Monday, October 29, 2018

Multi-factor fact


The Dark Web Monster

The Dark Web MonsterWhen looking for a job, usually you would check one of the many job hunting sites you see in commercials or circle ads in newspapers (at least at one point you did). Some people do something very similar… but on the Dark Web searching for an illicit job. Many job postings on the Dark Web seem like normal job ads. But when you look closer you will notice that advert for a driver not only needs the person to drive but also transport drugs. The driver would make $1,000 for a week of work, not including the living expense compensation. One of the more lucrative opportunities on the Dark Web job market is the corporate insider. The most common target is financial employees who, in one example, are offered $3,150 to get a loan or increase cash withdrawal limits on a card. Postal workers are also targeted to steal packages.
The Dark Web is lucrative for those willing to risk their job and possibly their freedom for money. Be careful of both insiders and the wide array of illicit software sold there.https://www.darkreading.com/threat-intelligence/inside-the-dark-webs-help-wanted-ads/d/d-id/1333066

Thursday, October 25, 2018

compromised!!!!

This week Tumblr was breached and we explore Dark Web job postings.
Dark Web ID Trends:
  • Total Compromises: 3,767
  • Top Source Hits: ID Theft Forum (1,429)
  • Top PIIs compromised: Domains (3,761)
    • Clear Text Passwords (876)
  • Top Company Size: 11-50
  • Top Industry: Business & Professional Services and Finance & Insurance

Exploit: Exposed database.
Magen David Adom: The state of Israel’s aid and disaster relief organization.Risk to Small Business: 1.444 = ExtremeA large breach of medical and payment information is highly damaging to business and could take a significant amount of time to regain the trust of its clients.Individual Risk: 2.285 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: Not disclosed.How it Could Affect Your Customers’ BusinessThe negative impact of a breach of this nature could influence relationships with customers and other businesses for years to come.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Disqushttps://thehackernews.com/2017/10/disqus-comment-system-hacked.htmlExploit: Exposed DatabaseDisqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc…Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers.Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: 5.8 millionHow it Could Affect Your Customers’ BusinessThe breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
United States – Tumblrhttps://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/Exploit: Bug.Tumblr: A popular blogging website.Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly.Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam.Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr.How it Could Affect Your Customers’ BusinessA breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action.ID Agent to the Rescue:  Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Wednesday, October 24, 2018

Educational Cybersecurity Awareness Month


October is the month for cybersecurity awareness, and the perfect time to educate your employees on steps they can take to protect your network. From password protection measures to becoming aware of common phishing tactics, awareness is a vital step in protecting your business from cybercrime. Here are some tips you can share with your employees today!

Email Security:
- Never use personal email accounts for company business, nor business credentials for personal logins.
- Use two-factor authentication whenever possible.
- Use unique passwords for all email accounts.
- Maintain suspicions when opening attachments in emails. When in doubt, place a quick call to verify the validity of an email.

Password Security:
- Use complex passwords (not your dog’s name with a number at the end!)
- Consider a password manager.
- Always monitor the Dark Web for stolen credentials.

File Sharing and USB Drives:
- Use application-level encryption to protect the information in your files.
- Monitor your network for unapproved file sharing programs.
- Use file naming that doesn’t disclose the type of information being shared.
- Free file sharing methods do not provide the legal protection to help secure sensitive information.
- Scan USBs for external viruses and malware.
- Disable auto run.
- Encrypt USB drives.
- Keep personal and business USB drives separate.

Mobile Protection:
- Update mobile software regularly.
- Download apps from trusted sources and read reviews to check the validity of apps.
- Always use passcodes or fingerprint recognition when available.
- Turn off discovery mode.
- Activate “find device” and “remote wipe.”

Take the next steps to protecting your network! To learn more about 3bSecurity services Contact us at 877.860.5831 x190

Monday, October 15, 2018

Mojave Upgrade - Apple 2

After installing I have found that Daylite CRM, has issues with the mail plug in.. this is only listed in the support section not the section that tell you Daylite is supported by Mojave. This plug in is rather important in getting mail to the CRM.. so they should list it as being incompatible until that is fixed.. they are currently working on the issue.. Robert

Friday, October 12, 2018

Mojave Upgrade - Apple

I have waited a couple weeks on the ScanSnap update.. it is officially released today.. After installing the Scansnap update and checking the compatibility is various programs, such as Paperless, daylight, Billings, and Scansnap. I proceeded with the latest Apple OS upgrade (Mojave. So far nothing is out of place and everything seems to be running rather well.. I will update again later in the week... Robert Blake

Monday, October 1, 2018

What to Do If Your Computer Is Infected with Ransomware

Ransomware has been in the news a lot lately, with big incidents involving WannaCry, Petya, and many more. The effects that they have can be devastating. They often render computers completely useless and wipe out all of the data saved on them.

