HP laptop users beware: keylogger found

, , , , , , , ,

You might be entering credit card details on a website to purchase something online or filling in your personal information to subscribe to a service, thinking you’re safe behind the keyboard. And you probably are — if the computer you’re using doesn’t have a keylogger installed. But for HP laptop users, chances are they aren’t so lucky. Read on to see why.

What are keyloggers?

Keyloggers are hardware devices or software programs that record every key you press on your computer’s keyboard. Most keyloggers can also capture screenshots and send them to a remote computer where someone is waiting to see what you’re up to.

And why does this matter? Because hackers can steal your usernames and passwords, keep track of the messages you send via instant messaging apps or emails, and other personal information you disclose on online forms. Imagine what they can do with all that data.

A keylogger spotted on hundreds of HP laptops

In early December, a security researcher discovered a keylogger pre-installed on an HP laptop. This led to the revelation that more than 460 HP laptop models, including ProBook, Pavilion, EliteBook, and the Envy line include the Synaptics touchpad driver — which can be used as a keylogger.

Even though the keylogger on those HP laptops isn’t activated by default, an attacker who gains access to your laptop can enable it without much difficulty. HP themselves said the keylogger code had been added to the software by mistake and they’ve since released patches to fix the issue.

What should HP laptop users do?

If you own an HP laptop, check whether you’re affected by referring to this full list of affected models. If your laptop model is on the list, click on the link provided on the right side of the model name and download the security patch immediately to remove the keylogger from your computer.

How to protect yourself from keyloggers

The standard security measures — which you should be taking to heart and keeping up to date — can help protect you from keyloggers. You should avoid suspicious websites and never download files from them, and take extra care when opening attachments, text messages, or social media links from unknown senders since they can be embedded with a keylogger.

You should also have antivirus software installed and keep it up to date. Most antivirus software nowadays has already added keyloggers to their databases. It’s also good to be aware of the latest security patches from your hardware manufacturers and software developers since they’re made to fix current vulnerabilities.

And to make things even more secure, consider using one-time passwords and two-step verifications when you need to log in to important online services, such as those related to personal finance or services that require sensitive personal data.

Need more tips and tricks on how to protect yourself and your business from cyber espionage? Talk to our security experts today. They will be more than happy to explain IT security issues to you in plain English!

Published with permission from TechAdvisory.org. Source.

Precautions against WannaCry ransomware

, , , , , , , ,

The WannaCry ransomware, a type of malware that encrypts a victim’s files and extorts them for money, has already affected thousands of machines worldwide. Unfortunately, the success of this attack is just the beginning. According to security researchers, other hackers will probably develop stronger WannaCry variants in the coming months. And if you don’t want your business to become a victim of these attacks, you must take the following precautions.

Update your software
The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run security programs
Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use data backup and recovery tools
If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay informed
Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today. We’ll make sure hackers don’t hold your business hostage.

Published with permission from TechAdvisory.org. Source.

5 great ways to prevent cyber-attacks

, , , , ,

2017February15_Security_CAs technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

Understand the threats you’re facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

Finalize a plan

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

  • Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
  • “Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
  • Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
  • Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
  • Antivirus software that specializes in the threats most common to your industry.

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security by giving us a call for a demonstration.

Published with permission from TechAdvisory.org. Source.

6749 S. Westnedge Ave

Suite K, #128

Portage, MI 49002-3556

Southwest Michigan: (269) 290-7137

St. Louis: (314) 558-0623

Toll Free: (877) 288-5527

© 2022 Brain Trust Technologies, LLC. All Rights Reserved