By -- 2022-02-28 in Blog

Cybersecurity experts and the FBI are warning Americans that there will likely be an increase in cybersecurity attacks targeting U.S. citizens and companies. This warning follows a slew of sanctions Western nations have placed on Russia following its invasion of and malware attacks against Ukraine.

Tensions have further escalated since the U.S. and allies blocked some Russian banks from the SWIFT international payment system. Experts warn that ransomware and malware attacks, data wiping and theft, and denial-of-service attacks are among types of attacks that hackers will use as a form of cyberwarfare against the U.S. and its allies.

Cyber experts warn that small- to medium-sized businesses are among the most vulnerable entities, as they typically do not have the cyberattack mitigation plans necessary to prepare for and defend against sophisticated, targeted attacks. The best forms of protection that executives and officials recommend for businesses and individuals alike is to make sure that software and anti-virus systems are up to date, two factor authentication is in place, and a crisis plan has been established. If you’d like to ensure that your organization’s cybersecurity protocols are up to date and secure, feel free to contact us at info@optfinity.com or call us at (703) 790-0400.

By -- 2022-02-24 in Blog

If you’re like millions of other Americans, you’ve probably heard of, if not already played, Wordle. This addictively simple word game has boomed in popularity due to its virality, ad-free nature, and lack of a price tag. Unfortunately, this may change soon. In late January, it was announced that the New York Times bought Wordle. The news rattled many users who fear that their favorite game may soon be put behind a paywall like many of the Times’ own games and articles. This notion was confirmed when the Times stated that the game would “initially remain free” to new and existing players.

Luckily for players, there’s a way to play this game for free should it go behind a paywall. Wordle runs on a browser, which means that all of its code is saved as plaintext on the game’s website. To grab the free  version, players only need to right click in their browser, select “save page as webpage”, and save Wordle as an HTML file. Then, the original game can be played offline. By clicking on the saved HTML file, it should then open the game in a browser, even if you’re offline. Further, because the game is based on a list of over 2,000 five-letter solution words, an offline version should (in theory) allow users to play free every day for seven years. Before dashing to download the HTML, be aware that you may not be able to save your streak, and sharing would be messy- if even possible. If you’d like to learn more about optimizing your technology and devices, feel free to reach out to us at info@optfinity.com.

By -- 2022-02-15 in Uncategorized

Cybersecurity apprehensions surrounding the Olympics have been prevalent for the past few Olympic games, but the 2022 Beijing Winter Olympics have brought on a new set of concerns as it relates to technology.

In 2020, the Tokyo Olympics incurred over 450 million cyber-related incidents, far superseding the number seen during the 2012 London Summer Olympics. For these Olympics, FBI Director Christopher Wray commented on his fears of the host city being situated in China, as the Chinese government has allegedly carried out repeated cyberattacks against Americans in an attempt to steal information and technology from U.S. companies.

As a result, Olympic athletes have been advised to use temporary cell phones while at the Games. Government agencies across the globe have also warned athletes of apps like My 2022 which is used to track players’ health amidst the COVID-19 pandemic, despite it not being secure.

While these are dangers which affect the athletes, viewers of the 2022 Winter Olympics should also use caution when trying to watch the Games. According to Dr. Francis Gaffney, DirectorMimecast Labs & Future Operations, there are 2 major potential threats that viewers should watch out for:

  1. Typosquattting– This is a type of campaign that cybercriminals use to install malware or steal sensitive information. Check sites for typographical errors before clicking on links within seemingly familiar websites, as these criminals sometimes create fake websites that mimic the official Olympics’ site to prey upon unwary users who may mistype what they actually want to search for.
  2. Fake streaming sites– Cybercriminals will often create fake streaming websites that promise viewers free access to the Games. Similar to typosquatting, any login credentials or “free trial” payment information be harvested by threat actors and either used to install malware, or may be sold on the Dark Web. To stay safe while watching the games, keep an eye out for typos on seemingly legitimate sites and don’t visit sites that promise free streaming services of the Olympics.

If you’re interested in discussing internet safety and ensuring that your credentials are safe, you can email us at info@OptfinITy.com or call us at (703) 790-0400.

By -- 2022-02-14 in OptfinITy News

FEBRUARY 14, 2022: OptfinITy announced today that CRN®, a brand of The Channel Company, has named OptfinITy to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022. CRN’s annual MSP 500 list identifies the leading service providers in North America whose forward-thinking approaches to managed services are changing the landscape of the IT channel, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

 

With many customers still recovering from the impact of the ongoing pandemic, MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

 

OptfinITy was recognized as an MSP Pioneer 250 company due to its extensive managed services portfolio, including on-premises and off-premises capabilities, weighted toward managed services while largely focusing on the SMB market.

