Mike Olson has a post entitled “Beware, even things on Amazon come with embedded malware” over on artfulhacker.com about purchasing a few PoE IP Cameras off of Amazon, and how they came complete with malware embedded on them. The “Internet Of Things” (IoT) offers a lot of opportunity for this to happen. The malware could be intentionally placed there by the …
FTC Security Guide for Business Released
The Federal Trade Commission has released a new document which may be worth a read for anyone looking for a place to start for improving their Business Security. He’s the rundown of what is covered: 1. Start with security. 2. Control access to data sensibly. 3. Require secure passwords and authentication. 4. Store sensitive personal information securely and protect it …
Trend Micro Worry Free Business Security Service Pack 2 & Critical Update available!
Many of the businesses that Homeland Secure IT serves are using Trend Micro Worry-Free Business Security as their weapon of choice against malware and even spam. Once the product is loaded on their server and installed on their desktops, it will generally automatically download the security updates required to keep it current. However, every once in a while, Trend Micro …
Watch out for fake Microsoft Windows 10 update email – Malware Warning!
With all the excitement about Microsoft Windows 10 being a FREE update, some people signed up for the “Get Windows 10” promotion as prompted in their taskbar, to be put on a waiting list. So it’s not surprising that when an email comes in that looks legit, that someone might follow the link and attempt to install it. Unfortunately for …
Don’t FREAK out – Apple has fixed their vulnerabilities
There’s a major web encryption flaw that has been documented and widely covered in the media which permits a “man in the middle” type attack to occur from your web browser How does it work? It allows an attacker to intercept HTTPS traffic between vulnerable clients and servers, and then forces them to use an export-grade cryptography, which can then …
Microsoft Patch Tuesday should be taken seriously this time (Sept 2014)
FORTY-ONE vulnerabilities have been addressed in this edition of Microsoft’s Patch Tuesday. There are 37 security flaws in Microsoft Internet Explorer alone which are being corrected. These range from “Important” all the way up to the “Critical” level, and include one fix for a “zero day vulnerability” that attackers have been exploiting. It is recommended that you apply the patches …
Stolen computer from Greenwood hospital may contain unencrypted patient data
Here we are in 2014, with operating systems which feature built-in data encryption, and in the news today over on WYFF’s site is a story titled “Hospital: Patient info at risk after laptop is stolen“. It was just a couple years ago that I wrote on this blog about a similar incident HERE. The long and short of today’s story …
Internet Explorer being actively targeted – Why are you using IE?
This is from our partners at WatchGuard, taken in its entirety from their blog for your reading enjoyment: Advanced Attackers Exploit IE & Flash 0days in the Wild by Corey Nachreiner Over the weekend, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability in Internet Explorer (IE), which attackers are exploiting in the wild. Around the same time, …
Kevin Mitnick demonstrates a Microsoft Word document exploit
Did you know that most successful computer exploits that we encounter are because the user simply clicked a link, or opened a document without giving it a second thought? I think we’re all guilty of receiving an email from someone we know, or assume we know, then opening the email and following that link. I know I have done it, …
Microsoft FixIt for Word / Office should be applied without hesitation
Yesterday’s Microsoft Security Advisory announced a vulnerability in Microsoft Word which could permit remote code execution. The summary of this advisory simply states that people are being exploited due to a vulnerability. It happens when someone opens, or even previews an RTF in email using Microsoft Word as the email viewer. While Microsoft has not released a full patch at …