Update Your Mac To Fix GarageBand And Logic Security Issues

If you’re a Mac user who uses GarageBand or Logic Pro, you’re going to want to update both of those programs with Apple’s latest patches.

According to the company, they discovered critical security flaws in both pieces of software that could allow hackers to remotely execute code. Apple stressed that there are no known instances of either of these exploits having been used in the wild, but the longer you go without updating your software, the more risk you put yourself and your company in.

This is the latest in a string of proactive updates we’ve seen from Apple, Adobe and other major software companies. It would be a mistake to assume that because these companies are now in a position to begin issuing proactive updates that they’re gaining ground against the hackers. But it is still somewhat encouraging.

The most important thing to remember is that the ongoing battle between IT security professionals and the world’s hackers is subject to ebbs and flows. Sometimes, the software companies gain the upper hand and close loopholes faster than hackers can identify and exploit them, but if and when that happens, it’s always temporary. The day is inevitably coming when the situation will be reversed.

In the meantime, it’s important that you and staff remain vigilant, and continue to update your software as critical patches become available.

If you’re not sure whether either of those software packages are in use by your employees, or if your staff is just too busy to keep up with it all, contact us today. A member of our knowledgeable staff will work with you to assess your current situation and needs so we can determine how we can best be of assistance.

Used with permission from Article Aggregator

Tech Tip #6: Become a Desktop Theme Wizard

Theme Wizard-01

This week’s tech tip is really not so much a tech tip as a virtual quality of life tip.

How many times have you gotten a new computer and scrambled as fast as humanly possible to replace the lame desktop background with a picture of something that doesn’t make your eyes hurt? Well, I have good news for you. It is called Desktop Themes. If you right click on your desktop and select personalize, one of your options is Themes (I’m using Windows 10 for demonstration). If you click on Theme settings in the Personalization window you will see the Themes window.

Theming1

You will see some default themes that you can click on. The great thing about themes is that they have multiple pictures and they rotate over time.

Ok, so you’ve told me about this wonderful themes feature, how do I get them? I’m so glad you asked. In the themes screen above, there is a link to “Get more themes online.” Click it and it will take you to the huge selection of desktop themes that Microsoft has created. There are themes for nature, art, landscapes, animals and even holidays.  Want a desktop theme of cute furry cat pictures? Ewww, but Ok, if that’s what you like. Click on the Download for the theme and select Open and it will automatically show up in the list of My Themes (like Sunny Shores that I just added)

Theming2

You can change between themes by clicking on them. Some of them even have sounds (ooh la la). Of course, there is one downside to Themes. You may find yourself staring at pictures of places that you would much rather be than the office. So please don’t fault your friendly neighborhood MSP for the productivity loss of employees dreaming of tropical vacations and furry friends.

Happy Theming!

1681369501

 

By Kurt Rinear
Director of Technical Services
Central Texas Technology Solutions

More HP Laptop Batteries Are Being Recalled

Is your laptop a fire hazard? If it’s using an HP battery, it may be. Recently, HP began receiving reports of batteries overheating, and in at least one case, in Canada, a laptop actually caught fire.

That prompted HP to issue a recall of more than 41,000 batteries, but as the number of complaints continued to escalate, it quickly became apparent that the problem was more widespread than was initially believed. The company has expanded their recall accordingly, and it now encompasses some 101,000 batteries.

If you own an HP, Compaq, ProBook, Envy, Compaq Presario or HP Pavilion laptop, and you purchased it between March 2013 and October 2016, you may have a machine that was built with one of the problematic batteries.

Fortunately, there’s an easy way to check. Just pull the battery cover off and check the barcode. If you see any of the following printed on the battery, it’s a problem:

• 6BZLU
• 6CGFK
• 6CGFQ
• 6CZMB
• 6DEMA
• 6DEMH
• 6DGAL
• Or 6EBVA

If you have one of these problem batteries, you’re eligible for a replacement. To verify, you can head to HP’s website, and to actually get your replacement, you can call 888-202-4320 and request a replacement. The company will send it to you free of charge.

This is not the first equipment recall we’ve seen in 2017, and it certainly won’t be the last. It’s important to move on this, however, because the fire hazard could pose a real problem, especially if you travel frequently for business.

In terms of scope and scale, this was not an especially large recall. Kudos to HP for their swift, decisively handling of the matter.

