Category: Blog

Microsoft’s recent Patch Tuesday brought four critical updates, as well as eight important updates, in an attempt to resolve 54 reported vulnerabilities found in Microsoft Windows and Microsoft Office. KB 3097877, part of security bulletin MS15-115, was found to cause a multitude of issues for those using Outlook, including the following:

• Crashing when opening web-formatted (HTML) emails
• Black screens when trying to log in
• Other odd behaviours/general hangups

Upon discovering the issues, a spokesperson from Microsoft explained, “We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way.”

If you experienced issues as mentioned above, you’re likely extremely frustrated. We get that. Fortunately, Microsoft has reissued KB 3097877 to address the issues. A spokesperson expressed, “We recommend customers apply this update to help stay protected.”

There was no mention as to what the issues were caused by or why the update was faulty in its release, however, it’s vital to apply the reissued update as it’s designed to fix a series of flaws that could otherwise let attackers remotely execute code on your systems.

Call (469) 635-5500 to learn more about managed IT services.

Don’t Let the Latest Version of CryptoWall Destroy Everything You’ve Worked So Hard to Build…

Remember CryptoWall, the world’s most destructive ransomware? It’s back with a vengeance! CryptoWall 4.0 has surfaced with a multitude of encryption methods and evasion tactics that are tricking even the latest anti-virus programs. Ransomware is the worst possible threat for businesses as it encrypts all of your vital information, then demands payment for the decryption key.

Tyler Moffitt, Sr. Threat Research Analyst at Webroot, explained, “CryptoWall 4.0 is the latest encrypting ransomware out right now and we’ve already observed it spreading. With the huge ‘success’ of CryptoWall 3.0, I anticipate this variant to be the number one threat to watch out for going into 2016.”

Are you prepared to fend off the destructive ransomware that costs you thousands, or worse, tens of thousands of dollars to recover?  

You’ve heard the saying ‘knowledge is power,’ and it’s absolutely true when it comes to fending off threats such as ransomware. Here are the top factors you need to know, in order to face the latest version of the most destructive ransomware:

• Keep an eye out for its name:

The creators of CryptoWall 4.0 have given the ransomware a new name: help_your_files_ransomware. If you notice the phrase, make sure to call an experienced team of IT security professionals immediately. Also, make sure you’ve updated your file screening to include the phrase.

• Don’t open suspicious email attachments:

If you’re not absolutely certain of the sender, do not open suspicious email attachments, even if it’s from someone you know, check the source. Don’t hesitate to call the sender and ask if they sent you something in the form of an attachment. Email attachments are still the most commonly used way to send ransomware.

• Expect to feel even more frustrated than ever:

 In an effort to further frustrate victims into paying the fee, the attackers have started encrypting filenames, as well as files, so you’re not able to tell what files have been targeted and encrypted! This means filenames will appear with names including random letters and numbers.

• Prepare in the same way you would for previous versions:

The good news is CryptoWall 4.0 behaves exactly like previous versions, although the encryption methods and evasion tactics are more advanced. CryptoWall 4.0 still infects in the same way, encrypts files in the same way, and uses the same domain to request/receive payments. This means you can prepare in the same way.

CryptoWall 4.0 is stronger and more sophisticated than previous versions, but ultimately, it’s the same preventative measures that matter:

• Make sure files are backed up onsite and in the cloud, in order to ensure you’re able to recover those files instead of paying the fee.
• Use email filtering software to prevent malicious or annoying spam from getting to your inboxes.
• Install an enterprise-grade firewall that keeps unauthorized users away from your network at all times.

U.S. Courts Leaning Towards Harsher Accountability for Companies Involved in Data Breaches

There are few things as damaging to a company’s reputability and finances than a data breach, now so more than ever. In fact, recent court decisions have paved the way for implementing potentially ruinous financial penalties and lawsuits pertaining to organizations providing incompetent security measures to protect their users’ personal data.

Recent Verdicts Widen the Possibility for Steeper Financial Penalties and Lawsuits

In the past, organizations were only subject to fines related to non compliance in regulatory requirements, rarely were these organizations ever held accountable for failing to implement particular defenses. However, Targets recent ruling in the 2013 data breach that compromised more than 40 million credit cards during the holiday shopping season, and the appellate decision against Wyndham Worldwide, have illustrated that courts are now prepared to impose stringent financial repercussions for what the court deems to be a security failure on the organization’s part.

