TecTip #156: Listen to an Article on a Mac

Mac's allow you to “proof-listen,” or just to listen to an article. In the Speech pane of System Preferences, turn on “Speak selected text.” Click Set Key to choose a key combination. Pressing it makes the Mac read anything on the screen, at the rate, and in the character voice, that you've specified.

To learn more TecTips, check out our page! http://tcgns.com/tec-tips
#TecTips #TCG #Macs

TecTip #155: Sync Facebook Calendar With Google Calendar

In Facebook, click Events, Calendar, Settings then choose Export. You will see "export your friends birthdays" and "upcoming events" in a hyperlink; copy one of the links. Go to Google Calendar, find Other Calendars, then choose Add by URL. Paste link in the URL box and click Add Calendar.

Learn more TecTips by visiting our page! http://tcgns.com/tec-tips #TCG#TecTips #Facebook #Google

TecTip #154: Bring Back Deleted Photos in iOS 8

If you’ve accidentally deleted a photo, you can recover it by heading over to the ‘recently deleted’ album, where deleted photos are stored for 30 days before they’re wiped forever. 

To learn about more TecTips, check out http://tcgns.com/tec-tips #TCG#iOS8 #TecTips

TecTip #153: Reopen Tabs in Chrome

In Google Chrome, you can repoen a previously closed tab by pressing Ctrl + Shift + T. Chrome can remember up to 10 closed tabs you recently used and that can be reopened. 

To learn more TecTips, check out http://tcgns.com/tec-tips! #TecTips#Chrome #TCG

TecTip #152:Disable Remote Registry Editing

Only you should be editing your Windows registry, so make sure this service is disabled by clicking Start, Run, and then typing "services.msc." Scroll down to Remote Registry and make sure the service is stopped, and then set it to either manual or disable.

To learn more TecTips, check out our page! http://tcgns.com/tec-tips
#TCG #TecTips #ComputerProtection

TecTip #151: Delete Your Twitter Location

Type into Google Search "Location 1 to Location 2 Distance" and Google will give you the distance between the two locations and the time it will take to travel. 

For more TecTips, visit our page! http://tcgns.com/tec-tips #TecTip #TCG#Twitter

TecTip #149: Hide Users, Games and Polls

 On Facebook, hover your mouse to the right of a post and click the Hide button to hide any post. Once this button is pressed you'll be prompted with the option to hide that user or in the case of a Facebook application, the option to hide that application from ever showing up on your profile.

To learn more, check out our page! http://tcgns.com/tec-tips #TCG #tectips#Facebook

TecTip #150: Google Helps With Travel Plans

Type into Google Search "Location 1 to Location 2 Distance" and Google will give you the distance between the two locations and the time it will take to travel. 
Check out our page for more TecTips! http://tcgns.com/tec-tips
#TCG #TecTips #Google

TecTip #148: Who Used Your Gmail?

If you forgot to sign out of your Gmail, Google can tell you when the last account activity took place by clicking on the Details link. A new window pops up with more detailed information about any recent activity that occurred on your account, including the IP address, date and time, and the access type.

To learn about more TecTips, check out http://tcgns.com/tec-tips
#TCG #Google #TecTips

TecTip #147: Use Chrome Commands

Use the chrome:// commands to access a few dozen Chrome commands available that allow you to do everything from viewing DNS information, GPU information, and much more. These commands can be accessed by typing chrome://chrome-urls in the Omnibox.

To learn more TecTips, check out http://tcgns.com/tec-tips #TCG #Chrome#TecTips

TecTip #146: Chrome Incognito Mode

Press "Control+Shift+N" key to open Chrome in Incognito mode. Websites you view in Incognito mode will not appear in your browser history or search history, and they will not leave other traces, like cookies, on your computer after you close all open incognito windows.

To learn more TecTips, visit our page: http://tcgns.com/tec-tips #tcg #tectips#chrome

TecTip #145: iOS 8 Health App

In the new iOS 8 Health App, fill in all of your health info and emergency contacts. If you allow it in the app, anyone can get to it, even if your iPhone is locked with a fingerprint. On the log-in screen with the number pad, anyone can click the "Emergency" link, either to make a 9-1-1 call, or to tap "*Medical ID" to get your info.

