Americans Have So Far Lost US$13 Million From Coronavirus Scams

By -- 2020-05-1 in Blog

As scams related to COVID-19 begin to rise, more and more businesses are finding themselves amidst a phishing scam. The United States Federal Trade Commission has reported that more than 17,000 complaints from US consumers have disclosed a total loss of US$13 million from COVID-19 scams, this is not to mention the many other scams that did not get reported. According to an article written by Welivesecurity, Scams related to online shopping and cancellation of travel has estimated to roughly over $5 million dollars in losses.

The COVID-19 pandemic has evolved into a massive scam epidemic with cybercriminals exploiting the mass public fear of the coronavirus. Scams have included selling non-existing facemasks, and false impersonation of health authorities. The FTC has compiled the data into an infographic which is updated regularly.  The total fraud loss is currently at $13.13 million, with a reported median loss of US$568. They have also presented a webpage with tips for consumers to avoid coronavirus-related scams.

If you are worried that you or your company are not prepared to handle these types of scams and would like to verify if your company is at risk, OptfinITy can help. Feel free to contact us at (703)790-0400 or contact us at info@optfinity.com for a FREE quotation.

What Is The KrØØk Flaw, and Why Should You Be Worried About It?

By -- 2020-03-30 in Blog

 

As you have seen in our previous postings, a cybercriminal will attempt to use any type of flaw which exists.  One of the more recent ones is the KrØØk vulnerability, also known as CVE-2019-15126.  This vulnerability can be found in a specific Cypress and Broadcom Wi-Fi chipset which can be found in millions of  smartphones, tablets, laptops, Wi-Fi- access points and routers.
While this isn’t good news, the one benefit is that the KrØØk flaw needs to be in close proximity with the Wireless connection in order to decrypt and steal sensitive data from your devices.  The only solution is to make sure that your wireless devices are running on the latest updates and have security patches. If you are not sure if you or your organization is capable of handling vulnerable security flaws, contact OptfinITy at (703)790-0400 or sales@optfinity.com and we would be happy to help!

Optfinity’s CEO, Michael Drobnis, Selected for Goldman Sachs Small Business Program

By -- 2020-03-24 in OptfinITy News

OptfinITy is proud to announce that our CEO, Michael Drobnis, has been selected to participate in the Goldman Sachs 10,000 Small Businesses (10KSB) Program. The program offers continuing business education through Babson College, a network of executive mentors, and access to capital through “mission-driven small business lenders.”

“I am a lifelong learner and understand the importance of networking and learning from others,” says Drobnis. Although his background includes an MBA, and various certifications, Drobnis says the 10KSB opportunity offers something his previous achievements couldn’t.

“All of this education was undertaken before I became CEO of OptfinITy and when you are the owner of a company, you are concerned about the business from different angles, so participating in the 10KSB program is perfect for me to learn more as a business owner.”

Of the 9,000 small businesses that have entered the program so far, more than two-thirds saw an increase in revenue within six months of joining the program, and nearly 80 percent reported revenue growth after 30 months. That’s compared to a national average of 47 percent among U.S. businesses.

Things to Consider when Teleworking

By -- 2020-03-13 in Blog

With the recent declaration by WHO (World Health Organization) we are now dealing with a pandemic, and it is important to consider the following items when preparing for teleworking:

• Making sure the employee has the proper direct communication tools (cell phone, work phone or app to access the phone system)
• Making sure the employees can access their information securely (using VPN, remote desktop applications)
• Making sure the employee has a computer or remote computer access
• Making sure that the employee has the ability to collaborate and communication with their staff (Google Hangouts, Microsoft Teams, Slack)
• Making sure that the employee stays on task and on-track (Rescue time, Focus Time, etc.)

While many organizations have access to tools already if they use Google’s G-Suite or Office-365, there are other applications out there who are making their products available if needed. For more information on those types of apps, see the following link: https://optfinity.com/web-video-conferencing-applications-benefiting-coronavirus-outbreak/

Should your organization need assistance with teleworking or other remote access policies, please give OptfinITy a call and we will be glad to work with you.

This Advanced Android Malware is Stealing Google Authenticator Codes

By -- 2020-03-9 in Blog

Security researchers are now warning Android phone users about a malware strain that can withdraw and obtain one-time passcodes by extracting it from the Google Authenticator app. The Google Authenticator app is a two-factor authentication security layer that creates a 6 to 8 digits long code to enter on various online accounts. The Android malware, Cerberus, has an OTP-stealing capability that steals 2FA codes from Google Authenticator.

When the app is running, the Trojan collects the content of the interface and sends it to the command-and-control server. A feature called RATs on the trojan allows the trojan to bypass the Authenticator, giving access to all types of private accounts including email inboxes, social media accounts, and coding repositories.

