(817) 439-3051

Author page: admin

Beware of Fake Spectre and Meltdown Patches
Technology January 30, 2018
Beware of Fake Spectre and Meltdown Patches

 

Cybercriminals have begun peddling patches that install malware rather than fix the vulnerabilities recently discovered in computer chips. Learn how hackers are conning people into installing these fake patches so that you do not become the next victim.

 

Cybercriminals did not waste any time after the January 3, 2018, announcement that most of the computer chips in use today have two serious security vulnerabilities. Less than two weeks later, security analysts discovered that some hackers were trying to take advantage of the situation. They were not trying to exploit the chips’ vulnerabilities, though. They were trying to exploit people’s fears. The cybercriminals were offering to fix the Spectre and Meltdown vulnerabilities, but the patch they were peddling was actually a program that infected devices with malware known as Smoke Loader.

 

While this scam has been shut down, security experts are expecting more like it. By understanding how hackers carried out the scam, you will be better able to spot similar attacks.

 

How the Scam Worked

 

To dupe people into installing the fake patch, the hackers used phishing emails and a spoofed website. Hackers initiated the scam by sending well-crafted phishing emails to German citizens. The emails appeared to come from Germany’s Federal Office for Information Security (BSI), the equivalent of the National Institute of Standards and Technology (NIST) agency in the United States. According to the real BSI, the emails had subject lines like “Critical vulnerability – important update”. The body of the email, which included BSI’s logo, warned about the Spectre and Meltdown vulnerabilities. The email recipients were urged to click a link that lead to a website supposedly run by BSI.

 

Although the website was being run by hackers, it looked like a legitimate BSI web page. It even had an HTTPS address and the padlock symbol to give victims a false sense of security. The fake BSI site urged people to download a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip), which contained a fake patch (Intel-AMD-SecurityPatch-10-1-v1.exe). Victims who downloaded and installed the fake patch had the Smoke Loader malware installed on their computers or smartphones.

 

Smoke Loader changes settings and installs files on infected devices. Hackers use this malicious program, which is designed to avoid detection, to install other malware (e.g., ransomware, banking trojans) on victims’ devices.

 

How to Avoid Becoming a Victim

 

Phishing emails and spoofed websites are often used in cyberattacks, so hackers will likely utilize them again in future patch scams. No matter whether the patch being peddled is for Spectre, Meltdown, or a different security vulnerability, it is a good idea to follow these guidelines:

 

    • Do not assume an email is authentic because it looks official. In the past, phishing emails were fairly easy to spot. They often looked crude and had spelling and grammatical errors. Nowadays, many cybercriminals take the time to make their emails look authentic. Besides crafting convincing messages that are free from spelling and grammatical errors, they often use visual elements, such as logos. It is easy for anyone to copy a logo from a legitimate website and then paste the logo into an email.

 

    • Do not assume a URL will take you where it says it will. Hackers often use deceptive URLs. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate organization’s name (e.g., NIST) or web address (e.g., https://www.nist.gov), but the actual URL leads to a malicious website. You can check a link’s actual URL by hovering your mouse pointer over it (without clicking it).

 

    • Do not assume a website is legitimate because it starts with “HTTPS”. Research has shown that many people believe that sites which start with “HTTPS” and have the padlock symbol are legitimate and safe. However, this designation simply indicates a site is using the HTTP Secure (HTTPS) protocol, which means that any data being transmitted between web browsers and the site is encrypted. It does not signify that the site is legitimate or its contents are safe. Hackers like to use the HTTPS protocol on their malicious sites because it can give visitors a false sense of security. In fact, a quarter of all phishing websites are HTTPS sites, according to PhishLabs.

 

    • Be wary of emails that urge you to install any type of update. Vendors seldom contact customers via email about applying patches or other types of updates. Most vendors either automatically install them or send notifications through the operating system’s or the device’s update service (e.g., Windows Update, HP Support Assistant). If you receive an email about an update from a vendor, you should verify the email’s authenticity.

 

Being Careful Can Keep You Safe

 

It is important to patch newly discovered security vulnerabilities because hackers often exploit them to gain access to computers and other devices. However, if someone emails you about installing a patch to fix a vulnerability, you need to make sure the email is from the vendor and not a cybercriminal. If the need arises, we can verify whether the email is legitimate or a phishing scam.

 

What is Application Virtualization?
Cloud Computing July 9, 2017
What is Application Virtualization?

If you are a technology decision-maker in your organization, you are probably overwhelmed by communications from vendors offering the latest and greatest technologies to help you save money and make your IT operations more efficient. There are now so many technological advancements available that even the most resource-anemic of IT departments can get whipped into a lean, mean, high-performing machine. But, reaching this pinnacle takes time. First, as a decision-maker you must understand the technologies that are available. A good place to start your education is with virtualization, specifically, application virtualization. What is application virtualization?