To learn about more TecTips, check out http://tcgns.com/tec-tips #TecTip#TCG #iOS8

USB Danger

USB's do not seem like a likely danger, but research has found that a USB could give another person full control over your computer! According to an article from WCVB news writer, Jose Pagliery, German researchers found that anything that can connect via USB can potentially be reprogrammed to pose as another device. This is known as BadUSB.

An example of this type of attack is if a USB was programmed to trick your computer into believing it was a keyboard. Once connected, it would allow someone to access your computer, type some commands, and then have total control over your computer. It could even be reprogrammed to reroute your internet traffic so that your internet activity can be spied on, or worse, your private data stolen. This is a huge potential danger, and according to Pagliery, any good computer engineer could do this. 

Other dangers arise if you download the wrong App on your phone, and then connect to your computer. The app can download malware onto your phone and then infect your computer when connected. All of these potential dangers makes borrowing a strangers USB or even letting someone charge their phone on your computer potentially very dangerous. 

Unfortunately, today's antivirus and protection software does not detect these sort of attacks on your computers, mainly because it "isn't technically a computer virus in action, just a device masquerading as another one," states Pagliery. 

So far IPhones and other smartphones have not been tested, but Androids are very susceptible to these types of attacks. To further enforce the danger of USB connection hacks, Pagliery tells us, "The Pentagon disabled its computers USB ports and banned the use of Flash drives in 2008 to prevent infection of government computers there." This precaution took place back in 2008, and now in 2014, researchers are finding even more problems associated with USB drives, so it is surely a cause to make sure you are not letting anyone else use your USB devices. 

Another article by Graham Cluley explains how someone could use this access to your computer, and "open[ed] a browser window which surfed to a webpage containing a zero-day exploit," and compromise your computer in a matter of minutes. 

Cluley offers some advice at the end of his article though, to help reassure people that there are some ways to protect yourself and business from these types of attacks. It must first be noted that these attacks are “sophisticated attacks which require considerable research and effort to pull off successfully . . . attacks are vendor-specific as every vendor creates their controllers differently” (Cluley). Also, if you have been keeping up with the latest software and making sure your computer is as highly protected as it can be, you may not be able to stop the USB from downloading the malware, but you may be able to detect and stop it before it fully compromises your computer. Most importantly, always be extremely cautious as to who you allow to use your USB. Cluley concludes with, “The golden rule is never plug anything into your computer that you do not 100% trust.”

 

In order to make sure your computer is fully updated and protected from these types of attacks, visit TCG's website www.tcgns.com and visit our Business Continuity page to learn how we can help protect and prepare your business from USB attacks.
To read the full article by Jose Pagliery, visit this website. To read the full article by Graham Cluley, visit this website.

 

Cluley, Graham. “Danger USB! Could a Flash Drive’s Firmware be Hiding Undetectable Malware?” Tripwire.com. 1 August, 2014. Online.

Pagliery, Jose. “USB Flash Drives have a Fatal, Universal Flaw.” WCVB.com. 2 August, 2014. Online. 

Hackers Use Google, Too?

Google is everyone's favorite search engine and it seems hackers love it, too! An article from Network World informed us that Google's many free services have recently been discovered to have been used by hackers to disguise data that was stolen from corporations and government computers. This form of attack has been deemed the Poisoned Hurricane. It uses a remote access tool known as Kaba, to infect systems and steal data. 

The unfortunate victims of this attack are US and Asian based companies and governments. The hackers used spear phishing attacks to compromise various systems, then installed malware to steal information and send it to remote servers. This type of attack is very unique according to Network World's Gonsavles because it "disguised traffic between the malware and command-and-control servers using Google developers and the public Domain Name System (DNS) service of Fremont, Calif. based, Hurricane Electric."

This is used as a sort of transfer station where traffic could be redirected and seemed to be headed toward legitimate domains such as adobe.com, update.adobe.com and outlook.com.  

These tactics are "clever enough to trick a network administrator into believing the traffic was heading to a legitimate site" claims Gonsalves. Hackers used forged HTTP's that identified with 21 legitimate domain names, and then would sign the Kaba malware up with a certificate from an expired organization. 

