“FBI now Recommends putting tape over your webcam / mobile camera”; I’ve recommended for sometime now, covering device webcam lens when not in use to help thwart unauthorized viewing.
Many are often in disbelief. They can’t really do that, can they? Or your just paranoid cause your a geek. “I don’t care if someone hacks my web cam.” It’s no longer a possible theory. Protect yourself. Pick up a LIGHT DIMS KIT – only $5.99 for 100 DIM stickers. Avoid the tacky look and gummy mess of roll tape. These little stickers do the job, easy removal and reusable. Share with your friends and family. Also, great for those never ending annoying flashing LEDs. Often those what were cool lights on electronic can become annoying, These help with that, quick, easy, non-permanent and inexpensive.
Dark Mode is a feature which inverses your device display so the bright white background becomes dark and the text light. Changing the contrast to be easier on the eyes by reducing the amount of harmful blue light. Studies have shown blue light is attributed to keeping one awake contributing to higher rates of insomnia among computer and mobile users.
There are a few ways to achieve this : In the OS like MacOS, Windows10 or Chrome, an App like YouTube, Microsoft Office, etc or as an Add-On like in the Chrome or Firefox browsers.
In the App eg. Microsoft Office has a “Dark Mode” in the “Options” section, under “Personalize your copy of Microsoft Office” ; Office Theme: “DARK GRAY”. There is also Black and whit, etc. Windows 10 has this capability under the “Display Options” setting, and just release MacOS. The Chrome browser achieves this with an ADD-ON.
DarkMode is a great way to relax your eyes and is particularly useful in bright sunlight or night time. Check it Out you might prefer these mode vs the brigh white background, .
Mobile productivity,powered by two screens | Flexibility to do more with multiple modes | The best of Microsoft 365,together with Android™ apps | Original design,created by Surface
Surface innovation comes to a dual-screen mobile device, featuring the best of Microsoft 365, every Android app in the Google Play store, phone calls, and more.
The magic of a 360° hinge and two screens
Introducing revolutionary new ways to use a mobile device thanks to an innovative 360° hinge, two screens, and apps that seamlessly work together. Do one better.
Open two apps side-by-side, so you can now plan your hike andpull up directions at the same time.
Pair any two apps and launch simultaneously, each on a full screen,for a completely custom experience.
Easily compose an email by typing on the bottom screen keyboard,while viewing your draft on the top display.
Drag ingredients from a new recipe from one screen directly to your To Do list on the other for an instant shopping list.
Scroll through your photo library on one screen, while viewing your selection on the other.
All-day batterylife
Lasting power throughout your day. And, when you do need a boost, go from low to full with Fast Charging.3
More pixels in your pocket
Dual, high-resolution PixelSense™ Fusion Displays open to 8.1″ for more space toget things done.
See and do more with widescreens
When opened, Surface signature 3:2 aspect ratio is perfect for reading, streaming,and staying productive.
Write and sketch on screen
Take notes and draw across apps on Surface Duo with thin,light Surface Slim Pen.**
Mobile typing,reimagined
Stay productive with the adaptive keyboard, optimized for every mode.
Secured,one-step sign-in
Surface Duo features a built-in fingerprint reader for fast,secured access.
Your PC loves Surface Duo, too
With the Your Phone app and your Windows 10 PC, you get instant access to everything you love on your phone, right on your computer.4
Never miss a beat
Complete your Surface Duo experience and fuel your productivity with Surface Earbuds.**
There has been a recent rise in the discovery “weaponized” hardware appearing on business networks world wide. “Weaponized” what? Hardware? Weaponized Hardware refers to physical devices which can be plugged into or attached to a network for the purpose of sniffing data or deploying injection attacks such as key-logging or ransomware deployment. Yes it is very dangerous.
Thanks to Black Hat security experts creating penetration tools to help IT security professionals detect and thwart cyber-attacks, it can comes as a backlash where nefarious attackers get their hand on the devices and use them for ill rather than for good. If you see anyone in or around your office with the infamous “pineapple” logo, you likely have a hacker in your mitz. The pineapple logo is the brand logo for HAK5, a company that creates and offers cyber-security emulation and detection devices to help network professional detect and block such weaponized hardware attacks.
