View Full Image

ImageGate is a recent form of ransomware that attempts to spread malware through images and graphic files on social media websites. It has been discovered by two security researchers at Check Point Software Technologies Ltd., Roman Ziskin and Dikla Barda. The ransomware works in the same way as Locky virus that automatically encrypts the victim’s files and demands a ransom in order to reveal the decryption key.

Considering the massive increase in the use of social media platforms, such as Facebook and LinkedIn, hackers are directing their focus on breaching the security of these websites. They are continually looking for ways to use these platforms as hosts to carry out their malicious activities.

How Does ImageGate Work?

According to the security researchers, ImageGate works by embedding malicious code into the image files and posting them on ‘white listed’ social media websites. The targeted image files usually have extensions other than ‘.jpg’ or ‘.jpeg’. The malware aims at manipulating the misconfigurations in the social media platforms to purposely compel the users to click on the image. Once the file has been downloaded and the user clicks to open it, all the files on the computer system are encrypted. In order to regain access to the locked files, the user is required to pay the hackers a certain amount as ransom in bitcoins.

Tips To Protect Against ImageGate Ransomware

• Make sure you do not click on any unidentified file downloaded to your computer system.
• If a file gets forcibly downloaded, do not open or execute it. You should carefully delete the file so that the ransomware is not able to infect the files stored on the device.
• You should avoid clicking and downloading images as well as graphic files from social media websites.
• Do not open image files that have unknown file extensions, particularly ‘.svg’, ‘.hta’ and ‘.js’.
• The anti-virus and anti-malware software on your computer should be regularly updated to stay protected against latest forms of ransomware.
• It is recommended to be vigilant while accessing your social networking accounts. Even a single malicious download can make you lose access to your device and all the files stored within it.

Centex Technologies provides complete cyber security solutions to the business organizations in Dallas, TX. For more information on ImageGate and other forms of malware, feel free to contact us at (972) 375 – 9654.

URL shortening is quite a common trend over the internet. These URLs are helpful while sharing lengthy and complex links through instant messaging, emails or on websites that have a strict character limit, such as Twitter. When the user clicks on the shortened link, he is automatically redirected to the original URL. There are a number of URL shortening services available on the internet, some of the popular ones being bit.ly, goog.gl and tinyurl.com.

What exactly is URL shortening?

The concept behind URL shortening is simple. When you enter a long URL, it is encrypted by the use of an algorithm in order to produces another link with lesser number of characters. The shortened URL address is then mapped to the original link so that the user lands on the web page that he intended to visit.

Security risks associated with shortened URLs

• Link Manipulation: The first and foremost security risk is that a shortened URL hides the destination link. It means that there is no way to identify the landing page to which you will be redirected upon clicking the link. This is the reason why shortened URLs are used in various phishing scams. Hackers send these URLs embedded in emails or IMs so that the victim is not able to verify their authenticity.
• Ineffective Spam Filters: As the original URL is not visible, the spam filters cannot identify the potential threat and do not blacklist the email. The safe browsing features in popular web browsers warns the users if they are about to visit a phishing website. However, in case of shortened URLs, as the landing web page is not known, no warning is issued and the user is directed to the potentially spam website.

Tips to stay safe while using shortened URLs

• Many URL shortening services allow the users to check where a shortened URL will be redirected before they actually click on the link.
• Shortened URLs that take the users to a log in or sign up page should never be trusted. Instead, you should access all your online accounts by manually typing in the website’s address. Also, verify that the URL begins with ‘https’ instead of ‘http’.

We, at Centex Technologies, offer effective IT security solutions to business firms in Dallas, TX. For more details, feel free to call us at (972) 375 – 9654.

Network virtualization is a way of combining different physical networks to make them function collectively as a single virtual network or vice versa. At times, the process may also include virtualization of storage solution, which facilitates using all storage devices as a single resource. Network virtualization can serve multiple purposes, depending upon the specific requirements of an organization. This may be aimed at either improving the efficiency of the in-house IT systems or lowering investment in additional hardware components.

Given below are some of the benefits offered by network virtualization:

Centralizing Confidential Data

Due to the increasing data breaches and other online attacks, many business owners are considering storing their data on a centralized location. With this, a hacked computer system, lost/stolen device or negligence on the part of an employee would not pose a major risk to the security of sensitive information. When IT administrators store the data on a centralized server, it mitigates the risk of theft, malware infections and unauthorized access to the company’s intellectual property.