Organizations to be Held to Higher Security Standards

Recently, the appeals court ruled that the FTC did in fact have the authority to sue Wyndham Worldwide based on the court’s belief that the vacation-resort company failed to take tolerable security measures to protect the customer data within their system. Despite the company’s objection to the decision based on the belief that the FTC was beyond its legal authority to bring forth a lawsuit, the appellate court stood firm on the ruling allowing the FTC to move forward with the suit.

Many legal analysts believe that this ruling could open the floodgates for other companies to be sued by the FTC for similar lackadaisical security practices. A ruling that will (or at least should) compel companies to take a detailed and unbiased look into the competency of their users security.

Are you keeping the confidential information of your customers safe? Contact Data Magic at (469) 635-5500 to find out how we can manage all of your technology needs to ensure optimal security.

New Microsoft 10 Devices Arrive

Microsoft unveiled their new devices at a live event in New York. Microsoft 10 is now running more that 110 million devices and only 8 million of which are PC computers. The devices are being claimed as the thinnest, lightest, and most powerful items on the market.

What’s new with the Surface Product Line?

• Surface Pro 4
• NEW Surface Book

Microsoft has continued the Surface product line with the much anticipated Surface Pro 4. As before, the tablet comes with an attachable case/cover and comes with a stylus. What is new is the Surface Pro 4 is 8.4mm thin and is 30% more powerful that the Surface Pro 3. The top model runs at 6^th Gen. Intel Core i7 processor and is able to hold 16 GB of RAM with 1 TB of storage. The price starts at $899.

Microsoft has extended the Surface product line to laptops. The Surface Book is a 13.5 inch laptop with a detachable screen that doubles as a tablet. Like the Surface Pro 4, its top models run 6^th Gen. Intel Core i7 processors and are able to hold 16 GB of RAM. What sets the Surface Book ahead is the Nvidia GE Force GPU to make it even more powerful. The Surface Book will start at $1,499.

Any New Phones?

• Lumia 550
• Lumia 950
• Lumia 950 XL

Microsoft has a new line of Lumia phones starting with three similar yet very different models. The three models offer a variety of specs, and matching prices, depending on your needs.

Model	Display	Rear Camera	Front Camera	Storage	Processor	Price
Lumia 550	4.7inch HD	5   Megapixel	2 Megapixel	8GB	210	139
Lumia 950	5.2 Quad HD	20 Megapixel	5 Megapixel	32GB	808 Hexa-core	549
Lumia 950 XL	5.7 Quad HD	20 Megapixel	5 Megapixel	32GB	810 Octa-core	649

One step closer to releasing the HoloLens.

The Microsoft HoloLens is the first untethered wearable computer that enhances your real world view with digital images. The device is available for pre-order by application only and costs $3,000. This is one step closer to getting the revolutionary device to the general public.

We all know that there are millions of free apps available for download for both Apple and Android devices. That’s great when looking for helpful assistants and entertaining games, but just because they are free, doesn’t mean they don’t come with a price. That price just might be your privacy!

Listed below are 7 apps that, according to the PrivacyGrade, are low scoring and users should think twice before installing them onto their devices:

1. Words with Friends

This popular game has been scored a D by PrivacyGrade, and although it is a wonderfully fun way to brush up on vocabulary skills, there are many privacy concerns associated with using the app. Not only does the app include several advertising libraries, but it uses the “use phone status and identity” permission to provide information to advertisers, including your phone number, carrier information, signal strength, and more. It also uses the “location” permission to deliver you local advertisements.

2. Draw Something Free

This free app is a fun version of Pictionary that can be played with friends. Because it is from the same developer as the aforementioned Words with Friends, it has many of the same privacy concerns, and for these reasons has also been scored a D by PrivacyGuard.

3. GO Locker

This app is a screen lock for your phone that boasts to be more secure and smarter than any devices built in lock. Because of these added capabilities, it requires a lot of information, and requires permission on just about everything from your location details to granting the app permission to read your text messages, effectively earning their D score.

4. GO Weather Forecasts and Widgets

Another GO app that has earned a D grade. The same developer as the GO Locker brings you this weather and forecasting app. This app has the same concern over requiring endless permissions and providing your details to other app stores. A little background research has revealed that essentially any app associated with GO suffers the same privacy concerns and should all be steered clear of.

