500 Google Chrome Extensions Caught Stealing Private Data From Millions of Users

By -- 2020-02-27 in Uncategorized

Google was forced to remove 500 malicious Chrome extensions from its web store after it was discovered that many extensions carried malicious ads which siphoned off browsing data to servers being controlled by attackers.
It’s been reported that the extensions were part of an Ad-fraud campaign that’s been operating since January 2019. However, some evidence shows that the actor may have been operating from as early as 2017.

The extensions posed as promotions and advertising services. Unfortunately, this was not the first time Chrome extensions on chrome were caught stealing data from browsers. For now, individuals are cautioned to continue reviewing extension permission, uninstalling extensions not often used or don’t require access to your browser activity.

If you or your business are unsure on how to handle ad-fraud, OptfinITy can help.  Call us at (703)790-0400 or contact us at info@optfinity.com for  more information.

This New Ransomware is Asking for Nude Photos Instead of Money

By -- 2020-02-24 in Blog, Uncategorized

Last year businesses worldwide lost billions of dollars due to ransomware. This year, however, some ransomware criminals are looking to collect something other than money.

Researchers at Emisoft have discovered a ransomware that demands payment of a different kind – nude photographs. The creator of the ransomware distorts the typical sextortion scam which is to usually ask for payments in order not to post explicit photographs of the victim. Now, the criminal offers up a decryption tool to the victim but only if they send explicit photos of themselves first.

Although the scam is worrisome, the new strain of Ransomware has proven not to be very sophisticated in its execution yet. It is important before turning over sensitive images of yourself to consult a professional before. Thankfully, OptfinITy is equipped to deal with threats of cybercriminals. If you or your organization fear that you are not prepared to deal with these types of security issues attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com

Microsoft Data Breach Exposes 250 Million Costumer Service Records

By -- 2020-02-11 in Blog

In case you missed it, Microsoft released an important security patch as a result of a massive security breach found in Windows 10 Microsoft has admitted that between December 5th – 31st 2019, a security vulnerability inside of internal customer support database was left entirely exposed for anyone to access without requiring a password.
According to researcher Bob Diatchenko, who was the one to discover the vulnerable database, 250 million Costumer Service and Support records which contained endless conversations between Microsoft’s support team and costumers were accessible to just about anyone. Microsoft is still investigating the security breach but it appears none of the information that was potentially available has been used in a malicious way so far. They did, however, begin to inform customers whose data was involved in the breach.

If your organization is not trained to handle misconfigurations in your database, OptfinITy is always ready to help. Contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com

What the new California Privacy Law Means for You

By -- 2020-01-7 in Uncategorized

Background of the Law

The CCPA (California Consumer Privacy ACT) is a new California law which allows residents of California to learn what data companies are collecting about them, as well as requiring companies to delete their data and not sell it, upon request.

The Beginning Impact

Although the full force of the new privacy law isn’t entirely transparent since regulations are still being finalized, companies outside and inside of California are already taking action to remain complaint so they can continue doing business with California.

There is no doubt that this law will have an effect both inside and outside of California. In the past, companies weren’t legally required to tell you what data they’ve collected of you or how they plan on using it.

What are the Implications?

With the CCPA in force, you’ll be able to ask companies to delete your private information or refrain from selling it. This law will apply to even major tech companies such as Facebook and Google – who already let you delete some of your data off their systems but not in a way where it fully disconnects user from the data it has collected. This new law changes that.

If organizations fail to follow this law, they could be fined up to $2,500 per violation, and up to $7,500 if the violation is found to be intentional.  Californians can sue businesses directly even if their data was released through an accidental breach.

This law will also allow users to continue to use free services even if they ask bigger companies not to collect their data. After California’s legislature passed CCPA, several major tech companies told federal lawmakers that they would like to see one privacy law that covers the whole country.

FBI Warns Over Ransomware Attacks

By -- 2020-01-6 in Blog

The FBI recently issued a warning to the private industry providing information and guidance on the LockerGoga and MegaCortex Ransomware. LockerGoga and MegaCortex are ransomware infections that target the company by compromising the network and encrypting all devices.
When the network is compromised, the perpetrator be residents of the network for months before they release the LockerGoga or MegaCortex ransome infections. Once the attackers have taken everything of value from the network, they release the infections so that it can encrypt the device on the network and completely take over.