The hackers used both a Google Developer Platform along with Hurricane Electrics Platform to transfer the stolen data. Through the Google Developers platform, developers can use the site to share code. This is where the attackers used the service to host code that would decode the malware traffic and determine the IP address for the real destination, and then redirect the traffic to that location. 

With Hurricane Electric, the hackers took advantage of the fact that anyone can register for an account hosted DNS service, and this service allowed the hackers to "create A records for the zone and point them to any IP address" (Gonsalves). Google and Hurricane Electric have since removed the mechanisms that the hackers used. 

Hackers are becoming very creative in their means of attacks and have proven to use common resources to do so. Be very aware of these new tactics in order to know how to protect yourself from these data breaches.  

To learn how TCG can help protect your business from data breaches and other attacks, visit our Business Continuity Page! 

To read the full article, visit the page!

Gonsalves, Antone. “How hackers used Google in stealing corporate data.” Network World.  8 August, 2014. Online. 

TecTip #144: Find Battery Draining Apps

To find which Apps use the most Battery in iOS 8, go to "Settings > General > Usage > Battery Usage". Here you'll be able to see if a certain app has been used more than others. 
To learn about more TecTips, go to http://tcgns.com/tec-tips #TecTips #TCG#iOS8

TecTip#143: Custom Keyboard Shortcuts

Right-click the program's launch icon and select Properties, open the Shortcut tab, then click in the "Shortcut key" field and press the key you want to use to launch the program. Windows will assign Ctrl + Alt + <key of your choice> as a keyboard shortcut to open the program. 
To learn more TecTips, check out our page! http://tcgns.com/tec-tips

TecTip #142: Aero Snap Desktop Windowa

Click an open window and drag it to the left or right edge of the screen to automatically resize it to fill that half of the desktop. Commands Windows key + left arrow, Windows key + right arrow, and Windows key + up arrow snaps the selected window in the same manner. 

TecTip #141: Copy a File Path to the Clipboard

Hold down the Shift key, right-click the file or folder you want, then select the "Copy as Path" option. Now you can paste the info wherever you'd like, including the "File name" portion of Browse dialog boxes. 

To learn about more TecTips, check out our page http://tcgns.com/tec-tips#TecTips #TCG #Windows

TecTip #140: Erase Mistakes with Ctrl + Z

If you accidentally send a file to the wrong, unknown folder or the file starts to copy itself repeatedly, you can use the Ctrl + Z command to undo your mistake!

To learn about more TecTips, Check out TCG's page, http://tcgns.com/tec-tips#TCG #TecTip

TecTip #139: Launch Taskbar with Keyboard

Every program to the right of the Start button is assigned its own numerical shortcut, with the first shortcut being "1," and so on. Pressing the Windows key, plus the number of the program you want to open, launches it. 

To learn more TecTips, visit our page! http://tcgns.com/tec-tips #TecTips#TCG #Windows

TecTip #136: Voice Activated Google Search

You can Google search with your voice by clicking on Settings > Advanced Settings and under "Privacy," make sure "Enable 'Ok Google' to start a voice search" is checked.

For more TecTips, check out http://tcgns.com/tec-tips

TecTip #138: Search For Related Articles

If you find a website you like, try using "related:[insert URL]" to locate similar websites within your Google search. 

To learn more TecTips, check out http://tcgns.com/tec-tips #TecTips #TCG#Google

TecTip #137: Remove Image Fill in Office

When working with an image in Microsoft Office, to remove background image fill, click the image until the Format menu shows up. Then choose Remove Background.

To learn about more TecTips, visit http://tcgns.com/tec-tips #TCG #TecTip

TecTip #135: Open Multiple Pages on Start Up

Click the icon in the top right corner, which will appear as a wrench or three horizontal bars, and choose Settings, then find the On Startup and click Set Pages. Enter the URLs for each website and click OK. When you close and restart Chrome, the URL's will open automatically.

TecTip #133 Access Google Maps Offline

If you will be traveling and you know you will not have service or internet near you, open Google Maps and hit the profile icon in the top right of the search bar. Scroll to the bottom and click on the offline maps widget. Then, simply drag to the area you want saved and hit “save.” You can find your saved offline maps on your profile page. 

