Some Basic Computer Security Tips To Help You Protect Yourself

Computer security is often viewed as too complicated and technical by many people. It is actually quite simple if you look closely at the important points. How can you safeguard yourself? Continue reading.

These are some computer security tips you should know

Allow automatic updates

Every software that you use today is subject to different security problems. These issues are continuously being discovered, regardless of whether you're using Internet Explorer, Google Chrome or Mozilla Firefox, Windows, Microsoft Office or Windows. Many operating systems and programs today have automatic updates that fill in these security gaps. To update software, you don't need to click or download anything. It will update itself automatically in the background, without you having to do anything. Some people may choose to disable this feature. You might not like Windows automatically restarting after installing an update or simply don't want it. It is important to ensure that automatic updates are enabled if you want to protect your computer.

Anti-Virus and anti-Malware software should be used

Anti-virus software claims to be the best every few years. Some experts claim that anti-virus software is obsolete and not necessary. It is important to remember that you still need anti-virus software, even if your computer use is cautious. Windows Defender is fine, but you can also use similar software. Ask SpartanTec which anti-virus solution is right for you.

Automate Passwords with Better Security

Everyone knows passwords are important. However, many people ignore them. Use different passwords for each account. Hackers are all around and you could give someone access to your accounts if you use the exact same passwords. You should also use long passwords. LastPass is a good password manager.

Never leave your phone or computer unattended

Although this is a simple warning, it deserves to be noted. You should never leave your smartphone or computer unattended, especially when you're in public. There is a high chance that your device will be stolen if you do. If it is stolen, the person who took it will have access your personal information.

Find out which links to click in emails

This is something you may have heard a lot about. Never open email from unknown sources. Emails that appear legitimate may contain malicious links. Phishing is the term used to describe this. Do not click on any links in email, especially those that point to sensitive sites such as your bank's website. Even if the link was sent by friends, make sure you carefully examine it before clicking.

Take care when downloading and running programs

Computer security in Myrtle Beach is important. Be careful about what programs you download and run. Only use trusted and well-respected programs or those recommended by respected websites.

SpartanTec Inc. can help you to ensure that your computer, phone and network are safe from all possible and current threats.

SpartanTec Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/

Purple Fox Trojan Delivering Malware Via Popular Messaging App

A research team from Minerva Labs are working in conjunction with the MalwareHunterTeam.

They have recently been tracking a Trojan called Purple Fox and have published a warning about it.

The group behind the Trojan is now distributing their malicious code disguised as a Telegram installation file.

If you're not familiar with that name Telegram is one of several online messaging apps available on the web. The Trojan has been around since at least 2018 and the hackers who control it have tried a number of different ways to get their malicious code onto unsuspecting desktops.

The use of Telegram as a masking agent is new and the group is also now breaking their malware up into several small files. That makes it less likely to be detected and the researchers have been able to confirm it.  They found few AV engines capable of detecting a Purple Fox installation and it is worrisome indeed.

The team behind Purple Fox isn't resting on their achievements either.  They have been steadily adding features and functionality to their code. These new features include a new .net backdoor dubbed "Fox Socket" spotted by Trend Micro in October of last year (2021) and Guardicore Labs discovered a version of the code with wormlike capabilities which allowed the variant to spread with blinding speed.

In addition to that, the malware comes in both 32-bit and 64-bit variants so this one is not to be underestimated.  Purple Fox may wind up being one of the biggest threats on the landscape in 2022.

Of course, it's early days yet and we haven't seen what other nasty surprises that the hackers of the world have been cooking up over the holiday season, but the bottom line is that Purple Fox is one to watch.

Call SpartanTec, Inc. now for more information about effective cybersecurity measures for your business.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

FTC Enforcing That Businesses Patch Log4j Java Security Issue

By now you're almost certainly aware of the Log4j Java issue.

It's a serious and fixable flaw relating to java logging.

Recently the United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn't yet fixed the flaw and protected against the vulnerability.

