news

12 Jun 2018 - FBI arrest 74 e-mail scammers. Recover $14 million

The US Justice Department on Monday announced the arrest of 74 individuals, including 42 in the US, for their involvement in e-mail scams designed to steal money and valuable information from both businesses and individuals.

In addition to the 42 in the US, the arrests included 29 in Nigeria, as well as three in Canada, Mauritius, and Poland. Federal authorities also seized nearly $2.4 million, and they disrupted and recovered approximately $14 million in fraudulent wire transfers.

Full article @ ZDNet

10 Jun 2018 - New Flash exploit bypasses browser, infects via Office documents instead

If you thought you were safe from malware spread via Adobe Flash think again, a new attack hides Flash scripts in Office files to download its payload.

A newly discovered Adobe Flash zero-day exploit is using Microsoft Office files to spread a stack-based buffer overflow attack, but with a twist: The malicious file doesn't contain any actual malware.

Discovered by 360 Core Security and security firm ICEBRG, this new Flash zero day was specifically found to be targeting users in the Middle East, with a potential focus on Qatar.

Malicious Office files aren't a new way to spread malware, but this particular attack has a trick up its sleeve: It remotely downloads the Shockwave Flash (SWF) file containing its payload once opened. That means the file itself doesn't contain any malware, making it easier to fly under the radar.

Adobe has released a patch to address the zero-day exploit, and those still using Flash are advised to update now.

Full article @ TechRepublic

 

4IT Comment:-

This exploit once again stresses the importance of NOT opening e-mail attachments from unknown OR unexpected sources. Office documents are a favourite method of delivery by the malware writers and we have seen a sharp spike in e-mails containing fake orders, invoices etc., inviting you to open the attached Word or Excel document.

Remember no matter how good your security systems are the weakest link in the chain is always the user.

10 Jun 2018 - VPNFilter router malware more serious than first thought

A new research report indicates the VPNFilter malware has a longer reach than first thought, and simply rebooting your router is not enough.

VPNFilter is a novel type of malware that infects a number of home and small business routers including those from Linksys, MikroTik, Netgear, TP-Link, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

Official guidance from the FBI was to reboot your router to remove the infection, however after further investigation this may not be enough.

It is strongly recommended you check your device manufacturers website and install the latest firmware available. If you already have the latest firmware you should still reinstall it to ensure removal of any infection.

Full article @ TechRepublic

07 Jun 2018 - Power users rejoice! AMD/Intel bringing 20+ core processors

Good news for PC power users: AMD and Intel bringing 20+ cores to workstation CPUs

Announced at Computex 2018 in Taipei. Both Intel and AMD are placing a great deal of emphasis on a relatively recent category of CPUs that are architecturally more similar to lower-end server CPUs than high-end workstation CPUs. This design choice brings a double-digit core count to workstation CPUs, which has been rare to find for performance workstation/desktop systems until now.

AMD's second generation Ryzen Threadripper CPUs are "on track" for launch in Q3 2018. The new CPUs will feature either 24 or 32 cores, with two threads per core, for a total of 48 or 64 threads.

Intel's newest offering is a 28 Core i9 CPU (48 threads) running at 5 GHz.

Full article @ TechRepublic

Alternate article @ Computing Website

29 May 2018 - British hacker gets 10 years

'One man crime wave' hacker Grant West was sentenced to 10 years and eight months in prison on Friday for a crime spree that netted him millions from the sale of stolen data.

Twenty-six year old West from Sheerness in Kent had pleaded guilty to charges including conspiracy to commit fraud, computer misuse and drug offences on 2 May.

A prolific criminal, he hacked multiple firms including Asda, Ladbrokes, Barclays and BA, costing them hundreds of thousands of pounds.

He also used phishing emails to trick people into giving away their financial information. One such email, sent in 2015, purported to be a survey from Just Eat. It promised discount vouchers for those completing it. That email alone netted him £180,000, according to the Met Police.

A total of £84,000 was stolen from hacked Barclays accounts, costing the bank more than £300,000 to put right.

BA lost £400,000 as a result of West's hacking of accounts the Avios travel awards site.

West sold the information on Alpha Bay, the 'dark web' site that has since been taken down. The proceeds were converted into Bitcoin which he stashed in multiple accounts.

Full article @

29 May 2018 - Avast causing inaccessible desktop after Windows 10 1803 update

The Windows 10 April Update is causing more stress for users running AVAST, with many claiming their PCs were wiped clean after they hit OK on the update prompt.

The blank desktop issue has reached users across the world but does not appear to have affected a large number of users, according to the forums. If you have already installed the Windows 10 update and had no problems, you don't have to worry about the issue.