A “Managed Firewall” can help detect and log activity from these “stealth” devices, which is why you should have a managed firewall on your network.
Weaponized Hardware
Here are a few of the most common “hiding in plain site” weaponized hardware attack devices:
This like a real mobile device cable. The O.MG contains a web server, 802.11 radio, and way more memory and processing power. The O.MG Cable is built for covert field-use by Red Teams, with features that enhance remote execution, stealth, forensics evasion, all while being able to quickly and dynamically change your tooling with minimal effort.
The O.MG Cable allows an attacker execute almost every feature via wireless, and not just creating, saving, or executing payloads. It can then be flash clean wiped to a convert innocuous state, which “break” the O.MG Cable so it will no longer pass data, and even flash new firmware therefore now making nearly impossible to detect that it was even deployed.
“Rubber Ducky” is the most famous where an ordinary looking USB flash drive is plugged into a computer or printer device on the network and begins deploying packet sniffing software which then reports back to the attacker via your network with the sensitive data the attacker is after, Nearly undetectable without the proper security polices and firewall setup “beforehand”.
“Signal Owl” is Screen Capture Device that can be attached to the back of a display device and record all the keystrokes and take screen snapshots behind the scenes unenclosed to the user or even the business owner.
Signal Owls are often see these devices in banks and retail outlets were the IT Dept or business owner intent is to monitor employee computer usage.
The issue is weather that stream is encrypted, if not it is vulnerable to “skimming” and the device itself can be hacked by someone else.
There are better ways to keep employees focused and bad stuff off your network. Like Firewall blocking of non-essential sites and an “Intranet” internal website to keep employees focused on work and not social media, news or shopping. The attackers simple physical presence in the environment can deploy a “signal owl” with- No access to your network!
“Shark Jack” plugs directly into any network “jack or network cable to deploy and do it’s dirty work.
There are even “weaponized mice” that can be purchased that are actually “spy” devices. (a good reason to buy from a reputable computer manufacturer rather than an off brand or used device.
This is a good reason to utilize a Managed, Monitored and maintained network via a reputable Cloud and Manged Services Provider such as South Bay Computer Solutions offering options to help keep your network safe from such devices and attacks.
These are just a handful of devices available on the market to would be – could be hackers.
If you see these logos on a backpack , sticker or the like, you likely have a “HAKer” in your mist.
This article is to keep you aware of what might be lurking in or around your network and how to spot them. Keep an eye out for expanded articles on these “spy” devices and how you might thwart them.
Our past warnings and concerns over being monitored (spyed) upon through SmartTV’s is real. In addition to the now typical advertiser tracking, the provider themselves are tracking and serving content based upon your viewing habits. This is kept in a database just for you. Perhaps most importantly is the accessibility to microphones and cameras on smart devices, in particular Smart Tv’s. We have recommended covering laptop cameras and disconnecting desktop cameras when not in use.
These devices have now become known as “edge” devices as part of your “IoT” network, known as the “Internet of Things”. We affectionately refer to “IoT” as the “internet of Insecure Things.”
The FBI has now released a stark warning to users to cover smart TV cameras with tape as well.
We recommend having a managed secondary firewall to help monitor, maintain and protect your IoT network.
Welcome to the New World Order.
Keep an eye out for our recommendations on how to secure your “Iot”. Yes your refrigerator will be spying on you.
We’ve noticed a strange anomaly when Microsoft rolls out a “feature” upgrade is performed such as the Anniversary Update (v1607), original Creators Update (v1703), or Fall Creators Update (v1709), the update will clear at least (1) Restore Points, (2) Event Log Entries, (3) Windows Update History, and (4) Reliability History. Basically they are installing a new operating system, and using restore points from previous versions would apparently mess things up. Thus, one does not have the option of rolling back to the previous version for a period of time if you have issues with the new version.
