To fend off the latest cyberattacks, Android phone manufacturers claim they always stay on top of bug fixes and security patches. But in light of recent reports, you may not want to take their word for it. Researchers say some popular Android vendors have missed quite a few important patches. If you’re an Android user, read on to find out whether you should be worried.

Missed patches
Every month, Google rolls out a new batch of Android bug fixes and critical security updates. These patches are available to Google Pixel phones almost immediately, but many third-party manufacturers are often months behind. When it does arrive, you should theoretically be protected from every recently discovered threat.

After extensively researching 1,200 different smartphones, however, Karsten Nohl and Jakob Lell of Security Research Labs discovered that even though certain phones were considered “up to date,” they didn’t have all the bug fixes and security updates listed on the patch notes. In other words, smartphone vendors often missed important patches.

The study found that, on average, Sony, Samsung, and Google occasionally missed a patch but were generally more secure than other vendors like Nokia, Motorola, HTC, LG, and Huawei that skipped several important updates.

According to manufacturers, these missed updates are purely accidental. Since there are so many updates to install every month, manufacturers can easily lose track and may even skip quality control checks just to keep up.

But as we’ve seen time and again, small accidents can lead to massive-scale breaches. Unlike most Android consumers, who usually don’t think twice about the updates they’re installing, hackers always read patch notes and attempt to find weaknesses to exploit.

The solution
Fortunately, Security Research Labs released SnoopSnitch, a firmware analysis app that checks whether your Android phone is missing any security patches. If your phone model did miss a few patches, the app will record the data and send it to the device manufacturer so they can create a fix as soon as possible.

Experts also say that users shouldn’t panic if they notice a missing patch and there are no updates available from their device manufacturer. Good security practices like avoiding suspicious emails and software from the Play Store will generally keep you safe from a wide array of attacks. What’s more, you should enable multi-factor authentication (using both a passcode and biometric scan to access your device) whenever possible to prevent account hijacking.

On Google’s end, they’re working on streamlining the patching process for manufacturers and creating even stronger security measures that will prevent hackers from gaining a foothold into your device.

Nevertheless, you should still update your Android devices as soon as they become available if you want to avoid a disastrous breach. And if you feel overwhelmed with managing security patches, don’t worry! Just call us today and we’ll help you out.

The post Is your Android phone really up to date? appeared first on Complete Technology Resources, Inc..

Bad news, internet users: Cybercriminals have developed more advanced tricks to compromise your systems. While you may be familiar with attacks involving suspicious emails, the new kid on the block known as watering hole attacks are far more nefarious and effective. Fortunately, there are a few things you can do to keep yourself safe.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

The post Safety tips for watering hole attacks appeared first on Complete Technology Resources, Inc..