24 Feb

“Superfish” Security Vulnerability on some Lenovo Laptops

Badfish - Superfish Vulneribility ScannerHave you recently bought a non-ThinkPad branded Lenovo laptop?  If so, your passwords and banking information could be vulnerable to hackers!

Recently, it came to light that a piece of software called Superfish was pre-installed on some recently released Lenovo laptops, and that Superfish circumvents SSL, which is what many sites – including major banking and social media websites – use to secure the exchange of sensitive data such as login information and passwords. This circumvention could be exploited by hackers and third parties to silently intercept that information.  Many people are referring to Superfish as “adware” because of the exploitative behaviour it exhibits.

This is a large breach of trust issue for Lenovo and for computing in general, so if consumer privacy is a topic that concerns you, then this is a story to keep an eye on.  Yesterday, a lawsuit was filed against Lenovo for this, and certainly there will be more fallout from this before everything is said and done.

You can check if a certain model is affected in the official statement Lenovo released: http://news.lenovo.com/article_display.cfm?article_id=1929

You can also check if your computer is affected using this website, built by security experts at CloudFlare: https://filippo.io/Badfish/

If you’d like to learn a bit more about Superfish, CBC has an article that gives a broad overview of the situation:  http://www.cbc.ca/news/technology/superfish-adware-frenzy-over-lenovo-betrayal-of-trust-1.2968640

You can also download the tool to remove Superfish here, in this additional released statement from Lenovo:  http://news.lenovo.com/article_display.cfm?article_id=1931

Finally, here’s an open letter from Lenovo CTO Peter Hortensius: http://news.lenovo.com/article_display.cfm?article_id=1932
12 Feb

Avoid the top 3 security flaws most SMBs make

Network Cyber-SecurityWith advances in Internet technology, Vancouver SMBs have flourished. However, that success comes with the increased risk of cyberattacks and security breaches. It seems that hardly a week goes by without hearing about a new attack on a company’s vital data or a new malware that’s been unleashed.

 

Keep undesirables out with a network firewall
A good firewall and network security system can keep out undesirables who shouldn’t have access to your network while allowing in the good traffic you do want. But that system needs to be constantly monitored and updated to stay relevant. The lesson for today’s companies is to “take cybersecurity as serious as physical security of their employees or security of their physical facilities,” says Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin in Boston.

Ensure the protection of your customers’ vital information
If you want your customers to trust that you have the highest online protection possible that ensures their private information won’t be stolen, a firewall is the most critical IT investment you can make. And there are affordable yet top-of-line hardware and systems that detect mischief but also limit any damage before it gets too far.

Stop cyberattacks with an affordable yet top-of-the-line system
One of the best Network Firewalls on the market for small businesses is Fortinet Unified Threat Management (UTM) Network Security Appliances.  Fortinet has won numerous awards for technological innovation, product performance, and functionality, including “Company of the Year” from the British Columbia Technology Industry Association (BCTIA) in June 2014. The FortiGate-40C and FortiWifi-40C offer comprehensive network security protection against all manner of cyberattacks. Part of a complete, high performance security solutions portfolio, the system is a powerful blend of firewall, IPS, application control, antivirus, and other defensive measures that can help ensure that your computer network keeps humming.

Make sure your company’s data isn’t at risk of a security breach
The experienced team at Advance Micro Solutions can review your current system and provide consultation on where there are potential weaknesses. For a free consultation, please call 604-303-6622 or send an email to inquiry@ad-micro.com.

05 Feb

Attack of the Hacks! See where cyberattacks may strike next in 2015

Kaspersky Labs Security Landscape FeaturedIn 2013, $11 billion was lost to credit and debit card fraud. Last year, hackers compromised
the personal information of 76 million households from JPMorgan Chase. Other hackers exposed 56 million credit and debit card numbers of Home Depot customers. And of course we all know about the cyberattack on Sony Pictures, which was arguably the most notorious computer hack of the year. The numbers aren’t out for 2014 yet in terms of dollars and intellectual property lost, but cybercrimes such as these can best describe the year as the “Attack of the Hacks.”

These high-profile cyberattacks exploit age-old flaws in open frameworks. Last June, the Government Accountability Office stated that “more than 46,000 cyber incidents were reported by federal agencies in fiscal year 2013—an increase over the prior three years.”

Expect more mobile payment system cyberattacks in 2015
The numbers aren’t in yet for 2014, but cyberattacks are expected to increase on digital transactions from mobile devices in 2015. Security firm FireEye predicts that point-of-sale (PoS) attacks will be more rampant. Cybercriminals are likely to focus on finding the vulnerabilities of new types of online payment systems like Apple Pay, a mobile payment system. But you can also expect more creative targeting on payment processors and PoS management firms as retailers strengthen their defenses.

Beware of ransomware and cyber extortion
SentinelOne Labs sees a possible coordinated “time bomb” attack on enterprises through the use of ransomware. This nasty piece of software locks computer systems (usually with a fake notice from a government agency) after taking customer personal and financial data “hostage.” The cyber thief then demands an extortion be paid in Bitcoin or via PayPal before the system is released back to the company or individual. If the demand is not met by the stated time period, malicious software is unleashed on the operating systems of enterprises who fail to pay.

Can your network withstand a cyberattack?
In October 2014, famed VC/PayPal co-founder Peter Thiel spoke about cybersecurity and its current state of readiness. As data breaches pile up, Thiel expects cybersecurity to remain a big problem. “So much commerce is happening on the Internet and we often have no good intuition of how poor the security is.” He suggests that the situation can only be addressed by software.

What can your company do to ensure readiness against a cyberattack?
You can’t afford to be complacent so monitor your accounts as closely as possible. In addition, be sure to review your risk management and damage control procedures to keep corporate network intrusion to a minimum. This includes keeping up with operating system security updates and having the latest security software on your systems.

Need further help?
The experts at Advance Micro Solutions would be happy to offer a no-cost review of your IT and hardware infrastructure and suggest ways to increase security against cyberattacks. For a free consultation on data security plans and top-of-the-line disaster recovery systems, please call 604-303-6622 or send an email to inquiry@ad-micro.com.