TecTip #133 Access Google Maps Offline

If you will be traveling and you know you will not have service or internet near you, open Google Maps and hit the profile icon in the top right of the search bar. Scroll to the bottom and click on the offline maps widget. Then, simply drag to the area you want saved and hit “save.” You can find your saved offline maps on your profile page. 

For more TecTips, visit http://tcgns.com/tec-tips #TCG #TecTips

TecTip#134: Access Google Drive Offline

If you install the Google Drive Web app for Chrome, you can access and edit files even if your connection is down or when traveling. The browser app stores the docs on your local drive so you can access them any time. 
To read more TecTips, go to http://tcgns.com/tec-tips

Watering Hole Attacks

Internet criminals are being more and more sneaky with their attacks on businesses, and the latest plot to go after companies is known as Watering Hole Attacks. This type of strategy is not meant to target just one specific company, but rather a specific industry, a specific group of victims or the weak link in the security chain. 

Attacks can now infect a trusted and commonly used resource that potential victims will eventually go to use. It is an avenue of attack that bypasses the stronger security controls by instead infecting users machines that than have access to the target network. An example of this sort of attack happened last year when mobile developers from companies such as Apple, Facebook and Twitter were compromised when visiting the popular iPhoneDevSDK forum after it had been infected with a Java zero day. The key component to these attacks is the initial compromise of a trusted third party entity which will lead to the compromise of the larger target. 

Another example of this sort of attack happening is from the UK Energy Sector that was attacked with a LightsOut Exploit Kit (EK). The EK was injected into the website of Thirty Nine Essex Street LLP, which is a UK Law Firm that deals with energy law practice. Anyone who visited the infected website were silently probed to establish a fingerprint of the client machine. If the victim was running a browser or plugin that the EK exploited, such as internet explorer, Java or Adobe Reader, the appropriate payload was delivered. A remote Access Trojan was installed and it gave attackers complete control over the victim’s machine. 

IC3 is currently working on trying to find better solutions to protect businesses from this breach, but the main way all businesses can start to protect themselves is to treat all 3rd party traffic as untrustworthy until proven otherwise. Attackers are also leveraging legitimate resources as a catalyst for attacks. This includes influencing search engine results, posting to popular social networks and hosting malware on trusted file sharing sites. Therefore, businesses need to have security checks on all third party sites. 

Visibility is another challenge for enterprises using multiple offices and lots of security resources from different vendors but it gets worse since employers are more mobile and leverage personal devices for work purposes. This gives attackers more outlets to attack businesses from a third party device. Visibility is also a challenge when websites move to Secure Sockets Layer (SSL), the standard security technology for establishing an encrypted link between a web server and a browser, by default for traffic to protect end users privacy. SSL can benefit attackers because they can hide their attack from security solutions that don't sit inline and are not capable of inspecting traffic in an encrypted tunnel. Attackers are well aware that you cannot protect against what you cannot see, so they take advantage of SSL, and enterprises must find ways to inspect traffic even with SSL encryption, regardless of device or location.

Enterprises should also seek additional layers of advanced threat protection since attackers won't use past tactics but previously unseen exploits and tactics. Having behavioral analysis more likely to detect zero-day threats. 

This type of attack has been connected to criminal enterprises and nation states alike. It is more effective means of bypassing enterprise security controls and selectively targeting a broader audience. Therefore, in order to protect themselves, enterprises should fully inspect all traffic. 

To read the full article, click here.

Man-In-The-E-Mail Scam

The FBI and Internet Crime Complaint Center (IC3) have issued a warning to businesses that a scam known as the "Man-in-the-E-Mail" is escalating. Chief Technology Officers, Chief Finance Officers and Comptrollers need to be most aware of this new scam and are warned to implement a security system in order to protect their businesses from being targeted. 

The "Man-in-the-E-Mail" scam works in such a way that a business will receive an email via a business account that is purportedly from a well-known, commonly used vendor requiring a wire transfer to a designated bank account. These emails though, are spoofed addresses that have either added, removed or subtly changed the characters from the original address. Many times these spoofed emails have gone unnoticed until fraud detection alerts the victims or executives from each company talk to each other to verify the transactions have been transferred and completed. 

IC3 has received complaints from companies that were alerted by their suppliers about spoofed e-mails received using the company's name to request quotes and/or orders for supplies and goods. Luckily, because this is relatively new and these emails are being sent to multiple suppliers who follow up with the companies whose emails have been spoofed and used to send out these requests, the companies have been able to discover the scam before any major transfers or orders take place. 

What the FBI and IC3 know so far is that the scams seem to be Nigerian based. They also know that the fraudsters are intercepting legitimate emails between the purchase and supply companies, which then can be taken and spoofed to impersonate each company’s real addresses. Another tip to know is that these companies being scammed are asked to send the wired transfer to a new bank account, usually to fraudulent bank accounts in China, Hong Kong, South Africa, Turkey or Japan, due to a "purported audit." 

The IC3 have offered tips to try and help businesses protect themselves from these scams:

-Make calls to insure these are legitimate emails and requests being made. 

-Utilize digital signatures in e-mail accounts

-Use a website domain email account rather than a free web-based account

-Do not hit reply when answering emails, but rather forward it and then type in the email address yourself

-delete all spam

-stay aware of any sudden changes in the company, including who you are still or no longer doing business with, and which companies are most commonly worked with etc. 

These scams are typically used against companies who commonly make very large transfers, so in order to protect your business, heed this advice and make sure your business is safe!

To read the full article, click here. 

Natick Service Council Names TCG Benefactor

TCG is proud to annouce that we have been named a Benefactor by the Natick Service Council, Inc. The Natick Service Council is an advocacy, referral, case management, and information center serving the most economically disadvantaged members of our community. They help clients meet basic needs for food, housing, and access to health care with the goal of promoting self-sufficiency. They are guided by the motto "Neighbors Helping Neighbors" and serve our fellow community members with dignity, compassion, and confidentiality. 

TCG strongly believes that as a part of this community, it is also our duty to give back to the community and contribute when we can. We are proud to be a part of such a strong community, and proud to work with the Natick Service Council to help and give back to our fellow neighbors. We will continue to work with the Natick Service Council to serve our community and all of its members!

TecTip #132: Convert Currency in Google

TecTip #132: Type in the name of the currency you currently own, add "to" and then type in the name of the currency you need to get.

To learn more, check out http://tcgns.com/tec-tips

TecTip #131

Close a tab by mistake? Press Ctrl-Shift-T (Cmd-Shift-T on a Mac) to reopen it. You can press it again and again to keep reopening old tabs in the order they were closed.