Security Protection – Harry Waldron MVP Rotating Header Image

Android Security – Auto-rooting Malware difficult to remove

Lookout, a leading mobile security firm, shares valuable developments that should be carefully watched by corporate and home mobile users. Users must carefully evaluate and install only the most trusted applications in a store or website they are visiting.

Auto-rooting adware is a worrying development in the Android ecosystem in which malware roots the device automatically after the user installs it, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated.   Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.

Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores. Indeed, we believe many of these apps are actually fully-functional, providing their usual services, in addition to the malicious code that roots the device.

Unlike older types of adware that were obvious and obnoxious, prompting users to uninstall them, this new type of adware is silent, working in the background. These malicious apps root the device unbeknownst to the user. To add insult to injury, victims will likely not be able to uninstall the malware, leaving them with the options of either seeking out professional help to remove it, or simply purchasing a new device.

For individuals, getting infected with Shedun, Shuanet, and ShiftyBug might mean a trip to the store to buy a new phone. Because these pieces of adware root the device and install themselves as system applications, they become nearly impossible to remove, usually forcing victims to replace their device in order to regain normalcy. We believe more families of adware trojanizing popular apps will emerge in the near future and look to dig its heels into the reserved file system to avoid being removed.

Identity Theft – Resource Center

Below are a few key resources shared with a friend, who was impacted by identity theft.  The Identity Theft Resource Center is a non-profit resource that can provide a starting point free of charge.

Identity Theft Resource Center

What to do if Identity is stolen

Leadership – Motivating team to move from survival to significance

John Maxwell’s leadership blog shares the need for IT and business leaders to move beyond just survival mode on the job.

Most people settle into one of three areas: survival, success, or significance. If you’re like many people, you may be struggling just to keep your head above water. You’re in survival mode. Whether because of circumstances, setbacks, or poor choices, you have to put a tremendous amount of effort into just making it day to day.

If you’re working hard to make life better for yourself and your family, then I applaud you. Will you try to make a difference by helping others get ahead?  At this point, most people fresh out of survival mode believe they should focus on success before tapping into significance.

Many people tie their significance to social position, their title, their net worth or bank balance, the car they drive, their prestigious address, the man or woman on their arm, or some other status symbol. Their mentality is, “If I do enough and have enough, even if I am self-centered, it will bring fulfillment.” The problem is that self-centeredness and fulfillment cannot peacefully co-exist.

Instead, they need to shift to significance by putting other people first. Until that change occurs, happiness, fulfillment, and significance will always be out of their reach. That doesn’t mean success is bad. The reality is that many people must achieve a certain amount of success before they’re ready for significance. They need to have found themselves, achieved something, and made themselves valuable before they have something to give to others.

Windows 10 – Managing notification and upgrade options

For Windows 7/8, this key Microsoft support resource offers key techniques regarding

* Corporate/Home user update rules and options
* How to check system in advance for Windows 10 compatibility
* Best practices for successful migration from Windows 7/8 to Windows 10
*How to Hide the “Get Windows 10 application for users” wishing to stay on Windows 7/8 for a while longer

Microsoft is making Windows 10 available for free for one year from the date of availability.  This article describes the notification and upgrade options, and it explains how you can manage these options. Regardless of current disqualifying criteria, administrators who want to prevent Windows 7, Windows 7 for Embedded Systems, Windows 8.1, and Windows Embedded 8.1 Pro clients from upgrading should enable the policy settings that are discussed in this article.

Android Security – Improvements in Lollipop v5.1.1

Android Security improvements are highlight below for this earlier release:

It’s reassuring to see Google deploying new and improved security features as its mobile OS matures.  Increasing demand for new security features encouraged Google to slowly add mechanisms designed to protect against both malicious apps and cybercriminals trying to exploit system vulnerabilities.

But all is not lost, as security has been upgraded thanks to the default SELinux enforcing mode for all applications, meaning that malware will have a hard time exploiting system vulnerabilities. Among some of the new security features, there’s now a geo-fencing option (Trusted Places) that allows devices to stay unlocked when inside a trusted perimeter such as your home. It’s a pretty nifty feature that takes away the need to always input your security pin code even at home, as there’s no risk of strangers eyeballing your personal information.

There’s also a new data encryption feature that’s most useful when you’re using an Android device for both personal and business activities, as you can rest assured that your company documents will safely stay undecipherable in case your phone or tablet is lost or stolen

Data Breach – Hosting Web site 000webhost compromised

Up to 13 million accounts may be impacted as documented below and users should quickly revise their ID/passwords as advised:

Information on nearly 14 million users of 000webhost, a Lithuanian web hosting service, was spilled earlier this year when a hacker exploited an old version of the company’s website and gained access to the backend.   13.5 million customer usernames, plaintext passwords, email addresses, IP addresses, and names were exposed as part of the breach, according to a Facebook post from the company Thursday morning.