Setting Up A Sandbox

Sandboxing involves demarcating and isolating all the applications that may pose a potential threat to the internal network of the company. Network virtualization proves to be a great help in this regard. When a sandbox is created for web browsing, it prevents all the online attacks from affecting the host server and applications that are operating out of the virtual environment.

Facilitating Secure Network Access

With the increase in ‘bring your own device’ (BYOD) and work from home culture, a lot of employees access the corporate network from their personal devices as well as from multiple locations. When virtualization is used, the employees do not have to deal with the management and security aspects of the network. All these can be handled at the back-end by trained IT staff at the office.

Security Risks Of Network Virtualization

• When virtualization is added to the IT infrastructure, it can make it more difficult to monitor and detect security issues, such as advanced persistent threats (APTs).
• Network virtualization creates a dynamic environment which, at times, may lead to virtual sprawl. This means that the administrator may not be able to keep a track of the online activities and security vulnerabilities that can be exploited.
• To eliminate these risks, it is important to improve the security of the host machine. Virtual systems that are not performing important business operations or remain unused should be removed from the network. Lastly, strict access control policies must be implemented to secure the virtual network.

For more information on network virtualization, contact Centex Technologies at (972) 375 – 9654.

Wearable devices have provided a tremendous opportunity for business organizations to keep the employees connected to work and improve their efficiency. The use of smart glasses, watches, headgear etc. facilitate better data collection and better customer service abilities. However, just like every other technology, security risks are bound to come along. The extensive functionality served by these devices can sometimes magnify the threat surface, thereby introducing many new ways in which data can be compromised.

Here are some of the common security risks posed by wearable devices:

Lack Of Data Encryption

Wearable devices do not use encryption protocols to store the information securely. There is no sophisticated PIN or password required to gain access to the data. They also do not have any biometric or other authentication methods to validate the identity of the users. As a result, there is a serious risk of data theft if the device is lost or stolen.

Difficulty In Patch Management

Most wearable devices function on a completely different operating system and run several third party applications. Hence, frequent software updates and patches are not readily available for these devices. This makes them an easy target for the hackers to carry out malicious attacks in order to exploit the vulnerabilities and intercept information shared through the wireless networks.

Insecure Wireless Connectivity

In order to function efficiently, wearable devices need to be connected to your mobile device through Wi-Fi, Bluetooth or Near Field Communication (NFC) technologies. However, when you keep the connectivity options enabled, you may inadvertently allow hackers to download malware or malicious programs to your device. They may also launch a brute force attack to breach the password of your device’s wireless network.

Recording Sensitive Information Through Photos, Videos and Audio

Wearable devices come along with a very discreet ability to record the important information about your company in the form of audio, video and images. Smartwatches and smart glasses can easily be used to capture and transmit confidential data to the hackers, without leaving any trace. This type of data breach cannot be prevented by anti-malware, anti-spyware and any other form of security software.

We, at Centex Technologies, can help to improve the IT security of your business firm in Dallas, TX. For more information on protecting the wearable devices at your workplace, feel free to call us at (972) 375 – 9654.

Identity theft is a quite prevalent form of online crime that has become more sophisticated and complex these days. When a hacker gets access to your personal information, such as name, password, social security number (SSN), credit card or bank account details, he can use it for a myriad of malicious purposes. These may include breaching your online banking account, committing online frauds in your name or selling your credentials further.

In order to protect yourself from identity theft, it is important to understand the different ways in which the attack is generally carried out.

• Keylogging: This type of identity theft involves installing a malware on the target user’s computer system. Whenever the user logs into an online account or carries out financial transactions, the malware records the keystrokes and transmits them to the hacker.
• Phishing: The hacker may send a fake email to the user or display pop-up advertizements while browsing the internet. The email is spoofed to have come from a credible organization, such as a bank, and requires the user to take an immediate action. This may include downloading a software, visiting a website or filling out an online form.
• Data Breach: Identity theft may also occur when hacker gains unauthorized access to the sensitive information while it is being shared over the internet, particularly unsecure networks. Packet sniffers may be used to view and steal the user’s financial information. Apart from this, spying, denial-of-service attacks, man-in-the-middle attacks and other such techniques may be used. 

