Shellshock BASH flaw leaves Mac OS X, Linux, and more open to attack!

Security experts recently discovered a flaw in the widely used Unix Bash shell, leaving Linux machines, Mac OS X machines, firewalls, routers, and many more devices vulnerable to attack.  The vulnerability, “Shellshock”, apparently has been in the BASH (Born Again Shell) code for many years.

So why is this important?  A very large number of web-connected devices such as web servers, Mac OS X, and web-powered services which run on Linux-based devices have the BASH shell as part of the core operating system.  The Shellshock issue runs very deep because of the vast number of devices running the Linux kernel. Shellshock’s roots are so deep which means that the vulnerability will still are found in unpatched systems for the foreseeable future.

In fact researchers are seeing evidence of the Shellshock BASH bug being exploited by cyber criminals.  At least one exploit attempted to install a denial of service attack bot which guess the login information for the affected servers using a list of commonly used passwords.

[Is Hacking a Website To Steal My Information Easy?]

What does this mean?

Apple, who is affected by this issue will no doubt apply patches the OS X as quickly as possible, however it’s impossible to know just how far this flaw reaches.  This issue is likely to linger on in neglected websites, older routers, and older devices—many of which are impossible to patch—providing an opening for determined hackers to sneak into those systems.

So what should you do?

Well In short, you need to watch for security updates, particularly on OS X.  Also be sure to keep an eye on any guidance you may get from your ISP or your Managed Service Provider. [Managed Services, Why Do I Want Them?] As always be cautious of emails requesting information or instructing you to run software – events like this are often followed by phishing attacks that capitalize on consumers’ fears.”

Slick Cyber Systems recommends contacting a trusted I.T. partner to discuss any concerns or questions you might have.   Or contact a member of Slick Cyber Systems tech team to discuss any concerns you may have at (570) 371-5800 or visit us online at www.slickcybersystems.com

Why backup to the cloud?

With the ever growing complexity and volume of corporate information that is created every day, corporations face the cold hard truth; without your data, you have no business … data IS the business. This is why it’s critical to have a dependable modern system to safeguard your company’s valuable business data. Cloud backup, recovery and restoration options have performed and emerged as the best most secure, cost-effective solution. Still not convinced?  We’ll take a look at a few of the key advantages that cloud can offer your business.

1. The reliability of backups and speed of recovery are improved. Tape drives are extremely unreliable for data backup. In fact it’s very common for a tape drive to malfunction without giving any warning signs whatsoever. Too often backup tapes will contain data, but won’t allow you to retrieve that data. However a cloud backup and recovery system instantly restores data regardless of your location, including individual files, the most common type of data recovery. By working with a managed service provider, you can establish Recovery Time Objectives and Recovery Point Objectives that match your business requirements.

2. Security, security, security. The security of your company’s important data is critical. Files selected for backup are encrypted before transmission to a cloud vault and remain encrypted once they reach their destination. The only decryption key resides with the customer, and these safeguards are superior to unencrypted on premise data backup and recovery systems.

3. Once you select a backup schedule, your company’s data is saved automatically, providing an transparent solution. Think of this as a set it and forget it model. This results in less operational and administrative management for data backup.

4. Smarter use of your IT resources A cloud backup, recovery and restore solution allows your business to redirect valuable IT resources to more pressing challenges or strategic initiatives within your organization. The inherent scalability of cloud backup makes it easy to evolve as your business data environment grows and changes.

5. Compliance safeguards Although your company will continue to assume liability for data security when moving to cloud backup, a provider using multiple data centers that are geographically diverse can offer a backup solution with more reliability and redundancy than tape backup.

6. Tape backup have many shortcomings, so eliminate them. If you weren’t already aware of this, but tape backups are often expensive. Not to mention vulnerable to obsolescence. Tape can be lost, or worse they can be stolen when storing or transporting off-site. What can be worse is recovering data from a tape system. It can be slow process, especially if a tape needs to be retrieved from an off-site vault. Want to learn more?

Switching to a cloud-based backup system in today’s business environment it is an important decision that requires a clear understanding of how such a solution will integrate into your business. Also know that all cloud backup solutions are not created equal.  To get answers to the most common questions that companies have about cloud backup, contact Slick Cyber Systems online or call (570) 371-5800 for more information.

Related Posts

Is Hacking a Website To Steal My Information Easy?

Managed Services, Why Do I Want Them?

HEARTBLEED BUG (Real or Hype?)

