A client of ours received an email warning her that someone had used her Apple ID to download an app:
We’ve compiled five very specific reasons why consignment and resale stores (or any business) should not use Microsoft Security Essentials (MSE).
A very common browser hijack/search redirect, Conduit, has a little bug in its uninstaller.
We’d like to see as many consignment and resale stores start 2014 out on the right foot.
A popular and long-standing software download site, SourceForge, is injecting malware in to its software installers.
Securing consignment systems involves more than just installing free antivirus software and hoping all goes well.
Critical security vulnerabilities in Adobe Acrobat and Adobe Reader have been identified and Adobe has issued a security advisory. These are being actively exploited in the wild by sending users malicious PDF files.
This affects users of Linux systems, Macs, or Windows.
Adobe is recommending users enable Protected View via Edit > Preferences > Security (Enhanced).
Unfortunately, this security feature is not enabled by default. Thanks, Adobe.
This is one of the many reasons we recommend using SumatraPDF (via Ninite.com). It is lightweight, functional, and it’s one additional layer of protection against attacks.
For clients on our System Monitoring w/ Patch Management service, we will be addressing this issue for you.
The most popular internet speedtest site, Speedtest.net, was recently compromised. They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.
Invincea has a fantastic dissection of the payload the infected site was delivering. This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system. It doesn’t have to be a *questionable* website or suspicious email that leads to infection. Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.
There is no single solution to security. Security is a multi-layered approach. With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start. By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system. Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible. A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.
So keep your wits about ya, folks. Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.
For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.
ESET Nod32 Version 6 was released today. By default, ESET Nod32 does not check for and install new program updates automatically. For any clients on our Monthly Support Plan or any clients who have purchased consignment workstations or database servers from The Computer Peeps and as per PCI DSS, this is one of the many adjustments we make to properly secure your system. Your systems will update automatically.
To manually check for program updates, visit the Updates tab of ESET and then click the Check button. ESET will check for the latest update…
[info_box style=”notice”]Tip: Setup > Enter Advanced Setup > Update > Advanced Update Setup > Setup to enable the Regularly check for latest product version option, as well as the ‘Always update program components’ option.[/info_box]
Once ESET has checked and found the latest update, click Install…
ESET will require a reboot once this update has been installed…
The new version is for the most part, the same as version 5 and is not a complete departure. That being said, ESET has added handy new features and optimized program performance even more than before.
They’ve added a new Social Media Scanner, which we highly recommend enabling and installing.
You’ll be prompted to install ESET’s Facebook app…
This new extension of ESET, protects your Facebook page by scanning for malicious posts, links, and messages. It can even alert your friends, if they have malicious content on their Facebook walls.
The settings available cover options such as email notifications and whether or not the ESET app should ‘reply’ to posts from infected/malicious posters…
Overall, this has been a smooth update thus far. Make sure your antivirus is updating automatically, but as always, make sure you’re taking all the precautions to manage your systems – e.g. file backups, system images, database backups, etc.
For clients on our new System Monitoring & Patch Management Service, we’ll be alerted as each system automatically updates to the latest version of ESET and we will be checking on each and every system…
If you have any questions or comments, feel free to post below!
This week, Malwarebytes released v1.70 which brings with it a slightly updated look. The interface and program are still the same, but they’ve implemented their new logo/color palette throughout the application.
We just wanted to point this out so everyone running Malwarbytes’ Anti-Malware Pro knows MBAM is still running and protecting your system; it’s just no longer using the traditional red ‘M’ icon.