Tips To Prevent Identity Theft

• Install Security Software: Make sure you install anti-malware, anti-spyware and other security software in your computer as well as mobile devices. These will help to identify and delete the malicious programs or files from the system. You should also enable firewall to monitor and block any suspicious traffic from accessing your network.
• Follow Proper Security Measures: You should follow the best security practices while accessing the internet, particularly on public Wi-Fi networks. Do not log in to your banking and email accounts or shop online when connected to an unsecure network.
• Guard Against Phishing Attempts: Do not open or download attachments from emails that come from an unknown sender. Also, you should not share your personal or financial information or click on a link embedded in such emails.

For more tips on protecting yourself against online identity theft, you can contact Centex Technologies at (972) 375 – 9654.

IT security is a pre-requisite for successful business operations. The present day online attacks are very sophisticated, hard to detect and can cause serious damage to the computers on your corporate network. Besides malware and virus infection, there are many other security threats, such as Denial of Service (DoS), spyware, ransomware, man-in-the-middle attack etc. Therefore, regardless of the size and type of your organization, it is important to take the necessary network security steps to protect your data from cybercriminals.

Discussed below are a few fundamental tips to keep your network safe:

Delete Unused Accounts

Email or social networking accounts that are not active should be deleted. Since these accounts do not have updated security settings, they are quite easy to be hacked. Make sure you timely review all your official accounts and identify as well as delete the ones that are no longer required. You can either perform this task manually or use a software to remove unused accounts.

Keep VPN Secured

If you use a virtual private network (VPN), you should keep it completely secure to prevent unauthorized access to your company’s internal network. Use the most advanced authentication and encryption protocols to monitor as well as regulate the network’s usage. You can even consider accessing the internet remotely so that your browsing details are not saved.

Be Proactive With System Updates

Cybercriminals are always on the lookout for security flaws in obsolete web browsers, plug-ins, software applications and operating systems that can be exploited for malicious purposes. It is therefore, important to update all the computer systems on your network on a regular basis. Software vendors frequently release patches and updates to fix the bugs as well as improve functionality of the applications. The IT staff should either enable automatic updates or download and install the latest versions from trusted sources.

Secure Your Router

Make sure that you change the default name and password of your router. The default credentials are quite common and can easily be decoded by the hackers. Create a strong and lengthy password as well as a unique username. Also, change the security level from WEP (Wired Equivalent Privacy) to WPA (Wi-Fi Protected Access) or WPA2 so that only the authorized users have access to the corporate network.

We, at Centex Technologies, offer complete network security solutions to business firms in Dallas, TX. For more information, feel free to call us at (972) 375 – 9654.

The extensive benefits offered by cloud computing has encouraged many businesses to switch to this technology. Scalability, virtualized resources, better data security, streamlined processes and flexible infrastructure costs are some of its advantages that have helped businesses to work in a more efficient manner. However, one of the major decisions is choosing between the deployment of public and private cloud.

Given below are a few factors that need to be considered while deciding the right data hosting solution for your business:

Budget

If you own a small or medium business, you can go for public cloud. It is essentially a pay-as-you-go model in which the customers have to pay according to the resources used on the cloud. Also, you would not have to incur any costs on the management of hardware/software and hiring a dedicated IT staff.
On the other hand, if you have a large enterprise that requires to store a huge amount of data for long time periods, private cloud can be a more cost-effective option. You will have a better control over the customization of storage, networking components, virtual servers, hardware etc.

Security And Compliance

If your business operations do not involve storing and processing sensitive information, public cloud can adequately accommodate your requirements. As the hardware, storage and network devices are hosted by third party providers as well as shared among different users, meeting PCI, HIPAA or SOQ guidelines may not be possible. Private clouds are dedicated to and managed by a single organization. Hence, you can limit external and internal access to important files, implement firewall technologies and apply stringent security policies.

Hardware And Virtual Server Control

With a public cloud, you do not have any control over the hardware and network on which your virtual server will be placed. Only your cloud service provider is authorized to decide on all these aspects. If you need complete control over the technical issues related to the cloud, you should opt for private cloud. You can specify and customize the hardware, storage and network performance according to the requirements of your business.

