Covid-19 (or the coronavirus) has spread around the globe and changed the way we live and conduct business. At Y-Not Tech Services we’ve always been a big fan of technology and while it’s sad to see how the world has had to respond to this pandemic, we’re happy to see that technology has enabled the business and family to remain close. Businesses have taken to remote work and can continue to get things done and move forward. Meanwhile, families are coming together in video chats. Technology has made this possible where even 10 years ago it might not have been. [Read more…]
“Your Antivirus needs to update.” “Your computer hasn’t been scanned in 27 days.” “Virus definitions on your system are out of date.” “We found 3 infections on your system – What would you like to do?”
If you have seen a message like any of the above and were confused by it, don’t worry – you are not alone. Many of the computers I look at for clients don’t have sufficient virus protection. I find that some of my clients purchase and install antivirus, but don’t know how to configure it so it ends up outdated and ineffective. [Read more…]
Whether you want to keep an eye on the kid’s room or you are worried about break and enters and other security concerns, a security camera can find a home in almost every house and business. For many, the price of a decent camera has been a barrier, but camera quality has been improving and today, I’m going to introduce you to a great little camera that is affordable enough for nearly anyone!
Microsoft has announced it’s ‘End of Life’ date for the popular Windows 7 Operating System. January 14, 2020 is the magic date they have chosen. Today we’ll talk about this means for you and I’ll share a special offer to get you upgraded to the latest version of Windows 10. [Read more…]
Do you use an HP laptop or know someone that does? This post is for you!
Y-Not Tech Services has found out about a serious security flaw that affects 460 models of HP Laptops. A security researcher has found that these laptops have a keylogger that was pre-installed on the computer. A keylogger is code that will log every keystroke you make and can send that data to someone else. This would include any password you type, any e-mail you send, your bank and credit card information. [Read more…]
Kaspersky Labs makes an antivirus software that did a good job at finding viruses. Unfortunately, it has been discovered that it also does a good job at finding government secrets and other information it has no business finding. According to an article in The Wall Street Journal and other sources, Kaspersky Antivirus has been turned into a spy tool to find US government secrets. According to reports, it targeted specific terms including Top Secret and classified code names of US Government projects. [Read more…]
I’m writing this morning to let all my clients, friends, family and followers know about a new source of Malware. A popular clean-up utility called CCleaner has been found to contain a Malware called Floxif. This comes shortly after Avast bought the company that makes CCleaner – Piriform. It is Y-Not Tech Services’ opinion that CCleaner and all other Avast products should be avoided. This particular threat has been found, contained and cleaned up, but I no longer have confidence in CCleaner or the security processes at Avast that should keep their products safe. Avast is a computer software company that specializes in antivirus programs. So the fact that a piece of malicious software made it through their security and into a popular software is surprising. Although, not THAT surprising if you pay close attention. In an article I wrote in May of this year I called out Avast for missing 6 malware pieces that were active on my PC and that Emsisoft picked up and removed as soon as I upgraded to it. The Malware in CCleaner was Digitally Signed as safe and trusted.
What Do You Need To Do?
I recommend un-installing CCleaner immediately. I used to use CCleaner all the time. When Avast bought them, I slowed down on my use since I was already leary about Avast product based on my experience with their Anti-Virus program. Now, I will be actively avoiding all Avast products including CCleaner. It’s unfortunate because it was a great program previously, but I can’t have the risk of it installing Malware on my or my client’s systems.
If you use Y-Not Tech Services Gold Plan and had CCleaner installed, you will automatically have been updated to a version without the Malware and your System will be safe. If you don’t have our Gold Plan, I recommend bringing your system in for a full Virus Scan to check for traces of the malware. To learn more about our Managed Services or to sign up to stay safe in the future Click Here.
If you are currently using Avast Anti-Virus or any other free anti-virus program including Windows Defender, I recommend upgrading to Emsisoft. Y-Not Tech Services offers a free 30 day Trial of Emsisoft and can Install and Configure the software for free when you buy it. Emsisoft is also included in our Silver, Gold or Platinum Plans. The plans are a great way to stay protected because they have us monitoring and making sure that your security program is updating and scanning regularly! We also review all malware that is found on your system and the Gold and Platinum Plans even include FREE virus removal if something gets past our security.