If you have Avast Antivirus, it may be prudent to delete it before installing the new Windows 10 update, as many users have reported losing access to all of their files after the installation.TechRepublic

25 May 2018 - US sites block EU users due to GDPR

A handful of top US news sites have chosen to block UK and EU users rather than deal with the EU's GDPR requirements.

Sites including USA Today, LA Times & Chicago Tribune have all decided to block rather and comply with GDPR.

Even non EU companies forced to comply with GDPR such as Facebook have taken measure to minimise their need for compliance. In Facebook's case, by quietly moving the data of 1.6bn users from their Irish data centre to a non-EU one.

The EU's threat to fine non EU companies with huge fines for non compliance has predictably lead to this result.

GDPR may yet prove to be a heavy handed and over-reaching piece regulation.

More info @ Evening Standard

25 May 2018 - Beware GDPR fraudsters phishing emails

GDPR fraudsters are conning people out of thousands a with wave of phishing emails.

ew data protection rules coming in on Friday have sparked a wave of fraudulent emails, the police's fraud arm has warned, with criminals posing as banks and companies to steal people's details.

Customers of one of Britain's biggest banks, Natwest, are among those being targeted with phishing scams in which they are told they must comply with so-called "GDPR" rules by handing over sensitive details, or face having their accounts deleted.

Full article @ Telegraph

23 May 2018 - Microsoft OneDrive preferred by business over Google Drive or Dropbox

Microsoft trumps Google, Dropbox in business cloud storage wars

A Spiceworks survey highlighted the overwhelming demand for better cloud security, and showed that most companies were turning to the tried and true option of Microsoft.

Full article @ TechRepublic

17 May 2018 - Opera Touch. The dream Android browser?

Opera Touch is a dream Android browser for users who are always on the go

If you're looking for an Android web browser that makes on-the-go browsing simple, Opera Touch might be just the ticket.

Designed for people who use their phone one handed, Opera has hit that particular nail square on its head. Opera Touch makes one-handed usage not only possible for all, but easy.

Upon launch you have easy access to the Keyboard/search bar, the Mic and a QR Code/Barcode scanner.

For those who frequently find themselves using their mobile devices with one hand, Opera Touch might well be the best laid out mobile browser for this purpose. Combine that with the Flow feature and Opera is seriously onto something. Give Opera Touch a go and see if it doesn't wind up your default Android browser.

Full article @ TechRepublic

17 May 2018 - Dire Linux vulnerability gives attackers root access

A flaw related to a NetworkManager integration script is trivially easy for attackers to leverage.

A command injection vulnerability has been discovered in the DHCP client included in Red Hat Enterprise Linux.

The proof-of-exploit code is small enough to fit in a tweet and Red Hat considers it a critical vulnerability.

This bug affects RHEL 6.x and 7x, as well as CentOS 6.x and 7.x, and Fedora 26, 27, 28, and Rawhide. Other operating systems built on top of Fedora/RHEL are likely to be affected, including HPE's ClearOS and Oracle Linux, as well as the recently-discontinued Korora Linux.

Full article @ TechRepiblic

11 May 2018 - Latest Windows 10 Patch (KB4103721) may cause boot-loop

The first cumulative patch for the Windows 10 April 2018 update is causing some PCs to enter a cycle of failed boots.

The bug in update KB4103721 may cause devices with Intel SSD 600p Series or Intel SSD Pro 6000p Series to repeatedly enter a UEFI screen after restart or stop working.

KB4103721 was designed to fix a number of issues that have arisen in the April 2018 update, but inadvertently caused a much more serious one.

If you have been affected with this please contact us for remedial action.

09 May 2018 - Windows 10 April update (v1803) is here

The next version of Windows 10 (v1803) has arrived. All Windows 10 users should start receiving upgrade notifications this week.

We have been testing the latest version for the past 3 weeks and have noticed no issues, however in a business scenario we recommend you be prudent, upgrade a single machine and test all your line of business applications before committing to upgrading the rest of your devices.

Of course if you need any assistance then please give us a call.

01 May 2018 - Windows 10 April 2018 Update - What to expect

Windows 10 is never finished, with Microsoft adding a bevvy of new features to the OS twice a year.

The latest bundle of improvements is almost here, with the April 2018 Update available to download from Monday 30 April. The update has arrived slightly later than anticipated, and with a different name than the expected "Spring Creators Update".

Windows 10 users can expect a smattering of improvements, the most interesting of which is Timeline, which allows users to easily jump back to what they were doing on a Windows 10 device at an earlier point, while IT admins and developers also get some smart upgrades to command line tools and Linux support.

Of course, not everyone will be thrilled to have a major update pushed upon them, even if it will be quicker to install than earlier releases, but there are ways to put off the upgrade.

Full article @ TechRepublic

24 Apr 2018 - Tech support scams rose by 24% in 2017, costing some victims thousands

Tech support scams, which rose by 24% in 2017, may require industry-wide cooperation to solve, Microsoft said.