 

 

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

 

 

 

 

 

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2022 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

 

By -- 2022-01-25 in Blog

In recent years, Zoom has become one of the most popular video conferencing platforms in the world, boasting over 300 million daily meeting participants- largely due to the sharp increase in remote working trends. Though many people find its interface user-friendly and convenient, it certainly comes with a host of privacy risks. Privacy experts have been concerned about Zoom since 2019, when the software disclosed its involvement in both a webcam hacking scandal along with a bug that allowed uninvited users to snoop in on video meetings- even ones protected with a password (now known as “zoom-bombing”). Since then, Zoom has cleaned up its act and disabled concerning features, such as its built-in attention-tracking features, and enabled security features like end-to-end encryption. However, there are still several privacy concerns to watch out for.

  1. Non-Attendees May be Watching your Recordings: If you pay for a Zoom subscription, be mindful of who you allow to access cloud recordings. This feature, which allows hosts to record the meeting, text transcriptions, and active chats within the meeting, can be useful as a reference for meeting attendees, but can also be accessed by other authorized users at your company- including those who may have never attended the session. If you’re concerned, Zoom allows administrators to limit the recording’s accessibility to only certain preapproved IP addresses.
  2. Zoom May be Sharing your Information with Third Parties: In 2020, Vice’s Motherboard conducted an analysis that found Zoom was sharing user analytics with Facebook- even if the user didn’t have a Facebook account. In March of 2020, Zoom announced the removal of this feature, but its updated privacy policy remained murky regarding its data sharing practices with third parties. Since then, Zoom has clarified that, “No data regarding user activity on the Zoom platform — including video, audio, and chat content — is ever provided to third parties for advertising purposes”. Regardless, you should probably look over your Zoom and device security settings, minimizing permissions when possible. Additionally, make sure your Zoom app is up to date to ensure that any security patches have been installed.

If you would like to discuss software security and account privacy, feel free to contact us at info@optfinity.com.

By -- 2022-01-24 in Blog

Though cookies and cached data within your mobile phone browser can improve your browsing experience by keeping you logged into websites and saving website preferences, they can also become burdensome. Cookies are used by websites to track your browsing history so that they can more easily serve you with personalized ads- which can be an annoying and intrusive experience for some. Additionally, too much cached information can slow down your browser’s speed. So, if you own an Android and are interested in clearing your cached data and browser cookies, continue reading to learn how to do so.

If You Use Google Chrome:

  • Navigate to the top right corner of the browser and click the “More” button (symbolized by 3 vertical dots)
  • Select “History”, then “Clear browsing data”
    • Within this setting, you can also choose whether to clear data from the last 24 hours, the last month, or all data history
  • By selecting the “Advanced” option, you can also delete saved passwords, site settings, and autofill form data
  • After selecting what you want to delete, click the blue “Clear data” button

If You Use Samsung Internet:

  • Navigate to your phone’s settings
  • Next, click on “Apps”
  • Scroll down and click “Samsung Internet”, then “Storage”
  • At the bottom of “Storage”, you can choose to either “Clear cache”, “Clear data”, or both
    • Clicking “Clear data” will bring up a prompt warning that all the app’s data will be deleted permanently
    • This includes files, settings, accounts, and databases

If you Use Mozilla Firefox:

  • Navigate to the browser, and select the “More” button in the top right corner (symbolized by 3 vertical dots)
  • Click “Settings”
  • Go to the “Delete Browsing Data” menu
  • Select “Delete any existing open tabs”
    • From this menu, you can also delete your browsing data, site data, site permissions, cookies, and cached images and files

Hope you found this helpful! If you have other questions about how best to secure your devices when browsing online, feel free to reach out to us at info@optfinity.com.

By -- 2022-01-10 in Blog

ZLoader is a popular malware among hackers, and has recently been used to steal user credentials and other sensitive information by exploiting a vulnerability in Microsoft’s digital signature verification.

So how does this affect you?  Microsoft’s signature verification tool Authenticode is used to ensure that a file is legitimate and trustworthy. Researchers at Check Point Research (CPR) have concluded that the cybercriminal group Malsmoke is responsible for this campaign it operates by tricking victims into running a corrupt file that appears to be signed as legitimate and safe. From there, hackers can use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information right from your computer.

So, what can you do to avoid being hit with this malware? If you’re a Microsoft user, CPR recommends that you install Microsoft’s security patch for Authenticode verification ASAP. Fortunately, this patch has been available for installation since Microsoft first discovered this vulnerability in 2013- but downloading it has not been mandatory since 2014. This update, as well as common-sense practices like avoiding clicking on unfamiliar links or downloading attachments found in emails, are users’ best lines of defense against this malware. If you’re interested in discussing cybersecurity patches and best practices for your organization, feel free to reach out to us at info@OptfinITy.com.