If you own your own business and can’t stand dealing with issues like these, give us a call. You can speak to one of our talented team members about ways we can help take some of the load off so your team can focus on growing your business and expanding your bottom line.

Used with permission from Article Aggregator

Not Even Police Can Avoid Ransomware – Back Up Regularly!

How’s your network security? Is it on par with police departments, which, you’d have to imagine, have fairly robust security?

If so, you’re still not safe.

Recently, police in Cockrell Hill, Texas, announced in a press release that they had been the victim of a ransomware attack that cost them dearly.

The hackers demanded $4000 USD to unlock their files, but the department’s’ IT staff determined that the best course of action was simply to restore the server’s files from backup.

Unfortunately, that proved to be problematic. A new backup was made after the infection, so the only files that were available were archived versions of the encrypted files, all bearing the “.osiris” extension.

The end result was that the department lost literally years’ worth of video footage and photographic evidence. These files were accessed by area lawyers to use in the prosecution of criminal cases. There’s no way to account for how much of an impact their loss will have, or how many cases that may go to trial sans this evidence could be impacted.
Although, of course, the police department has made statements hinting that the impact will be minimal, the reality is that there’s no way to know.

As part of the formal statement issued by the department, they announced that they had been infected by “Osiris Ransomware,” probably owing to the extension on the files.

If you own your own business, then you should be aware that this was a misnomer. There’s no need to inform your staff to be on the looking for Osiris Ransomware, because no such software exists. Additional research has revealed that the most recent version of Locky Ransomware encrypts files bearing the .osiris extension, and this is almost certainly what the Cockrell Hill Police Department was actually infected with.

Nonetheless, the event stands as another harsh reminder that no matter how good your security is, you’re still not safe. In this case, the infection was made possible when a department member opened an email that had been spoofed so that it appeared to be an official departmental communication.

Used with permission from Article Aggregator

Using Android Pattern Lock May Not Be Best Phone Security

If you use an Android device, and since they are the most popular devices on the planet these days, you probably do, then you may also be using a pattern locking mechanism to secure it.

On the face of it, that seems to make a lot of sense. After all, given the number of high profile data breaches we’ve seen in recent years, it seems clear enough that standard text-based passwords have real issues. That’s the entire reason that new security schemes like two-factor authentication and the like have risen in prominence.

Unfortunately, new research from a consortium of universities including Lancaster University, northwest University in China and the University of Bath have concluded that pattern locking is, in most cases, significantly less secure than a text-based password.

Based on their research, which included secretly videotaping people unlocking their phones, they discovered that most people tended to use the same basic patterns.

What this means from a practical standpoint is that if you use pattern locking, your supposedly secure pattern can be successfully guessed 95% of the time within five tries or less.

Everyone in the industry understands the pressing need for better and more advanced security, which, again, explains the rise of new password protection schemes that we’ve seen in recent years.

Unfortunately, this is essentially a process of trial and error. Some new ideas will work well, and others will backfire and wind up being less secure than what we have right now.
That certainly seems to be the case with the pattern locking. This seemingly great idea looked like it would be more secure on paper, but in the real world, it turned out to be significantly less secure.

The bottom line is that if you’re currently using the pattern locking mechanism to secure your device, it isn’t as well protected as you probably think it is.

Used with permission from Article Aggregator

Amazon Recommendation of the Month – February

amazon phone trade inBefore you throw your old phone in a box in your closet – sell it.

You will never get more money for it by waiting, and the moment you stop using it is the best time to sell it for top dollar. Like a car, it doesn’t matter what make or model it is, the value drops every day. As one of the largest retailers in the world, Amazon has a robust trade-in program where you can trade in electronics, among other items, and receive Amazon.com store credit. Amazon will even pay for your shipping! Click HERE to get top dollar for your used electronics.

 

Facebook Attempting To Fix Password Recovery To Minimize Hack Possibility

Password security continues to be the single biggest weak point in the realm of digital security. The problems on this front are numerous, but chiefly stem from the facts that:

• Too many people use simple, easily guessed passwords
• Too many people use the same password across multiple accounts
• And too many people adopt a “set and forget” mindset when it comes to passwords.

Put those three factors together and you have what amounts to a perfect storm. If a hacker gains access to one password, he’s got the keys to your digital kingdom, and some passwords are more important than others.