For this reason, the FBI has recommended organizations take the following precautions:

1. Back up data regularly using revisions. Backing up your data regularly, especially with offline and revision based backups eliminates the effects of the threat since you can restore your data.

2.Enable two-factor authentications and encrypt your data with strong passwords to block stolen credentials, phishing attacks, or other login compromises.

3.Businesses are encouraged to audit logs for all remote connection protocols since exposed remote servers are the most common way for attackers to first gain access.

4.Audit all new accounts to make sure no back door accounts are being created.

5.Make sure you are using the most up to date Powershell and uninstall older versions

If you or your organization  are not prepared for ransomware attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com

Have you been caught watching porn?

By -- 2019-12-16 in Blog

If you haven’t received an email accusing you of watching pornography, consider yourself lucky—but be on alert. A familiar scam with a new twist is making the rounds, and it’s designed to exploit fear and embarrassment to steal your money.

This scam often begins with data from a previous breach, where emails and associated passwords were compromised. The scammers rely on the fact that many people reuse passwords across multiple sites. They send threatening emails claiming to have your password and alleging they’ve installed malware on your computer to capture compromising footage of you watching explicit content.

Why This Scam Feels Convincing

The scam is particularly effective because the perpetrators include a real password—one you’ve used in the past or are currently using. This detail can make their claims seem legitimate. However, in most cases, there is no malware on your device. The scammers are simply banking on fear and guilt to compel victims to send money.

Unfortunately, people who may have visited such sites—or who are alarmed by the idea of their password being compromised—are more likely to fall for the scam. It’s worth noting that pornography remains one of the most searched topics on the internet, making this an easy target for scammers.

What Should You Do?

If you receive such an email, here’s our advice:

1. Stay Calm: These scammers are trying to exploit your emotions. Don’t panic or respond.
2. Ignore the Threats: Delete the email and avoid engaging with the scammer in any way.
3. Change Your Passwords: If the password mentioned in the email is still in use, update it immediately. Use unique, strong passwords for each site, and consider using a password manager to help you stay organized.
4. Enable Multi-Factor Authentication (MFA): Adding an extra layer of security makes it much harder for attackers to access your accounts, even if they have your password.
5. Consult a Trusted IT Provider: If you’re still concerned or need help securing your accounts, reach out to a reputable IT professional.

Need Help? Contact OptfinITy

If you don’t already have a trusted IT provider, OptfinITy is here to help. Our team specializes in protecting individuals and businesses from cybersecurity threats, and we can ensure your systems and accounts are secure.

Don’t let fear drive you into the hands of scammers. Stay informed, take proactive steps to protect your information, and reach out for professional assistance when needed.

ASAE Exhibition And Party Pack Prize Winner

By -- 2019-12-11 in Blog

It’s December and that means OptfinITy once again exhibited and attended the ASAE technology conference. More than 1,000 industry professionals, associations and non-profit organizations come together to examine how technology impacts the association industry on December 3rd and 4th at the DC Convention Center.

As one of the leading providers of technology and cybersecurity solutions to associations, OptfinITy was there to speak with and help various associations with all of their needs as the event relates to infrastructure, cyber security, website development, mobile apps, phone systems and IT Support.

Congratulations to Rob Gates who was the winner of our beer pong contest.

If you or someone you know could benefit from IT solutions that will help run your business better, give us a call at 703-790-0400 or via email at sales@optfinity.com.

Why End-users should not have administrator access

By -- 2019-12-10 in Uncategorized

The Importance of Limiting Administrative Access

In today’s day of cyber attacks, viruses, and ransomware, business owners and executives are always asking: What can we do to limit our exposure?

An Industry Standard: Restrict Administrative Access

One of the easiest recommendations we provide—and a widely recognized industry standard—is to never allow end-users to have administrative access to their computers.

Real-World Impacts of Administrative Access

In our over 17 years of being in business, it is really easy for us to pull up thousands of tickets related to viruses, computer slowness, and operating system issues that are a direct result of an end-user having local administrator access to their computer.

Productivity and Cost Implications

Giving users administrative access not only can make your staff less productive, it raises the cost of doing business. Examples include:

  • Fixing computer issues caused by unauthorized changes.
  • Employee downtime due to system problems.
  • Data loss from virus infections.

