Cybercriminal with ransomeware

XSolutions’ LinkedIn Post Roundup: Mar 08, 2021

Here are a select few of this week’s LinkedIn posts by XSolutions:

Beware: 14% of Mobile Apps Do Not Secure Your Data (Posted 03/05/2021)

Analysis by Zimperium found that 14% of iOS and Android apps store user data on third-party servers that are misconfigured and can leave you vulnerable to cybercriminals.

Most users think that the apps they’re using are secured on that company’s servers, but this is not necessarily true. Some companies use third-party services from Amazon, Google, and Microsoft. While this may be an easy option for app-makers, these services MUST BE adequately configured to secure the data they’re entrusted with.

Using third-party services on the back-end of apps is not wrong; however, app-builders must have the expertise to configure these third-party servers properly.

App-builders must create their apps and host them with security in mind.

Always do your homework before downloading and using apps. A hacker only needs to penetrate one app, and your whole device, and the information it contains, are at their fingertips.

SECURITY ALERT! Microsoft Announces Active Zero-Day Vulnerability (Posted 303/04/2021)

Microsoft recently disclosed a zero-day vulnerability affecting Microsoft Exchange being actively exploited by a nation-state threat-actor in the wild.

See CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 for more information on the three vulnerabilities, affecting Microsoft Exchange Servers 2010/2013/2016/2019.

These vulnerabilities enable attackers to take control of these systems.

A New Twist To Government Imposter Scams (Posted 03/04/2021)

BleepingComputer recently posted about a new tactic scammers are using to separate Americans from their money.

Fraudsters are using official-looking Government IDs and either emailing or texting copies to unsuspecting victims during scam calls in an effort to prove they’re real agents. The IDs are fakes.

Last year, scammers stole over $170 million, averaging $1,250 per scam. That’s a lot of money. Folks, please don’t fall for any of this.

* Don’t believe caller ID. Apps allow fraudsters to display whatever they want. If you receive such a call and are concerned, hang up immediately, call the official, published number of the agency, and inquire.

* We’ve said it many times; the Government will never call, email, or text and harass you. If anything is wrong, they’ll send you a letter along with instructions for making payments, appealing decisions, etc.

* One dead giveaway the call is a scam is if they asked you to pay by money transfer, gift cards, etc. The US Government doesn’t work that way.

* Don’t even answer the call if you get one, but never give any personal or confidential information if you do.

To our readers with older relatives: please let them know about this and keep them informed.

IMMEDIATE SECURITY ALERT: Update Your Chrome Browser Now! (Posted 03/03/2021)

ZDNet reports that Google just issued a patch closing a zero-day vulnerability that hackers are actively exploiting as you’re reading this.

The vulnerability is described as an “object lifecycle issue in audio” and is rated as a “high severity security flaw.”

Google is very quiet on the current issue, so you can bet that this is serious.

My advice: UPDATE CHROME NOW!       

ALERT: Worm-like Ransomware Strain Attacks Full Network (Posted 03/02/2021)

The security company, KnowBe4 recently reported a new variant of Ryuk ransomware that uses Scheduled Tasks in Windows to spread to all systems on a network from a single device.

Because this new strain can copy itself to other Windows devices on a network and schedule infections remotely using Scheduled Tasks makes this variant very menacing.

The best defense against this strain, as in all others, is practicing good computing habits like not clicking on links or opening attachments in emails, keeping all systems updated, and instituting training programs for employees.

Is your mobile phone hacked? How to tell and what to do (Posted 03/01/2021)

How to tell:

* Sudden poor performance

* A sudden spike in data usage

* There are calls and texts you didn’t make

* You notice new apps that you didn’t download

* You see unusual activity, like password reset messages, etc.

How it happens:

* Clicked an infected link

* Used a public charging station

* Downloaded a malicious app

* Someone using your phone when left unattended

* Used poor or well-known already-hacked passwords

* Used free WiFi and got hacked

What to do:

* Change passwords immediately

* Enable multi-factor authentication on applications that allow it

* Review bank and credit card statements for unusual items

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection