New Malware Threat Targets Internet Routers

A new malware called VPNFilter has managed to infect over 500,000 routers around the world.

“The Federal Bureau of Investigation warned consumers to reboot their Internet routers and install new software patches, to fight a nasty new malware attack called VPNFilter that has so far infected about half a million devices in more than 50 countries, including the United States.  VPNFilter can be used to steal data, or to order routers to “self-destruct,” knocking thousands of Internet-connected devices offline.” 1

Routers are typically part of the technical devices in the home and at work, but how many of us know how to update software without the help of a technical person?  You would have to look up the brand of the router, its model and serial numbers, know the default password, log on to its internal control software and download a patch from the company’s website.  To some of us, that’s no problem, to most of us, it’s not only confusing, but anxiety provoking.

VPNFilter malware is a threat, and it can wreak havoc.  It can steal critical files from infected machines, or disable the router and knock out thousands of computers offline.  The FBI is working with researcher from Talos Intelligence Group, and they have traced the infection back to a group who appear to be linked to Russia’s military intelligence service.

The latest attack via VPNFilter is especially bad one, since it doesn’t only prevent devices from connecting to the internet, but it can be used for stealing passwords and monitoring internet activity. However, it seems that the attack has been planned for a while now, and both the UK and the US officials have been warning people that the Russian hackers might plan something like this.  The FBI used a court order to seize this Internet address and take it offline. Still, thousands of routers remain infected, including an unknown number in the United States.

So far, the only thing that the people can do to avoid becoming victims of the malware is to reset their routers. Returning them to the factory defaults and updating them is the only way to ensure that the malware is removed from the device.

“The FBI is urging Internet service providers Comcast Corp. and Verizon Communications Inc. and others to check whether their hardware is vulnerable, and work with customers on updating their routers.  Routers by Linksys, MikroTik, Netgear, and TP-Link are affected, as are big external hard drives made by a company called Qnap.  Merely rebooting the routers will wipe much of the toxic code from memory.  But a portion survives, and it will reinstall the malware when the device powers up.  The only sure cure is a software patch for each vulnerable device.” 2

“No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues. The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”3  Some of the products will handle the update automatically – as a consumer you need to be aware and be able to patch your router.

Don’t leave your networks open to hackers.  As we are connecting other digital devices to our home networks — audio speakers, thermostats, security systems, etc., they all need regular software updates if you want to remain safe.  Spending the time on each device and being proactive is better than having to deal with it in a crisis.

References:
1 + 2:  The Boston Globe, May 24, 2018
3:   Talos Intelligence https://blog.talosintelligence.com/2018/05/VPNFilter.html
US Department of Justice
Security Global 24

Tech Savvy Ideas for Grads, AND Dads!

It’s that time again! Whether you are in the market for a great and fun gift for a graduation or for Father’s Day, read on…

If your graduate is finishing high school or departing their college campus with a degree in hand, they deserve a little something for their hard work.  Below are a number of options for the tech-savvy grad.  Whether you are giving a gift to spruce up an apartment, dorm, or even help them master a new job, get in to shape, go on an adventure or just have fun, here are some ideas to help you give the perfect gift.

Is Dad tech savvy?  You may even find the perfect gift for him, too!

The 1MORE Triple Driver small, sleek headphones. Unlike most portable models, they deliver excellent sound, with an earplug-like design that limits extraneous noise. The 1MORE Triple Driver also comes with nine pairs of earpieces to help the user find just the right fit.

Edifier R2000DB.  These elegantly-designed Bluetooth speakers deliver very good sound quality and ease of use, masterfully converting any late-night gathering into an unforgettable party. They’re a good choice for the more critical listener in need of a wireless speaker for music and other audio content. This one ships as a pair, so your grad and her hipster friends can hear their favorite songs in stereo.

Nikon Coolpix S9900.  This camera packs a 30x zoom into a relatively thin body. It also has a swiveling liquid crystal display, great for composing selfies and other hard-to-reach shots. It even has a good image stabilizer.