As IT Professionals – WE DON’T LIKE THIS. The whole purpose of a restore point is to “RESTORE” the system in the event something breaks as a result of a new app, update or malware. So be sure to check your Restore Points and be sure they are turned on. Simply “Search” for “Restore Point” and check if it is turned on, if not “Turn Restore Points On” for your C: Drive. A virtual machine backup like StorageCraft would also enable you to rollback to prior to one of Microsoft’s “Big Update”.
If you need help with this and want one of our Remote Computer Inspection / Tune Up Sessions. Please call (310) 791-8507 or email us at support@southbaysolutions.net .
Is your data backed up? Can you restore your systems and files quickly in the event of a computer crash?
World Backup Day is the perfect day to check your backup status, for your home and your business.
You should be following the “1-2-3 Rule” at minimum, while reviewing and testing backups regularly.
1 = The “Working Copy” on your local computer / device.
2= “Local Copy” to a hard drive or network device on a USB Device or your network.
3= “Offsite / Remote / Cloud” copy on a secure storage server in the cloud.
If you’re are using offsite cloud services like IDrive, Carbonite or Acronis check your status and/or logs to make sure your important files are backed up and can be restored. It is recommended to regularly restore at least one file to a temporary folder then test open the file to assure it is indeed recoverable and readable.
Do you have a website? Be sure that is properly backed up on a regular basis as well. Believe it or not “most” web hosting companies “DO NOT” do a good job of backing up your website and databases.
CMS sites like WordPress and Joomla can be particularly finicky in the event of needing a restore is required.
Be sure you are using a quality backup service like Jetpack, Updraft Plus or WP-Clone. Ideally backup copies should be on a different storage location other than the server the website is hosted.
If your running an e-commerce shop on Shopify, Etsy, e-bay, etc. be sure you back that information up or have a copy of the content on your local drive, e-bay, in particular has been known to lose drafts and listings.
Using my secure remote support service is the best way to setup your backup, I have configured hundreds perhaps thousands of systems and can help assure your backups are configured and working. Get a full system Tune-Up / Security Check for extra peace of mind.
Just call 424-532-1633 or email to schedule a remote session today.
Phishing attacks are on the rise for businesses, as threat actors focus their efforts on more profitable targets. What can your business do to stop them? Implement an anti-phishing plan that increases awareness of phishing techniques for you and employees.
10 TIPS TO HELP SPOT PHISHING ATTEMPTS
In 2018, businesses saw a 132% increase in information-stealers, such as TrickBots which use phishing emails to infiltrate organizations and drop their payloads.
1) Look for poor spelling
Errors in formatting, and email addresses in the “From” field that look suspicious. Perhaps the formatting and design are different from what you usually receive from the organization. Maybe the content sounds strangely formal. The possibilities are endless.
2) Attachments are always a sign of malware
Attachments should be treated with kid gloves. When in doubt, do not open the attachment. Instead, try to contact someone you know from the organization listed in the email to confirm or delete the email without opening (RGHT-CLK – Delete) in Outlook.
3) Do the URLs match?
Hover over the link displayed in the email to see the actual URL. If they are different from one another, do not click.
4) Phishing emails often impersonate
Attachments should be treated with kid gloves. When in doubt, do not open the attachment. Instead, try to contact someone you know from the organization listed in the email to confirm or delete the email without opening (RGHT-CLK – Delete) in Outlook.
5) Just because a URL has a green padlock
Doesn’t mean it’s safe. With a public push for websites to adopt HTTPS protocols, cybercriminals have jumped on the bandwagon, easily purchasing SSL certificates for their phishing pages.
6) Mobile device users are at risk
Of being scammed by lengthy faux URLs that cannot be fully viewed on screen. The visible portion may be tailored to appear legitimate, but the rest of it—which would give the game away—is hidden off-screen. Employees checking email on their phones or browsing the Internet should always review the entire URL before clicking.
