The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

Category: Security Page 66 of 75

Zero-Day Attacks And How To Prevent Them

By

On August 6, 2015

In Security

August 6, 2015

A zero-day attack can be defined as an attempt to exploit unpatched software vulnerabilities before it becomes known to the vendor or user. Cybercriminals can initiate this attack with an aim of downloading malware, phishing software or any other code and use it for malicious purposes. As a zero-day attack involves exploiting an unknown flaw in the software, it often creates a ‘vulnerability window’, which refers to the time elapsed between the identification of the exploit and the installation of patch to fix it.

Types Of Zero-Day Attacks

Cyber criminals may launch a zero-day attack in any of the following ways:

  • Websites: If you have installed flawed software in your system and you visit a malware infected website, the hackers get an easy opportunity to manipulate the vulnerability. The security fault can be present either in your browser files or computer.
  • Inferior Software: Zero-day attacks can also misuse poorly designed software. These types of applications usually consist of different vulnerabilities that can be easily manipulated for malicious use. Through zero-day attacks, hackers may exploit the common file types in order to steal confidential data or damage the system altogether.
  • Emails: The attack can also be initiated when a user clicks on a malware infected email attachment. Once the file is downloaded, the bug can exploit any security flaws either in the email software or the computer system.

Tips To Prevent Zero-Day Attacks

  • Internet browsers and operating systems are most significant trajectories of zero-day attacks. You should frequently update your browser and implement the maximum security settings possible. You can either set your browser to download and install updates automatically or do so manually as soon as they are officially released.
  • Always stay alert for any updates or security patches announced for the software installed on your system.
  • If you use an open Wi-Fi network, you are at a higher risk for zero-day attacks. As the information shared over these connections is not properly encrypted, your device may be exposed to various security threats. Make sure you do not download any files or share sensitive information over such networks.
  • Do perform a regular scan of your system for viruses, malware and other faulty software. You should also clear your browsers cache and cookies from time to time. Changing passwords for all your online accounts, such as email ids, net banking, social media, etc., can also help to prevent against zero-day attacks.

We, at Centex Technologies, provide complete cybersecurity solutions in Central Texas. For more information, you can call us at (855) 375 – 9654.

Steps Towards Online Identity Safety

By

On July 29, 2015

In Security

July 29, 2015

Identity theft is one of the fastest growing methods used by hackers to carry out criminal activities. It is an attempt to gain unauthorized access to the personal information of internet users, such as email ids, passwords, credit card details, social security numbers etc. With internet being a crucial part of our everyday lives, the risk for identity theft has also increased manifold. Therefore, it is important that you are aware of the dos and don’ts for keeping your information secure over the internet.

Read on to know some of the essential steps that you must follow to ensure online identity safety:

  • Create Strong Passwords: Choosing small and easy passwords is like providing hackers the key to your virtual world. These are the most common ways crimes like identify theft are carried out. In order to avoid being a victim of these attacks, you should create passwords that are lengthy, unique and hard to crack. A good password comprises minimum 8 characters with a combination of numbers, alphabets and symbols. You can also use a two-factor authentication method to prevent unauthorized access to your online accounts.
  • Use Multiple Email Accounts: Using different email accounts for important and spam emails can help to minimize the risk of hacking attacks. For instance, you can create a separate email id for work related conversations, another for personal emails and yet another to be used for unsecure or trivial websites. Thus, spam emails will no longer pose a threat to your sensitive information.
  • Ignore Emails From Unknown Senders: If you receive an email from an unknown sender, you must not open or download its attachments. These could be malware attempting to infect your system and steal important data. You should also be cautious of emails asking you to enter your personal information or verify password. If you receive an email claiming to be from a bank or any reputed business, make sure you validate its legitimacy by directly contacting the company.
  • Ensure Secure Network: Before entering your credit card details for internet banking or other ecommerce transactions, look for the padlock symbol in your browser’s address bar. Additionally, the URL of the website should begin with ‘https’ instead of ‘http’. This ensures that the connection is secure and the information you enter will be properly encrypted.
  • Ignore Pop-Ups: Pop-ups are also a common method of getting users to download malware into their devices. Advertizements that claim to offer a prize or reward usually contain bugs programmed to damage your system, gather important data or simply manipulate stored information.

For more online identity safety tips, feel free to contact Centex Technologies at (855) 375 – 9654.

Wi-Fi Password Sharing Feature In Windows 10 Raises Security Concerns

By

On July 16, 2015

In Security

July 16, 2015

With Microsoft taking its last leap with the Windows 10, most tech professionals are looking forward to the new competences added to this operating system. One such feature, that has managed to garner more controversies than commendations, is the ‘Wi-Fi Sense’. Essentially, it is a mode of sharing network information among users. It is designed to allow an easy and quick connection to in-range password protected wireless hotspots within friends. Though Microsoft initially rolled out this Wi-Fi password sharing feature in Windows Phone 8.1, it did not gain much popularity due to its limited user base.

How Does Wi-Fi-Sense Work?

Wi-Fi Sense enables users to share network connection with their Facebook, Skype and Outlook contacts. Working at the back-end, this feature agrees to Wi-Fi terms and conditions, shares log-in credentials as well as connects your friends whenever they are in-range of the network that you want to share. Hence, if any of your friends tries to access your internet connection, Wi-Fi Sense will evaluate his actions and provide access spontaneously, without making the password visible to him. Other users, who are in your contact list and have Windows 10 on their device, will also have their network details shared with you, provided they have enabled Wi-Fi Sense.