000webhost first disclosed the breach Wednesday morning in a preceding Facebook post but was hazy with details, claiming that at some point a hacker leveraged an exploit on an old PHP version of the company’s site and uploaded some files.

“Although the whole database has been compromised, we are mostly concerned about the leaked client information,” the company wrote, adding that since it discovered the issue, its reset user passwords, and is cautioning any users who used the same password on another service to change it.

Enterprise Security – SANS 2015 study documents areas of improvement

SANS (Internet Storm Center) has been an excellent resource for security best practices and breaking news for years. This study documents current challenges in corporate security:

In 2015, 148 million records have been breached in 129 reported incidents—incidents that sometimes go undetected for months at a time. As far along as we are in 2015 technology and despite all the security solutions available, a majority of enterprises still do not have adequate basic perimeter security or threat responsiveness to protect their data centers and cloud systems. Hacker break-ins and data theft reports nearly every week in the news bear this out.

The SANS (System Administration, Networking and Security) Institute, a respected global information security training and analysis provider, has come out with its first “State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report,” and most of the findings are disconcerting at best.

The report, released Oct. 14, included the following metrics:

1. Nearly six in 10 (59 percent) organizations say they are able to contain a threat within 24 hours, which is an eternity in security time. A full day leaves systems open to prolonged and increased damages as attacks spread laterally through data centers and clouds.

2. Containment times reported by respondents included: up to 8 hours (37 percent of respondents); up to 24 hours (21 percent); less than a week (19 percent); and more than a week (17 percent).

3. Notably, 55 percent of respondents are dissatisfied with the length of time it takes them to contain and recover from attacks.

4. Traditional tools not stopping breaches: Forty-four percent of enterprises reporting breach information have had sensitive data accessed by attackers; these same respondents were among those using traditional security tools in their data centers and clouds

5. Security losing ground in cloud, distributed computing game: Thirty-seven percent of organizations use distributed cloud and data center computing systems; 44 percent of respondents said their biggest challenge was that cloud providers don’t offer visibility needed to protect users and data; 19 percent say cloud providers don’t give them security support needed; and 49 percent have no formal cloud security strategy in place.

Facebook – New Slideshow advertising targeted to slow bandwidth users

Facebook is testing advertising options that consume less bandwidth than video advertising, as documented below:

In a press release on Thursday, Facebook officially announced Facebook Slideshow, a new advertising model targeted for regions with slow Internet connections. Facebook argues that the growth of online video consumption makes users want to engage with more video content, which includes ads.”A recent report suggests that in countries like Nigeria and the Philippines where connectivity can be slow, expensive or both and where feature phones are prevalent, people are even more receptive to video ads,” Facebook elaborates.

However, no matter how engaging a video is, it would fall victim to slow Internet connectivity. Moreover, video ad production, with the budget needed, is often not feasible for small local businesses. Facebook addresses this problem with its introduction of Slideshow, playing lightweight content made using a series of still images.

Facebook – New Local Market buy/sell option being tested

Facebook is testing new option for local buy/sell opportunities as documented below:

Facebook is reportedly testing a new feature called “Local Market,” which is essentially a location to buy and sell items and services, similar to Craigslist. Most users who had access to Local Market found that the section was only live for around two hours. Not only that, but not everyone was able to access the section if they had the option, reporting that it spent a lot of time loading.

It seems as though the section will be accessible both as a dedicated tab on mobile devices and through a bookmark on the desktop version of Facebook. The section will also be populated largely by Facebook groups dedicated to buying and selling products, which is the reason that many of the categories had thousands of items on offer despite the section being completely new.

If Local Market does end up going live to the public, it could certainly pose a challenge to services like Craigslist. While Craigslist has been around for a long time and is a well-established place to buy and sell items, users might enjoy being able to sell things straight from Facebook without having to head to a different website and access a different account.

Facebook – Name verification improvements in DEC 2015

Facebook will be changing it’s name verification procedures, especially in cases where users have filed fake name reports to ask for more information.  This is intended to lead to less account lockouts where individuals might be unfairly attacked by others.

Facebook wants to make it easier for users to verify that they are using their “real” names. The social networking company will begin testing these improvements starting in December.

In a published letter obtained by BuzzFeed, Facebook’s vice president of growth, Alex Schultz, acknowledged that the current policy doesn’t work for everyone, and that many have complained to Facebook that the process of verifying their name is too difficult.

The EFF letter states that the signatories represent transgender and gender variant individuals, those who use pseudonyms to protect themselves from violence, people who have already been silenced by Facebook’s current policy, and those whose legal names “don’t fit the arbitrary standards of ‘real names’ developed by Facebook.”

Schultz responded to some of these points in his letter by saying that Facebook doesn’t require people to use their legal names, just “the name that other people know them by.” To simplify the verification process, the company is testing a new way to let people provide information about the circumstances surrounding their choice of name.  Additionally, users could soon see a new version of Facebook’s profile reporting process that’ll ask for more information about why someone is requesting action be taken on an account.

Featuring WPMU Bloglist Widget by YD WordPress Developer