7) Dubious apps are a potential problem
As carefully-worded pop-ups asking for permission to access sensitive data have duped many. When installing desktop or mobile apps, it’s best to review the app’s online reviews, and make sure you’ve selected the legitimate version. Are the logos the same? Does the user experience match what you’d expect?
8) Promoted social media content can lead to phishing
Especially as ads tend to be targeted to individual interests. We recommend users not engage on social media from their work devices, or if they must, limit their engagements to work-specific tasks. Also, never go to social sites on critical systems like CAD/CAM workstations,Servers or mission critalce systems.
6) That Green Padlock in the URL bar ?
So, where does the green padlock come into play? The green padlock simply means that traffic to and from the website is encrypted. A certificate, provided by a certificate provider (Certificate Authority or CA), is used to set up this encryption. Sounds good, right? But the only thing you can actually be sure of when you see such a padlock is that your computer is connected to the site that you see in the address bar.
10) Desperation is a surefire sign
Kinda like dating, desperation is a sure sign something of trouble. It’s panic buying, but not as we know it. E-mails claiming a tight time limit to log in and perform an action, alongside the threat of losing X or Y forever, should be deleted or forwarded to he company’s security and/or fraud departments.
“Phishing is a method of tricking you into sharing passwords, credit card numbers, and othersensitive information by posing as a trusted institution in an email or phone call.
All about phishing
What is phishing?
Phishing is the crime of intending to deceive people into sharing sensitive information like passwords and credit card numbers. As with real fishing, there’s more than one way to reel in a victim, but one phishing tactic is the most common. Victims receive an email or a text message that imitates (or “spoofs”) a person or organization they trust, like a coworker, a bank, or a Government office. When the victim opens the email or text, they find a scary message meant to overcome their better judgement by filling them with fear. The message demands that the victim go to a website and take immediate action or risk some sort of consequence.
If users take the bait and click the link, they’re sent to an imitation of a legitimate website. From here, they’re asked to log in with their username and password credentials. If they are gullible enough to comply, the sign-on information goes to the attacker, who uses it to steal identities, pilfer bank accounts, and sell personal information on the black market.
There are some important changes in the world of data backup, specifically regarding the exceptional product that many of you have come to rely on – iDrive. As your dedicated IT professional consultant, it is my responsibility to keep you informed about...
Our Top-Rated Best Computer Backup and Cloud File Access Cloud Tools for Home Users and Businesses Alike! The best data backup software 2022. We began testing IDrive early on way back in 2002. Backup tools were really beginning to blossom, faster than we could keep up...
Google has announced a major change for website ranking on Google. "Helpful Content Update" should start rolling out this week. It could be as big a shakeup as the Penguin update launched 10 years ago The Google ranking update is reportedly to target content "written...
Cloud bleed was a Security Breech which involved leaked code for customers which use the CloudFlair platform. This include many BIG and SMALL companies for data storage, sharing, web hosting and websites. Cloud-flair has apparently fixed the issue. Essentially it allowed other “bad” sites to read information your browsers cache .
A new vulnerability has been found in off the shelf routers including such as Netgear and Linksys. The bug is present in WPA2’s cryptographic code and can be utilized to trick a connected party into reinstalling a key which is already in use. While the code is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.
In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android 6.0 Marshmallow and newer.
The attack could also be troublesome for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets and hackers.
The vulnerability does not mean the world of WPA2 is completely useless, but it is up to vendors to mitigate the issues this may cause.
The would be perpetrator would need to be within WI-FI range of your network to gain access. It is not something as of yet whcich can be accessed via the internet from half-way around the world.
South Bay Computers website shop and blog contain links to our affiliates and partners. Sales of software, hardware or services generate commissions for sales through our site. All purchases from this site is greatly appreciated it helps keep our blog going. Thanks.
What is Office 365?
Transform your Office into a Productivity Machine!
At its heart is Office itself—the familiar Office applications businesses use everyday—now offered as a cloud service, so it’s always up to date. But Office 365 is also so much more. It’s about bringing enterprise-grade services to organizations of all sizes, from online meetings to sharing documents to business-class email.