All posts by Monte Robertson

New Trojan horse for Android

A new Android Mobile Security threat has been discovered that opens a back door for hackers.

Get Mobile Device Management and Security. Now would be good.
Get Mobile Device Management and Security. Now would be good.

Its really not a big deal unless you are OK with letting hackers have control of your phone to:

  • See your list of Contacts.
  • Provide them with your current GPS location.
  • Take photos from your phone anytime the phone is on.
  • Record audio through the microphone anytime the phone is on.
  • Get a List of installed applications.
  • Show a  List of opened webpages.
  • Give them a List of placed calls.

– if you are not comfortable with this sort of activity, we can not strongly enough recommend protecting your Smartphones with LAYERED SECURITY SOFTWARE.

http://www.softwaresecuritysolutions.com/EsetMobileSecurity.html

Or our new partnership with SamsungKNOX. Enterprise class MDM

for BYOD that separates personal from business functions on the same phone. Call us @ 719.431.6140 for details!

Learn more on the threat from “We Live Security” here:

http://www.welivesecurity.com/2014/08/12/krysanec-trojan-android/

Stay Safe out there.

Fix for MalwareBytes not updating

Do your MalwareBytes Updates Fail?

This issue might have few different causes, for this reason this Security TIP sheet is divided into three steps. Apply each step in order and check after each step to see if the problem has been resolved. If so, no further action should be taken and you can skip the rest of the steps.

FIRST STEP

Please, completely uninstall MalwareBytes, Then download it again and re-install it. To do so please follow these steps:

  1. Run mbam-clean.exe to completely uninstall your current installation (please use this file here for a complete removal: http://downloads.malwarebytes.org/file/mbam_clean)
  2. Download the latest version of MalwareBytes here: http://downloads.malwarebytes.org/file/mbam
  3. Install it as an administrator: Right click on the Malwarebytes Anti-Malware icon, and then select “Run as…” (on Windows XP) or “Run as administrator” (on Windows Vista or Windows 7). A dialog box will open. Enter the password (if required).
  4. Re-activate the new version of MalwareBytes with your Product ID and Key using the COPY/PASTE function.

Reboot the PC and see if this solves the issue; if not, please continue to the next step.

SECOND STEP

It is possible that the program has been compromised by some high-tech stealthy malware that prevents MalwareBytes from operating correctly.
For this reason they have developed a free tool called “Anti-Rootkit” that targets malware programs that are trying to block MalwareBytes. Anti-Rootkit also recovers and re installs missing .dll files when possible.
Here is a step by step guide to using the Anti-Rootkit program. Please read it carefully and completely before using this program.

https://www.box.com/shared/static/20v2wl2og7tmg2shx748.pdf

If you need a tool to read the attached document, you can find it and download the Foxit Reader free here:
http://www.foxitsoftware.com/downloads/

Reboot your PC and see if this has fixed your issue, if not please take the next step.

THIRD STEP

It’s possible that you have installed some other security software which is interfering with MalwareBytes. Also anti-tracking software, like “Do not track plus” or even the Mozilla Firefox add-on with the same name, can create this problem.
For this reason, please temporarily disable them all, reboot your PC (very important) and see if MalwareBytes starts to work normally again.
If so that means that one of them is the culprit, and by turning them on one-by-one you will find which one; after you have discover it please setup some exclusions in that program so that it will not interfere with MalwareBytes anymore, thus solving your problem going forward.
Hope this helps somehow  – stay safe out there!

Should I switch from iPhone to Android?

Ever heard of the shiny new object syndrome? Many of you may now be considering switching from iPhone to the Android Platform because of it. While there may be some fancy bells and whistles with this move there are things to consider before making the leap.

Being consumers of technological marvels, we have consistently chosen convenience first, over any other aspect of new technology or service. The question to ask yourself is; how convenient is it for you to make the leap?

Next we choose based on the cool factor which is closely tied to the bells and whistles available. This is commonly referred to as the “Shiny new object” syndrome. The question here is; does the coolness factor (i.e. bells and whistles), justify as a big enough reason to jump in?

Coming in dead last is any inclination of how secure the new technology, service, or platform is.

Talking about computer security is about as exciting as talking about Insurance (big yawn now).

To hear more about this check out the story from CNBC regarding iPhone vs Android HERE

Shameless Plug:
If you have mobile devices you must secure them. This is the leading edge of threats and hackers.

