Microsoft Warns of Apps Exposing Private Keys
On Tuesday Microsoft notified users that digital certificates have been compromised for two apps which allowed someone to remotely spoof websites and content. The issue was that the certificate and private key were the same for anyone who installed these two applications. Which allowed a hacker to decrypt the software’s private key which compromised the security of the windows computers. The certificate became susceptible to attacks like spoofing, phishing, or man-in-the-middle attacks.
November 23, following a vulnerability identified in Sennheiser HeadSetup and HeadSetup Pro, new versions have been made available.
Updating the software to its latest version will rid the software of vulnerable certificates. Additionally, the invalidation by Windows November 27th of the former certificates fully eliminate the possibility to exploit the certificates.
The latest software versions are as follows:
Mac users and Windows users, that
… Read the rest
How to Uninstall the Kaseya Agent from Macs.
How to remove Kaseya Agent from Macs can be a challenge sometimes hopefully these few simple steps can assist you on removing the agent successfully.
- Applies to: All VSA’s. Download the following package and extract the zip contents.
KaseyaUninstall.pkg.zip
Download
- Run the KaseyaUninstall.pkg installer and choose to Install to the Macintosh Harddrive. Although this appears to be installing a product, it is actually running the uninstallation script for the Kaseya Agent. (NOTE: You may have to go into System Preferences > Security & Privacy > General Tab to allow the software to run. )
- Launch Terminal and run the “rm -rf /var/tmp/kpid” command.
- Remove the agent with root rights, i.e. in Terminal run the “sudo rm -rf /var/tmp/kpid” command and then provide the root password
- The Kaseya Agent and all associated files should now be removed.
Octobers HealthCare.gov Data Breach Exposed Individuals Personal Information
Octobers HealthCare.gov Data Breach Exposed Individuals Personal Information. The details that were surfaced about the data breach said that around 75,000 consumers were effected. Letters were sent out to affected people from the Centers for medicare and Medicaid Services and it said that the sensitive data exposed may have included Social Security numbers and a variety of other personal information including income, tax filing status, family relationships and immigration status. At least no Financial information was exposed this time around and none of the exposed data included patient diagnosis or treatments.
The system that was hacked was connected to the Healthcare.gov website. Anyone that used it to sign up for a new insurance plan were compromised, hackers targeted the behind-the-scenes system that insurance agents used to help customers directly enroll in their new plans, and not the consumer Healthcare.gov site itself.
Maintaining Security with Internet of Things
Our lives have been taken over with many many WiFi enabled capable devices. The internet of things (IoT) has quite a flaw which is security. Many vendors lax on providing security updates to their software that are used in smartphones, tablets, PC’s , Game Consoles , TV’s , your Fridge and many other devices. This day in age we have to maintain a due-care and due-diligence approach on security for all these IoT devices.
With this in mind, here are seven best practices on security for IoT:
- Use security gateways: They have the ability to inspect and audit the communications of your network.
- Use VLans: Put all IoT devices in a separate Vlan outside primary business network.
- Use strong authentication: Change those consumer devices default passwords!
- Disable services: Many devices use telnet, FTP and other risky services that may be exposed to the internet.
- Use secure protocols:
Skype For Business brought down by the Kitten of Doom Emoji Attack
Crash Skype for Business by sending a large number of emojis 800+ kittens in one message and the client freezes the program for a few seconds. This can be exploited to perform Denial of Service attacks against Skype for Business users and compromises the availability of the program.
How would an attacker go about performing this attack? Well its quite simple, the attacker can continuously send many messages to the chat window and it will freeze the program for all participants in the meeting room and prevent them from using the chat or seeing the video.
Are you affected?
You could send yourself a few hundred emojis and see if your client freezes but we wouldn’t recommend it. Plus, there is an easier way. Just check if your client is one of these:
- Skype for Business 2016 MSO (16.0.93).64-Bit or before
- Lync 2013 (15.0) 64-Bit part of Microsoft Office Professional
Setup Windows 10 System Restore. Not Enabled by Default.
Did you know that Windows 10 does not have system restore configured by default? System Restore comes handy when a patch crashed your system or updated drivers and software that caused unwanted reactions of the computer.
1. Find and Open System Restore
At the search box in Windows 10 search for system restore and select Create a restore point from the list. When the System Properties dialog box opens up, click the System Protection tab. Make sure (C:)(System) is high lighted then and then click the [Configure] button.
2. Enabling System Restore
Click on the radio button Turn on system protection. Afterwards use the Max Usage slider to determine how much of your hard drive to use to store. Restore Points — 5% to 10% is usually sufficient then click [OK].
3. Restoring your PC – Within Windows 10
Now you … Read the rest
User Email Security Tips
Email security isn’t just the email provider or your IT administrator’s responsibility. It’s everybody’s responsibility. We all want to avoid having to produce a new resume. Here are some Safety Tips to help you all be protected and keep spam & malware to an absolute minimum.
- Change your password often.
- Use strong passwords. Never use a password that contains “password” or “letmein” or “welcome”.
- Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become much more vulnerable to data theft.
- Don’t open an attachment unless you know who it is from & are expecting it.
- Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments.
- Use anti-virus software on your local machine, and make sure it’s kept up-to-date with the latest virus updates.
Ransomware saw massive growth year after year.
New reports on not just ransomware but all malware saw massive growth year after year. From SonicWall the cyber-security company detected 45 percent growth of malware infections towards desktops. SoncWall spotted 300,000 new attack variants so far this year. SonicWall’s recently announced Capture Cloud Platform is designed to counter these rising threats.
SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:
- 8.5 billion malware attacks (54 percent increase from 2017)
- 2.9 trillion intrusion attempts (49 percent increase)
- 262.4 million ransomware attacks (108 percent increase)
- 1.9 million encrypted threats (56 percent increase)
In September 2018 alone, the average SonicWall customer faced:
- 1,662 malware attacks (24 percent decrease from July 2017)
- 791,015 intrusion attempts (19 percent increase)
- 56 ransomware attacks (99 percent increase)
- 70.9 encrypted threats (61 percent decrease)
- 10 phishing attacks each day (92 percent decrease)
Windows 10 re-releases the October 2018 patch which was delayed for over a month
Hey friends It’s Patch Tuesday and Microsoft’s Windows 10 October 2018 Update version 1809 had a horrible release last time. Good news is that they have resolved a number of issues with this re-release update.
This was an update that had to be immediately halted because the update could cause you to loose files and have other random glitches.
Remember before pushing this update to your system to check your storage. Read last months article for details.
Windows 10 October 2018 update:
https://patrickdomingues.com/2018/10/20/october-2018-windows-10-update/… Read the rest
Loading ...