Sony FDR-X1000V. This dependable action cam is one of the best, and it’s a bit pricey, but very lightweight, easy to use, and shoots a 4K resolution video.  It also has new-and-improved image stabilization, designed to counteract low-amplitude vibration, which Sony claims is a common problem when you shoot video from a drone. So, if your certain someone decides to capture an aerial view of himself, shaking with fear while zip-lining, it won’t be a problem – the footage itself won’t be jittery.

Apple Watch Series 3 38mm Smartwatch.  An Apple Watch not only shows that the student is tech savvy (which is great for today’s start-up culture), but it also keeps them organized. The Apple Watch Series 3 is the latest version in Apple’s watch collection and it boasts some amazing features. It’s faster than previous generations — by about 70% — which means that apps launch quickly and the…MORE graphics are smoother. Students can use apps like the heart rate monitor and custom high-intensity interval training to stay healthy or conduct business by tracking meetings, sending emails and managing budgets.

Mosiso Laptop Shoulder Bag.  It fits a 15-inch laptop and features spill-resistant gray denim that fits in with both casual and business looks. The inside has foam padding and a fluffy fabric lining to protect the computer from bumps and scratches. And there are side pockets to store a phone, notebook, and power adapter.

Display2Go Digital Photo Frame.  The electronic signage black wood frame has a built-in speaker that allows users to play audio while cycling through a photo slideshow. The frame also has the ability to play video files.  The digital photo frame also includes a white mat, tabletop or wall mount, and has 2GB of internal memory, allowing users to store files directly on the frame.

Logitech X300 Mobile Wireless Stereo Speaker.  The speaker comes in copper, black, blue, pink and silver, and features a built-in rechargeable battery that powers five hours of continuous music. In addition to stereo sound, this speaker is wireless, and has a built-in microphone to double as a mobile speaker for phone calls.

Skylock.  Perhaps your grad loves cycling. This is a smart bike lock with a built-in solar panel that recharges its battery. Skylock uses 256-bit eliptic-curve cryptography to keep bikes safe, and a touch interface to unlock. With a steel housing, Skylock is extremely durable and tough to break.

Happy shopping!

Facebook. To Share, or Not To Share.

Last month Facebook appeared in the news for weeks.  Due to a firm by the name of Cambridge Analytica which collected data from 50+ million Facebook users, it is believed that the company supposedly used this information to influence voter behavior during the US presidential election and UK’s Brexit campaign.

We all know that Facebook is a very popular platform for developing brand awareness, not to mention the millions of families who post photos and all sorts of information to be shared online.  Have you wondered if your data is still safe after the recent data breach scandal?

Let’s rewind back to 2014.  A Facebook personality quiz app which was called “This is Your Digital Life” was developed by a data scientist.  Tens of thousands of Facebook users signed up and released information about themselves in exchange for humorous results.  In 2015, this was removed from the Facebook platform.  The app collected not just the data of the people who took the quiz, but also — “thanks to Facebook’s loose restrictions — data from their friends, too, including details that they hadn’t intended to share publicly.” 1

What the quiz takers didn’t know was the firm that the data scientist worked for had stuck a deal with Cambridge Analytica to share the information that was gathered, including the mined data about the users’ friends.

The information collected was based on:

  • Activities on Facebook, and the information that was disclosed to Facebook
  • Facebook connections, networks, messages, photos and other content that other users sent
  • Payments handled by Facebook
  • Your location
  • Devices that were used for Facebook access
  • Apps and websites which use Facebook services
  • Data from other platforms that are also owned by Facebook, including Instagram and WhatsApp
  • Advertisers and other third-party partners.

What happened next was Cambridge Analytica analyzed the data and created psychological profiles to invent better political drives to influence how people would vote.  There is still a debate about how effective the plan was, but, there’s no doubt that thousands and thousands of users were manipulated in to signing away data without knowing it.

Here is what you can do to keep information safe from data-harvesting apps and programs.