If you or your business have any concerns about keeping your systems secure,  feel free to call OptfinITy at 703-790-0400 or email us at sales@optfinity.com

 

500 Google Chrome Extensions Caught Stealing Private Data From Millions of Users

By -- 2020-02-27 in Uncategorized

Google was forced to remove 500 malicious Chrome extensions from its web store after it was discovered that many extensions carried malicious ads which siphoned off browsing data to servers being controlled by attackers.
It’s been reported that the extensions were part of an Ad-fraud campaign that’s been operating since January 2019. However, some evidence shows that the actor may have been operating from as early as 2017.

The extensions posed as promotions and advertising services. Unfortunately, this was not the first time Chrome extensions on chrome were caught stealing data from browsers. For now, individuals are cautioned to continue reviewing extension permission, uninstalling extensions not often used or don’t require access to your browser activity.

If you or your business are unsure on how to handle ad-fraud, OptfinITy can help.  Call us at (703)790-0400 or contact us at info@optfinity.com for  more information.

This New Ransomware is Asking for Nude Photos Instead of Money

By -- 2020-02-24 in Blog, Uncategorized

Last year businesses worldwide lost billions of dollars due to ransomware. This year, however, some ransomware criminals are looking to collect something other than money.

Researchers at Emisoft have discovered a ransomware that demands payment of a different kind – nude photographs. The creator of the ransomware distorts the typical sextortion scam which is to usually ask for payments in order not to post explicit photographs of the victim. Now, the criminal offers up a decryption tool to the victim but only if they send explicit photos of themselves first.

Although the scam is worrisome, the new strain of Ransomware has proven not to be very sophisticated in its execution yet. It is important before turning over sensitive images of yourself to consult a professional before. Thankfully, OptfinITy is equipped to deal with threats of cybercriminals. If you or your organization fear that you are not prepared to deal with these types of security issues attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com

Microsoft Data Breach Exposes 250 Million Costumer Service Records

By -- 2020-02-11 in Blog

In case you missed it, Microsoft released an important security patch as a result of a massive security breach found in Windows 10 Microsoft has admitted that between December 5th – 31st 2019, a security vulnerability inside of internal customer support database was left entirely exposed for anyone to access without requiring a password.
According to researcher Bob Diatchenko, who was the one to discover the vulnerable database, 250 million Costumer Service and Support records which contained endless conversations between Microsoft’s support team and costumers were accessible to just about anyone. Microsoft is still investigating the security breach but it appears none of the information that was potentially available has been used in a malicious way so far. They did, however, begin to inform customers whose data was involved in the breach.

If your organization is not trained to handle misconfigurations in your database, OptfinITy is always ready to help. Contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com

What the new California Privacy Law Means for You

By -- 2020-01-7 in Uncategorized

Background of the Law

The CCPA (California Consumer Privacy ACT) is a new California law which allows residents of California to learn what data companies are collecting about them, as well as requiring companies to delete their data and not sell it, upon request.

The Beginning Impact

Although the full force of the new privacy law isn’t entirely transparent since regulations are still being finalized, companies outside and inside of California are already taking action to remain complaint so they can continue doing business with California.

There is no doubt that this law will have an effect both inside and outside of California. In the past, companies weren’t legally required to tell you what data they’ve collected of you or how they plan on using it.

What are the Implications?

With the CCPA in force, you’ll be able to ask companies to delete your private information or refrain from selling it. This law will apply to even major tech companies such as Facebook and Google – who already let you delete some of your data off their systems but not in a way where it fully disconnects user from the data it has collected. This new law changes that.

If organizations fail to follow this law, they could be fined up to $2,500 per violation, and up to $7,500 if the violation is found to be intentional.  Californians can sue businesses directly even if their data was released through an accidental breach.

This law will also allow users to continue to use free services even if they ask bigger companies not to collect their data. After California’s legislature passed CCPA, several major tech companies told federal lawmakers that they would like to see one privacy law that covers the whole country.

FBI Warns Over Ransomware Attacks

By -- 2020-01-6 in Blog

The FBI recently issued a warning to the private industry providing information and guidance on the LockerGoga and MegaCortex Ransomware. LockerGoga and MegaCortex are ransomware infections that target the company by compromising the network and encrypting all devices.
When the network is compromised, the perpetrator be residents of the network for months before they release the LockerGoga or MegaCortex ransome infections. Once the attackers have taken everything of value from the network, they release the infections so that it can encrypt the device on the network and completely take over.

For this reason, the FBI has recommended organizations take the following precautions:

1. Back up data regularly using revisions. Backing up your data regularly, especially with offline and revision based backups eliminates the effects of the threat since you can restore your data.

2.Enable two-factor authentications and encrypt your data with strong passwords to block stolen credentials, phishing attacks, or other login compromises.

3.Businesses are encouraged to audit logs for all remote connection protocols since exposed remote servers are the most common way for attackers to first gain access.

4.Audit all new accounts to make sure no back door accounts are being created.

5.Make sure you are using the most up to date Powershell and uninstall older versions

If you or your organization  are not prepared for ransomware attacks and can use some guidance, feel free to contact us at OptfinITy at (703)790-0400 or contact us at info@optfinity.com