Risks of Administrator Accounts

Administrator accounts on a computer allow the user to install software, make any change to the system settings, and override local folder permissions. While this might not seem like a big deal at first glance, let’s consider the potential issues:

  1. Unauthorized Software Installation
  • Leads to non-work-related activities.
  • Causes potential computer slowdowns or shutdowns.
  1. Unlicensed Software Installation
  • Opens your business to hefty fines from software vendors.
  1. Execution of Malicious Programs
  • Users can unintentionally execute malware, leading to infections that could span many computers on your network.
  • These infections are often undetectable by antivirus programs when the user specifically allows them to execute.
  1. Data Breaches and Privacy Concerns
  • Administrator accounts can be used to access data in other user profiles on shared PCs.
  • This poses risks of data breaches and theft.
  1. Unfavorable System Changes
  • Operating system settings can be altered, intentionally or unintentionally, leading to significant consequences.

The Benefits of Limiting Access

While limiting user access might seem inconvenient for some, mitigating the significant risks and costs associated with running with administrator access is well worth it. When combined with a 24 x 7 helpdesk to provide controlled access and oversight, businesses can ensure that the right components are being installed without compromising security.

The High Cost of Administrator Access Exploitation

We have seen firsthand the devastation that can occur when malware runs with full administrator access. In today’s environment, the cost of such incidents can easily exceed hundreds of thousands of dollars. By restricting administrative access, you take a vital step in protecting your business and its assets.

100k People Tricked by Fake IRS Website

By -- 2019-12-5 in Blog

Beware of Fake IRS Websites: Over 100,000 People Targeted in Recent Phishing Scam

This past summer, a large-scale phishing campaign exploited fake IRS websites to target over 100,000 individuals worldwide. Researchers from Akamai, a cloud security solutions provider, uncovered that the threat actors operated the campaign for more than two months, using hundreds of deceptive domains and URLs to impersonate the Internal Revenue Service (IRS) of the United States.

How the Phishing Scam Worked

Victims were directed to fake IRS login pages where they were prompted to enter their email addresses and passwords. These fraudulent sites also sought to extract personal information from unsuspecting users. In total, the campaign utilized at least 289 unique domains and 832 URLs to carry out its attacks.

Legacy Websites and Public Trust Exploited

One of the alarming aspects of this campaign is its reliance on compromised legacy websites. According to Katz, principal lead security researcher at Akamai, many of the sites hosting these IRS phishing pages were legitimate websites that had been hijacked by cybercriminals. “These sites were likely targeted due to the public’s inherent trust in them,” Katz explained.

Why August Was Chosen

Interestingly, the campaign’s timing appears to be strategic. Research indicates that August is a prime time for phishing attacks as it coincides with vacation season, a period when people are more likely to check personal emails, click on suspicious links, and browse the internet. Katz believes this timing was no coincidence and highlights the importance of staying vigilant, especially during periods of increased online activity.

Protect Yourself and Your Business

If you’re concerned about the risk of falling victim to fake websites or phishing scams, security awareness training is an essential defense. OptfinITy can help safeguard your personal and business information through comprehensive training programs designed to educate and empower users.

Contact us today at 703-790-0400 or email us at sales@optfinity.com to learn how we can help protect you from cyber threats.

Smartphone Users Advised Not to Use Public USB Charging Stations

By -- 2019-11-18 in Blog

Have you ever traveled before with a phone lower on power and tried one of those “free” USB charging stations?  According to a recent report, it turns out the convenient USB power charging stations found in airports and malls may come with a cost.

Officials are warning that travelers should be wary of using USB ports when charging smartphones since hackers have devised ways to download and steal data from phones and tablets by modifying USB connections and installing malware onto your phone without your knowledge. This technique is known as ‘juice-jacking.

Although, the general notion of juice-jacking is viewed as a relatively new hacking threat, it is not as new as it seems. In fact, attendees of security conferences back in 2011 have been warned about the dangers of plugging their devices into public charging kiosks.  The concept of juice-jacking has also been proven at hacker conventions and seen by many travels who have had the unfortunate encounter of having their personal information and data stolen due to juice-jacking. For more information on your latest security concerns and other technology related resources, check out our website at www.optfinity.com.