The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 32 of 79

Tech Support Scams: Everything You Need To Know

By

On February 29, 2020

In Security

Tech Support Scams is a million-dollar industry that is known to be existing since 2008 and is at its all-time peak. It targets innocent people into spending hundreds of dollars by tricking them with non-existent computer problems. In order to secure yourself from ever-rising Tech Support Scams, it is important to understand what these scams are and how do they operate.

What Are Tech Support Scams?

Tech support scams trick people by making them believe that their computers have encountered a technical problem. The scammers motivate the victims to make a payment in order to get rid of the problem.

How Do Tech Support Scams Operate?

The tech scammers implement a variety of tricks to target the victim. Following are some of the common ways used by the scammers:

  • Cold Calls From Fake Agents: The scammers operate from discrete locations and call random numbers from a phone directory. The scammers use VoIP technology to hide their actual number and location. They pose as technical agents from software companies such as Microsoft, Windows, etc. They take control of the victim’s computer and send fake error reports. Once the victim is convinced, they collect money for mending the error. The best way to secure yourself against these scams is to ignore such fake calls.
  • Toll-Free Numbers From Fraudulent Tech Support Companies: These companies advertize heavily on popular search engines or heavy traffic websites to build trust and attract customers. Once a customer calls these technicians for a minor service such as software activation, these technicians introduce fake pop-ups on the customer’s computer stating that the system is infected. Thus, the customer ends up paying hundreds of dollars for ‘Windows Support’. In order to protect yourself from such scammers, it is imperative to be careful while choosing a technician or tech support company.
  • Screenlockers: This method has gained popularity recently. The scammers spread malware with the purpose of locking the user out of his own system. The malware poses as an installer for legitimate software. Once installed it may either result in a ‘Blue Screen Of Death’ or show a message that you are using an expired software. In the case of BSOD, the screen will show a few numbers for seeking help. If the message indicates an expired software, it will ask for a license key. The message may include a number and some links for popular remote assistance sites/software such as TeamViewer. The scammers ask the user to install the software and share the access id in lieu of gaining access to rectify your computer’s problem. The underlying motive is to sell you overpriced solutions and ‘service contracts’.

What To Do If You Have Given Access To The Scammers?

In case you have already granted remote access to the scammers, follow these steps to reduce the impact of the scam:

  • Revoke the access or restart your system to expire the session and remove the scammers from your system.
  • Run a malware scan as the scammers may have installed malicious software like password stealers in your system.
  • Change all your passwords and update your security protocol.
  • Run a ‘System Restore’ to restore any missing files or software from your system.

For more information on new Tech Support Scams, call Centex Technologies at (254) 213 – 4740.

Comprehensive Guide To Mobile Data Security

By

On February 27, 2020

In Security

PDF Version: Comprehensive-Guide-To-Mobile-Data-Security

What Is WinRAR Bug?

By

On January 29, 2020

In Security

WinRAR is a commonly used software for creating and extracting archives on Windows and other supported OS. The main reason for the popularity of the software is that it is capable of supporting different types of packing formats. Thus, the software has over 500 million users. However, the software was found to be corrupted by a bug which was named ‘WinRAR Bug’.

1. When Was WinRAR Bug Discovered?

The bug was discovered in early 2019; however, the bug itself was 19-years old at the time of discovery. The bug was discovered by security research run by ‘Check Point Research’.

2. What Is WinRAR Bug?

It is a code execution vulnerability (CVE 2018-20250). The code was used to extract the ACE archive format (which is now rarely used). The library that is responsible for the vulnerability is UNACEV2.DLL. The library had not been updated since 2005. Also, it was a third-party library so, WinRAR did not have access to the source code. This made it troublesome to amend the vulnerability.

3. What Does It Do?

  • The vulnerability can be exploited by pushing specially prepared archives to the user system.
  • The hackers can manipulate WinRAR by renaming an ACE file with a ‘rar’ extension.
  • The vulnerability now enables hackers to extract files to any folder instead of the default or user-selected folder.
    Hackers extract malware loaded files to the Windows start-up folder.
  • The malware is executed at the next start of the system.

