Draytek Router Security Alert

Do you run Draytek routers?

If so, you need to know that Draytek became aware of a new attack affecting web-connected devices, including Draytek routers.

It’s paramount you check your router’s DNS settings and update its firmware. This is what Draytek had to say in its advisory statement.

What Draytek says:

In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers. The recent attacks have attempted to change DNS settings of routers.  We are in the process of releasing updated firmware, and will issue each ASAP to address this issue. You should upgrade as soon as it is available but also immediately follow the advice below:

 

  1. Update your firmware immediately, or as soon as updated software is available. Before doing the upgrade, take a backup of your current config in case you need to restore it later (system maintenance -> Config Backup).   Do use the .ALL file to upgrade, otherwise you will wipe your router settings. If you are upgrading from a much older firmware then please check the release notes carefully for any upgrading instructions. Note : If your are an Irish user (or using an ISP who uses non-standard VLAN tags), please see the note further down.
  2. Check your DNS and DHCP settings on your router.   If you have a router supporting multiple LAN subnets, check settings for each subnet.  Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e.g. Google 8.8.8.8). A known rogue DNS server is 38.134.121.95 – if you see that, your router has been changed.

    In the case of DHCP, the DHCP server may be disabled, which will typically cause errors on your LAN as devices fail to be issued with IP addresses so the problem is more obvious.

  3. If your settings appear to have been compromised, restore a config backup or manually check and correct all settings. Change your admin password and check that no other admin users have been added. Follow all of the advice in our previous CSRF article here.
  4. If you have remote access enabled on your router, disable it if you don’t need it, and use an access control list if possible.   If you do not have updated firmware yet, disable remote access (admin) and SSL VPN.  The ACL does not apply to SSL VPN connections (Port 443) so you should also temporarily disable SSL VPN until you have updated the firmware.

  5. Always use secured (SSL/TLS1.2) connections to your router, both LAN and WAN side. To do that, just prefix the address with https://.   Disabling non-SSL/TLS connections:

    The ‘enable validation code’ option at the top (above) is recommended. It adds a ‘captcha’ style option to the web admin login page.

  6. If you are in the UK/Ireland, ensure that you’re a member of our mailing list so that you can receive update and security advisories like this otherwise we have no way to notify you of this and any future issues.

 

Keeping you safe online

Draytek went on to say:

The priority for us has been to identify the cause and issue strengthened firmware so this is an initial report/advisory. We continue to monitor and investigate this issue and will update as appropriate.  At this stage, for obvious security reasons,  we will not be providing any further details of the issue. Please share this advisory with other DrayTek users/SysAdmins.

Our wireless access points (VigorAP series), switches (VigorSwitch series) and Vigor 2950, 2955, 2960, 3900 and 3300 series routers are not affected and do not need updating (but you should still always run the latest firmware on those anyway).

If you have a Draytek router, make sure you follow their advice and stay safe online.

Source:https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks

Can You Be Anonymous Online?

How to be anonymous online

 

When we talk about being anonymous online, we’re not thinking about it in a creepy stalker kind of way. Instead, we’re thinking about how companies, hackers and the government are keeping an eye on us.

Have you noticed that you can’t browse the internet these days without adverts for the products you’ve been looking at popping up on your social media feeds?

The truth is that internet privacy is very poor. However, there are a few things you can do to enhance your privacy.

This list was created by BullGuard. You don’t have to follow all of them, but by adopting one or two you could enjoy a little more anonymity online.

 

  • Anonymising operating systems

Most of us use standard operating systems such a Windows or MacOS. However, there are other operating systems we can use that anonymise users. For instance Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD. Tails preserves your privacy and anonymity; all connections to the Internet go through Tor network nodes which ensure users are anonymous. There are operating systems which provide anonymity such as Ironkey Workspace, ZeusGuard and Qubes OS.

  • The value of VPNs

A virtual private network (VPN) anonymises your web surfing and keeps your communications private. They are specifically built to make your internet connection more difficult to identify and track as well as encrypting your communications.

  • Tor browser

Tor is often thought of as a browser which it is, but is also much more. It’s a system consisting of tools, browsers, application programming interfaces and a network all dedicated to helping you stay anonymous online. When you use the Tor browser you enter a Tor network path and the traffic to and from your destination is routed through a random set of Tor network nodes. Tor is one of the best ways to stay anonymous when combined with other privacy tools.