5. Angry Birds

This beloved bird launching game scores slightly better than some of the aforementioned apps, but still has a concerning grade on PrivacyGuard of C. This game has had more than 2 billion downloads since the initial release in 2009, and it as well as the many spin offs and sequels have not fared well in regard to privacy. Most of the Angry Bird apps have several targeted libraries that grab phone identity information including your signal, phone call logs, device ID and number, and carrier details.

6. My Talking Tom

Another app with a PrivacyGuard score of D is My Talking Tom, hugely popular with children. It is a harmless little app where users can adopt and care for a kitten, but in actuality, it is a privacy nightmare. This app not only has 8 targeted ad libraries, but in addition, requires your phone’s identity information. And even more concerning, because it is a simple children’s app, it sends advertisers audio from the microphone on the device.

7. Camera360 Ultimate

Camera360 Ultimate is an app that promises its users exclusive filters, more camera modes, facial recognition, free cloud storage and a slew of other fantastic features to take the typical camera app to the next level. Although the app does not include any ad targeting libraries, it still has a Privacy Guard score of D because of other privacy related shortcomings.

The app demands a lot of user information and also has the Baidu search engine library built in. Consumers may wonder why a Chinese search engine needs the ability to turn Wi-Fi connectivity on and off. In addition to this all in app purchases are powered by Alipay, a Chinese payment system that may not be ideal.

Discover a Sensational Way of Browsing the Web on Your iPhone/iPad…

What Does FireFox Have in Store for Apple Device Users?

Until late last year, Mozilla believed that Apple’s mobile OS was too closed off for a third party browser. But that’s over and done – and its time for the first public preview of FireFox for iPhone and iPad. This move will undoubtedly tap Mozilla into a far larger iOS market. That is if they aren’t too late to the party…

Users in New Zealand Get First Crack at Public Preview

Mozilla has begun reaching out to users in New Zealand by offering them the first public preview of their browser for iPhones and iPads in the hopes of receiving valuable feedback, before they expand to a full global preview due for later this year. This public preview contains an option in the settings screen that allows the trial users to send their feedback directly to the company.

A Sneak Peek of What to Expect

Although adding their browser to iPhone/iPad is a smart and necessary move for Mozilla, they may find themselves in somewhat of an uphill battle in terms of catching up to their competitors, Apple’s Safari and Google Chrome in particular, whom already have a large and seemingly loyal mobile user audience.

So what can we expect from this iOS version of FireFox? Mozilla’s recent blog mentions a few of its key features so far:

• Intelligent search that allows users to choose a default search provider
• An account feature that allows users to sync FireFox passwords, tabs, and browser history from desktop to iPhone/iPad
• Suggested search results
• Visual tabs with thumbnails of your open tabs

Additional features will surface over time based on user feedback while Mozilla readies itself for FireFox’s worldwide release. Will you be using FireFox on your mobile device when it becomes available?

Security researchers from Google’s Project Zero and FireEye have discovered a critical flaw in various versions of Windows, and Microsoft has released an emergency out-of-band patch to deal with the situation.

In a statement of advisory on Monday (July 20), Microsoft informed customers about the issue, warning that the vulnerability could “allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”

They continued, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Basically, if the vulnerability were exploited, you’d be inadvertently handing operational control of your computer over to a cybercriminal. The potential issues stemming from that are limitless, especially for businesses storing sensitive data on their machines.

Users working with Windows Vista, Windows 7, 8, 8.1 or Windows RT are all affected – that includes users running Windows Server 2008 or later. It should be noted that Microsoft has deemed the software update “critical” for those users. As of now, Microsoft says they believe the flaw is public, but they have no evidence to suggest it’s being actively exploited.

The patch is available now through any typical update methods, including Windows Update. For your protection, it’s crucial to make the update as soon as possible to prevent any issues with your system.

We all know that there are viruses out there, but just how expansive is the threat landscape, exactly?

Well, according to Verizon’s 2015 Data Breach Investigations Report, 317 million new pieces of malware were created in 2014, and that total is expected to be even higher for 2015.

That’s a lot of threats… but why should you care?

The effect that a malware infection could have on your bottom line should grab your attention, as the financial consequences of an online security breach are absolutely devastating. Losing other people’s sensitive information that’s stored on your network could cost you millions through class-action lawsuits and regulatory fines (healthcare organizations have HIPAA, financial organizations face SEC and FDIC audits, anyone who accepts credit cards must comply with PCI DSS, etc.).