Reliability

Reliability and operational efficiency can be quite a major concern in case of public cloud. Even if the providers conduct frequent testing procedures, outages are common due to excessive load on the network. This can affect your organization’s ability to function. Private cloud ensures uninterrupted services to the users by transferring to another server if such a situation occurs.

We, at Centex Technologies, provide efficient IT security solutions to the business firms in Dallas, TX. For more information, you can call us at (972) 375 – 9654.

Malvertizing, or malicious advertizing, is a cyber-threat that involves disguising spam code into online advertizements that seem to be legitimate. When a user hovers or clicks on any of these ads, it leads to downloading malicious software that can damage data, steal confidential information or even get complete remote access of the infected computer. Malvertizing attempts to exploit the unpatched software vulnerabilities in a computer without any need to compel the user to visit a malicious website.

How Does Malvertizing Work?

Malvertizements can appear on a website in any of the following ways:

• Legitimate Ads: The cybercriminal initially places a number of malware free advertizements on a credible website that allows third party ads. Eventually, he may inject a malicious code into the advertizement to infect maximum computers before it is banned or removed.
• Pop-Ups: Pop-ups can infect a user’s computer the moment the ad appears on the web page. In some cases, the malware may also be installed when the views clicks on ‘X’ to close the pop-up.

How To Protect Against Malvertizing?

• Disable Auto Play For Plug-ins: When you choose auto play for plug-ins, all Java and Flash elements will automatically run when you visit a web page. As most malvertizing attacks involve the use of malicious plug-ins, make sure you have complete control over the ones that you need to run.
• Remove Unused Plug-Ins: You should disable or uninstall all the browser plug-ins that you do not use, including Java. This will reduce the probability of a malvertizing attack by limiting the number of vulnerable software that can be exploited by the cybercriminals.
• Update Your Web Browser: Your web browser should be regularly updated to fix any security flaws. You can enable automatic updates to keep your browser protected against malvertizing attacks. If you have a plug-in installed, make sure they are frequently updated with the latest versions.
• Stay Informed: You should always be cautious of pop-ups that claim to remove malware or increase the speed of your computer. Do not click on any of these links as they may inject a malicious code or download spam software to your computer. Anti-virus, anti-malware software and browser toolbars should also not be installed through an advertizement or pop-up link. 

We, at Centex Technologies, provide complete cybersecurity solutions to the businesses in Dallas, TX. For more information, you can call us at (972) 375 – 9654.

Domain hijacking or theft, can be defined as a security breach in which the hacker steals the target organization’s domain name and transfers its ownership to himself. Once successful, the hacker gains access to the control panel from where he points the domain name to another web server. Thus, whenever a user visits the website, he gets redirected to the hacker’s website. In most instances, the attack is carried out by falsifying a domain transfer authorization code or by using phishing techniques.

Given below are a few common methods that the hackers use for domain hijacking:

Spear Phishing

This is one of the easiest ways to steal the login details of the target website’s admin account. The hacker may send a fake email, claiming be to be from a genuine source, to extract information. The email may also contain a link that redirects the user to a phishing website that looks similar to the original one. When the user logs in to the admin account, the credentials are recorded by the hacker.

Domain Registrar Vulnerabilities

The hacker may also look for unidentified vulnerabilities in the domain name registration system. For instance, in the absence of any restriction on the number of invalid login attempts, the hacker may initiate a brute force attack. Through this, he may employ the trial and error method to use multiple password combinations till the login is successful.

Web Server Vulnerabilities

Security flaws in the target organization’s web server can also be exploited to gain access to the website admin account credentials. In the absence of proper security measures, there are high chances that vulnerabilities in the hosting server provide a backdoor for the hacker to gain access to your website.

Tips To Prevent Domain Hijacking

• Use Two Factor Authentication: Many domain registrars provide an additional security layer to the users by allowing two factor authentication. With this, each time you log in to the admin account, you will have to enter your user name and password, along with a numeric code sent through a text message.
• Request DNSSEC From Your Domain Registrar: Domain Name System Security Extensions (DNSSEC) is a technology that can prevent a domain hijacking attack. It allows the website admin to monitor traffic and use digital signatures to verify the legitimacy of the DNS responses.
• Change Default Password: Make sure you change the default password of your admin account. If you retain the same login credentials provided by your registrar, your domain security may be at risk.

For more information about domain hijacking, contact Centex Technologies at (972) 375 – 9654.