Last updated by at .

Cybersecurity 101: Prevention Tips with Casey (VIDEO)

by Feynman Group

Posted on 2019-01-10 00:46:28


 

Feynman Group’s Director of Information Technology shares his top prevention tips that address today’s complex digital workplace and how to protect your business data.

 


Meltdown & Spectre Update

by Mike Wilson

Posted on 2018-01-13 00:27:10


cpu, spectre, meltdown, Intel, Feynman GroupAs you may have seen in the news, last week the technology world was shaken by the disclosure of two vulnerabilities in modern processors, known as Meltdown and Spectre. These vulnerabilities are unusual, in that they target the CPU directly, which means that the operating system is not the source of the problem. In other words, any server, PC, mobile, or embedded device running an affected processor is vulnerable and will need to be patched.

 

Though these vulnerabilities are unusual in some ways, Meltdown and Spectre are similar to other vulnerabilities in the ways that they can be exploited. To exploit these vulnerabilities, an attacker must execute malicious code on a vulnerable system, via such means as an email attachment, browser plugin, or document macro. This means that normal digital hygiene practices apply very well to this situation.

 

To eliminate your exposure to these vulnerabilities, be sure to stay current on security patches for all network connected devices; including servers, PCs, and also network printers, firewalls, etc. Patches have already been released by Microsoft for Windows 10, and by Apple for Mac OS and iOS. Microsoft will be releasing patches very soon for the other supported versions of Windows, and other vendors are already rolling out patches, as well.

 

In addition to operating system updates, PC and Server hardware manufacturers have released their own patches that cannot be installed via typical operating system update procedures. These updates can be obtained via the manufacturer’s website and installed manually. Some manufacturers have their own automatic update mechanisms. For example, if you have a Dell PC running the Dell Command Update client, then you will automatically receive a notification when a BIOS update is available.

 

If you have any questions or concerns about your network security, please don’t hesitate to email us at support@feynmangroup.com or call us at 541-342-5531.


Security Vulnerability Discovered in Wi-Fi Networks

by Scotty McConnell

Posted on 2017-10-16 23:53:55


wifi-security-vulnerabilityResearchers in the UK have successfully broken the previously unbreakable WPA2 Wi-Fi security protocol.

This is a major announcement because the WPA2 protocol is used in almost every Wi-Fi network, meaning countless computers, smartphones, “internet of things” devices, and others are vulnerable to attack.

 

Feynman Group has the following proactive suggestions for our customers and partners to avoid exploitation:

  • This particular security risk is only available to the Wi-Fi coverage area. A potential hacker must be within range of your wireless network to take any action.
  • Where possible, connect to the network using a network (Ethernet) cable instead of wireless.
  • If you have Wi-Fi installed at your home or office, check with the manufacturer to see if/when an update may be available.
  • Websites which are secured with HTTPS (such as Google.com) are generally still secure even when browsing over a public / vulnerable network.
  • Some Wi-Fi vendors have already provided patches for this security issue, and many others will follow in the coming weeks.

 

For more information or further assistance, please reach out to our technical support team at support@feynmangroup.com or call (541) 342-5531.

 

Thank you,

Feynman Group, Inc.

(541) 342-5531

support@feynmangroup.com

 


Everything You Need to Know About the Global Ransomware Outbreak

by Mike Wilson

Posted on 2017-05-17 16:01:37


 

WannaCrypt, also known as “WannaCry,” is a ransomware attack that made international news headlines for hijacking computer systems across the globe last week. WannaCrypt infiltrated thousands of computer systems and held their files hostage. Hackers demanded $300-$600 worth of Bitcoins for users to reclaim access. Its reach was massive, with over 150 countries falling prey to the malicious software. Businesses in China, UK hospitals, and Russia’s interior ministry were among the victims.

How Does WannaCrypt Work

WannaCrypt is believed to initially breach systems via email attachment – from there, it spreads quickly. The malware exploits a security vulnerability in Windows software called Server Message Block, which is used to transfer data between trusted computers. WannaCrypt employs EternalBlue (an exploit believed to be created by the United States National Security Agency that was later leaked by a hacker group) to spread throughout a business’ system in a matter of seconds, no user activity necessary. Meanwhile, a portion of the code called DoublePulsar installs a backdoor into the infected systems, giving the hacker remote control of the computers.

Reports of new infections have come to a halt, thanks to a malware researcher who discovered a web domain in the code. But this outbreak serves as a wakeup call to businesses and organizations everywhere: protect your IT systems.