Email passwords, for example, are especially important, because if a hacker has access to your email, he can simply go to any site you are a member of, click the “forgot password” link, and get a reset sent to the inbox he now has access to.

In a similar vein, Facebook passwords are crucial, because so many sites have adopted the Facebook sign on API, which allows a user to use their Facebook login credentials to access a wide range of other sites.

Where Facebook in particular is concerned, the company is taking steps to make password recovery more secure. They’re moving away from the standard SMS and email link verification and toward a delegated recovery scheme.

In terms of rollout, they’ve begun with the website GitHub.

As of now, if you have a GitHub account, you can set up an encrypted recovery token from that account in advance and save it to your Facebook account. That way, if you should ever lose access to your GitHub account, you can re-authorize and re-authenticate, using the token you’ve set up previously.

It’s an intriguing move, and it will be interesting to measure the effects over time to see how much more secure that makes those who avail themselves of the option. At this point, it’s too early to say how effective the new system will be, but kudos to Facebook for taking an important step forward in trying to find a solution to this pervasive problem.

Used with permission from Article Aggregator

That Fake App Just Stole Your ID

fingerprint with open padlock and chain draped over it

Ryan loved tweaking photos on his Android phone.

He’d heard rave reviews from his friends with iPhones about Prisma, a new iOS app for image editing. So when he heard Prisma would soon be released for Android, he logged in to the Google Play Store to see if it was there yet.

To his surprise, he found one that looked just like what his friends were describing. Delighted, he downloaded and started using it. Meanwhile, the app—a fake—was busy installing a Trojan horse on his phone.

When he got to work the next day, he logged his phone into the company network as usual. The malware jumped from his phone to the network. Yet no one knew. Not yet, but that was about to change…

Now, this isn’t necessarily a true story (at least, not one we’ve heard of—yet…), but it absolutely could have been. And similar situations are unfolding as you read this. Yes, possibly even at your company…

Fake apps exploded onto iTunes and Google Play last November, just in time for holiday shopping. Apple “cleaned up” iTunes in an effort to quell users’ concerns, but hackers still find workarounds. Unfortunately, these fake apps pose a real threat to the security of your network. Especially if your company has anything but the strictest BYOD (bring your own device) policies in place. And the more your network’s users socialize and shop on their smartphones, the greater the risk of a damaging breach on your network.

Fake apps look just like real apps. They masquerade as apps from legitimate merchants of all stripes, from retail chains like Dollar Tree and Footlocker, to luxury purveyors such as Jimmy Choo and Christian Dior. Some of the more malicious apps give criminals access to confidential information on the victim’s device. Worse yet, they may install a Trojan horse on that device that can infect your company’s network next time the user logs in.

So what can you do?

First, keep yourself from being fooled. Anyone can easily be tricked unless you know what to look for. Take the following advice to heart and share it with your team:

Beware of Fake Apps!

In case you weren’t aware, one of the latest and most dangerous Internet scams is fake apps. Scammers create apps that look and behave like a real app from a legitimate store. These fake apps can infect your phone or tablet and steal confidential information, including bank account and credit card details. They may also secretly install on your device malicious code that can spread, including to your company network.

Take a moment and reflect on these five tips before downloading any app:

  1. When in doubt, check it out. Ask other users before downloading it. Visit the store’s main website to see if it’s mentioned there. Find out from customer support if it’s the real McCoy.
  2. If you do decide to download an app, first check reviews. Apps with few reviews or bad reviews are throwing down a red flag.
  3. Never, EVER click a link in an e-mail to download an app. Get it from the retailer’s website, or from iTunes or Google Play.
  4. Offer as little of your information as possible if you decide to use an app.
  5. Think twice before linking your credit card to any app.

Most importantly, get professional help to keep your network safe. It really is a jungle out there. New cyberscams, malware and other types of network security threats are cropping up every day. You have more important things to do than to try and keep up with them all.

The Most “Bullet-Proof” Way To Keep Your Network Safe

Let’s not let your company become yet another statistic, hemorrhaging cash as a result of a destructive cyber-attack. Call me TODAY at (512) 388-5559 or e-mail me at Josh.Wilmoth@CTTSonline.com, and let’s make sure your systems are safe. I’ll provide you with a Cyber Security Risk Assessment to check for and safeguard against any points of entry for an attack. This service is FREE, but DO NOT RISK WAITING: contact me NOW before the next scam puts your network at risk.