  • Audit Your Facebook Apps. If you used Facebook to sign in to a third-party website, game or app, those services may continue to access your personal data.  “On Facebook, go to the settings page and click on the Apps tab to see which apps are connected to your account. From there, you can take a closer look at the permissions you granted to each app to see what information you are sharing. Remove any apps that you find suspicious or no longer use. (Facebook has also made some changes to prevent the gathering of detailed information of friends of users.)” 2

“On the App Settings page there is another setting called Apps Others Use. This is where you choose which details are shared about you when your friends use apps. Make sure to uncheck all the boxes if you don’t want any of your information, like your birthday or hometown, accessed by your friends’ apps.” 3

  • If you are concerned about what details apps can see about you and your Facebook friends, now is a good time to check your privacy settings and minimize the information you share publicly. For example, you can make sure that only your friends can see your Facebook posts, or that only you can see your friends list. 4

 

Read privacy policies. When you sign up for a new app or web tool, the company typically asks you to agree to its terms of service.  Be sure to carefully read the terms and the privacy policy.  If you see language that you do not understand, or, which suggests your data could be shared in a way that makes you uncomfortable, don’t use the program.

 

References:

Android Security

In the past several months, Android security issues have become part of techie news.  Hackers are developing a record number of cyberattacks that could compromise your mobile operating system and they’re having more success than ever before. There are some things you can do to tighten up your Android security, and most of the features you need are already built in.

If you lose your Android phone, anyone who picks it up could see what’s inside.  Perhaps it’s a harmless passerby, or worse, a hacker.  Fortunately, Android has a “Find my device” feature that allows you to track, lock, and wipe data from your lost or stolen device. Unless you’ve accidentally disabled ‘Find my device’, it should be running on your Android by default.  To use it in the event that you’ve misplaced your Android device, make sure it’s registered. Go to where you will be prompted to log into your Google account. From there, you can locate your phone and, if you think it has fallen into the wrong hands, wipe it remotely.

One feature that’s often overlooked, but which you should pay close attention to, is the app permission settings located in the App & Notifications menu. In this window, you’ll be able to see which apps have permission to access different phone functions.  Pay close attention to apps that have access to your microphone, camera, and biometric sensors, as these can be used to monitor your daily activities and private information.  And given the recent Facebook privacy fiasco, it’s a good idea to closely watch what permissions your social media apps have.

With “Safe Browsing” mode, Google Chrome users are given warnings before they enter a suspicious site. There are robust threat monitoring features that scan ahead to prevent you from falling for online scams, and much like “Find my device” this feature is enabled by default — just make sure you’ve updated your Android and Chrome to the most recent versions.

In the “Security” menu of your device, there are various settings for managing your lock screen. App notifications, for instance, still make their way onto your lock screen, which means people can still see important messages, even if your phone is locked. To fix this, you can simply limit how much is shown on your lock screen.  Another important setting is Smart Lock, a feature that allows you to automatically lock a device based on its location. For example, if you’re carrying your phone, it can let you automatically keep your phone unlocked; but as soon as it leaves your hand, it locks itself immediately.

Last but not least, you must enable multi-factor authentication.  Aside from accessing your device and apps with just a passcode, multi-factor authentication forces users to provide another set of identification like an SMS code, fingerprint, or facial recognition scan.  Although this adds another step to your sign-in process, it does make it much more difficult for anyone to hijack your accounts. This feature can be found in the “Sign-in & security” options of your system’s settings.  Once you’ve enabled these settings, you’re well on your way to keeping the wide variety of cyberattacks at bay.

*Published with permission from TechAdvisory.org.

Chrome, Edge and Firefox. Supporting Biometrics.

Google Chrome, Microsoft Edge, and Mozilla Firefox will soon support web-based biometric authentication which should give users more protection against phishing and may reduce the need for passwords.

These internet browsers are expected to allow users to sign into online profiles through facial recognition, fingerprint scanners and voice authentication. Online biometric authentication through these browsers requires no additional software.

Chrome OS, Windows, and MacOS, Linux, and Android are all adding features to help users safely log in using biometric identification via USB, Bluetooth, and NFC devices connected to smartphones and tablets. By having this convenience, users can verify their accounts on the go.