  • Privacy Badger

Privacy Badger is a browser plug-in offered by the Electronic Freedom Foundation. Available for Chrome and Firefox, it stops advertisers and third-party trackers from tracking your web browsing, including what pages you visit. It watches third-party domains that place images, scripts and advertising in web pages you visit and stop them from tracking you.

  • Free applications can track you

Free applications come with a price. If an application is free and it isn’t designed to protect your privacy and its popular then it’s very likely that it contacts servers and send back information about how you are using the product.

  • Privacy testing

If you have a few privacy features in place the Electronic Freedom Foundation provides a service to assess how well they are working. Simply click through to this page and click the Test Me button.

  • ‘Private’ search engines

Popular search engines like Google and Bing keep track of your searches so they can target ads at you. The DuckDuckGo browser is designed to protect your privacy so your searches aren’t tracked.

  • Sharing files anonymously

Dropbox is very popular file sharing service. But as Edward Snowden said it is “hostile to privacy.” A free alternative that enables anonymity is OnionShare. It’s available for Windows, Mac OS X, and Ubuntu.

  • Delete cookies and browsing history

It’s a good idea to regularly clean out cookies that websites use to track you and your browsing history. These can be used to identify where you’ve been. CCleaner is a useful free tool that enables you to do this quickly. There are others too.

Privacy is a basic right we all have. Hopefully, these suggestions will help you gain control of your online life.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages

Source: BullGuard

Look Out, There’s SMS Phishing About

SMS Phishing scam

 

SMS Phishing is fast becoming one of the most common forms of threat – even more so than fake apps.

You might think that in the scale of things, SMS scams as a cyber threat is a bit old school, but that’s what makes them so darn clever. You are constantly reminded about looking out for fake apps, dodgy emails and unsecured websites but what happens if you get a text telling you you’ve won a product?

The chances are because it’s not an email, you would be drawn in. The fake URL contained within the message proves too tempting, and you click – after all, what harm could it do? It’s only a text.

The problem is that one click will unleash malware on your smartphone.

Don’t get caught out

It pays to be vigilant whether using your PC, tablet or phone. To help you stay safe here are a few things to watch out for, courtesy of BullGuard:

  • Don’t click on messages from unknown sources that contain links
  • Don’t reply to any messages that ask about your finances
  • If the text demands a quick reply, ignore it, it’s probably a smishing attempt
  • Don’t call back a number associated with a text that has arrived ‘out of the blue’
  • If the message starts: “Dear user, congratulations, you have won” (or something along those lines) it’s a scam
  • If the message purports to be from a long lost friend, it’s a scam

To be on the safe side, here at MPM we recommend you protect your devices with a product like BullGuard (others are available).

Above all, stay vigilant and stay safe.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

It’s The Season of Giving But That Doesn’t Mean You Should Give a Stranger Access to Your Computer

Scammers and hackers

 

It’s The Season of the Hacker

We first published this blog post back in June of last year to warn you about hackers. However, considering the number of clients we’ve been trying to rescue from scams recently, it’s about time we posted it again.

Regardless of whether you get a phone call purporting to be from your phone company or a software giant, hang up. Just today we were called by ‘BT’ telling us that someone had hacked our router and could see all our internet searches and purchases. All we had to do was go to Google and open a site…we put the phone down at that point. And that’s what you should be doing.

Now and then the scam phone calls start.

They come out of the blue to catch you unawares.

As you go about your business, someone informs you there’s a problem with your computer – what do you do?

Before I answer that take a look at these questions:

  • Would you give a total stranger the keys to your house?
  • Would you give a total stranger the keys to your car?
  • Would you tell a total stranger how to access your financial banking system?

I’m guessing you answered no to all of those. So how come people give a total stranger (i.e. a hacker) access to their computer?

On the strength of one unsolicited call, people allow remote access to their computers – and that means their files, photos and everything else they hold dear.

Yes, the caller is probably very polite, they will even try to make you believe they are doing you a favour and have called just in the nick of time.

But answer me this – how do they know what’s on your computer? There is no way they can tell what software you’re running, programmes or anything else for that matter, so there is no way they’ll know whether you have a virus on your machine or not.

No one from a multinational billion dollar turnover company (i.e. Microsoft) is going to phone a residential customer to resolve an issue on their PC or laptop.

When you get one of these bogus calls – and you will – do yourself a favour and hang up on them. If you want, call a trusted local company, like MPM IT and get them to check over your PC for you for your peace of mind.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Why You Should Think Twice Before Sharing Your Location Online

don't share your location

 

It’s good to share – at least that’s what many of today’s apps would like you to believe.