Security Risks With Wi-Fi Sense

According to Microsoft’s official sources, the Wi-Fi password is shared in an encrypted form through the company’s internal servers. The user is granted access only to internet connection and not to the files or data stored in your system. However, even the basic sharing of password may compromise the security of your network and make it vulnerable to various hacking attacks. The idea of sharing internet connection can be great for family and friends, but not for corporate settings. Sharing passwords with all your Facebook, Outlook and Skype contacts could also mean inadvertently providing your network information to people whom you barely know.

The best way to safeguard your network from these privacy risks is by taking a few preventive measures. As the feature is likely to be enabled by default in Windows 10 PCs and laptops, make sure you turn it off. However, it is a not a perfect solution for business firms that encourage bring your own device (BYOD) culture. Another option to keep your network out of Wi-Fi Sense is to add the phrase “_optout” to its name. For instance, if your internet connection is named “mynetwork”, you must change it to “mynetwork_optout”.

Considering the security concerns emerging around Wi-Fi Sense, it is recommended that you use 802.1X authentication or implement stricter access controls to your network connection.

Beware Of Fraudulent Companies Claiming To Clean Up Your Virus Infected PC

By

On July 9, 2015

In Security

July 9, 2015

Every day, a lot of web users receive fake calls/ emails from scammers posing to be IT support technicians offering help to clean up their computer issues. They claim themselves to be from some reputed software companies and persuade people to perform certain tasks to remove virus from their PC. According to a recently released report by the Better Business Bureau (BBB), these types of phone/ email scams have become the most common way for hackers to access all the personal information stored on the target computer.

How The Scam Works?

A user typically gets a call from people asserting to be from a tech support firm. The callers already gather the target user’s name, address, operating system and version of Windows to convince them about the legitimacy of the call. They may tell the user that they have detected certain virus on the computer that needs to be fixed and for which they need to pay a certain fee. When this occurs, the hackers are able to gain access to the credit card details of the user. They may also install certain malware and malicious software on the system which may require additional expenses to be removed. These phone scams may include the following:

  • The cybercriminals may ask the user to download a remote access service to grant them the right to use the computer. This allows them to take complete charge of the target PC.
  • The user is made to install certain anti-virus software, sold as the genuine version. In contrast, it is simply a trail or forged version, leaving the user’s computer vulnerable to major security threats.
  • Once they have unrestrained access to the system, it can be easily infected with malware. As the targeted system has a non-functioning anti-virus and vulnerable OS, it would not be able to detect or remove the Trojan.

Tips To Avoid Phone Scams

  • Never grant access to your computer to unknown people.
  • Do not depend on caller ID to validate any phone call. Identities on these types of software can be easily hoaxed.
  • Do not provide details about your credit card, bank account or other personal information to any unknown caller.
  • Note down the caller’s information and report it to your local cyber-crime branch.
  • Change any passwords that you have shared with anybody.
  • Always install and regularly update authentic anti-virus software as well as Windows version.

In case you receive any such phone calls, make sure you do not provide them any information and contact the helpline number of your service provider for assistance.

Beware Of Rombertik Virus

By

On June 28, 2015

In Security

June 29, 2015

Cybersecurity experts have come up with a new self-destructive virus, Rombertik, which is remarkably inimitable with respect to its functionality and perplexity. Identified by Cisco’s Talos Security Intelligence and Research Group, the deadly virus has been designed to decode any text entered into the user’s internet browser. It aims at stealing user names, passwords, bank account details, credit card codes and other sensitive information. Also known as the ‘suicide virus’, Rombertik attempts to destroy the infected computer if it gets detected.

How Does Rombertik Work?   

Rombertik mainly targets a user’s computer through spam emails. When a user downloads the attachment files that accompany these emails, the virus installs itself on the device. Initially, Rombertik performs some checks to confirm it is not running inside the sandbox, after which it starts with its execution. What makes Rombertik different from other malware is its bloated file size. As stated by Talos, the unpacked version of Rombertik is merely 28 KB whereas the packed file is more than 1 MB. This implies that almost 97 percent of the data in packed version is included just to make the file look legitimate.

The malware Rombertik is self-aware, meaning that it recognizes if the user tries to dismiss it with anti-virus software. In an attempt to avoid detection, the virus starts to destroy itself along with the computer’s Master Boot Record (MBR), rendering it unusable.

How Does Rombertik Remain Undetected?

  • The huge amount of junk elements contained in the executable file of Rombertik is never utilized by the malware. This inflates the volume of the file, which needs to be analyzed and studied by the cyber experts, thus, adjourning the virus identification process.
  • The virus overwrites a single byte of random data 960 million times on the computer memory. This is done to deceive sandbox to take Rombertik to be an authentic program. It leads to extending the data log over 100 GB, thus, complicating the investigation and detection of the malware.

How To Protect Against Rombertik?

  • One should not download attachments in emails from unknown sources.
  • Anti-virus software should be updated to block the malware in the first place.
  • Set up email security settings and block downloading of certain types of attachments.

Cyber security professionals recommend that users should constantly update their system’s security software and keep a backup of all the important data to minimize the effects of getting the system infected with Rombertik.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)