Forrester, a well-known technology research company defines application virtualization as follows:

Application virtualization refers to software technologies that encapsulate their applications from the operating system on which they are executed, in order to improve their compatibility, portability, and management.1

To fully understand application virtualization, we can break down the Forrester definition into four parts: encapsulation, compatibility, portability, and management.

Encapsulation

In organizations, many applications are typically installed directly on individual desktop systems. When you implement application virtualization, it becomes a new layer that is sandwiched between the work computer’s operating system and the application. This virtual layer, which often exists as a sandbox or virtual machine (VM), is where all the component-related activities occurs. For example, changes to the system registry. System performance issues are often tied to these activities. By virtualizing apps, those issues are no longer associated with the organization’s work systems.

Compatibility

I’m sure employees in your organization use multiple applications to perform their jobs. When you install or upgrade applications, there is always a chance for compatibility issues. These may relate to the operating system or the applications themselves. Virtualized apps remove these dependencies. All of your requirements and testing are limited to the virtual system.

Management

Since virtualized apps are installed on a host system, management occurs at a single location. Once installed on the host system, deployment of virtualized apps works similar to a network service. You deploy the applications across the network and employees access them as needed directly or using a VPN connection. You control all installation and management tasks related to the applications. Any updates to the application are made to the host and automatically picked up the next time the user launches the app.

Portability

For the most part, virtualized apps are used the same way as their counterparts. Users are able to store information on their local system as normal. If there are employees in your organization that work remotely or travel often, they can access virtualized apps that are streamed across the network. Depending on the setup, they may not need an Internet connection.

Is Your Organization Ready for Application Virtualization?

If you decide to follow-up with potential vendors about application virtualization as a potential technology for your organization, it is a good idea to first determine your goals, specific use cases, and the number and types of applications you want virtualized. There are many approaches to application virtualization. Identifying your specific needs when talking to a vendor can help determine if their solution is suitable for your organization.

1 = http://www.forrester.com/Application-Virtualization

What Does it Mean to Bring Your Own Device (BYOD)?
Cloud Computing June 17, 2017
What Does it Mean to Bring Your Own Device (BYOD)?
What Does it Mean to Bring Your Own Device (BYOD)?

The increasing popularity of smart devices has had a dramatic impact on how we do everything. The clear separation between work and personal environments that once existed is quickly fading. The catalyst for this change are mobile devices such as smart phones and tablets that are now so sophisticated that they can do what desktop systems can do—from anywhere.

With all their smart technology, mobile devices have become extremely popular. Using personal devices in the workplace is a natural progression that is even taking place in organizations with highly sensitive data. A patient who visits their doctor today and needs a new medication may see their doctor looking up medical information on their smartphone. The use of personal mobile devices in the workplace is referred to by several acronyms, but BYOD (bring your own device) is the one most commonly used.

How it Works

Possessing a mobile device does not automatically grant an employee access to its organization’s network. There must first be an acceptance and then an integration plan put in place. The IT department does not usually have the final say in whether personal mobile devices are acceptable in an organization. Instead, their expertise typically lies in integrating the devices and developing the BYOD policy.

There is no one way to implement BYOD. Many organizations develop a BYOD policy that states what is and is not acceptable when using a personal device to access work applications. A very basic scenario is allowing employees to only access webmail from a mobile device. At the other extreme is unrestricted access to all business-related applications.

Benefits

If you are deciding whether to accept personal mobile devices in your organization, you may be asking yourself, “Why should I?”

There are several benefits of BYOD that can actually benefit your business:

  • Increased productivity. Employees are able to access work applications at any time anywhere they go.
  • Cost-savings. Companies are not responsible for buying the devices. They may foot the bill for a data plan that the employee accesses while at work. The savings are greatest when a mobile device is an employee’s only access to business applications.
  • Increased morale. Quite simply, employees are happier using their personal devices. The devices chosen by IT may not be the latest and greatest.
Security Concerns

There are some challenges associated with allowing personal devices in the workplace. The most significant is security. The very nature of a personal device means that people can use them to do non-work activities. What level of access do employees have to sensitive data? What happens if the device is lost or stolen? These are just a few security-related questions to consider when implementing a BYOD policy.

There are tools available that provide you some control and management of personal mobile devices, but the most important security measure is employee compliance. Employees should be trained how to protect business data and required to adhere to the BYOD policy.

The Future

Could mobile devices eventually replace desktop systems and BYOD become the norm in every industry? It’s definitely possible. If your organization chooses to implement a BYOD policy, a good plan to prepare for whatever the future holds for BYOD is to nail down your security approach and consider innovative ways to make it work without disrupting your business flow.