The scams, which involve tricking an unsuspecting user into paying a scammer to remove fake or non-existent malware, are an attractive alternative to complicated coding and make online crime accessible to the average criminal without a tech background. Most instances of tech support scams only net the attacker a few hundred dollars, but some have managed to clear out entire bank accounts.

Full article @ TechRepublic

19 Apr 2018 - 12 months after WannaCRy attack, NHS security still woefull

Almost a year after the WannaCry ransomware attack took out banks, public transit systems, hospitals, and universities worldwide, several of the UK organizations hit have not adequately implemented cybersecurity practices that can prevent future threats, according to a Tuesday report from the UK's Committee of Public Accounts.

"The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS," committee chair Meg Hillier said in a statement on the report. "It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed."

Full Article @ TechRepublic

08 Apr 2018 - 4IT Website Refresh

We've refreshed our website to modernise the design and make it more mobile/tablet friendly.

We hope you enjoy our new look-and-feel, if you encounter any problems please let us know!

30 Mar 2018 - Microsoft Word document and zero-day attacks on the rise

Cyber Criminals are increasingly turning to zero day exploits and Microsoft Office to execute their attacks.

Malware attacks have grown significantly over the past few months, zero-day malware instances rose steeply by 167% compared with the previous quarter.

Cyber criminals are continuing to use sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data.

As always user caution is the key. Do not open ANY e-mail attachments unless you BOTH KNOW who the sender is AND you are expecting to receive the attachment. No amount of security software can 100% guard against a careless user.

Full article @ Computer Weekly.

 

If you have security concerns or would like to discuss your security requirements please contact us

28 Mar 2018 - Easter Opening Times

We will be closing at 2:30pm Good Friday (30/03/18) and will reopen again on Tuesday 03/04/18 with usual business hours.

26 Mar 2018 - Bitdefender 2018 home products now available

Bitdefender 2018 home products now available

We're please to announce we can now supply our residential customers with the full range of Bitdefender home security products.

Bitdefender Antivirus Plus 2018

Bitdefender Internet Security 2018

Bitdefender Total Security 2018

Price breaks are available on multi-year subscriptions

For full details visit the Bitdefender website

23 Feb 2018 - Highly Targetted Fraud E-Mail

Today we received a highly targeted fraud e-mail. The e-mail was directed to our accounts dept., purporting to be from our director (Mark Moran) requesting a BACS transfer of £9711 be made to a supplied account number.

The e-mail was footed with the directors full name and included the full confidentiality notice we attach to the bottom of all our e-mail. The true originator e-mail address was hidden as well as the reply address but instead a valid @4-it.co.uk was displayed.

This is the first time we have seen this level of targeting in an e-mail and advise All of our clients to pay close attention to any unsolicited e-mails making unusual payment requests.

14 Feb 2018 - Brazen E-Mail Extortion Attempt!

Over the last 14 years of trading we thought we'd seen all the spam/scam e-mails going but the one we received today took the biscuit, if just for the bare faced cheek of it!

As IT professionals we could immediately tell that the claims made were both ridiculous and laughable but likewise could understand why some basic users could fall for it.

It shares characteristics with most spam/scam e-mails, it's illiterate, uses scary or threatening language and is demanding money. Treat it with the contempt it deserves!

We've included the text of the e-mail below for your enjoyment! :-)

Ticкеt#534445080: 14.02.2018 07:28:38 We cracked your system

I am from the squad of web criminals in Korea.We contact with you by your corp mail because we think that you will check it.

The other day my crew uploaded a malicious program in web-site with porn and after you tapped on a play your system began recording your screen and using cam to cop you masturbating.Finally I guess you realize which content Ive got.Moreover, this program force your device work as dedicated server with many possibilities like keylogger,parser etc. To sum up, my soft collected all information,especially all your contacts from messengers,e-mails,social networks.

If you wanna make me silent you should pay 320 dollars in bitcoins. 1NoBogLFrnXXXXXXXXUCtn9aDDzESsC

Just copy and past it. If I receive this sum we will be silent.There are a lot of information about how to buy bitcoins, just read it... For example you can buy them at localbitcoins, just find seller in your country.If you have a problem with this, you can search the nearest ATM for bitcoin through coin atm radar.

I give you exactly 1 day from the time you read this message for making a payment.Dont try to play with us we use botnet, also I live abroad.If you want proofs I will share it to 8 your friends then we will share their contacts. So you will be able to ask if something strange was received about you.

For some questions just reply.Think better,AmAZinGcRackeR$.

05 Feb 2018 - Adobe responds to North Korean hackers exploiting Flash zero-day for TWO MONTHS

Hackers linked to North Korea have been taking advantage of an Adobe Flash zero-day flaw since November - but the software company has only just got round to issuing a warning about it.