For more TecTips, visit http://tcgns.com/tec-tips #TCG #TecTips

TecTip#134: Access Google Drive Offline

If you install the Google Drive Web app for Chrome, you can access and edit files even if your connection is down or when traveling. The browser app stores the docs on your local drive so you can access them any time. 
To read more TecTips, go to http://tcgns.com/tec-tips

Watering Hole Attacks

Internet criminals are being more and more sneaky with their attacks on businesses, and the latest plot to go after companies is known as Watering Hole Attacks. This type of strategy is not meant to target just one specific company, but rather a specific industry, a specific group of victims or the weak link in the security chain. 

Attacks can now infect a trusted and commonly used resource that potential victims will eventually go to use. It is an avenue of attack that bypasses the stronger security controls by instead infecting users machines that than have access to the target network. An example of this sort of attack happened last year when mobile developers from companies such as Apple, Facebook and Twitter were compromised when visiting the popular iPhoneDevSDK forum after it had been infected with a Java zero day. The key component to these attacks is the initial compromise of a trusted third party entity which will lead to the compromise of the larger target. 

Another example of this sort of attack happening is from the UK Energy Sector that was attacked with a LightsOut Exploit Kit (EK). The EK was injected into the website of Thirty Nine Essex Street LLP, which is a UK Law Firm that deals with energy law practice. Anyone who visited the infected website were silently probed to establish a fingerprint of the client machine. If the victim was running a browser or plugin that the EK exploited, such as internet explorer, Java or Adobe Reader, the appropriate payload was delivered. A remote Access Trojan was installed and it gave attackers complete control over the victim’s machine. 

IC3 is currently working on trying to find better solutions to protect businesses from this breach, but the main way all businesses can start to protect themselves is to treat all 3rd party traffic as untrustworthy until proven otherwise. Attackers are also leveraging legitimate resources as a catalyst for attacks. This includes influencing search engine results, posting to popular social networks and hosting malware on trusted file sharing sites. Therefore, businesses need to have security checks on all third party sites. 

Visibility is another challenge for enterprises using multiple offices and lots of security resources from different vendors but it gets worse since employers are more mobile and leverage personal devices for work purposes. This gives attackers more outlets to attack businesses from a third party device. Visibility is also a challenge when websites move to Secure Sockets Layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser, by default for traffic to protect end users privacy. SSL can benefit attackers because they can hide their attack from security solutions that don't sit inline and are not capable of inspecting traffic in an encrypted tunnel. Attackers are well aware that you cannot protect against what you cannot see, so they take advantage of SSL, and enterprises must find ways to inspect traffic even with SSL encryption, regardless of device or location.

Enterprises should also seek additional layers of advanced threat protection since attackers won't use past tactics but previously unseen exploits and tactics. Having behavioral analysis more likely to detect zero-day threats. 

This type of attack has been connected to criminal enterprises and nation states alike. It is more effective means of bypassing enterprise security controls and selectively targeting a broader audience. Therefore, in order to protect themselves, enterprises should fully inspect all traffic. 

To read the full article, click here.

Man-In-The-E-Mail Scam

The FBI and Internet Crime Complaint Center (IC3) have issued a warning to businesses that a scam known as the "Man-in-the-E-Mail" is escalating. Chief Technology Officers, Chief Finance Officers and Comptrollers need to be most aware of this new scam and are warned to implement a security system in order to protect their businesses from being targeted. 

The "Man-in-the-E-Mail" scam works in such a way that a business will receive an email via a business account that is purportedly from a well-known, commonly used vendor requiring a wire transfer to a designated bank account. These emails though, are spoofed addresses that have either added, removed or subtly changed the characters from the original address. Many times these spoofed emails have gone unnoticed until fraud detection alerts the victims or executives from each company talk to each other to verify the transactions have been transferred and completed. 

IC3 has received complaints from companies that were alerted by their suppliers about spoofed e-mails received using the company's name to request quotes and/or orders for supplies and goods. Luckily, because this is relatively new and these emails are being sent to multiple suppliers who follow up with the companies whose emails have been spoofed and used to send out these requests, the companies have been able to discover the scam before any major transfers or orders take place. 

