info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - Ransomware Updates

4/14/2016

Update on Ransomware-related items
An update on various ransomware-related security topics and Windows 10

MP3 - Ransomware Topics Updates

 
 

Only buy technology hardware from valid distribution partners

If you need surveillance cameras, only buy Axis.

A security researcher found malicious code running on the web page of the surveillance cameras he purchased on Amazon. I'll give you one guess on what country they came from.

You need to realize that anyone can sell anything on Amazon. The camera was a Sony camera, and Mike Olsen, the security researcher, even said the page looked different from usual.

So what this means is that when you buy parts outside of the normal distribution channel and not from trusted partners, you have no idea how much that equipment may have been tampered with.

http://artfulhacker.com/post/142519805054/beware-even-things-on-amazon-come

Mike Adams, the Health Ranger, has done a number of posts on the fake supplements being sold on Amazon. It's the same thing. You need to know where your parts are coming from or you cannot trust them.


Uninstall QuickTime for Windows: Apple will not patch its security bugs

http://www.theregister.co.uk/2016/04/14/uninstall_quicktime_for_windows/

Trend Micro published an article on an urgent call to uninstall QuickTime.

http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

And here is the US-CERT posting on removing QuickTime.

https://www.us-cert.gov/ncas/alerts/TA16-105A

Some more notes on ransomware

  • There is a decrypter for Petya now available.
  • You need to have offline backups or at least backups that are secured from ransomware as much as is possible.
  • Office 2016 has macro protection when configured by policy that can stop a lot of the ransomware.
    https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/
  • If you have Office 365, you can get full sandboxing and APT blocking for your whole Sharepoint, One Drive, and Exchange Online infrastructures with DLP. I am running that now.
  • Visit my website and sign up for Office 365 or contact me to get you signed up. I can get you APT blocking and sandboxing for your business email also.
  • If you are a non-profit organization with Office 365, you may find that Trend's Smart Protection Complete is a more cost effective option than getting Cloud App Security and Trend WFBiz separately.
  • Don't confuse Microsoft's Cloud App Security with Trend Micro's Cloud App Security

 

94% of Tor traffic is categorized as malicious

http://arstechnica.com/tech-policy/2016/03/new-data-suggests-94-percent-of-tor-traffic-is-malicious/

Another fine example of why application control and blocking is needed on all networks.

If the majority of Tor traffic is malicious content, then you should be using application control network layer security to block Tor.

 

For those of you that upgraded to Windows 10 and want the protections of UEFI boot:

http://social.technet.microsoft.com/wiki/contents/articles/14286.converting-windows-bios-installation-to-uefi.aspx

It is actually possible to change your boot style from MBR to UEFI, but be prepared for a dead system if mistakes are made. So just make sure you have all your backups current and are prepared to rebuild that system from scratch if required.

 
 
Linkedin