Cyber security researchers and South Korean authorities have long warned that cyber attackers based in the North have been tapping into a new Adobe Flash zero day flaw.

 

Full article @ Adobe finally responds to claims of North Korean hackers exploiting Flash zero-day for TWO MONTHS

 

Opinion

Security flaws in Flash have, over the years, repeatedly been used to attack pcs. It is an insecure and outdated technology and many website creators have abandoned it in favour of the newer features of HTML5. We feel there is no reason to have this on your PC and recommend all users remove it.

The best fix for Adobe Flash security flaws is to uninstall it!

10 Jan 2018 - Emergency Windows Meltdown patch locks some AMD PCs into endless loop

After installing the update users say their PCs are unable to boot and eventually get stuck in an endless loop, as they try to roll back to an earlier version of the OS.

A Windows patch to reduce the risk from exploits for the Meltdown and Spectre CPU flaws is reportedly preventing PCs with older AMD processors from booting.

The recent update, KB4056892, seems to be causing problems for computers running on Athlon X2 processors.

Despite being older machines, the CPUs date from about the mid-to-late 2000s, users say their PCs were running Windows 10 without issue before installing the update.

After installing the update users say their PCs are unable to boot and eventually get stuck in an endless loop, as they try to roll back to an earlier version of the OS.

Full article @ Emergency Windows Meltdown patch locks some AMD PCs into endless loop

09 Jan 2018 - Meltdown and Spectre Important Information

On January 3rd, 2018, Google Project Zero Team published details about critical CPU vulnerabilities dubbed Meltdown and Spectre. This issue affects most CPUs that have been on the market for the past decade.

Full public details about Meltdown and Spectre were scheduled to be released on January 9th, 2018. As a result, not all software vendors managed to release their security patches that mitigate the recently disclosed vulnerabilities.

Microsoft released important Operating System Security patches and guidlines on Jan 3rd, while Apple announced that Meldown vulnerability is fixed since December in it’s MacOSX 10.13.2. Not all Linux Distributions released their security patches and we expect more releases in coming days.

We strongly recommend you apply all validated patches from your Technology providers.

06 Jan 2018 - Meltdown and Spectre security flaw affects ALL chip manufacturers

Contrary to initial reports that just Intel chips were affected by the Spectre and Meltdown security flaws, we now know that chips from Intel, AMD & AIM are ALL affected.

Specific details of the flaws are still being kept secret until software manufacturers can issue security patches which should arrive within the week.

It is reported that these patches could have a significant impact on performance (up to 30%), however until issued this will be difficult to quantify.

21 Dec 2017 - US, UK finally blame North Korea for WannaCry attack

The UK government has publicly blamed a North Korean group for the WannaCry ransomware attack that hit the NHS earlier this year.

The Foreign Office said it is “highly likely” that the North Korea-based Lazarus Group was behind the attack in May.

However, the IT security community had already pointed the finger at North Korea many months ago.

ComputerWeekly

20 Dec 2017 - Christmas opening times.

We are open as normal until 2:30pm Friday 22nd Dec and will reopen at 9am Tuesday 2nd Jan.

If you are a customer requiring support during that period please use the normal support contact details.

Any non clients needing to contact us during our office closure please use the e-mail address sales@4-it.co.uk which will be monitored daily.

 

We would like to take this opportunity to wish you all a very merry Christmas and a happy and healthy New Year

07 Dec 2017 - Microsoft Edge now available for iOS and Android

After a short 'preview' period and a positive community response, Microsoft today launch their Windows 10 Edge browser for the Android and Apple (iOS) mobile platforms.

Edge can be download free of charge from The Google Play Store (Android) or Apple Store (iOS).

Microsoft Edge for iOS and Android brings familiar features like your Favourites, Reading List, New Tab Page, Reading View, and Roaming Passwords across your PC and phone, so, no matter the device, your browsing goes with you. But what makes Microsoft Edge really stand out is the ability to continue on your PC, which enables you to immediately open the page you’re looking at right on your PC"or save it to work on later.

 

Full article @ Microsoft Windows Blog

27 Nov 2017 - New Microsoft tech support scam surfaces

Fake tech support sites will now automatically launch a device's phone dialer with a prompt to contact their "support team."

Tech support scam websites, as Microsoft said in the post, used to rely on a loop of popups and browser lockups to fool users into thinking something was wrong. Most browsers now have the ability to prevent sites from creating more dialog windows, effectively stopping those kinds of attacks, so scammers have been forced to adapt.

It you experience ANY kind of "Tech Support" warning or popup we recommend you immediately shut your PC down by using the power button on the device. Then restart your machine, if the fake support popup still persists switch it back off and call us immediately to get your machine professionally cleaned/disinfected.

Full article @ TechRepublic

Display Older News

Explore 4IT Systems Ltd