What the FBI and IC3 know so far is that the scams seem to be Nigerian based. They also know that the fraudsters are intercepting legitimate emails between the purchase and supply companies, which then can be taken and spoofed to impersonate each company’s real addresses. Another tip to know is that these companies being scammed are asked to send the wired transfer to a new bank account, usually to fraudulent bank accounts in China, Hong Kong, South Africa, Turkey or Japan, due to a "purported audit." 

The IC3 have offered tips to try and help businesses protect themselves from these scams:

-Make calls to insure these are legitimate emails and requests being made. 

-Utilize digital signatures in e-mail accounts

-Use a website domain email account rather than a free web-based account

-Do not hit reply when answering emails, but rather forward it and then type in the email address yourself

-delete all spam

-stay aware of any sudden changes in the company, including who you are still or no longer doing business with, and which companies are most commonly worked with etc. 

These scams are typically used against companies who commonly make very large transfers, so in order to protect your business, heed this advice and make sure your business is safe!

To read the full article, click here. 

Natick Service Council Names TCG Benefactor

TCG is proud to annouce that we have been named a Benefactor by the Natick Service Council, Inc. The Natick Service Council is an advocacy, referral, case management, and information center serving the most economically disadvantaged members of our community. They help clients meet basic needs for food, housing, and access to health care with the goal of promoting self-sufficiency. They are guided by the motto "Neighbors Helping Neighbors" and serve our fellow community members with dignity, compassion, and confidentiality. 

TCG strongly believes that as a part of this community, it is also our duty to give back to the community and contribute when we can. We are proud to be a part of such a strong community, and proud to work with the Natick Service Council to help and give back to our fellow neighbors. We will continue to work with the Natick Service Council to serve our community and all of its members!

TecTip #132: Convert Currency in Google

TecTip #132: Type in the name of the currency you currently own, add "to" and then type in the name of the currency you need to get.

To learn more, check out http://tcgns.com/tec-tips

TecTip #131

Close a tab by mistake? Press Ctrl-Shift-T (Cmd-Shift-T on a Mac) to reopen it. You can press it again and again to keep reopening old tabs in the order they were closed. 

TecTip #130

Don't want to be hassled by calls or notifications on your Iphone? Simply go to Settings>Do Not Disturb and then turn on Manual so that all incoming calls and notifications will be silenced, and you can not be bothered.

To find more TecTips, go to www.tcgns.com #TecTips #IPhone#TCGNetworkServices

TCG Receives MWOC Award

The Metrowest Work Opportunity Coalition (MWOC) recently gave awards to two local businesses that employ Price Center clients.

The first award went to The Computer Guys, who hired Marty Headd over a year ago. Marty dismantles and disposes of old hard drives for the firm's clients, preventing identity and data theft by thieves who mine junked computers for information.

The company has given Marty more hours and expanded responsibilities over time. He has also been fully integrated into the company's workforce, attending company outings and even the occasional poker night.

MWOC, a subsidiary of the Metrowest Chamber of Commerce, also gave an award to the American Girl Store in Natick, which employs Price Center clients Philip Jasset and Kerri MacLellan.

TCG is honored to have received this award. Marty is an excellent employee, is a pleasure to work with and has become part of the TCG family.

TecTip #129

If you are in a rush or need to charge your IPhone quickly, set it to Airplane Mode and your IPhone will charge twice as fast!

Cyberattack Insurance

 As business owners working in a system that revolves around technology and online data, it is becoming essential for businesses to purchase Cyber Insurance. Today, over 50 different carriers provide Cyber Insurance to protect companies against online attacks and the accrued losses. What companies are realizing though is that the insurance is not nearly enough to fully protect the companies, and there are major obstacles for both businesses and insurance. 

      The first major issue both insurance companies and insured companies are facing is that there is not enough historical data to help insurers appropriate an estimate for how much a company would need to be insured for. In the past, many data breaches have either gone unnoticed or were not reported publicly in order to avoid damaged reputation, but that has left insurance companies with very little reliable data. Also, attacks are becoming more and more advanced as time goes on, and so the data that the insurers do have is often outdated and no longer applicable. Past statistics are now almost irrelevant. 