The Consequences of Malware

Being the target of a malicious software attack can be costly. It puts sensitive information in the hands of hackers, puts you at risk for losing crucial files, leads to a pricey recoup process, and diminishes customer trust in your business. Your computer systems are home to the very information that keeps your business running – if they are compromised, it can be difficult to recover.

Steps to Better Security

Since ransomware is an imminent threat, it’s important to do everything possible to protect your business from infection. Here’s a list of preventative steps to bolster your IT’s network security:

  • Apply available critical and security updates to all computers regularly
  • Block potentially malicious files from entering your system using email anti-spam, anti-virus, and employee training initiatives
  • Request that employees only open attachments when they are absolutely necessary, and expected to arrive
  • Demonstrate additional caution with Microsoft Word for Adobe PDF files delivered by email
  • Test and validate data backups regularly

You can detect malicious software in your systems by configuring email alerts from anti-virus agent detections, employing network-based anti-virus and anti-malware software, and setting up monitoring on file servers to detect changes to your files.

How We Can Help

Our team here at Feynman Group has years of experience defending businesses from malware like WannaCrypt. We have expertise in preventative protections, as well as recovery solutions. Through our partnerships with Cisco AMP, OpenDNS, Cisco Firepower, and Datto, we can give your business the best chance of surviving malicious software attacks. This past week showed the world that it’s more important than ever for organizations of every kind to strengthen their IT security. If you’re not sure whether or not your business is properly protected, contact us for a free backup analysis today.


HTTP + SSL = HTTPS

by Mark Tschetter

Posted on 2017-03-02 19:16:12


HTTP + SSL = HTTPS

What It Is and Why Should You Care?

You may have heard the buzzwords HTTPS and SSL flying around more lately. That is likely because beginning January 2017, Google began flagging sites as “not secure” if they collect passwords and credit card numbers over HTTP.

What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It allows for your web browser and a web server to relay information between each other.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer. Unlike HTTP, the S in HTTPS indicates that the information from your web browser is encrypted before it is sent to the web server.

What is an SSL Certificate?

SSL is an acronym for Secure Socket Layer. An SSL certificate encrypts the data that is sent to the website you are interacting with from your computer, proving the identity of the website. Here’s how it works: your web browser requests a web server to verify the identity of the website you’re on. If verified, the web server will respond by sending an SSL certificate. When the website is deemed trustworthy, the HTTPS symbol will appear in the URL bar as a digitally signed acknowledgement that the site’s identity has been verified by a trusted authority.

How can I tell if a site is verified?

In the URL bar of your browser, a lock symbol will be displayed and the URL will begin with https://www…

Why do I want to interact with sites that use HTTPS?

Imagine you are the web browser and your bank is the web server. If you were in a public place and had to shout out your credit card numbers to your bank across the room, would you rather shout those numbers in plain English, or in a coded language that only you and your bank could understand? HTTP is plain English to snoops and hackers, whereas HTTPS is the coded language that makes your information much harder to crack.

Why should I Care?

Not only does Google label non-HTTPS websites as non-secure, they penalize these sites by dropping their ranking in search results. This directly affects your customers’ ability find you. In addition, beyond search ranking concerns, HTTPS is the security standard, and adopting it on your website helps keep you and your website’s visitors protected.

Are you ready to set up SSL on your website? Contact Feynman Group for more information.


Major Cyber-Attack Targets Twitter, Spotify, Others

by Mike Wilson

Posted on 2016-10-25 23:54:47


cybersecurityOn Friday, October 21, 2016, Internet performance management company Dyn suffered a series of three distributed denial of service (DDoS) attacks, beginning at about 4:00 AM Pacific time and concluding at about 1:00 PM. The attack involving tens of millions of IP addresses affected users’ abilities to access the websites of many of Dyn’s customers, such as Twitter, Reddit, Spotify, Etsy, and others. Experts believe the attack was targeted at Dyn with one source of traffic sourcing from devices infected by the Mirai botnet.

What is a DDoS attack?
A DDoS attack is when an overwhelming amount of web traffic is directed at an online service (such as a website) in an attempt to make the service unavailable to legitimate users. In this case, tens of millions of IP addresses flooded Dyn’s Managed DNS infrastructure with requests, causing Dyn’s customers’ sites to either fail to load or load very slowly. In other words, many users attempting to do their morning scan through Twitter were disappointed when Twitter did not load.

dnsWhat is DNS?
Note that the following has been simplified for the sake of simple explanation.
The domain name system (DNS) is what’s responsible for converting a domain name into its associated IP address when a website is accessed. Think of it this way: if the IP address is a set of GPS coordinates (latitude and longitude) for a business, the domain name is the street address (123 Street Ave).

When any URL is typed into the address bar of the web browser, a request is sent to a DNS server (many actually) to translate the URL into its IP address, which is then sent back to the browser, telling it how to access the website at the specified URL.

