

 

Malware Injecting Ads, Protect Your Computer From Personal Info Stealing Web Browser Malware Injecting Ads by Installing Free Ad Block Plus and Disabling Adobe Flash 

Yahoo and many other high profile websites have recently been infected by Malware Injecting pop-up ads that attacked there web server.  These ads randomly pop-up in your web browser after you visit a web site that can and will infect your computer with Malware that steals passwords and personal information.  Protect yourself by installing free Ad Block Plus and by disabling or setting up Adobe Flash to ask before running, click on the button below for more details.


Adblock Plus for Chrome, Link: AdBlockPlus

https://adblockplus.org/forum/viewtopic.php?t=29880

 

IRS Warns Of Scam That Caused Over 4,000 Victims To Loose $20+ Million Since 2013 On IRS: Fake Phone Calls, Websites, and Etc; Be Very Careful If You Are Contacted By The IRS Demanding Money!

 

Image KrebsonSecurity

CEO e-mail Spear Phishing Scams Have Hooked Over $740 Million According To FBI

 

Since Data Breaches Are Becoming More Common, Make Sure Your Cyber Security (Data Breach) Insurance Is Sufficient, Before Your Company Learns the Hard Way

 

IMPORTANT,  Stagefright !
Android Phones Can Be Taken Control of (Hacked) By Receiving a Simple Multi Media (MMS) Text Message,
(Here are the facts without the Hype about Stagefright)

*Update:   Android device makers promise automatic monthly security fixes (I would not rely on this until your sure the new updates work)

  • The vulnerabilities affect devices running Android versions 2.2 and higher, which means that there are a huge number of devices that will probably never receive patches for this vulnerability.
  • In general the attackers (Hacker) will get access to the microphone, camera and the external storage partition, but won’t be able to install applications or access their internal data.
  • It is estimates that around 50 percent of the affected Android devices the attacker (will) be able to gain root access and therefore have complete control of the device (To Download Bad Programs and or Steal Personal Information). On the rest of the Android devices, attackers would need a separate privilege escalation vulnerability to gain full access.

*General Protection From Stagefright:  Turn Off Any Option On Your Phone That Automatically Download MMS Text Messages And Do Not Download Any MMS Text Messages Until You Receive a Repair From Your Android Phone Provider!

Note: If none of these instructions cover your phone, please contact your phone technical support ASAP and ask them to help you disable automatically receiving of MMS Text messages.

*New Android Applications Security Escalation Vulnerability 8/10/15, Affects 55% of All Android Devices, Allows a User To Take Control of Android Device, 
Make Sure You've Received the Most Recent Android Updates 

 

Image From MCP Mag

Important-Windows XP and Windows Server 2003 Are No Longer Supported by Microsoft as of 7/15/15

 

Hacker Group That Hit Twitter, Facebook, Apple, and Microsoft Intensifies Attacks on Other Businesses

Image from IDG

9 Best of Bread Security Vulnerability Testing Software

 

Prepare For The Big Internet Digital Certificate Swap -- Or Else  
SHA-1 to SHA-2 (Do This or Your Web Site Will Stop Working)

 

Why Most Websites Are Very Insecure, Prone to Vulnerabilities

 

Top 10 Common Computer Security Vulnerabilities, Beware! 

 

Beware of That New Internet Controlled Light Bulb, Thermostat
It is Not as Innocent As It Appears: The Risks of Implementing New Internet of Things devices. 

 

POS Memory Scraping Malware Focuses on Oracle Macros POS System

The same POS Memory Scraping Malware that infected Target and Home Depot POS  is now being designed to exploit Oracle Micros POS 

 


Dangerous Poseidon Malware Targets Point of Sale Systems:   

 

Five Common Network Security Flaws and How to Avoid Them

Click here to edit text

NETUSB Network Router  Vulnerability Affecting Millions of Routers

Time to upgrade the Linux software on your Routers against the NETUSB vulnerability!

 

LogJam SSL Computer Vulnerability, FREAK Like (See Below) 

Click on this button to see if your browser is vulnerable and to get details on how to protect your computer systems: 

 

GPU Memory(Video Card) The Next Achilles Heal of Security

    This another good reason to keep your Network and EndPoint Security as tight as possible.  Current security scanners do not scan video memory for viruses in Unix, Windows and possibly Mac OSX.  Read this link for further details: http://www.networkworld.com/article/2921093/gpu-malware-can-also-affect-windows-pcs-possibly-macs.html

     

     Microsoft and FireFox Get Serious about Computer Security

    Image from IDG

    Microsoft Releases: 'Advanced Threat Analytics' Network Security Software: The Most Advanced and Easy to Use Network Threat Software In the Industry 

    Firefox and ISRG will be giving away:  Free Domain (Website) encryption SSL/TLS via 'Let's Encrypt'  free service in middle of 2015

     

    SIMDA botnet , Major Computer VIRUS MALWARE Infections

    Microsoft, Trend Micro, and Kaspersky Labs banded together to take down the SIMDA botnet, which is believed to have infected more than 700,000 machines.

     

    Premera, Anthem, Major 11 Million Computer Health Record Leak Update  

    **Information taken from Premera, Anthem:  members and applicants: names, dates of birth, email addresses, street addresses, telephone numbers, *Social Security numbers, member identification numbers, *bank account information, and claims information, which may include sensitive medical details.

    Hardware Firmware Data Exploits  such as Rowhammer, BadUSB and Others  are the Next Big Target, So Be Ready!


    FREAK Computer Vulnerability 

    New Computer Security Breach,  Rowhammer

    Click on this button or copy link, to see if your Internet Browser is vulnerable to FREAK

    Click on this button or copy link, to see if a website is vulnerable to FREAK

    ________________________________________________________________________________________________________________________________________________________

    See Other Critical Computer Security Issues: 

     

    Apple Pay Security Vulnerability

    It's the authentication process:  For when you add credit cards to Apple Pay that's the problem, according to Abraham. However, while card issuers need to strengthen the system, Apple plays a part because it didn't demand a stricter card-user authentication process when it launched Apple Pay. And Abraham says it should have known better. I won't get into details of that authentication process (check out Abraham's insightful blog posts on the subject if you want more specifics), but it's safe to say that Apple Pay has proven to be a valuable tool for fraudsters.

    Apple is expected to release its Apple Watch, which will also support Apple Pay, in the near future. If the company and its payment card partners don't resolve this issue promptly, the Apple Watch, which should cost less than a new iPhone 6, could quickly become the gadget of choice for credit card thieves.

    Samsung also announced its own phone-based payments service, Samsung Pay, last week, so let's hope that company learns from the mistakes of Apple and its credit card partners and shores up these potential holes before the Samsung Pay launch this summer.

    7 Ways to keep your Home Web Devices Secure