If you used CCleaner and are looking for something to replace it with we recommend checking out BleachBit. Y-Not Tech Services hasn’t fully reviewed BleachBit yet, but plan to in the near future and it’s currently the winner for our replacement needs of CCleaner.
It’s unfortunate that CCleaner has been compromised, but as I mentioned I stopped using them when Avast bought them up. Too many times I have seen great software ruined when other companies buy them. The vision and drive seems to get lost in larger companies.
If you have questions or concerns, please book an appointment:
Bank Fraud. We all know it happens. It’s never happened to me. Hopefully, it won’t. Hopefully, it hasn’t and won’t happen to you either. Below, you’ll find some tips to prevent it. It happened to a friend of mine. This is a true story. He woke up and found his bank account was overdrawn. He went from having money and knowing how his bills were getting paid to having negative $250 and stressing about paying rent. As he started to unravel the trail, he discovered just how devious these criminals are. They had gained access to his online banking with Scotia Bank. Then they sent an E-Transfer to someone already on his transfer recipient list (in this case, his roommate that he had sent money to for concert tickets). They sent all the money in his account, plus his overdraft in an E-Transfer and gained access to the roommate’s email to accept the E-Transfer and send it to the criminal’s account. Poof! All of my friend’s money was gone. He’s filed a fraud report with the bank and hopefully will get the money back. I doubt the criminal behind this will be caught though. And even if the money is returned, my friend is in for a very stressful time. All his day to day expenses are currently being put onto his emergency Credit Card. The longer it takes the bank to finish up their investigation and place the lost funds back in his account, the more debt he will incur and the more interest he’ll need to pay. He’s so stressed out about it, he can hardly concentrate at work.
Y-Not Tech Services can’t be sure how the criminal gained access to my friend’s account. But we have some guesses.
- Keylogger – A keylogger on the device used to log into the bank account would send the account number and password straight to the criminal. Perhaps a shared device also gave the criminal the roommate’s email password.
- A weak password – The criminal may have been able to guess or use a brute force method to find the password used on the account.
- Using the same or similar password – It’s doubtful in this case that Scotiabank’s servers and files were compromised. However, if my friend used the same password for his banking as he used on other, less security minded websites, and one of these were hacked, the criminal could simply apply that compromised password to the bank account.
- Easy Security Questions – Most Accounts have security questions you can set up to gain access to your account if you forgot the password. Questions like, “What was my mother’s Maiden name?”, “What elementary school did I attend?”, or “What was my first pet’s name?” Do you know where I can find the answer to most of those questions? Your social media accounts.
- Poor Email Security – This is related to the others, but if a criminal gains access to just your email account, they can wreak havoc on your life. Not only can they see all the accounts you’ve signed up for, but some accounts will actually send your password in a welcome email in plain text. Now if you have a habit of doing number 3, the criminal has a great starting point to reverse engineer the passwords to your other accounts, like your bank. Additionally, your bank and other accounts may offer to email you a link to reset your password, so if the criminal has access to your email, they will get the link.
- Social Engineering and Phishing – It’s possible my friend was the victim of a phishing attack, having entered his account details in a fraudulent site without realizing it.
Now let’s look at each of these possible attacks and examine how we might be able to avoid them.
- A good Anti-Virus/Anti-Malware should take care of any keylogger lurking on your computer. In Y-Not Tech Services experience and research we’ve come to trust Emsisoft. You can get a FREE 30 Day Trial here.
- Coming up with and remembering good passwords can be a challenge. This is why so many people end up using simple passwords. Some of the most popular passwords out there include 1234, password and football. It’s important for us to use strong passwords. It’s a good idea to include both capital and lower case letters, numbers and symbols in your password.
- OK, I’ve created a strong password. Let’s say it’s 3x@mP1e – I’ll just use this strong password on every site I visit! That’s not a good idea. If you do, all it takes is one site to be compromised and have their user data stolen. Now the criminals behind the attack on the site could have both your email and the password you used. Then it’s just a matter of typing them into other sites and gaining access to your accounts. We should use a different password for different sites.
