August 25, 2015
Microsoft operating system updates are designed to resolve issues concerned with the previous version as well as making computing easier for the end-users. Keeping in line, Windows 10 comes with many new features and applications to improve functionality. As far as security is concerned, this latest OS comes pre-loaded with several updates in order to protect users from hacking attacks.
Here are some of the important features in Windows 10 that can enhance user security:
- Two-Factor Authentication: Windows 10 has incorporated two essential safety features to protect the privacy of users – Windows Hello and an update of Windows Passport. The former one involves a two factor authentication method for the users to view any stored data. They will be required to enter one validation element as well as a PIN number or a biometric feature such as retina or fingerprint scan. Taking it a step further, Windows Passport allows the users to enter the biometric authentication element to access the entire system. This eliminates the need to remember easy-to-hack passwords.
- “On-The-Fly” Encryption: For people who use personal devices for work, this feature will provide additional security to safeguard their office data. The encryption feature called ‘Data Loss Prevention’ will recognize the data associated with your work, separate it from other files and encrypt it using the updated version of ‘BitLocker’. Anything found to be work-related is placed into a safer portal.
- Device Guard: This feature in Windows 10 will help to determine if a file is safe or contains any sort of malware. The Device Guard will quickly scan all the programs and data to detect any potential threat. If found, the user will be alerted and left to decide if he wants to open the file or not.
- Edge Browser: With Windows 10, Microsoft is also releasing its improved and safer browser, Edge. Initially named as Project Spartan, Edge is designed to make up for the security flaws in Internet Explorer. The browser will allow users to access websites through their Windows Passport authentication code instead of the passwords. Additionally, Edge will not support ActiveX updates and work in a sandbox mode to protect against malware or hacking attacks.
- Automatic Antivirus Update: Installing Windows 10 will also automatically update your antivirus software. Your previous anti-virus will be removed and then re-installed to the latest version with updated malware, virus as well as spyware definitions. In case your anti-virus subscription has ended, the system will install Windows Defender.
The safety features in Windows 10 will be of great help for the large business firms in managing a complex networking infrastructure and maintaining IT security.
August 18, 2015
Apple devices have long been known to be secure against virus and malware attacks. However, a team of security researchers have claimed to discover the first firmware worm, Thunderstrike 2 that can spread between different Mac computers without any internet connection. The recently discovered firmware attack has been known to be a sequel to Thunderstrike, a proof-of-concept MAC vulnerability found earlier this year.
Thunderstrike 2 virus has been created by a security engineer, Trammell Hudson and Xeno Kovah, owner of a firmware security consultancy LegbaCore. The virus infects Mac computers at the firmware level, which makes it resistant to security and software updates.
How Thunderstrike 2 Works?
Unlike the initial version of the virus, Thunderstrike 2 can infect a Mac computer undetectably through a malicious email or website and hides inside the firmware. Once the system is infected, the virus can easily replicate itself to other Macs by way of several peripheral devices such as Apple Thunderbolt connected to the USB or Ethernet port, RAID controllers, external hard drives etc. The virus is capable of targeting air-gapped systems that are difficult to infect through active network connections.
According to Xeno Kovah, “The Thunderstrike 2 attack is really hard to detect and it can be difficult for the users to safeguard their Mac computers against a virus operating at the firmware level. For most users, the situation might even make the users dispense with their systems as they do not have the wherewithal to physically open up the system and re-encode the firmware chip.”
Adding further, he states, “People are not aware that these small peripheral devices actually have the potential to infect their firmware. A worm started from another corner of the world and spreading very low and slow can easily get into their systems. If they are unaware about the security threats present at this level, they are more likely to get the virus that can completely sabotage their system.”
How To Remove The Virus?
According to the security researchers, the virus can only be removed at the hardware level of the Mac computers, which makes the entire process quite complex. Apple has already been notified about the firmware virus and the company has not yet fixed the vulnerabilities than can allow similar types of attacks on Macs.
For the meantime, the users are advised not to click on links, download files or install plugins from unreliable sources.