While it's obviously best to avoid getting ransomware to begin with, even the safest of users can get infected. That is why it's important to know what to do once your computer does have ransomware on it.

The ransom
Ransomware is called such because they either lock your computer, encrypt your files, or both and then request payment to remove it. 

While you can pay the ransom in hopes of regaining access to your computer and files, it's generally recommended that you don't. The reason for this is because there's absolutely no guarantee that the hacker will ever give you the key to remove the ransomware instead of just pocketing your money and not doing anything about it. Plus, it encourages the hacker to launch more attacks towards you or your company because they know you'll pay up.

So, unless you're willing to take that risk, it's generally a better idea to not pay the ransom.

What to do once your computer is infected
If you are unfortunate enough to end up infected with ransomware, there are a few first steps you can take to try and minimize the damage it does. It is very important to follow the correct steps exactly to limit the damage that the ransomware will do.

The very first step is to disconnect the computer from any and all networks. This will not only keep the ransomware from communicating with the hacker, but it will stop it from spreading and infecting other computers. This step should be done the very second you notice that the computer is infected.

The second thing you need to do is shut down the computer completely, as this will also help keep the damage at a minimum as well as help you potentially recover your computer and its files later.

Finally, you will want to report the incident to the authorities and file a police report. This is not only a necessary legal step in order to file an insurance claim, but it could potentially give the law enforcement officers more evidence to help catch the hacker.

Removing the ransomware and recovering your files
Once you've gone through the first important steps, you have a couple options you can try in order to get your computer back. But, unfortunately, it's not easy to get your data back and there is a very good chance that it may be lost forever.

One of the best options to try is to use the System Restore tool in Windows. To do this, boot your computer back up but don't log in. From the Windows login screen, hold the shift key, click the power icon, and then select restart. It should reboot to the recovery screen.

Once you are on the recovery screen, select "Troubleshoot," then "Advanced Options," and finally, "System Restore." Follow the onscreen instructions to restore your Windows installation back to the previous state before it was infected.

If you're not able to get into the system restore screen normally, then you will need a copy of Windows installation media on either a USB drive or a disc. You'll want to boot into it and choose the "Repair" option instead of installation.

If using the System Restore option doesn't work, then you will need to install a virus scanner to a bootable USB drive or disc. Most of the big antivirus brands will have something like this. AVG, Avast, and Bitdefender all have good, reliable tools that will do the job.

Once you have your bootable virus scanner, you'll want to restart the computer and boot into the scanner in the same way that you booted into the Windows installation. From there, you can run an offline scan on your computer and it will hopefully be able to remove the ransomware for you.

If even that doesn't work, then you will need to use your Windows installation media to do a complete wipe of your computer and reinstall windows. All your data will be lost for good, but you'll have access to the computer again.

Future considerations
Ransomware is one of the worst forms of malware that you could possibly get. It is difficult, if not impossible, to remove and does a lot of damage. This is why It's so important to avoid getting infected with it to begin with.

To avoid ransomware in the future, you will want to make sure you keep everything up to date, particularly the typical vulnerable software like web browsers, Java, and Adobe Flash, and be sure to have a good antivirus program running on your computer at all time.

But the most important thing to do in order to avoid ransomware is to be wary of every email you see, because this is one of the most common methods hackers use to try and infect people with ransomware. Don't trust any email if you're not completely positive who sent it to you, and never download any attachments if you don't already know for sure what they are.

Most important part of ensuring that you are able to recover from an attack is maintaining a consistent and solid backup solution. If you have not evaluated how you back up, you should do it today!

As long as you follow this advice, you'll greatly reduce the chance that you end up getting infected with ransomware in the future.


Robert Blake


Contact Bit by Bit for more information to help recover from a ransomeware attack or help with all of your technology needs. 877.860.5831 x190



Infrastructure Organizations Beware