We currently have some Antivirus for Mobile phones but keep an eye out for our new Layered Security Solution for Mobile phones coming to the web site within 1 month. It is cloud based and has all the layers needed to protect mobile phones for businesses.
Stay secure out there – even if it is boring.

Helping businesses with solutions IS our sweet spot.

We understand our mission is to help small businesses, not only in securing their data, but in any other way we can, by raising the bar. To that end, I wanted to share with you a sharp company whose mission is also to help small businesses with sales and marketing.  Security, Sales & Marketing all in one place. How much better can it get?

I am talking about the folks over at Sixth Division. We recently met them at this year’sSixth Division TEAM Infusioncon show and wanted to provide a snapshot on who they are and what they do. They can seriously help you take your business to the next level.

The founders go way back to the early days of Infusionsoft and know the IS sales and marketing solution as well as anyone.

What co-founders Brad Martineau @bradmartineau and Dave Lee created is a process where you “unpack your brain” aka, do a brain dump about your business with them, and they take that information and package it in such a way that you can start to use the Infusionsoft tool most effectively.

Of course there are many steps to a sales and marketing system, but they have an uncanny way of simplifying it. This really resonated with me at the show because we try to do the same thing in our business – by simplifying Layered Computer Security for small businesses.

The process Sixth Division has created and as explained to me makes complete sense. There were many AHA moments as I started to get excited about how we can take next steps in sharing information about our computer security information, products and services.

Of course there are some investments you have to make, but this will definitely help you get a head start at working “on the business instead of in the business” (kudos to Michael E. Gerber – look him up on Amazon & get the book Emyth Revisited).

There is another way though. You can learn more about some “out of the park” marketing secrets here and possibly if you pay attention you could win some free consultation from these marketing wizards. Get after it and good luck!! Let me know if we can ever help in any way.

Discover more information at:
Facebook: www.facebook.com/sixthdivision

 Twitter: @sixth_division and @bradmartineau

 Check the hash tags for more of the conversation;

#icon13 – about the last Infusioncon show

& #25k – about the sixth division contest

All great stuff for small businesses.

Stay safe and productive out there!

Monte Robertson – Founder

Enhanced by Zemanta

First Fake Installer Trojan for MAC

One of the advantages of watching for computer security issues on an International scale is that sometimes I discover early warning signals or trends in threats that are coming. This may be the case for the purportedly discovered first fake installer Trojan designed for the MAC operating system.

Apple users have enjoyed relative anonymity from the main stream of threats in years past. That was because the market share just wasn’t there for hackers to bother. But that was then.

MAC users be aware, times are changing! Every single week new threats are coming out that are targeted specifically for the MAC platforms. I went to Best Buy recently and asked the salesperson about Antivirus for MAC, and he said “Oh you don’t need it, MAC’s don’t get viruses.” To which I replied, “Very interesting, but you might want to do a little research on the subject” giving him my card and I left, thanking him for his time.

When it comes to Mobile Security, more threats are discovered in the Mobile Security arena each week than there are for the MAC arena. People think they don’t have to protect their phones either and NOTHING could be further from the truth.

Here’s the bottom line: Hackers follow the market share, because that is where the money is and this discovery further confirms that fact.
It is only a matter of time before these types of threats make it to the US. Many hackers  refine their threats in countries outside of the US so when they bring them here it is a well oiled machine, which can provide them a windfall of ill-gotten gains.

What you should do right now:
1. Tell anyone with a MAC machine if they download a program that asks for their cell phone number and uses a TEXT confirmation for installation, there is a good chance they are being had and part of their identity may be compromised.
2. Make sure your MAC’s & all MOBILE DEVICES have industry leading Security Software installed and are up-to-date.
3. Share this information if you think it is of value.

Stay safe out there!

Which Android applications are secure?

Part of the problem with new technology and everyone rushing to use it, is that consequences are rarely considered. This is the case with the incredibly popular Android phone.

Many people keep very important data about their lives on the phones yet neglect to protect any of it. The question becomes, which of all the Android application you have downloaded are know to be secure?

A recent study shows that more than 1 out of every 4 applications are not secure.

The best place to start your mobile security efforts is with the following 3 steps;
1. Do your research BEFORE downloading applications and understand how they may put your data at risk.
2. Have a good Mobile Security Solution to help keep your data safe.
3. Back up your phone’s data and settings. Back it up and make sure to use an auto-locate feature to be able to find a lost or stolen phone.

More information on the insecurity of Android Mobile phone applications can be found here:

Stay safe out there!