The FTC's statement reads in part as follows:

"The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future. 

Failure to identify and patch instances of this software may violate the FTC Act.

The Log4j vulnerability is part of a broader set of structural issues.  It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. 

These projects are often created and maintained by volunteers, who don't always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.

This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security."

The FTC has already made it clear that they're not playing around with this issue either.  Not long ago in 2019, they hit Equifax with a staggering $700 million fine because of customer data exposure.

The FTC clearly has the muscle to make this threat stick. So if you haven't already installed the remedy for Long4j, do it now before you lose track of it. Keep an ear to the ground for other similar issues.

Fines of the sort that the FTC is threatening are enough to rock any business back on its heels. So don't take any chances.  Stay vigilant out there.  It's going to be an interesting year.

Call SpartanTec, Inc. now if you need professional IT support in keeping your information safe against cybersecurity issues and online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New Data Breach Hits US Cellular Company

It's the dawning of a new year and the hackers of the world have been busy.  This time it's US Cellular caught in the crosshairs.

The company recently reported that their billing system was hacked and they sent breach notification letters to more than four hundred impacted individuals.

US Cellular is the fourth largest carrier in the United States.  Only 405 of the company's customers seem to have been affected which makes this attack quite small in terms of scope and scale.  That's small consolation if you're one of the unlucky US Cellular customers to have received a notification in the mail.

The company had this to say about the incident:

"On December 13, 2021, UScellular detected a data security incident in which unauthorized individuals illegally accessed our billing system and gained access to wireless customer accounts that contain personal information.

Information in customer accounts include name, address, PIN code and cellular telephone number(s) as well as information about wireless services including service plan, usage and billing statements.

Sensitive personal information, such as Social Security number and credit card information, is masked within the CRM system. At this time, we have no indication that there has been unauthorized access to your UScellular online user account."

If you haven't received a notification in the mail from US Cellular then it's  most likely that your account record was not compromised. Out of an abundance of caution, you may want to reset your account password and be on the lookout for suspicious emails targeting you. Now you may be more likely to be on the receiving end of phishing emails for a time.

Kudos to US Cellular for their rapid response.  Sadly we'll probably be seeing a lot more of this kind of thing in the year ahead.

Call SpartanTec, Inc. now if you need professional help in protecting your data against hackers and cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

This New Malware Steals Passwords From Popular Browsers

A new threat has appeared on the horizon. Even if the name is not familiar to you this malware strain is bad news indeed.

Called RedLine it is an information-stealing malware that specifically targets popular web browsers including Opera, Microsoft's Edge browser, and Chrome.

Unfortunately, many people have come to rely on their trusty web browser to store and remember their passwords for them. RedLine takes advantage of this and the group behind the code has found a way to crack the browser open and grab the passwords stored within.

Even worse is that RedLine isn't just isolated to a single gang or group of cyber criminals.  Instead, it is being offered as a commodity on the Dark Web. That means anybody with about $200 USD can buy a copy and start harvesting the credentials of anyone they infect.

While it is true that passwords stored inside web browsers are encrypted, RedLine can programmatically decrypt those passwords if they are logged in as the same user which is very much the case here.  RedLine runs as the user who was infected which means that all of their passwords are open to the person controlling the malware.

Although it is highly convenient the bottom line is that it's dangerous to have all of your passwords stored inside your web browser.  If you insist on going that route, then your best bet by far is to enable two-factor authentication on every website you visit frequently that offers it. That is so at least if your passwords are compromised the hackers who gain access to the information still can't easily access your accounts.

Given how RedLine is being marketed on the Dark Web we can expect to see a surge in cyberattacks using the malware in the months ahead.  It's going to get a lot worse before it starts getting any better.

Call SpartanTec, Inc. now if you need the help of IT professionals in protecting your business against cybersecurity threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

Popular Digital Photo Company Shutterfly Hit By Ransomware Attack

Recently digital media giant Shutterfly was hit by a major ransomware attack.