Protect Your Business From Being The Next Victim Of Cyber Crime

An alarming trend of high profile security breaches seems to be happening almost daily. So what should you do? Well if you are the Owner, CEO or Executive of a business, you need to pay attention to this trend. You can’t just sit back and hope that your business won’t be the next victim.

Everyone was made aware of Target’s highly public security breech last year, and more recently Home Depot; along with grocery chain SuperValu, and health care provider Community Health Systems.  These organizations have all reported data breeches that affected millions of customers and patients. Jim Slick, CEO of Slick Cyber Systems, a IT Managed Service Provider and security professional, said it is crucial that business strengthen efforts to thwart cybercriminals from making your business their next victim.

Slick said that for small to medium businesses the key is to build your security as an ongoing process, not just a singular event. This process is best when is consists of several layers of security:

1. Be sure to perform ongoing penetration tests to secure the operating system of external-facing servers.
2. Slick said the often hackers try to exploit software and application weakness. These exploits allow the hackers the ability to escalate privileges, access security pages ultimately compromising servers.
3. Every business should install security software that monitors web traffic by detecting unusual behavior. Using this can provide useful insight to get advanced warning of any potential attack.
4. Install adaptive authentication technologies, which are usually integrated into an application’s login page, to add an additional layer of security to an application. Slick went on to say that these adaptive authentication technologies monitor and authenticate online activities in real time by correlating behavioral analysis, profiling devices and data feeds from fraud networks.
5. An equally important piece is to block malicious, by utilizing application firewalls in front of all external facing web servers.

Call Slick Cyber Systems today at 888-850-8882 if you’d like to take the first steps in securing your customer data.

In business you need to watch your apps.

So you think you are safe when collecting an ex-employee’s mobile phone or computer? Maybe not…

Many businesses leave themselves open to possible vulnerabilities, because they don’t control cloud based accounts, according to new research from Intermedia and Osterman Research.

All too often this is not something that businesses think about when an employee leave or the company decides to layoff or terminate an employee. More often businesses are concerned with getting back mobile phones, computers and paperwork but just miss opportunities to control cloud applications and “I.P.” or intellectual property. Due to explosive growth of cloud applications employees often have access to virtually everything. Making it difficult for companies to protect and secure I.P.

Intermedia research shows that up to 89% of all ex-employees leave with passwords, and continue to access cloud applications like Salesforce, email, Facebook and other sensitive business applications , even though they no longer work at the company. And of those respondents who still have access, 45% said they retained full access to confidential information while 49% admitted to logging on after leaving the company.

Reasons seem to vary why companies are letting employees leave with passwords and active account information; the survey also found that problems seemed to occur during the off boarding process.

These lapses in security are troubling to say the least. Many companies are making it far too easy for former employees to leave with work files stored in personal cloud services. Many of these former employees are utilizing cloud storage services like Dropbox for their work and personal data often blending the two. When they leave they still have access to all the work data that is stored in the cloud. According to the survey, 68% of respondents said they walked away with company data and 88% said they retained access to the file-sharing services they used at their old job. So when an employee leaves, he or she still has access to all that work data being stored in the cloud.

So what can you expect to face with weak or non-existent approach to controlling business apps? Well it could mean stolen secrets, lost data, and security breaches not to mention regulatory compliance failures. You could also see sabotage and hacker attacks, all of which mean more money to fix.

Jim Slick of Slick Cyber Systems said, “Your business doesn’t need to be another statistic. You can implement procedures to ensure the safety of your business data.  You should implement more rigorous practices during the onboarding and off boarding of employees,” says Jim. . He went on to say, “It’s also a good idea to never share logins. You would never share logins to your personal bank account or other personal secure data, then why would you for business apps?” Jim said, “Unfortunately some businesses think they are saving money having everyone login using the same shared login, but this is not a good practice for statistical and other obvious reasons.”

Jim said, “During the hiring process, having a policy in place outlining what apps are approved and which ones are not should be used. Also, during the off boarding process, a list should include every application the employee has access to and secure them properly upon their exit.  Much of this is common sense, but business don’t do it”.

Need help developing a plan or understanding more about securing your data, business apps or cloud security contact Slick Cyber Systems on the web at www.slickcybersystems.com or call 1-888-850-8882.

Software can reduce the stress of small business.