There’s also your reputation to consider: a breach will ruin many of your current relationships and drive away potential clients. It’s nothing personal; they just don’t want to risk compromising their data by trusting it to a network that’s known to be vulnerable.

Following these 5 steps will make your network better protected from all the threats that are out there:

1. Keep Up with the Latest Updates and Patches

With hundreds of millions of new pieces of malware introduced every year, it’s getting harder and harder for those fighting the cybercriminals to keep up.

The major software companies do try though, and they’re always releasing updates and patches for their products that correct vulnerabilities and protect users from the latest known threats.

The problem is that oftentimes these updates aren’t automatic, so it’s up to you to seek them out and download them yourself.  Doing so will go a long way towards protecting your sensitive data.

2. Long and Strong Passwords

There’s a reason why some sites won’t even let you create a password unless you throw in some numbers and special characters. It’s for your own good, as there are programs out there that run through dictionaries at incredible speeds and can find any simple password by trial-and-error, so you need more than just letters.

Length is another factor: generally, you want to shoot for at least 8 characters. And do something more creative than just adding “1” to the end of a normal word, because many password-cracking programs are on to that, too.

In addition to good length and using a mix of letters, numbers, and special characters, you should also make sure that your password isn’t inspired by any information that could be found publicly on your Facebook or other social media accounts. Favorite movies, music, quotes… your password shouldn’t be anything that you’ve ever mentioned online. Don’t use anything that can be found outside your head.

3. Only Open Attachments and Follow Links from Emails you’re Entirely Sure Are Legitimate

One of the most popular ways for malware to spread is through deceptive emails. We’ve all heard about Nigerian princes and know to avoid such obvious schemes, but many phishers are more sophisticated with their craft and can be reasonably convincing, tricking their victims into following a link or downloading an attachment that actually infects their computer with a virus.

For example, recently there’s been an email floating around that offers a free upgrade to Windows 10. Although Microsoft does offer free upgrades to Windows 10 (on the condition that you’re already running Windows 7 or Windows 8), they’re not sending anyone emails about it.

No, when people follow that link for the “free upgrade”, they end up infecting their computer instead of getting that promised upgrade, in this case with ransomware. That’s a particularly frustrating problem, as ransomware will encrypt your most important files (documents, photos, videos, databases, the works) and offer to decrypt them only if you send over some money, usually totaling somewhere between a few hundred to a couple thousand dollars. If you don’t pay up, your files are gone forever.

You can avoid these threats by simply not opening any attachment or following any link from a source you’re not 100% sure about.

4. Stay Safe on Public Wi-Fi

There are many benefits to cloud computing, with one of the most valuable benefits being that the cloud mobilizes your workforce. Employees can access their tech tools and business data anywhere they can find an internet connection instead of being limited to the office, and more availability means they can get more work done, finish projects faster, and produce more revenue.

But if you’re not careful, the convenience of the cloud can open you up to some serious security risks. Especially if you’re using unsecured public Wi-Fi at a coffee shop, hotel lobby, or wherever else you find it, as anyone else could be using that connection, too. Maybe even a cybercriminal who knows how to turn a shared connection into a golden opportunity by using it to intercept your data, and we already warned you about the consequences of data loss (class-action lawsuits, regulatory fines, etc.).

Using strong encryption protocols and virtual private networks (VPNs), among other mobile security technologies and techniques, will allow you to take advantage of the benefits of the cloud without putting your sensitive data at risk.

5. See a USB Stick in the Parking Lot? Don’t Pick It Up

Not all attacks are web-based.

One of the more clever breach methods we’ve seen pop up recently is for a cybercriminal to strategically place a USB stick, loaded with malware of course, between your parking lot and your entrance.

More often than not an employee will notice the thumb drive, pick it up, and then plug it into a work computer just to see what’s on it. And once that drive is in, your network is infected. This trick is even more effective if the perpetrator goes through the effort of printing your company logo on the thumb drive.

They say curiosity killed the cat. Well, turns out it can also lead to a security breach. Train your employees to think critically about what they introduce to work computers, whether it is USB sticks or the phishing links and attachments we mentioned earlier, in order to avoid such social engineering attacks.