Slack awarded $3,000 to a security researcher at Detectify after they uncovered a vulnerability which could have allowed hackers to seize a user’s account. The researcher, Frans Rosen, discovered the flaw, which was a way of stealing a user’s private token and then gaining access to their account.
While this hack is extremely specified and the odds of someone falling victim were very low, Slack, nonetheless, took immediate action and fixed the problem within 5 hours of being notified by Rosen. Slack wanted to be sure they were being proactive and correcting a potential problem before it got out of hand.
This is a good lesson for every small to medium sized business out there. Why put off protecting yourself from hacks, malware, ransomware, power outages, system failings, or data breaches? What may seem like a big cost today might be miniscule when your company falls victim to one of these disasters. Call Optfinity for a free assessment and you may find the preventative measures are more affordable than you think.
There is a new phish in town, and now its targeting iTunes users trying to access their personal information. This attack is emailed in the form of a receipt which appears to come from your iTunes account listing movies the victim supposedly purchased.
There is a link at the bottom which, when clicked, directs the victim to a page asking for personal information in order to obtain a full refund including credit card numbers, social insurance numbers, and even mother’s maiden name. It is quite obvious what they can then do with all this sensitive data once it is stolen.
To stay ahead of the curve, be sure you are always reviewing the source of the email, sender’s email address, and the actual URLs of the links being suggested, among other things. And of course, double check your credit card and bank accounts to see if these charges are, in fact, real. Once you realize these charges are not even listed on your accounts, it is more obvious that this potentially is a scam.
While this current scam is aimed at our Canadian neighbors up north, it won’t be long till it makes its way down to the lower 48. Always be suspect of any email asking for you to click on a link. If you’re not sure all your employees are properly trained on how to look out for these types of scams, Optfinity provides training and testing for you and your staff to prevent security breaches by victimized employees.
February 13, 2017 – This week, Michael Drobnis from OptfinITy, LLC joined the CompTIA DC Fly-In to advocate for IT sector priorities on Capitol Hill during the association’s annual Fly-In to Washington, DC. CompTIA, the Computing Technology Industry Association, through its advocacy arm, champions member-driven business and IT priorities that impact all information technology companies – from small managed solutions providers and software developers to large internet companies, equipment manufacturers, and communications service providers.
As a CompTIA DC Fly-In participant, Drobnis met with Senator Warner, Senator Kaine, Congressman Beyer and Congressman Wittman’s office to focus their attention on policies that develop skills for the 21st century workforce, advance tax and regulatory policies that spur innovation, lead in secure internet-based platform technologies, support new and emerging technology platforms through policies, address availability and delivery of broadband communications and expand markets and advocate for sensible rules of global trade. “Innovation in the tech sector is a key force behind a strong 21st century economy and Congress should prioritize issues that affect technology companies,” said Drobnis.
“One of the most important issues facing the technology industry today is the availability of a skilled workforce. We shared with our elected officials the importance of internships and apprenticeships as an avenue to train the next generation of IT workers and incentivize educators, students, and employers to adopt alternative education models that will spur economic growth. We look forward to the 2017 legislative agenda and remain encouraged by the conversations on Capitol Hill about issues critical to our membership,” said Todd Thibodeaux, president and CEO of CompTIA. “We will work closely with congressional leaders to push legislation that boosts the digital economy and fosters American innovation.”
For more information on OptfinITy, please see www.optfinity.com and more information on CompTIA can be found at www.comptia.org.
WordPress recently released a new version of their software which also included an update that fixed a previously undisclosed critical vulnerability. If left unpatched, hackers could possibly modify the content of any post or page on a WordPress website.
Initially this vulnerability was not made public in the hopes of staving off hackers; however, it didn’t take long for hackers to strike after the news broke, and it seems over 100,000 webpages may have been the victim of defacement.
You should always ensure you and your company are running the most current version of any software and are constantly downloading the updates provided. If you can, automatic updates will help alleviate the need to manually check for these.
Optfinity provides this level of support for all our clients, so they never have to worry about using an old version of any software or not being up-to-date on any security patches. If you’re not sure of how robust your systems are or whether or not auto-updates are configured, Optfinity can provide you with a free assessment to help you determine how susceptible your data may be.
How often do you verify that the free Wi-Fi that you’re connecting to at your local coffee shop is actually provided by the store and not a hotspot that a scammer sitting two seats away from you has set up? Did you even know this is something people do to get access to all your personal data you are sending through the sites you are visiting?
That’s right! If you’re not careful, you could be giving away all your personal information. First off, double check that the Wi-Fi you are connecting to is the legitimate one from the shop employee. Next, always be sure you’re on an HTTPS site when typing in passwords, addresses, credit cards, etc. This way, in the event you’re accidentally utilizing a scammer’s Wi-Fi, your data is secured and encrypted. If the site you’re visiting only says HTTP, it is not secure and that scammer can be capturing all your data.