Specialized business software like an ERP or CRM can reduce the stress of small business.  Small businesses, like boutique soap manufactures or candy makers have dreams and goals like any other business, but often those dreams are challenged daily unpredictability. Like how do I grow my revenues? Or how do I justify new capital equipment on those revenues? Not to mention how do you deal with product seasonality and even worse rising material costs?
Well unfortunately these challenges won’t go away, but your business can mitigate the impact by having a greater visibility on the key fundamentals of your business. This visibility can be the ultimate stress reducer, by letting you adjust to higher supplier costs or help you determine if it’s time to hire workers. With this extra level of visibility you can predict the upswing in business making you more nimble. Giving you the tools and ability to see trends and identify threats and opportunities before they happen is the best way to keep your business dream on track.

The bottom line?

Actually it’s the bottom line and the top line — with business software you have better control over both. Yes, it has taken years for ERP to evolve to the point where it could be relevant to small manufacturers, but now that it is, there’s no reason to delay. Thanks to the cloud and software that’s designed to work expressly for small and medium sized businesses, fears of cost and complexity are no longer justified and it’s finally time to let business software help your business dream become a reality.
Slick Cyber Systems can help you determine what software will help reduce your business stress call us today at 570-371-5800.

TSA Announces That Uncharged Devices Banned from Some Flights

The U.S. Transportation Security Administration has recently announced a change of a rule regarding electronic devices. The TSA will NO Longer allow uncharged devices such as mobile phones or other electronic devices on U.S. bound airplanes at many overseas airports.

This change in policy is part of the TSA’s effort to strengthen security at airports following credible intelligence that Islamic terror groups are planning on blowing up airliners.

These certain international airports will require passengers during security screening to turn on electronic devices such as tablets, mobile phones or laptops. If the devices you’re traveling with do not have power or cannot turn on the device will not be allowed on the plane.

In a written statement, the TSA said: “As the travelling public knows all electronic devices are screened by security officers. During the security examination, officers may also ask that owners power up some devices, including cell phones.

“Powerless devices will not be permitted onboard the aircraft. The traveler may also undergo additional screening.”
It appears that U.S. officials are concerned that these extremist groups have devised a method of turning mobile devices such as tablets or mobile phones into explosives.

Little is known about the intelligence concerning this threat, so the TSA has not specified which airports will be subject to the extra security regarding your mobile electronics.

I guess the moral of this story is to be sure to top off your mobile device to ensure its fully charged before heading off to the airport for your vacations adventures this summer.

Windows 8 Free + Windows Phones set to drop below $200.00

In a recent report by Reuters it appears that Microsoft is going to drive down prices of Windows devices and offer Windows 8 free this year. Do you have a windows phone yet? Will this make you consider windows for your mobile phones or tablets?
Consumers can expect prices of tablets and smartphones running Microsoft software to dip below $200 this year, says the company’s vice president of OEM partners Nick Parker. “We’ll reach price points that are very industry competitive for 7, 8, 10-inch devices,” Parker said, speaking to reporters after his keynote at Computex, Asia’s largest computing show. “They will really surprise you. Last year, we were in the 3s, 4s, 500 dollars. This year, we’ll be 1s, 2s, 3s.”  He also said some Windows Phone smartphones will sell for under $200 in certain markets this year.
The fast fall in prices for Windows 8 devices is the result of Microsoft’s aggressive efforts this year to gain market share in the mobile sector. The market is dominated by Google, which offers its Android operating system for free to handset and tablet developers. While Microsoft has traditionally charged for its software, it made Windows free this year for devices smaller than 9 inches, in an effort to bring the prices of Windows mobile devices closer in line to those running Android. The company also relaxed certification requirements for mobile devices, reached out to new manufacturing partners and made other efforts to encourage development of Windows tablets and smartphones.
Microsoft’s share of the tablet market was less than 4% last year, according to research firm IDC. Parker declined to say if the free offering of Windows is a permanent strategy for the company, or if it will return to charging next year.
But he emphasized that Microsoft had other ways to make money besides Windows licensing fees, such as the “freemium” model of its Skype video chat service and the launch of Office 365, which allows users to rent the software for a year instead of buying it.

Oleg Pliss stole my iPhone. Who’s Oleg Pliss?

A large number of iPhone users have been reporting recently that their beloved iPhones and iPads have come under attack. The attacks are taking the devices hostage and locking the owners out of them and going so far as to demand that they pay a ransom to get their devices unlocked.

It seems that the attack works by first compromising the iCloud account which are associated with these disabled devices. The Apple support form discussion first appeared Early Sunday Morning, but seemed to gather some steam and currently has several hundred posts of users experiencing the same issue.

The devices that have been commandeered seem to emit a loud tone, which is associated with a feature used to help find lost or misplaced devices. The devices even display a message “Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:lock404@hotmail.com for unlock.”