4. What Are The Examples Of Cyber Attack Campaigns Launched To Exploit WinRAR Bug?

  • The vulnerability was exploited by hackers to launch more than 100 targetted attacks. Some of the examples are:
    One such attack uses a bootlegged copy of Ariana Grande’s hit album ‘Thank you, Next’ with a file name ‘Ariana_Grande-thank_u,_next(2019)_[320].rar’ which contains a hidden malware code. Whenever a compromised version of WinRAR is used to extract the files, a list of harmless MP3 files is downloaded to the user’s selected folder, while the malware payload is extracted in the Windows Startup folder in the background without the user’s knowledge. When the user starts his system next time, the payload is run to launch the malware code.
  • Apart from general attacks, the hackers also used this vulnerability to target government agencies by embedding technical documents, law documents and other such archives with malicious code.

5. How To Get Rid Of The Bug?

WinRAR has launched a new version ‘5.70 beta 1’ with patched vulnerability. Since WinRAR did not have access to the source code of the culprit directory, the team has completely deleted this directory from the new version. Thus, ACE format support has been dropped from WinRAR in order to protect the users.

Also, all the WinRAR versions that were launched prior to ‘5.70 beta 1’ are prone to the vulnerability and WinRAR does not have an auto-update feature. So, it is advised to manually download the new version to avoid being a victim of exploits based on WinRAR bug.

For more information on computer and network security for businesses, call Centex Technologies at (254) 213 – 4740.

Necurs Botnet

By

On January 25, 2020

In Security

PDF Version: Necurs-Botnet

A Comprehensive Guide To Continuous Deployment

By

On January 14, 2020

In Security

Continuous Deployment is the practice of releasing software on production servers continuously in an automated manner. Before a software is released, it needs to be thoroughly tested for ensuring that it is free from any bugs and errors. In the case of continuous deployment, the testing is done by using a testing software instead of manual testing. If the code is found to be free from errors, it is automatically deployed. The automation of the release of the software helps software development organizations in ensuring that the software updates reach the end-users as soon as possible with a minimum lag time.

One of the primary requirements for continuous deployment is to implement a series of other automated programs that can pull the software seamlessly through later stages of development into release. These stages of development include compiling and validation of source code, reviewing the code, unit testing, integration testing, packaging the application and user acceptance testing.

How Is Continuous Deployment Different From Continuous Integration And Continuous Delivery?

Continuous deployment takes continuous delivery a step further, which is generally perceived as furtherance of continuous integration. In order to understand the difference, it is important to understand the terms individually:

  • Continuous Integration: It is a technique that continually merges the source code from different developers into a shared mainline. This helps in avoiding cataclysmic merge conflicts as new source code is regularly added by various developers.
  • Continuous Delivery: This technique adds a step to continuous integration. It takes the merged code and conducts the necessary tests to ensure that the code is error-free. Thus, in this technique, the code is written, tested and pushed into a production-like environment. The software stays in the holding area until a developer manually pushes it for deployment.

Continuous Deployment reduces the hold time of continuous delivery by taking it a step further. Once the software code is created, tested and pushed into the production-like environment to see how it would perform in the real-time environment; the code is deployed automatically without any manual interference.

Stages Of Continuous Deployment Pipeline

  1. Deploy To Production: In this step, developers need to deploy the software in a production environment without releasing the functionality to end-users. Also, it is important to implement a system that allows you to toggle between the old & new versions.
  2. Verify: During this stage, various tests are performed including user acceptance, stress test, performance test, etc.
  3. Monitor: Monitor the deployed code as per your business metrics to gain insights for strategic business outcomes. Make sure that the code works as desired in the production environment and make the changes as required.
  4. Respond & Recover: After the software is released, it is important to keep a check for unforeseen issues. Manage a system for proactively detecting problems before they are detected by end-users and recover from these problems by providing fixes or patches.

For more information on continuous deployment, call Centex Technologies at (254) 213 – 4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)