BlackBerry Server Exploit – Mobile Security Alert!

It is apparently easy for an exploit to be run in the BlackBerry Enterprise Server by sending a malicious image to a Blackberry device. This message just in from our friends over at ThreatPost.

The vulnerabilities are in many versions of the Blackberry Exchange Server, Lotus Domino, and Novell GroupWise.
This vulnerability should be patched immediately and qualifies for the “before bed list” of things to do today to protect Blackberry users and the Server.

These words from Blackberry say it all;

“Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.”

Patching for this exploit should be done right now! More here:

http://threatpost.com/en_us/blogs/severe-remote-flaw-fixed-blackberry-enterprise-server-081211

and here:

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244

Stay safe out there.

ACH Emails from “nacha.org”

Many SPAM emails are going out claiming to be from nacha.org which is the Electronic Payments Association. The emails come from Info@nacha dot org, Payment@nacha dot org and Alert@ nacha dot org claiming there is something wrong with one of your automatic bill payments.

A quick look into the header information (using message options in outlook) shows they are not coming from the nacha.org domain at all.

Subject: ACH payment rejected
Content-Type: multipart/alternative;
Return-Path: pavedff94@buxrud.sucker

They always have a link to a “report” that says it will give the details. Clicking on this link will take you to a website that is dishing out malicious code and attempts to get your personal banking details. Where the link really goes is shown here”

Email Phishing threats

Do not click on the link for the report. Any failed transaction should be provided by your bank and not nacha. That is the gotcha there.

Stay safe out there!

Laptop Batteries Hacked – whats next?

Call me crazy but it seems there is something inherently wrong with not only having a password to protect a chip, but telling the world that such a thing exists, revealing the password in your public documentation, and then, how to exploit it.

So this begs for a couple hundred questions; If people can hack battery chips, can they hack other chips? Do other chips have passwords? Does this mean that no chip is secure?

If so, then maybe we should just shorten the life cycle of our hacking pain and put all information out for public knowledge and use. Furthering the thought that there would be no benefit to hacking, what then?

The computer security industry would dissolve. All the talented people in the industry could work towards other positive efforts.

The hackers and malicious gangs could contribute positively to this world. They are a very talented group and could do many great things.

I know this all sounds ridiculous. But as Forrest sort of said, “ridiculous is as ridiculous does.”

Speaking of that, I am glad I still use my typewriter to write this stuff. I think it is still un-hackable…time will tell.

Try and stay safe out there.

Instructions for changing ESET RA Servers

Enough customers have asked for help migrating from one ESET Remote Administration (RA) Server to another that I thought these instructions would be in order.

First Configure the New ESET RA Server:

1.    Go to www.eset.com/download#, click on “Take me to my Download” and then on the Business Tab. Using your licensed user name and password, download the following new installers:

a.    RA Server

b.    RA Console

c.    Client Installers (32\64 bit as needed)

2.    Install the new RA Server then the Console on the new machine. Take all the defaults and enter the User name and Password in the RA Server update section. Do not set any other passwords at this time.

3.    Build the applicable update mirrors including the Program Component mirrors for each client installer (32\64 bit) type. Then fire the event to configure the new NOD32 RA Server.

4.    Install the ESET antivirus client on the new Server for local protection. Be sure to follow the Best Practices for server configuration setup.

5.    Point the server’s local ESET “client” to the new ESET NOD32 RA Server for Remote Administration and Updates. To see it quickly show up in the console change the time to 0 minutes, don’t forget to change it back to the default of 10 minutes once shows up.

6.    Confirm the server shows up as a client of itself and is updating properly from the ESET RA Server. This step confirms that the new server is properly configured and ready to manage the clients coming from the old server.

Then change the configuration on the Old ESET RA Server to point clients to the new RA Server:

1.    Open the RA Console on the Old NOD32 RA Server

2.    Go to Tools > Policy Manager

3.    For each applicable policy, change the Remote Administration configuration under the Kernel Setup so the clients will now check in with the new Server with their status and signature levels.

4.    For clients getting updates locally from the old RA Server (instead of the from the Internet), change the update server settings to point to the new NOD32 RA Server.

5.    Save both changes in the Policy Manager. Remember the ESET clients check in for remote administration and update as 2 separate functions.

6.    Over time the clients will start to check in with the new NOD32 RA Server and drop off the old one.

7.    Once you are comfortable that all machines have migrated it is safe to take the old ESET RA Server down.

If you need help confirming this is properly set up and that the migration will go smooth, please let us know!