August 6, 2015
A zero-day attack can be defined as an attempt to exploit unpatched software vulnerabilities before it becomes known to the vendor or user. Cybercriminals can initiate this attack with an aim of downloading malware, phishing software or any other code and use it for malicious purposes. As a zero-day attack involves exploiting an unknown flaw in the software, it often creates a ‘vulnerability window’, which refers to the time elapsed between the identification of the exploit and the installation of patch to fix it.
Types Of Zero-Day Attacks
Cyber criminals may launch a zero-day attack in any of the following ways:
- Websites: If you have installed flawed software in your system and you visit a malware infected website, the hackers get an easy opportunity to manipulate the vulnerability. The security fault can be present either in your browser files or computer.
- Inferior Software: Zero-day attacks can also misuse poorly designed software. These types of applications usually consist of different vulnerabilities that can be easily manipulated for malicious use. Through zero-day attacks, hackers may exploit the common file types in order to steal confidential data or damage the system altogether.
- Emails: The attack can also be initiated when a user clicks on a malware infected email attachment. Once the file is downloaded, the bug can exploit any security flaws either in the email software or the computer system.
Tips To Prevent Zero-Day Attacks
- Internet browsers and operating systems are most significant trajectories of zero-day attacks. You should frequently update your browser and implement the maximum security settings possible. You can either set your browser to download and install updates automatically or do so manually as soon as they are officially released.
- Always stay alert for any updates or security patches announced for the software installed on your system.
- If you use an open Wi-Fi network, you are at a higher risk for zero-day attacks. As the information shared over these connections is not properly encrypted, your device may be exposed to various security threats. Make sure you do not download any files or share sensitive information over such networks.
- Do perform a regular scan of your system for viruses, malware and other faulty software. You should also clear your browsers cache and cookies from time to time. Changing passwords for all your online accounts, such as email ids, net banking, social media, etc., can also help to prevent against zero-day attacks.
We, at Centex Technologies, provide complete cybersecurity solutions in Central Texas. For more information, you can call us at (855) 375 – 9654.
July 29, 2015
Identity theft is one of the fastest growing methods used by hackers to carry out criminal activities. It is an attempt to gain unauthorized access to the personal information of internet users, such as email ids, passwords, credit card details, social security numbers etc. With internet being a crucial part of our everyday lives, the risk for identity theft has also increased manifold. Therefore, it is important that you are aware of the dos and don’ts for keeping your information secure over the internet.
Read on to know some of the essential steps that you must follow to ensure online identity safety:
- Create Strong Passwords: Choosing small and easy passwords is like providing hackers the key to your virtual world. These are the most common ways crimes like identify theft are carried out. In order to avoid being a victim of these attacks, you should create passwords that are lengthy, unique and hard to crack. A good password comprises minimum 8 characters with a combination of numbers, alphabets and symbols. You can also use a two-factor authentication method to prevent unauthorized access to your online accounts.
- Use Multiple Email Accounts: Using different email accounts for important and spam emails can help to minimize the risk of hacking attacks. For instance, you can create a separate email id for work related conversations, another for personal emails and yet another to be used for unsecure or trivial websites. Thus, spam emails will no longer pose a threat to your sensitive information.
- Ignore Emails From Unknown Senders: If you receive an email from an unknown sender, you must not open or download its attachments. These could be malware attempting to infect your system and steal important data. You should also be cautious of emails asking you to enter your personal information or verify password. If you receive an email claiming to be from a bank or any reputed business, make sure you validate its legitimacy by directly contacting the company.
- Ensure Secure Network: Before entering your credit card details for internet banking or other ecommerce transactions, look for the padlock symbol in your browser’s address bar. Additionally, the URL of the website should begin with ‘https’ instead of ‘http’. This ensures that the connection is secure and the information you enter will be properly encrypted.
- Ignore Pop-Ups: Pop-ups are also a common method of getting users to download malware into their devices. Advertizements that claim to offer a prize or reward usually contain bugs programmed to damage your system, gather important data or simply manipulate stored information.
For more online identity safety tips, feel free to contact Centex Technologies at (855) 375 – 9654.