How will IT and Technology affect the future of Health Care?
Technology March 10, 2017
How will IT and Technology affect the future of Health Care?

Health care as we know it is forever changing because of technology. Never before has there been such significant transformation of health care. New high-tech innovations created for health care are producing a broad range of benefits for both patients and medical professionals.

This year is of great importance for every health care provider.  It’s the year all medical records need to become electronic. This is not a surprise for medical professionals. It’s something that every medical professional has been working on leading up to 2014. It’s a federal mandate and every health care provider needs to demonstrate the use of electronic medical records by 2015 or receive possible penalties for non compliance.  Many health care providers are utilizing electronic medical record solutions from market leader Epic. While this has been a an overwhelming amount of work for most health care providers the long term benefits are limitless. Imagine when all medical research, treatment choices and patient history are electronic. All of this data can be analyzed and calculated in real-time to ultimately make better diagnoses.

One of the great challenges with health care today is providing patient care in rural and remote geographic regions. With current shortages of medical professionals this becomes even more difficult. The reality is patients who live in distant locations need to travel far to receive health care or the medical professional needs to make the long trip to treat patients. With solutions like American Well and HealthPresence patients can connect with medical professional from their home. These solutions are not available everywhere yet because of state laws but where they are available the benefits are substantial. Patients in remote areas can save time travelling long distance for preventable emergency room visits. Likewise, medical professionals can treat more patients using virtual solutions. Of course, remote consultations are not suitable for every medical condition but they are effective for many conditions or follow up consultations from treatment.

Not only are new emerging technologies providing patients with easier access to medical professionals but also health care professionals are using this technology to consult and collaborate with other medical experts and peers. Common in health care are medical consults where one medical professional meets with another medical professional to review a patient case and discuss treatment, procedures and diagnoses. The use of video conferencing and web conferencing solutions is become widespread within health care to provide medical professionals with the ability to meet face-to-face virtually with other health care experts and share patient records and charts. The use of this technology allows medical professionals to consult with anyone in the world. Not only are these technologies being used for consults they are also being used to bring remote medical experts in to operating rooms during procedures.

Growing fast in the consumer market is wearable mobile devices that track and monitor your health. There are wearable mobile devices that record your heart rate, sleep patterns, types of exercise and caloric burn. Not only is this one of the fastest growing mobile device markets it also contains mainstream manufacturers such as Nike and Samsung. Never before has it been so easy to monitor your own heart rate and health activity. The general idea is that by having this real-time personal health information you can set goals and improve your health.

 

Technology is truly transforming healthcare from every end of the medical spectrum. This new health care world with technology at its center empowers the patient. Patients have easier access to medical professionals through technology. The possibilities of medical data analytics after the completion of the federal mandate to electronic medical records may open new possibilities to how diagnoses are handled and accuracy of treatment. Finally, wearable health care technology provides health awareness and motivation to improve health. These technology innovations are reshaping healthcare today, imagine the impact from technology in ten more years!

The Benefits of Back-up Technologies
Storage March 9, 2017
The Benefits of Back-up Technologies

Data loss can be avoided with the use of data backup technologies. Whether you are backing up personal or business data you can copy and archive your data very easily today with the multitude of data backup solutions available in the marketplace.

Time and time again you hear about people or businesses that have loss data or their data became damaged. The loss of the data or corruption can be caused by any number of occurrences. For instance, a simple power outage or surge. Another common culprit for data loss or corruption is component failure of computer hardware. Additionally, software can be incorrectly saving data and it becomes irretrievable or damaged. It’s a long list of causes that can effect data. It’s a best practice for any person or business to utilize data backup technologies to prevent and reduce possible data loss and corruption.

For individuals, there are many affordable data backup solutions to copy your data. Two easy approaches are to use a USB flash drive or USB external drive. First check the total amount of data you currently have and then select a drive with enough capacity to meet the amount of data you have. Drives are not as costly as in years past. In fact, you can easily find one terabyte drives for less than $100 USD. If you don’t want to use a physical external data backup solution then there are plenty of cloud based data backup services you can subscribe to.  A few of the common cloud data backup services are Dropbox, Amazon Simple Storage Service, Carbonite and CrashPlan. Some people even use duplicate data backup solutions to make sure their valuable data is safe. Consider using both a cloud data backup service and a USB external drive to give you supplementary data backup.

For businesses, whether you are a small business or a large Fortune 500 company, data backup technology is absolutely necessary. For some industries, such as financial services and health care, there are government regulations to copy your data and retain it for a specified number of years. If your business is in the health care of financial services markets and do not backup your data you could face severe financial penalties for not being within compliance. Backing up your data can be just as easy for businesses; it’s just the scale of the data backup solutions that is greater as a result of the larger amounts of business generated data. Protect your business and backup your data.