By -- 2021-12-27 in Blog

On December 12th, the Virginia General Assembly was hit by a ransomware attack. Specifically, the Legislative Automated Systems branch was attacked by currently unnamed threat actors. This department essentially acts as the information technology arm of the state legislature, dealing with affairs involving publication production and distribution, computer technology information, and legislative information collection and dissemination. When the attack was discovered, the department promptly shut down most of its servers in an attempt to put the spread to a halt. The malware was described by a top agency official as “extremely sophisticated”, though the ransom note contained no specific amount or date by which an amount needed to be sent.

 

Though representatives stated that the department was still functional, the cyberattack severely impacted business operations, cutting many employees off from critical systems. Primarily, it prevented legislators and staff from accessing systems that handle bills. This attack came at a critical time, as December marks a busy time for legislators attempting to request, draft, and modify bills for January’s legislative session. The Virginia Law Portal was also rendered unusable, barring those interested from viewing online versions of the state code and Constitution. Though the Capitol Police’s internal site was also taken down, communication capabilities remained functional. Virginia has since hired the cybersecurity firm Mandiant to address the root of the attack and establish recovery plans moving forward. Unfortunately, the state’s backup system may have been compromised during the attacks, so paying the ransom may be the only option to get back encrypted data. If you’ve been hit with ransomware or are interested in discussing backup and preventative measures, feel free to reach out to us at info@OptfinITy.com or call us at (703) 790-0400.

By -- 2021-12-20 in Blog

As you may have seen on the news, on December 9th, 2021, a zero-day exploit was observed targeting Log4j, a ubiquitous open-source logging tool. In short, Log4J is a logging tool for programs to track any errors that may occur within an application. The bug (known as Log4Shell) has affected thousands of various systems across the world including vendors such as Cisco, VMware, Twitter, Amazon, Google Cloud, IBM, and Microsoft. Though the vulnerability was announced recently, experts believe that hackers have been exploiting it since the beginning of the month, with the announcement inadvertently resulting in a surge of attacks. The Cybersecurity & Infrastructure Security Agency estimates that hundreds of millions of devices are likely affected, with some officials stating that this is one of the most serious threats they’ve seen in their career.

The discovered vulnerability, which has existed for approximately 8 years, allows a hacker to remotely take over a computer using this software, and in some cases, it is as easy as posting a certain message in a chat box, as was the case with Minecraft.  Now, hundreds of attempts to exploit it are being launched every minute, as hackers attempt to gain money and sensitive data through cryptomining malware and installing Cobalt Strike. The ubiquitous nature of Log4j makes the bug much more dangerous and likely longer-lasting than other software vulnerabilities because many organizations may not even be aware that the system is part of their network.

So, what does this mean for you?  The good news is that most of the affected applications are cloud-based applications, which makes it easier for companies and developers to update the component without having to touch millions of end-users’ devices. Software vendors will be applying these patches as soon as they become available. Additionally, look out for notifications from trusted sources that inform and allow you to update potentially vulnerable systems, as these updates should include a patch.

Should you have any questions about this vulnerability, please feel free to reach out to us at info@optfinity.com.

By -- 2021-12-1 in Blog

If you’re someone who owns a smart device (or expects to receive one this holiday season), you may be concerned about the security of these devices. Apple, Amazon, and Google home gadgets can be convenient ways to consume information or communicate with others, but given these companies’ controversial histories of recording and reviewing voice data without users’ consent, a healthy amount of suspicion is understandable. In 2019, Amazon, Google, and Apple all suspended human review of user audio recordings in the midst of user outrage over privacy concerns. Essentially, contractors were hired to listen to anonymized user audio clips to improve AI capabilities. Google in particular has been notoriously vague when attempting to explain whether or not the information from voice recording is shared with third parties for ad personalization.

Fortunately for owners of Google Home, Apple HomePod, or Amazon Echo devices, there are ways to stop strangers from listening to your voice commands.

  • To stop Amazon employees from listening to your Alexa voice recordings:
    • Open the Alexa app
    • Settings > Alexa Privacy > Manage Your Alexa Data.
    • Now, select Choose How Long to Save Recordings > Don’t Save Recordings > Confirm
    • Finally, scroll down to Help Improve Alexa and turn the Use of Voice Recordings off
  • To do this for your Google Home:
    • Open the Google Home app and click on your Profile Icon
    • Navigate to > My Activity > Saving Activity.
    • Now, turn Include Audio Recordings off
  • To do this for your Apple iPhone or HomePod:
    • If you’ve chosen to opt-in to allow Apple to receive your audio data…
    • Go to Settings > Privacy > Analytics and Improvements > turn off Improve Siri & Dictation

If you’d like to ensure the privacy of your own devices (smart or not) feel free to reach out to us at info@optfinity.com.