     Last year, the total amount of Cyber Insurance paid was $1.3 Billion. Cyber Insurance numbers are significantly smaller in comparison to that of Property Damage Insurance. Most current insurance plans only cover clean-up costs such as attorney fees, implemented call centers and other steps to help stabilize the company after the breach takes place, but since they cannot estimate how much it would be needed to cover losses, the insurance is limited. Larger corporations are trying to take much more caution and buying millions of dollars’ worth of insurance, hoping to be able to cover any major damages done, but small or medium sized companies are still left with less coverage and greater risk. 

    The second major issue that insurance has almost no ability to fix is the intangible effects a data breach can have on a company. Loss of trust from customers, damage to a brand or company reputation can create far greater losses for a company. Unfortunately, there is no accurate way to estimate what those effects will have on a company. If we look at the case of Target, their brand reputation was seriously injured and many customers no longer trust shopping at their stores. Also, the Cyber Insurance that Target did have cannot fully cover the charges that Target is trying to repay to its customers along with the changes it is trying to make to the company to ensure this type of attack cannot happen again. 

      One tactic that Insurance companies are trying to use in order to better get an idea of an estimate for a company is to hire a hacker and have them find the weak spots in a company’s website in order to get some idea of what their risk would be, but even this is not a completely accurate plan, since cyber criminals are constantly changing their tactics and moving to more advanced technology. Also, with more and more companies joining cloud computing, it is still unsure whether or not this will be safer for companies or create greater risk. In cloud computing, one breach could potentially damage many companies at once, and the new cyber Insurance Industry needs to figure out how to protect these companies as best they can. 

To read more about Cyberattack Insurance, check out the full article from the New York Times.
To learn how TCG can also help insure your company is protected from Cyberattacks, check out our Business Coninuity page and our Systems Management page and see how TCG can provide peace of mind for your business!

Update on Malvertising:Ransomware

  It seems that criminals no longer need to kidnap a family member to demand a ransom; instead, internet criminals have developed a ransomware to go after your money. Most internet users know to be weary of certain websites and advertisements in order to protect your computer from viruses and having malware downloaded. However, malicious advertisements have now started to appear on common domains such as Disney, Facebook, and the Guardian newspaper websites

     Most internet users believe these major sites to be a safe place to browse and check out the various interest-based advertisements, but Cisco Systems recently discovered while monitoring their own user's browsing, that certain advertisements on popular domains are being tampered with by an outside third party. The malicious advertisements are rerouting users to another domain and instantly installing a Rig Exploit Kit after guessing the users login's and passwords. Once installed, the malware locks all of the user’s data access and installs a ransomware called Cryptowall that demands a ransom from the user in order to regain full access to the user’s data. 

     Cisco recently worked with law enforcement to shut down some of these attacks, but they have not been able to learn who is behind the attacks, and how to fully stop them from happening. The problems that arise is that these malvertisements are extremely difficult for websites to detect or even know that they are being tampered with by an outside party. Along with that, these attacks could be made by more than one person, making it more difficult to track exactly where the source of these attacks are coming from. Finally, with the constant changes and upgrades in software and technology, unraveling these attacks and understanding them is only getting increasingly more difficult as time goes on. Law enforcement and Cisco are still working towards a solution. 

      As internet users, it is important to note that the malware seeks out users who are running unpatched versions of Flash, Java or Silverlight Mutlimedia programs. Also, if ransomware is installed into your computer, the longer you wait to pay, the larger the ransom becomes, so be sure to alert authorities immediately! As tempting as it is to be seduced by Facebook and Disney's online advertising, with the danger of Malvertising on the rise and the threat of Ransomware, take caution on what advertisements you decide to click on, or simply avoid them altogether. 

To learn more about Malvertising and Ransomware, read the full article at Network World.
To learn how TCG can help protect your business from internet criminals, check out our Business Continuity page and our Systems Management page. 

TecTip #128

To simplify your Google Search when looking to buy a product within a specific price range, simply type in your search terms followed by your highest to lowest price separated by two periods, and the results will only show your product within the price range your specified. This also works for time periods. For more TecTips, go to www.tcgns.com 

#TCGNetworkservices #TecTip #Google

TecTip #127

To search for an article you forgot the author or title to, type into Google “site:” followed by the website URL and search words from the article, and Google will provide you with all the articles from the website with those search words!

To learn about more TecTips, go to www.tcgns.com #TecTip#TCGNetworkServices #Google