Information Technology Group

It's getting Real: National Security Agency & Microsoft recommend updating Windows 10. Serious vulnerability could allow malicious files to appear legitimate What Should You Do?... 1. If you have Windows 10, you most likely have Automatic Updates enabled by default. If so, your system will attempt to install the updates when they are downloaded, likely over the next several days. Allow the update process to complete and restart your system if needed. 2. If you want to run your Windows Update manually to get the patch more quickly, follow these instructions from Microsoft and click the Check for Windows updates button. 3. Alternatively, when you are at your Windows 10 computer, click the Start button, select Settings, then Update & Security, then Windows Update, and click Check for updates to run Windows Update manually. 4. If you have multiple PCs running Windows 10, ensure they are all up-to-date with the latest security patches. 5. DO NOT attempt to download a patch for this vulnerability from anywhere other than the Windows Update tool. Windows system updates should only be downloaded directly from Microsoft.

SECURITY ALERT TUESDAY JANUARY 14, 2020: Microsoft Fixes Windows Severe Crypto Bug Reported by the NSA Today's the first Microsoft Patch Tuesday of the new decade. To kick off 2020 Microsoft's monthly patch addresses a critical cryptographic flaw in their OS's...and this one should be implemented as soon as possible. This update patches an extremely serious security vulnerability (being tracked as CVE-2020-0601) reported to Microsoft by the NSA and is present in all versio...ns Microsoft Windows The vulnerability affects the crypt32.dll file, a Windows module that handles certificate and cryptographic messaging functions in the CryptoAPI. The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates. A critical vulnerability in this Windows library could have very broad security implications for many important Windows functions, including authentication on Windows desktops/servers, as well as protection of sensitive data handled by Microsoft's Internet Explorer/Edge browsers. It would also affect a number of third-party applications and tools. An attacker may also take advantage of a flaw in crypt32.dll to spoof the digital signature tied to a specific piece of software. This could then be exploited by the attacker to make malware appear to be a benign program produced and signed by a legitimate software company. Microsoft determined this vulnerability so severe, it quietly (under NDA) shipped the patch for the bug to branches of the US Military and other high/value customers who may be a desired target by attackers. If your organization has a patch schedule that does not coincide with Microsoft's patch release, we strongly recommend you to consider prioritizing this patch extremely high and get it installed on you machines as quickly as possible. If you should have any questions or need assistance in any way, please feel free to contact us. We'd be happy to help. Whether that assistance is a security sounding board or providing extra sets of hands to facilitate a quick rollout of this patch. See more

REBOOT YOUR HOME / SAMML OFFICE INTERNET ROUTERS: An analysis by Cisco’s threat intelligence division found that hundreds of thousands of routers, from a range of manufacturers, were infected by the malware linked to the hacking group Fancy Bear.CreditOzier Muhammad/The New York Times By Louis Lucero II May 27, 2018... Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday. A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies. The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.

What is Cyber Security? Cybersecurity, computer security or IT security is the protection of computer systems from the theft and damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Cybersecurity includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional or accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods. Question today is your company and its data protected?

Never Fear, your IT Support is here!

Don't Be Fooled,This Is A SCAM!! An old scam is making the rounds of online computer users. The FBI recently issued a warning about a computer scam that starts on the telephone: You get a call from someone claiming to work for a major software company. (Hmmwonder which one?) They tell you your computer is sending error messages to them over the Web, and they’ve detected a virus. No problem, however: All you have to do is pay them a fee and they’ll remotely fix your compute...r by installing anti-virus software on it. Once the caller has your credit card number and access to your computer, they don’t remove viruses, however they install them. In October, the Federal Trade Commission cracked down on a similar scam that charged computer users from $49 to $450 to remove malware from their computers. The agency estimated tens of thousands of computer users fell prey to that scam. Courtesy of Money Talks News

Is your network infrastructure working as it should and if not, how would you know? Take us up on our offer of a FREE 1 Hr Consultation to find out.

Want to know what Google Knows about you? https://www.komando.com//43/what-does-google-know-about-me