The attack disrupted broad swaths of the company's services including those offered under their GrooveBook, BorrowLenses, and Lifetouch brands.

According to a report received by BleepingComputer, Shutterfly was targeted by the Conti gang. That group was able to encrypt more than four thousand of the company's devices and 120 VMware and ESXi servers.

Like so many ransomware attacks in recent months the Conti gang did not start encrypting files immediately upon breaching the Shutterfly network.  Instead they lurked for a time while quietly exfiltrating files to a server they control.

The Conti gang has created a private Shutterfly data leak page that contains screenshots of the data the group allegedly stole prior to launching the encryption phase of their attack.  The purpose is to use the stolen files as leverage to prompt the company to pay the ransom demanded. The ransom in this case is reportedly in the millions of dollars.

Based on the screenshots on the data leak page it appears that the Conti gang made off with legal agreements, merchant account info, and a wide range of login credentials for corporate services.

The company has released a brief statement about the matter that reads as follows:

"Shutterfly, LLC recently experienced a ransomware attack on parts of our network. This incident has not impacted our Shutterfly.com, Snapfish, TinyPrints or Spoonflower sites. However, portions of our Lifetouch and BorrowLenses business, Groovebook, manufacturing and some corporate systems have been experiencing interruptions. We engaged third-party cybersecurity experts, informed law enforcement, and have been working around the clock to address the incident.

As part of our ongoing investigation, we are also assessing the full scope of any data that may have been affected. We do not store credit card, financial account information or the Social Security numbers of our Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in this incident. However, understanding the nature of the data that may have been affected is a key priority and that investigation is ongoing. We will continue to provide updates as appropriate."

Based on the above there's little for users of those services to do at present. Out of an abundance of caution if you do use the impacted services you will probably want to change your password and improve your computer security right away.

Call SpartanTec, Inc. now if you need help in protecting your information against ranswomare attacks and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

LastPass Says There Is No Evidence Of Data Breach

There are strange events swirling around LastPass. LastPass is a popular password safe and identity protection service.

Recently Twitter exploded with reports from around the world of people who received a notification from LastPass regarding a string of suspicious login attempts. Most of them came from countries other than the ones the impacted users lived in.

Naturally this led to speculation that LastPass had been hacked and a data breach caused some portion of the passwords stored by their massive user base were stolen. This created something of a panic because LastPass and similar sites are considered one of the last safe refuges where passwords are concerned.

The company responded that there was no evidence that LastPass servers had been breached but questions persisted.  If that was the case, then why did the company send out notifications to users regarding suspicious login attempts? The company's investigation into the matter continued.

Recently LastPass issued another update which reads as follows:

"As previously stated, LastPass is aware of and has been investigating recent reports of users receiving e-mails alerting them to blocked login attempts.

We quickly worked to investigate this activity and at this time we have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of this credential stuffing, nor have we found any indication that user's LastPass credentials were harvested by malware, rogue browser extensions or phishing campaigns.

However out of an abundance of caution, we continued to investigate in an effort to determine what was causing the automated security alert e-mails to be triggered from our systems.

Our investigation has since found that some of these security alerts, which were sent to a limited subset of LastPass users, were likely triggered in error. As a result, we have adjusted our security alert systems and this issue has since been resolved.

These alerts were triggered due to LastPass's ongoing efforts to defend its customers from bad actors and credential stuffing attempts. It is also important to reiterate that LastPass' zero-knowledge security model means that at no time does LastPass store, have knowledge of, or have access to a users' Master Password(s).

We will continue to regularly monitor for unusual or malicious activity and will, as necessary, continue to take steps designed to ensure that LastPass, its users and their data remain protected and secure."

It seems that it was a false alarm.  Even though it was a false alarm, if you are LastPass user you should enable two-factor authentication as soon as possible to minimize your risk.

is your data secure? if you don't have an  answer to this question then it is time to contact SpartanTec, Inc. for a complete network security audit.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/