Besides backing up your data to ensure your business meets government regulations and is within compliance another driver for data backup solutions is business continuity. There are factors outside of our control than can cause a business to be interrupted and loose data. Examples are natural disasters, severe weather or even human made disasters. Businesses need to plan for these type of unforeseen events. Plans like this are called disaster recovery plans or business continuity plans. The basis for these plans is always data backup solutions. Think about what would happen to your business if you didn’t backup your data and an unexpected event happened that caused you to temporarily relocate your business and your computers and servers were all damaged. How long would it take for you to get your business operational and running again? How long could your business operate without the data? What is the cost to your business when it is not running? All of this can be avoided by backing up your data with data backup solutions. For large organizations, some of the leading data backup solution companies are EMC, NetApp, Symantec and CommVault.

Don’t assume that you will not loose data and that your data cannot get corrupted. Find the time today to backup your data. Reduce your risk of a potential data loss nightmare. Data backup solutions are a necessary evil. You may not like spending the time and cost to backup your data but when you accept the fact that the risk is too great it’s an easy decision whether or not to back up your data.

What is the Cloud?
Cloud Computing March 8, 2017
What is the Cloud?

One of the most vocalized terms in use today is “the cloud”. This two-word saying is a metaphor for the Internet. For many years engineers would use cloud silhouettes in network drawings and diagrams to represent the Internet. This is still common practice today. However, in recent years the term “the cloud” is also synonymous with virtualization and cloud computing.

Most people don’t realize that they are most likely using several cloud services. Some examples are Google Gmail – cloud based email, Netflix – cloud based video streaming, Facebook – cloud based social networking and Dropbox – cloud based data storage. All of these cloud services you use over the Internet in place of your computer hard drive. The cloud is the opposite of your hard drive and local storage.

For a very long time organizations have swayed back and forth on which architecture and delivery model for applications and services is the most reliable, secure and scalable. Businesses have debated whether or not to build out infrastructure and deliver applications and services internally from on premises solutions or forgo the build out instead to purchase cloud subscription services. Today’s solutions offer more flexible deployment models where companies can utilize hybrid and blended architectures with services delivered from both on premises infrastructure and the cloud.

There are many benefits to the cloud delivery model. The most prevalent is the reduction in capital expenditure. To build out on premises infrastructure for application and services money would be spent on hardware and software. In comparison, a cloud model would not require a capital expenditure for hardware and software but instead require an operational expenditure for the cloud subscription service. Two great examples of cloud services used by large companies are Salesforce and WebEx. Companies that utilize these cloud services pay an ongoing operating expenditure. Sure companies could purchase on premises CRM and Collaboration solutions similar to Salesforce and WebEx but they wouldn’t get the benefits of the cloud.

Businesses today are looking for cloud based services fro competitive advantage. It’s costly to stand infrastructure up and tear it down project after project. Also, building out infrastructure on premises takes time and does not provide flexibility to easily scale up and down as needed or when temporary service is a requirement. There are many companies providing infrastructure as a cloud service. Some of these companies are Google, Amazon Elastic Compute Cloud and Rackspace.

Some of the other benefits for cloud services are the ability to quickly scale and ramp up as needed. In particular, for geographically distributed companies cloud services provide the needed wide-reaching access. Remember the alternative would be adding more infrastructure to scale and distribute infrastructure for people across geographies.

Another advantage for businesses utilizing cloud services versus building out on premises infrastructure is maintenance and support. Enterprise infrastructures require regular maintenance and support for staying current on software releases and hardware lifecycles. Upgrading hardware and software can be very expensive for an organization. In comparison, with cloud solutions the cloud service provider is responsible for maintaining and keeping the platform current.

For individuals, “the cloud” is an ideal place to purchase subscription services for email, data backup and also video streaming or on demand. For businesses, it dependents on the size of your business and operating models. Putting aside those factors, “the cloud” is accommodating for fast deployments when you need to deploy applications or test applications immediately.

Presage Solutions, Inc.
Developer Center February 8, 2017
Presage Solutions, Inc.

A managed service provider (MSP) provides delivery and management of network-based services, applications, and equipment to enterprises, residences, or other service providers.”

Presage Solutions, Inc. is a Privately Held Texas Corporation. Our corporate office is located in Ft. Worth, Texas with additional offices in Grapevine and Dallas, Texas. Presage Solutions delivers professional technology solutions with a defined business value.

Managed Services
Network Services January 8, 2017
Managed Services

Presage recognizes that there is a real need to define precisely what Managed Services are, and where the benefits lie for your business.

At Presage, we have a proven production method which joins people, process and technology to meet the high expectations of our enterprise customers.