Foursquare, Facebook, Swarm and Twitter encourage you to check-in everywhere you go. Now, for most of us, that’s not a big deal. However, if you’re one of those people with hundreds and thousands of followers, are you sure sharing is safe?

The potential harm

You might think this is a fuss over nothing and, to be honest, 90% of the time sharing your location is completely harmless. But, the potential for crime is real.

There have been instances where burglars have monitored social media so the can target houses of those posting idyllic photos of their beach holiday.

Sharing your location can lead to unwanted visitors – how about a jealous ex turning up unannounced? OK, this in all likelihood is rare, but it could happen.

Sharing safely

We don’t want to be a party pooper, and you can enjoy these apps safely. The key is to make sure you know who you’re sharing your location information with. Rather than broadcasting your location publicly, think about who you want to see where you are.

Panda Security offers these tips:

Apple

Tools like Apple’s iMessage allow you to send pinpoint locations to specific contacts for instance – perfect when you’re trying to organise a meeting, or when one of your friends gets lost on the way. Find My Friends, another Apple app, allows family members and close friends to keep tabs on each other all the time – so long as they agree to sharing their location first.

Android

For Android users, Panda Mobile Security limits sharing personal information through the Privacy Auditor. It shows the permissions required by the apps installed on your device (access to contacts, bank account data, photos, your location, etc.). With a quick look you’ll decide which apps can have access to your location.

Google Maps offers similar functionality – but to maintain your privacy you must set a time limit for sharing. This means your contacts will only see where you are for a few hours or days, reducing the risk of someone you don’t want following you around.

So there are ways you can share your location safely.

Above all:

  • Don’t share your location blindly to everyone
  • Regularly check your sharing permissions
  • use privacy-based apps like iMessage, Find My Friends and Google Maps

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

Even Old Windows Server Machines Can Fend of Hacks

Windows Server 2003

 

Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.

Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.

It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.

However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.

Network segmentation and monitoring

Network segmentation goes beyond placing vulnerable servers behind a firewall.

By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.

It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.

Application whitelisting

Whitelisting works by allowing only trusted applications to run on your computer.

It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.

Backup sensitive data

Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.

The best option

Although these ideas will help, the best solution is still to upgrade.

Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: pcworld

Is There a Script Kiddie Watching You?

Webcam

 

A recent article in Trascendit caught our eye. It was about webcams, or more specifically about people watching you through yours.

It’s not a sophisticated hack, but it’s rather unnerving because they’re not doing it for financial gain; instead, they’re doing it for fun.

The people behind it are known as Script Kiddies (or skiddies). They don’t write any complicated software or code to get into your machine; they rely on you to do the damage for them.
They use a simple phishing scam that’s sent directly to your email that’s made to look like any other email from an organisation. But once you click a link the malicious software installs without you realising.

This type of malware isn’t designed to steal your passwords or card details, (at least, not at first) but to give the sender remote access to your machine. It’s called a Remote Access Tool, or just a RAT – and it’s exactly as unpleasant as it sounds.

Once installed, the Script Kiddie has complete control of your machine. They can flip your screen, open your disk drive, open websites, browse your private documents and pictures and log your keystrokes to steal your information. Or, if they prefer, just turn on your webcam and microphone and start watching.
The scariest part of this hack is that it’s almost impossible to know whether you’re a victim.
There are things you can do to make sure that you don’t end up on one of these sites:

  • Learn how to identify phishing emails
  • Don’t use torrents
  • Install antivirus software, and do a full scan every month or so
  • Get yourself awebcam cover – just in case.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

2017 Will See More Advanced Cyber Attacks Says Panda Security

Cyber attacks

 

Cyber attacks are getting more sophisticated. Hardly a month goes by without another report such as the one that recently hit the NHS.

Companies are being warned to be more and more vigilant as the cyber criminals find new ways of infecting their increasingly connected worlds.

To look at this further and identify the potential weak spots that could be targeted in 2017 and beyond, Panda Security has ranked the most popular attacks of the year and analysed their evolution.

Cybercrime

Cybercriminals focus their efforts on those attacks which can rake in the most profit, using more effective tactics and professionalising their operations in a way that allows them to make quick and easy money in an efficient manner.