There have even been some reports that if a user hasn’t assigned a strong passcode locking the device against hackers or other prying eyes, then the phone can only be unlocked by performing a factory reset. If you not familiar what this does it completely erases all stored data, contacts, apps, pictures, from the phone and returns the phone to factory default.

PC users have seen similar variations of this scam before which is referred to as a ransonware scam. In fact Google’s Android OS also was targeted by similar scams just a few weeks ago, but now iPhone, iPad users are getting familiar with the frustration caused by this most recent scam.

The forum that reported the issue seem to provide some solid proof that victims of this scam have had their Apple ID’s and passwords compromised. This allowed the attackers to remotely lock the connected iPhones or iPads with Apple’s own “Find My iPhone service”.

No one is certain how the iCloud accounts were compromised by these attackers. It is certainly possible that these accounts were compromised by hijackers who may have performed standard phishing attacks, or maybe even hacked password databases getting ahold of user credentials allowing them to hold these devices for ransom.

So what can I do to stop my iPhone or iPad from being stolen by Oleg or any other hacker?
Well first users are advised by Slick Cyber Systems to randomly generate long passwords that are unique to their iCloud account. It is also recommended to enable the two factor authentication and always use unique passwords for each device, never reuse passwords.

Users with a locked device are recommended to immediately try changing their Apple ID credentials and we highly recommend that the two-factor authentication is set up. In the event their locked device did not have a passcode associated with it, you can perform a factory reset by using a cable to plug the device into their computer while iTunes is open.

For additional help reclaiming your devices or help understanding how to make your technology as secure as possible please contact Slick Cyber Systems to have a full evaluation of your network by calling (570) 371-5800, or visiting us online at www.slickcybersystems.com.

Is Hacking a Website To Steal My Information Easy?

Is Hacking a Website To Steal My Company Information Easy?

Gone are the days of believing that hackers were geeky pale little nerds that spent their days in basements eating pizza (and Hot Pockets) well into the night while playing World of Warcraft while hacking into secure sites for the bragging rights.
There has been huge growth and a resurgence of hackers (and other tech savvy groups), like Anonymous, who routinely perform well coordinated attacks against all sorts of targets from local and state governments to corporations and even everyday citizens.

So to the question we are all thinking. How hard is it to hack into a website and steal information? Well the shocking truth is that it’s getting much easier to steal information. Recently Rob Rachwald, claimed that he taught his 11 year old daughter how to perform an SQL injection attack in 15 minutes. Rob, who works for Imperva which is a cyber-security firm, said that “the tools are getting smarter”, “SQL injection attacks used to be done manually, but now due to smarter tools they can be automated”.
Once thought only a problem of big business the truth is that the most popular targets are small and medium-sized businesses that allow online transactions: think local gyms, pet-sitting services and charities, doctors’ offices.

There is a growing army of arm chair cyber criminals utilizing next generation tools looking to steal information about you and your customers.
Are you ready for them? Is your business protected? Is your customer’s information protected?
If you’re not certain, call Slick Cyber Systems at 570-371-5800, or visit us on line at www.slickcybersystems.com

Managed Services, Why Do I Want Them?

Managed Service, Why Do I Want Them?

This is an important question to rise if you have a business filled with servers, computers and staff. “What do I get with managed services that I couldn’t get with a break fix solution?”

What is a Managed Service Provider?
A managed service provider (MSP) is a third-party contractor that delivers network-based services, applications and equipment management services to business and enterprises of all sizes. The MSP is the one who is responsible for monitoring, and managing the problems your I.T. infrastructure.
Utilizing an MSP to manage and automate functions on behalf of its clients that may be overlooked by internal staff. These services often include virus updates, as well as security software updates, systems patches, backups, monitoring, auditing and overall increased control.

Often MSPs act as an extension of your own staff, taking care of routine IT infrastructure like monitoring and management of your network around the clock which frees up your staff to focus on more important business critical projects. MSP’s proactively monitor and maintain your systems in order to help you avoid problems and downtime and drive productivity and uptime while lowering costs.
MSPs have become an attractive option for many organizations regardless of your company’s size and should be an integral part of your overall business strategy, involving senior executives and key staff.

Outsourcing IT services is NOT like other outsourced services.  You maintain full control.
You decide what your staff can handle and what you want to outsource to your provider. In addition, utilizing the managed service provider model gives you more control over costs and a more predictable budget.

If you are interested in how you can benefit strategically, financially, and technologically by working with an MSP, please contact Slick Cyber Systems at sales@slickcybersystems.com , 570-371-5800, or visit us on the web at www.slickcybersystems.com