The incident on the 21st occurred when a large number of devices (many infected by the Mirai botnet) attempted to make too many requests to Dyn’s DNS servers, and the overloaded servers could not send back information to fulfill any requests.

It’s important to note that DNS hosting (the service provided by Dyn in this case) differs from website hosting. The latter generally refers to the location on a web server where a website’s files are stored.

What is Mirai?
Mirai is a new type of malware that targets “Internet of Things” or smart-devices – things like CCTV cameras, DVRs, the Nest smart-thermostat, even Internet-connected cars and refrigerators. Mirai is able to take control of such devices and use them to flood a target with traffic. When millions of infected devices are directed toward a single target in a DDoS attack, it’s enough to bring the target down across the web for both legitimate and malicious users.

securityHow can I keep my smart-devices safe?

  • Be selective with which smart-devices you use. Not all devices are created equally when it comes to security. Research before you buy, and always opt for the most secure devices, even if they cost more.
  • If possible, disconnect your smart devices from an internet connection when you’re not actively using them. If there is not an option to disconnect your device from the internet, make sure it is powered off and not in a “standby” state.
  • Keep your devices up to date with the most current software.
  • Always use strong passwords. Some devices such as webcams and CCTVs use default passwords and settings, making them especially attractive targets for malware. Read your manual or do a Google search on how to change the passwords for these devices.
  • If your smart device has been infected by Mirai, you may be able to clean it by rebooting the device, however this action alone will not protect your device from being re-infected.
  • Disable WPS connection on your wireless router, and make sure your Wi-Fi network is password protected.
  • Contact Feynman Group if you have any security concerns and we will work with you to implement solutions relevant to your specific needs.

Does a DDoS attack pose a threat to my website?
If you’re concerned about the resiliency of your hosting environment, contact Feynman Group to discuss whether or not changes to your current situation may be necessary.

Learn More

Note, Feynman Group, Inc. is not affiliated with and does not endorse any of the websites, articles, or authors referenced in this post.


Google Blocks Adobe Flash in Chrome Browser

by Mike Wilson

Posted on 2016-05-16 21:22:47


Google plans to hammer another nail into Adobe Flash Player’s coffin, according to a recent publicly available proposal. The multimedia platform, which has faced a swathe of criticisms over it’s 20+ year lifespan, will presently face stifled support in Google’s popular Chrome browser.

Google | Chrome | Adobe | Flash | DuelAccording to the proposal, Google will continue to bundle Flash with Chrome, however when users visit webpages containing Flash content, they will now be prompted to allow the content before it is loaded, shifting closer to an “opt-in” type of model.

If the user chooses to load Flash content on a webpage, Chrome will remember the user’s settings for the domain, meaning Flash must only be allowed once on a webpage to continue serving content in the future. In addition, Chrome will initially default to allow Flash content on the top 10 sites (based on aggregate usage) for one year.

When these changes go into effect, users will still have the ability to set their own preferences, including an option to always run Flash content.

The shift comes alongside Google’s continued efforts to phase out Adobe Flash content in favor of HTML5. In the Fall, Chrome began blocking Flash based ads by default and Google plans to fully ban them by the start of next year.

The updates will likely impact Flash significantly, as Chrome reportedly holds a staggering 70% of web browser usage as of April 2016.

Google | Chrome | Adobe | Flash | Proposal |


Latest Adobe Flash Update Introduces Major Security Flaw across All Operating Systems

by Mike Wilson

Posted on 2015-10-16 21:40:00


Flash | Adobe | Icon | Logo | CybersecurityAdobe has confirmed another major vulnerability in its Flash Player just one day after releasing its monthly security update. The exploit, which affects Flash users across all platforms, including Windows, Mac, and Linux, allows attackers to crash and seize complete control of the user’s system. This grants attackers full access to users’ webcams, files, browsing history, online banking information, and any other sensitive data contained on the machine, opening the door for full-scale identity theft.

Adobe Flash is a software platform commonly used for animations, browser and mobile games, applications, interactive media, online advertisements, streaming video, and more. Though its popularity has dwindled consistently in recent years (in large part due to known security issues), many websites and applications still employ Flash for a variety of uses.

As of the time this posting, Adobe has issued a security bulletin containing an update to the vulnerable version of Flash, however the safest option for all users is to uninstall Flash. Thankfully, most users should be able to get by without the software installed on their machines, as many modern platforms have been slowly moving away from Flash.

To uninstall Flash Player from your Windows machine, follow these instructions. Mac users can find instructions here. Finally, to disable Flash in your browser, see these instructions for a complete list of modern browsers.