Ransomware

This Trojan Horse will take centre stage with regard to cybersecurity and will cannibalise other more traditional attacks that are based on data theft. The pursuit of profit is the primary motivation of cybercriminals, and ransomware is the simplest and most effective way to achieve this. Some things never change: victims of this hijacking malware will have to decide whether to pay, or not, to recover their data. Of course, paying the ransom does not guarantee the total recovery of stolen data.

Companies

The number of attacks directed at corporations will increase, as these attacks become more and more advanced. Companies are already the prime target of cybercriminals, as their information is more valuable than that of private users.

Internet of Things (IoT)

The next cybersecurity nightmare. The technological revolution has ushered in the complete integration of smaller devices into the grid, which can be converted into entryways into corporate networks.

DDoS Attacks

The final months of 2016 witnessed the most powerful DDoS (Distributed Denial of Service) attacks in history. These attacks were carried out by bot networks that relied on thousands of affected IoT devices (IP cameras, routers, etc.). 2017 will see an increase in this kind of attack, which is typically used to blackmail companies or to harm their business (by blocking web access, online shopping, etc.).

Mobile Phones

Focusing on one single OS makes it easier for cybercriminals to fix a target with maximal dissemination and profitability. Android users will get the worst of it in the next 12 months.

Cyberwar

The precarious situation with regard to international relations can have huge — and serious — consequences in the field of cybersecurity. Governments will want access to still more information (at a time when encryption is becoming more popular), and intelligence agencies will become still more interested in obtaining information that could benefit industry in their countries. A global situation of this kind could hamper data sharing initiatives in the next year.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Panda Security

Watch Out There’s a New Mac OS Ransomeware About

Mac OS ransomeware

 

Ransomware and the such like is not something Mac users have had to worry about too much. Seen as a ‘safer’ option than Windows machines, the Mac user has been happily using their devices, relatively trouble free, for quite some time.

But that’s changing.

According to Computerworld:

“A new file-encrypting ransomware program for Mac OS is being distributed through bit torrent websites, and users who fall victim to it won’t be able to recover their files – even if they pay. Crypto ransomware programs for Mac OS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one.”

The offending ransomware, dubbed OSX/Filecoder.E, was spotted by security firm ESET and was developed in Apple’s Swift programming language.

It works by pretending to be a cracking tool for commercial software such as Adobe Premiere Pro CC and Mircosoft Office for Mac. However, because of programming errors, and the lack of a developer certificate from Apple, it is often blocked by newer versions of Mac OS.

The biggest problem with this malware, according to Computerworld, is:

“It generates a single encryption key for all files and then stores the files in encrypted ZIP archives. However, the malware doesn’t appear to have any ability to communicate with an external server, so the encryption key is never sent to the attacker before being destroyed.”

Sadly, malware is never going to go away, and more and more cunning scams will be developed. The best advice we can offer is to remain vigilant and never click on or download anything that you’re unsure about.

We’re grateful to Computerworld and Spiceworks for this update so we can pass it on to you to help you and your data stay safe.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

New Scam – Beware of the Emailed Parking Ticket

Fake parking ticket

 

No one likes getting a parking ticket. They are one of life’s annoying things that tend to crop up when you least expect them.

What happens if you get one you weren’t expecting? Do you just pay up because it must have happened?

No.

The latest scam from internet fraudsters could see you paying a fine that doesn’t exist.

This phishing scam involves random emails with parking tickets. The email looks as though it comes from the UKPC, or UK Parking Control. You can’t miss them because they generally come with the headline: ‘Notice to Ticket Keeper’ or ‘Reminder to Ticket Keeper’.

This is followed by a bit of official looking text that claims a parking attendant has reason to believe that you parked on a client’s private land. It then gives you a bill complete with fake date, a fake reference number and a fake parking charge amount of £90.

Unlike other scams, this one looks very official and isn’t dotted with the usual tell-tale spelling mistakes. You can see what it looks like above.

If you click on the link that says ‘payment options and photos’ at the bottom you’ll either unleash a tonne of malware, or you could end up losing £90 to a non-existent fine. Or worse you could end up with both.

The beauty of this scheme (from the scammers’ point of view) is that it relies on the victim to provide the urgency. Most people follow up straight away and pay without asking any questions. However, before acting it’s worth doing a bit of simple checking.
It’s easy to check whether your fine is genuine. According to the UKPC’s official website, they do not send Parking Charges by email; so if you get one, send it straight to junk.

If you’re reading this too late and you’ve already had one of these emails, run a malware scan on your computer immediately.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Transcedit