If you’re still uncertain about public Wi-Fi and whether or not you should be accessing it, contact us here at Optfinity and we’ll gladly give you more pointers and provide your business with a free assessment.
If you own any piece of Apple technology in your home or office, you’ll probably want to update its software as soon as possible, as Apple just issued security patches for all of its major operating systems.
There are a few serious flaws and vulnerabilities that, if left unpatched, could allow hackers to have access to your devices and thus be victim to some dangerous malware. When a company takes these risks and subsequent updates this seriously, you should too.
To update your iPhone or iPad, select “Settings / General / Software update”. To update your Apple desktop and laptop computers, open the “App Store” and choose “Updates” from the top right corner of the window.
If you’re having a hard time keeping up with all these various updates for all your work and personal devices, perhaps it’s time to hire an IT company who can manage these for you, helping to keep all your data safe and secure. Contact Optfinity today for a free assessment to see exactly how secure you really are.
Arkansas police are hoping they can use an Echo found at a murder scene, and its recordings, to help with the investigation of a murder. Echoes only begin recording after hearing the wake word, but background noise/chatter could have activated the device.
Amazon stores all the voice recordings from its devices on its servers. As a user, you can delete your personal voice data, but there’s no way to prevent Amazon from saving that data on their servers. Amazon has said they do not release customer information without a “valid and binding legal demand”.
While this might all not sound like much for the average user, just remember that the Echo could possibly be picking up any background conversations you might be having, including you talking about personal information such as credit card numbers, addresses, social security numbers, or any other self-identifying data.
Be aware of the cache on your Echo and frequently delete those files. While there have been no cases yet of mass hacking of these devices, you do not want to make things easier for criminals to have access to your personal data by leaving the information on your Echo. This is especially true if you utilize one at your place of business.
Those one billion Yahoo! users’ account information, which was stolen back in 2013, is now for sale on the computer underground market for a total of a little less than one million dollars.
So not only is the data currently in the hands of criminals and probably being utilized, but if you have not changed your passwords that were also similar to your Yahoo password, all your other accounts might be jeopardized.
And this is just the tip of the iceberg because not only were passwords taken, but so were security questions and answers. These are also reused by many of us throughout multiple accounts. So not only should you utilize a password manager and generator for your passwords, but also for security questions. At the very least, keep the passwords and answers in a simple spreadsheet. Remember, your security answer does not actually have to be Spot, your first pet. It could be jIes92#lf!FW.
Recently, three British hospitals were infected by malware, forcing their IT systems to shutdown as well as the cancellation of routine patient operations. The few days this went on was an obvious detriment to the hospitals’ job of keeping people healthy and saving lives.
What made this particular ransomware especially dangerous, which was a variant of the Globe ransomware, is that it deletes your PC’s backups. These backups are compiled daily and allow you to revert your system back to an earlier version. By not having access to this backup data, its virtually impossible to get your systems back up and running without paying the ransom.
If you’re still not concerned that this is a serious issue, especially because the hospital was able to be fully up and running within 48 hours without needing to pay the ransom, keep in mind this breach forced the cancellation of 2,800 patient operations. Not only is that potentially dangerous to the patients involved, but it is also time and money lost for the hospital.
Could your business survive being shut down for 48 hours? Worse, could you afford the $17,000 ransom other hospitals have shelled out to get their data back? Contact Optfinity today for a free assessment to see just how secure and safe your systems are and how effective your backup systems may be, if at all. Don’t wait till it’s too late to know where your company’s weaknesses are.
We talk a lot about ransomware, but phishing scams are still just as prevalent and are just as dangerous to companies, their employees, and their clients. This year, a hacker comprised the data of over three quarters of a million LA County employees. This not only includes their employee’s personal information, but also client/patient information stored in their email accounts.
The information stolen includes names, social security numbers, credit card information, medical records, and many other sensitive pieces of data.
Thankfully, law enforcement launched a criminal investigation and have issued an arrest warrant for one felon and are still looking for potentially any others who might have been involved.
This all began because a thousand county employee email users reportedly received phishing email from the hacker and a few fell victim to the bait. This is a perfect example of how employee training to ensure staff do not click on unfamiliar links as well as two step authentication to prevent unauthorized access could have prevented this large-scale hack. Are all of your employees knowledgeable on how to avoid phishing scams? Are you aware of the dangers if an employee accidentally opens themselves up, and your systems, to a hacker’s scheme? Optfinity can provide you and your staff with all the necessary tools, software, hardware, and training you need to ensure your IT safety and security.