KB Printer & Computer Support

11/19/2016

Michigan State University has confirmed that on Nov. 13, 2016, an unauthorized party gained access to a university server containing certain sensitive data.

The database, which contained about 400,000 records, included names, social security numbers, MSU identification numbers, and in some cases, date of birth of some current and former students and employees. It did not contain passwords, financial, academic, contact, gift or health information. Of those records, 449 were confirmed to be accessed by the unauthorized party. The affected database was taken offline within 24 hours of the unauthorized access.

MSU has undertaken a number of efforts to notify all students, alumni, staff and faculty who were affected.

MSU has set up a website to be the central location where all updates regarding this incident will be posted. It includes a background of the incident, FAQ's section, and all future comments to the incident will be posted on https://msu.edu/datasecurity/.

Spartans discover solutions for the world's most challenging problems—from alternative energy to the environment, from health to education. Spartans Will.

11/19/2016

Is your IPhone sending your call data to Apple?

You only need to have iCloud itself enabled for your IPhone to Secretly send your call history data to Apple.

Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user notification, consent, or choice said Vladimir Katalov, CEO of Elcomsoft.

The most disturbing thing is the fact that the logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls.

It’s not just regular call logs that get sent to Apple’s servers. FaceTime, which is used to make audio and video calls on iOS devices, also syncs call history to iCloud automatically, according to Elcomsoft. The company believes syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which Apple released in March 2015.

And beginning with Apple’s latest operating system, iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged to the cloud, Katalov said.

https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/

Your call logs get sent to Apple’s servers whenever iCloud is on — something Apple does not disclose.

11/16/2016

Why should you use a local trusted computer repair shop?

Your local big box stores often hire employees that are unskilled, and non-technical. They provide them with automated tools that vaguely diagnose equipment problems. Being non-technical they often misdiagnose problems, or find problems that don't even exist.

All too often they have to meet sales quotas, and use this as an opportunity to sell you software, or services that you don't even need.

A trusted local computer repair company hires skilled employees, and continues to train their staff on the changes in the industry. They rely on satisfied and repeat customers to stay in business, instead of a large volume of customers to generate revenue.

The next time you require help with your equipment we recommend that you find a local repair shop that has your best interests in mind.

Office Depot is the company highlighted in this story, but other companies like the GeekSquad have been caught doing the same thing.

Office Depot is under fire for services that a former employee believes take advantage of unsuspecting customers. An undercover investigation by CBS affiliate KIRO appeared to capture the company's technicians diagnosing computers with problems that did not exist. KIRO's Jesse Jones, who broke the s...

11/13/2016

While veteran's day may be over this year. There are plenty of ways that you can show your support for our countries veterans year round. Support a veteran owned business near you.

You can search a directory of Veteran Owned Businesses by State, or Category here. https://www.veteranownedbusiness.com/.

Veteran Owned Business Project: Small Businesses owned by U.S. Military Veterans, Active Duty Military, Reservists, Service Disabled Veterans (SDVOSB)

11/12/2016

Before you download that new shopping app for the Holidays shopping season. There are some things you need to be aware of, and watch out for. We at KB Printer & Computer Support urge everyone to see what they need to be on the lookout for.

Scam Of The Week: Watch Out For Fake Apps

11/12/2016

Something you really need to think about before you answer your phone. If you receive a call from someone purporting to be from Microsoft, the IRS, Google, or Yahoo. It's not a call that you want to take. Definitely something that everyone need to think about.

11/10/2016

One reason that you should not keep liquids near your computer, or laptops. While this demonstration is using water which is the least damaging liquid you could spill. Coffee with sugar/sweetener, or pop which has a sweetener, will do a lot more damage.

11/09/2016

Business email compromise scammers have gradually changed their tactics to improve their scam success rate. Spear Phishing is going in a new direction. New BEC scams seek to build trust first, request wire transfer later. https://www.symantec.com/connect/blogs/new-bec-scams-seek-build-trust-first-request-wire-transfer-later

Business email compromise scammers have gradually changed their tactics to improve their scam success rate.

10/27/2016

Emergency Flash Player patch fixes Zero-Day critical flaw

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of. The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code ex*****on. "Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday https://helpx.adobe.com/security/products/flash-player/apsb16-36.html. Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux https://get.adobe.com/flashplayer. The Flash Player runtime bundled with Google Chrome, Microsoft Edge, or Internet Explorer on Windows 8.1 and Windows 10 will automatically update with the browsers update process.
Adobe credited Neel Mehta and Billy Leonard of Google’s Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect their customers.
In its Internet Security Threat Report released earlier this year Symantec noted how four of the five most widely exploited zero-day vulnerabilities last year were in Adobe Flash. According to Symantec in 2015 about 17 percent of all zero-day vulnerabilities discovered were in Adobe Flash, 50 percent in 2014, and 22 percent in 2013.
References:
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
http://securityaffairs.co/wordpress/52739/hacking/cve-2016-7855-adobe.html
https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/
https://resource.elq.symantec.com/LP=2899

10/21/2016

Cisco's Talos team has launched a tool that helps protects PCs from master boot record attacks, which are widely used by ransomware developers. Called MBRFilter, the tool "functions as a signed system driver and puts the disk's sector 0 into a read-only state." Cisco is currently offering the tool to 32-bit and 64-bit Windows users. It has also published the source code on GitHub. You can read the blog post from Cisco's Talos Group http://blog.talosintel.com/2016/10/mbrfilter.html .

The Github executables, and source code can be found here https://github.com/vrtadmin/MBRFilter/releases/tag/1.0.

The summary from the blog post reads:
Ransomware has become increasingly prevalent in the industry, and in many cases, unless there is a publicly released decryptor available, there is often not an easy means of retrieving encrypted files once a system has been infected. In addition to the creation and maintenance of regular system backups, it is increasingly important to focus on a multi-tiered defense-in-depth network architecture in an effort to prevent initial endpoint infection. This is often difficult in an evolving threat landscape where new ransomware families are being developed and deployed seemingly every day by threat actors of varying levels of sophistication.

While many ransomware families focus on the encryption of all or portions of a target system’s files others, such as Petya, rely on overwriting the contents of the Master Boot Record (MBR) to force a system reboot then only encrypt the Master File Table (MFT) of the hard drive on infected systems as a way to coerce users into paying the threat actors to retrieve the encryption keys required to decrypt their files.

To help combat ransomware that attempts to modify the MBR, Talos has released a new tool to the open source community, MBRFilter, a driver that allows the MBR to be placed into a read-only mode, preventing malicious software from writing to or modifying the contents of this section of the storage device.

Microsoft has already attempted to fight back against bootkit attacks with the inclusion of cryptographic verification in the bootloader of Windows "Microsoft's Secure Boot". However Secure Boot does not work on every computer and is only included in Windows 8 and up.

Computer World has an article Lucian Constantin By Lucian Constantin of IDG News Service covering the MBR Filter tool in plain english for the average user. http://www.computerworld.com/article/3133349/security/free-tool-protects-pcs-from-master-boot-record-attacks.html .rss_all. While the Cisco's Talos Groups blog post goes into much more detail.

This post was authored by Edmund Brumaghin Summary Ransomware has become increasingly prevalent in the industry, and in many cases, u...

10/17/2016

Storefront for the National Republican Senatorial Committee hacked. For at least the last 6 months there has been credit card skimming injected into the store front of the NRSC. You can view the video to get an idea of how it worked, and was detected.
http://arstechnica.com/security/2016/10/hacked-republican-website-skimmed-donor-credit-cards-for-6-months/

People who donated to Senate Republicans may want to check their bank statements.