While Apple products are renowned for being highly secure, they’re not completely immune to cyberattacks. Fortunately, Apple frequently releases updates to fix any issue that they’ve discovered. And if you have macOS High Sierra, you need to make sure you’re running the latest patch.

Serious bug
On November 28th, security researchers reported a serious bug in macOS High Sierra that allows anyone to easily take control of any Mac computer. Normally, users are asked for their username and password before logging into their Mac, installing a new application, or changing settings. However, this recent bug allows users to simply type “root” as a username, leave the password field blank, and click “unlock” to gain full access.

This means if hackers have physical access to a machine, not even passwords can stop them from getting inside. They could, for instance, log in with "root," reset the username and password, and enjoy future access to the machine at any time. They could also install spyware with ease and monitor your activity 24/7 without being detected.

The bug was so alarming that Apple released an emergency patch within a day. But even the fix had problems, and when users installed the next major macOS update, High Sierra 10.13.1, the bug reappeared.

Luckily, Apple was quickly made aware of this secondary problem and rolled out a 10.13.2 update on December 6th to completely resolve the issue.

Other threats to Apple security
This wasn’t the only problem Apple had to deal with recently. In October, Apple released an update for Key Reinstallation Attacks (KRACK) -- a type of attack that essentially breaks the encryption protocols between a router and a device, allowing hackers to read private messages and steal other sensitive data.

And last week, an iOS 11 update was rolled out to fix glaring weaknesses in Apple’s HomeKit Internet of Things framework, which enables hackers to exploit smart devices like security cameras and door locks.

How to protect yourself
The importance of checking for updates and installing them as soon as possible cannot be understated. Hackers are more active than ever and will use any means necessary to breach your network. Updating your software is the best way to reduce the number of exploitable entry points into your business.

To install updates for Apple devices, open the App Store, and click on Updates. All critical updates should be displayed on the window, but if you don’t see the one you’re looking for, use the Search field to find it.

Even though the potentially devastating High Sierra bug has been fixed, you should consider creating a genuine root user password to prevent others from gaining access to your machine just by typing in “root.”

To do this, open Directory Utility, which can be found in the Users & Groups tab in System Preferences. From there, click on Edit and select Enable root user, where you will be prompted to set a password. And last but not least, make sure you set a strong password.

Protecting your systems is a full-time job, so if you’re not experienced with computers, call us today. We’ll give you the tools and services you need to stay safe from a wide range of cyberattacks.

The post Apple releases another critical update appeared first on Complete Technology Resources, Inc..

Cyber criminals will stop at nothing to attack your systems and profit from it…and they know there are vulnerabilities to be exploited in businesses that use mobile technology. To beef up data security, adopt a mobile threat detection (MTD) strategy.

How machine learning helps

Mobile threat detection is an all-around solution that protects the physical device, its network traffic, and the applications from malware. It is augmented by a machine learning mechanism, which allows devices to recognize usage patterns and identify potentially malicious behavior without additional programming.

Not only is it able to identify abnormal behavior, it’s also useful in cases involving multiple mobile devices. For example, you’re monitoring a hundred Android mobile devices running on a specific OS version and one deviates from the rest; machine learning makes it easy to spot that anomaly and detect possible threats.

Is MTD effective in detecting malware?

It’s no secret that most malware are cleverly disguised as useful programs or apps, making them difficult to detect. The key to finding -- and defending against them -- is recognizing irregular patterns in user behavior and how individual devices function.

For this reason, a simple scan is not enough, especially for cyber crimes like phishing scams directed toward individual recipients. Machine learning integrated into mobile threat detection helps by observing both the app and the user’s behavior. But despite this formidable combination, cyber criminals continue to develop more sophisticated ways to attack computer systems and mobile devices. As such, mobile security needs to cover applications, networks, and devices to be effective.

How to adopt MTD solutions

MTD is an essential part of mobile security and is widely offered by various vendors. However, implementing one requires a thorough evaluation of important factors, including industry regulations and the level of sensitivity of the data stored and/or exchanged in your mobile devices.

Your chosen MTD solution should also be able to inspect mobile devices’ hidden weaknesses that can make individual devices and your entire network vulnerable to malware. Moreover, it should be able to identify suspicious connections and unusual network traffic.

Developing strong defenses for mobile devices is fast becoming a critical component in many businesses’ cyber security strategies. And although mobile threat detection remains an imperfect means to detect malware, it is far more powerful than traditional anti-malware solutions.

Businesses like yours need comprehensive security solutions to fend off cyber attacks, whether on your PCs, laptops, or smartphones. For expert IT security recommendations, call us today!

The post How MTD improves your mobile security appeared first on Complete Technology Resources, Inc..

With stories of large-scale data breaches and internet service providers tracking internet habits, online privacy is becoming a rare commodity. Incognito mode and private browsing features may be able to cover up your browsing history, but they don’t completely protect your online activities. You need a Virtual Private Network (VPN).

What is VPN?

Simply put, a VPN is a group of servers you connect to via the internet. Once you’ve established a connection, your computer acts as if it’s on the same local connection as the VPN, making it seem like you moved to a different location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone -- from hackers to government agencies -- from monitoring your online activities.

Why should you have one?

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public WiFi network -- like the ones you typically see in local cafes and airports -- using a VPN encrypts the information you’re sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can simply connect to a VPN located in the US to access the sites you need.

Which VPN should you choose?

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them. These keep logs of your internet activity, and in some cases sell them to the highest bidder. Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. What’s more, they don’t keep a record of the sites you visit and hound you with pop-ups that lead to dangerous websites.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing a UK-based service, your VPN provider must at least have servers installed in London.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Finally, a great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net/, which will allow you to check whether your real IP address is actually being leaked. If it manages to track your physical location, you need to opt for a more reliable VPN service.

VPNs are now a vital component of cybersecurity, and if you need help selecting the right one for your business, consult with our security experts today. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data.

The post What you need to know about VPNs appeared first on Complete Technology Resources, Inc..