- We want to pick obscure questions when choosing our security questions. Don’t choose anything that the answer can be found on your Social Media profile. Even if you have locked down the privacy on your own social media account, criminals may gain access to your information through a friend who has their account compromised.
- Keeping your email account safe, mostly comes down to focusing on the other aspects we’ve mentioned. Use a strong, unique password for your email account. Choose your security questions carefully. If available, you might consider using 2-factor Authentication for your account. Change your password frequently and use a good Anti-Malware software.
- To avoid Social Engineering attacks you need to familiarize yourself with the tactics they use. You can start with Y-not’s Internet Security Basics article. Once again, a good security software will often detect and alert you to fraudulent sites.
I hope that these tips will help you avoid identity theft and fraud. I know that many of them are inconvenient to stay on top of. Using strong passwords and remembering many different ones, but it can be compared to the inconvenience of locking your home’s door. It takes extra time and it’s annoying to unlock it while juggling 17 grocery bags, but you do it because burglary is all too common. It’s the same with our digital security. It might be annoying, but if want to avoid financial loss and stress we should take the time to review our online security.
Why not let Tony help you audit your security measures?
UPDATE: About a month after this happened, the bank concluded their investigation. They determined that this wasn’t something they could prove was fraud (or something like that) and they aren’t able to return his money.
Contact us today to set up an appointment.
It has recently been discovered that the audio driver used in some HP laptops has keylogger built into it and has been recording all the keystrokes that are made on the computer. That means that everything typed on the computer is being saved to a file. Passwords, Credit Card numbers, e-mails, chat logs… it’s all in there.
This is certainly cause for alarm. While the audio driver may not be doing anything with this log, it watches what is pressed to look for key combinations that control Microphone and Speaker shortcuts, other malicious programs could certainly access it. This is especially true now that the exploit has been made public. I would bet that virus and malware coders are currently hard at work targeting this. After, the hard work has been done for them!
Here is a list of the known models that are affected:
HP EliteBook 820 G3 Notebook PC HP EliteBook 828 G3 Notebook PC HP EliteBook 840 G3 Notebook PC HP EliteBook 848 G3 Notebook PC HP EliteBook 850 G3 Notebook PC HP ProBook 640 G2 Notebook PC HP ProBook 650 G2 Notebook PC HP ProBook 645 G2 Notebook PC HP ProBook 655 G2 Notebook PC HP ProBook 450 G3 Notebook PC HP ProBook 430 G3 Notebook PC HP ProBook 440 G3 Notebook PC HP ProBook 446 G3 Notebook PC HP ProBook 470 G3 Notebook PC HP ProBook 455 G3 Notebook PC HP EliteBook 725 G3 Notebook PC HP EliteBook 745 G3 Notebook PC HP EliteBook 755 G3 Notebook PC HP EliteBook 1030 G1 Notebook PC HP ZBook 15u G3 Mobile Workstation HP Elite x2 1012 G1 Tablet HP Elite x2 1012 G1 with Travel Keyboard HP Elite x2 1012 G1 Advanced Keyboard HP EliteBook Folio 1040 G3 Notebook PC HP ZBook 17 G3 Mobile Workstation HP ZBook 15 G3 Mobile Workstation HP ZBook Studio G3 Mobile Workstation HP EliteBook Folio G1 Notebook PC
If you or someone you know uses any of these models, please contact Y-Not Tech Services so we can help clean up the log and keep you safe! This can be done remotely so feel free to contact us even you aren’t in the Lethbridge area.
Why not let Tony keep your private information private?
Y-Not Tech Services have just heard of a widespread Phishing attack that is targeting users of Google’s Gmail platform. This attack may appear to come from someone you know since it is taking over people’s accounts. This is how it is spread.
The attack will appear to be a simple Google Doc that has been sent to you (Again, possibly by someone you know). If you click the link, your account can be taken over by the attackers, and the phishing e-mail will be sent out to your address book.
Here is a statement from Google:
Always use caution when opening e-mails and links. If you have any doubts or concerns, DO NOT OPEN THE E-MAIL. Be extra cautious as this will be spreading. If I learn more, I will update you.
UPDATE FROM GOOGLE:
Y-Not Tech Services is happy to assist anyone who may feel they were affected by this or any other malicious activity.