For more technical details and deeper explanation, you may download Feynman Group’s security brief: FeynmanGroup_FlashSecurityBrief_101615

If you are unsure how this security exploit affects your machine or website, contact Feynman Group for technical assistance.

 


Microsoft to End Windows Server 2003 Support

by Mike Wilson

Posted on 2015-04-02 22:30:20


Microsoft windows logoThe clock is ticking for those still using Windows Server 2003. As a matter of fact, the literal clock is ticking on Microsoft’s website as they count down to July 14th, 2015, the day Microsoft will cease to support any version of the popular Windows Server 2003 server operating system.

What exactly does this mean? Consider your other devices. Most likely, your computer prompts you periodically to install updates for various reasons; bug fixes, stability improvements, and security updates are some common cases. Mobile phones are similar. Apple releases minor iOS updates every few months, and even individual apps get updates frequently (glancing at my phone, I see Twitter was updated March 28th noting, “This update includes minor improvements”). All of these regular updates are made by the developers at their respective companies in an effort to continually improve their software and keep users safe from security exploits.

Unfortunately, software companies can only continue to update older versions of their products for so long before it’s no longer viable to do so, forcing users to migrate to more modern versions. Just as this is the case now with Windows Server 2003, the very same scenario occurred with Windows XP when Microsoft terminated support for the computer OS in April 2014 (though XP had a valiant 13-year run).

Windows product headstonesIt is highly recommended that all present Windows Server 2003 users migrate to a current version before July 14th, 2015 in order to protect their infrastructure. Continuing to use Windows Server 2003 puts your data at serious risk. The lack of security patches paints a big bulls-eye on these machines for those looking to exploit holes in their defense. While it’s possible in some cases to restore data post-hack, it can be difficult if not impossible to fully recover after a security breach. In addition to security concerns, Microsoft will no longer provide technical support or warranty claims for Windows Server 2003 users, and many applications, including modern 64-bit standards, will no longer support the dead OS.

Perhaps the gravest consequence will affect users in industries which are regulated or handle regulated data, as they may fall out of industry compliance. In this case, Windows Server 2003 users may be legally required to migrate. For a more in depth analysis, this International Data Center white paper provides an excellent summation of the situation as a whole.

In light of the announcement, many commentators are suggesting Windows Server 2003 users migrate directly to Windows Server 2012 R2. In addition to a host of improvements and added features, 2003 users will appreciate 2012 R2’s high application compatibility, meaning the migration will be relatively straightforward. And for those considering taking the interim leap to Windows Server 2008, you may want to note that Microsoft ended mainstream support in January of 2015, and extended support is slated to end just five years from now in January of 2020.

Backlit windows keyboardAll in all, when faced with the end of a product lifecycle, it’s always a good idea to take a step back and evaluate our use of technology. While it may be tempting to write off this announcement solely as a tech giant’s latest money-grubbing scheme, it’s important to remember that technology drives innovation just as much as innovation drives technology. If Microsoft continued to hold the hand of an aged software until the last user replaced it, who would be working to improve and expound upon it, to pioneer new technology solutions far beyond what anyone thought was possible? Windows Server 2003 had a good run after all. Twelve years ago, Chicago won 6 Academy Awards and Harry Potter and the Order of the Phoenix was published. Twelve years from now, there’s no telling how far technology will have advanced, and so we continue moving forward right along with it.

Black Feynmangroup logo
If you’re still using Windows Server 2003, Feynman Group would like to help you through your migration. Contact us to learn more and discuss your options.


Security: First Ever Automated Patch to Mac Computers

by Mike Wilson

Posted on 2014-12-29 21:19:57


Apple computer dark backgroundWhile Macintosh computers are generally regarded for their low risk of security threats, Apple pushed its first automated security patch to machines last Tuesday, December 23rd. This update came in response to a critical vulnerability posed by the network time protocol (NTP), a common software component used to synchronize clocks across the internet. While hackers have exploited the NTP in the past, this particular bug was identified in a Department of Homeland Security bulletin on Friday, December 19th.

It’s important to note that the bug, which could allow hackers to gain remote control of machines, affects a number of devices including PCs. The Verge notes that, while Microsoft has been automatically updating Windows security vulnerabilities for years, Apple had previously preferred to prompt users to authenticate updates.

Mac users should be notified of the update and after installing, a restart is not required. At this time, no cases are known of Mac computers that have been exploited through this bug.


Contact Us

Feynman Group Logo
info@feynmangroup.com

1177 Pearl St.
Eugene, OR 97401
541.342.5531

107 SE Washington Street, Suite 160
Portland, OR 97214
971.254.9922