Passwords are notoriously bad at protecting users’ accounts and the information they store. Facial scans, fingerprints and voice recognition would make it much more difficult for hackers to commit identity theft. That means you’re also less likely to be duped by an email from a hacker pretending to be your boss asking for the company credit card.

Biometric verification will also lessen the need for logging in your information when shopping online, streaming video, using cloud applications, and other internet-based transactions. Windows 10 has already adopted features that offer limited account management with fingerprints and facial scans. But none of the big-name technology vendors have offered solutions to achieve this on mobile devices as of yet.

Browser-based biometrics could revolutionize and streamline the steps of verifying an online account. It promises to add more security and ease in logging in and transacting on the internet.

*Reprinted with permission; TechNet/Digital Trends   — https://technet.microsoft.com/en-us/

Think Before You Click – Are Short Links Safe?

Short links, or links that have been condensed so they require fewer characters, have been around for a while. For those not already familiar with them, they take a link such as this https://www.bryley.com/2018/04/05/4-options-for-discarding-old-hardware-bryley-tips/, and turn it into this http://ow.ly/SEga50h2XWW.  Typically you see them on social media platforms such as Twitter, where you have a fairly limited number of characters at your disposal, but they can be used pretty much anywhere.

While short links can certainly save space, they also present one very serious issue.  You can’t see where they are going to take you.  If you use our example above, simply by looking at the original link, which displays the full URL it is pointing to, you can determine that you are going to end up at Bryley.com.  Furthermore, you can see it will take you to a page discussing how to dispose of old hardware.

On the other hand, the short link shown above points to the same page, but it would be impossible to know that just by looking at it.  It doesn’t even given an indication of what site you are going to end up on if you click on it, never mind what page.

This poses a security risk.  If you see a short link that has been posted by someone you trust and you already have a sense of where it is going to take you then it is probably safe to click on it.  But what if you can’t verify the source a link came from, or where it is going to take you?  In that case, you should verify the destination of the link before you click on it.

Fortunately, there are several services online which will tell you exactly where a short link is going to take you if you click on it.  For instance, the website CheckShortURL.com will check any short link you happen to stumble upon.  All you have to do is copy and paste the short link into their utility (see image below).

After you click “expand” you will be presented with a page that looks like this:

 

Not only does this indicate where the short link is going to take you, but it lists several services which will check to see if any malicious content has been found at that location.

By taking this extra step, you are being proactive!  Avoiding a cybersecurity breach such as a ransomware attack will save you a lot of headaches, time and money.

Gavin and Cathy Livingstone, owners of Bryley Systems Inc., Participate in the 2018 Clinton Middle School Science Fair

Gavin and Cathy Livingstone, owners of Bryley Systems Inc., Participate in the 2018 Clinton Middle School Science Fair

On April 13th, Bryley Systems was honored to be part of the third annual Clinton Middle School Science Fair.  As members of the Science Fair Committee, Cathy and Gavin Livingstone assisted in the planning and implementation of the event.  Mr. Livingstone presented the school with a monetary donation while Carol Misulis and Ms. Livingstone were part of the judging team.

Last November, Bryley Systems, a growing Managed IT / Managed Cloud business, relocated to 200 Union Street in historic downtown Clinton seeking a larger facility and a central location. The Livingstone’s have experience with judging science fairs, and were pleased to share their expertise and become involved in their new community.

Winners of the 2018 Science Fair, Samantha Forde and Madison McDonald.  Their winning display and science topic was  “What is the PH of your Favorite Drink?”

 

The fair featured a wonderful art display.  Cathy Livingstone and Carol Misulis, both art enthusiasts, enjoyed every moment!

Cathy Livingstone (left) and Dr. Alicia Casey, MD (right).  Dr. Casey is a pediatric pulmonologist in Boston, Massachusetts and is affiliated with Boston Children’s Hospital.  Dr. Casey grew up in Clinton, MA.