Engineer proves any iPhone app with permission to access the camera is capable of spying…

By Malcolm Owen
Thursday, October 26, 2017, 06:48 am PT (09:48 am ET)
http://appleinsider.com/articles/17/10/26/google-engineer-proves-any-iphone-app-with-permission-to-access-the-camera-is-capable-of-spying

A Google engineer has demonstrated it is possible for a malicious iOS app to spy on a user, with a proof of concept app capable of photographing or recording from both iPhone cameras without the user’s knowledge, all by exploiting the permissions granted by the user allowing access to the cameras.

Researcher Felix Krause, founder of Fastlane.Tools, created the watch.user concept app to show how far the camera permissions could be pushed, reports The Next Web. Once granted, Krause advises it is possible for an app to photograph and record from the cameras any time the app is in the foreground, without informing the user the images and video are being captured with flashes or other indictors.

Krause also claims it can then upload the images and video to an app’s servers, including broadcasting a live feed from the iPhone itself. It is suggested that it is possible for a malicious developer to determine the user’s location based on the image data, and to run facial recognition on still frames to find other photos of the user or to discover their identity.

A video demonstrating the test app’s capabilities also shows it can also track the movements of the user’s mouth, nose, eyes, and the entire face, and can even determine the mood of the user based on their facial expressions. Krause advises this part uses the Vision framework introduced in iOS 11, designed to allow developers to track a user’s facial movements.

Notably, the issue is only a problem if the app is in the foreground, but Krause highlights that this could still cause privacy problems. For example, if a user decides to browse a social app while in the bathroom, and the app includes such code, it would be theoretically possible for it to record the user in a somewhat compromising position.
FOR FULL ARTICLE GO TO:

http://appleinsider.com/articles/17/10/26/google-engineer-proves-any-iphone-app-with-permission-to-access-the-camera-is-capable-of-spying

Great New Browser, Big Expectations. Be BRAVE & Get BRAVE

“We have a mission to save the web by increasing browsing speed and safety for users, while growing ad revenue share for content creators.”

Everyone is taking notice to a new browser, and for good reason.  The CEO of BRAVE Browser from Brave Software is Brendan Eich.  If you do not know who Brendan Eich is  – Don’t admit to it LOL.  He is an American technologist and creator of the JavaScript programming language. He co-founded the Mozilla project, the Mozilla Foundation and the Mozilla Corporation, and served as the Mozilla Corporation’s chief technical officer and briefly its chief executive officer  (Credit Wikipedia).

I have been using it for a few weeks and am ready to replace everything else for my personal use.  I recommend you try it.

CARVIR™ CYBER SECURITY NOW AVAILABLE THRU CLASS COMPUTING

Originally from https://www.neverpaytheransom.com/ ©2017CARVIR INFOSEC®

CLASS COMPUTING (www.classcomputing.com) is thrilled to be able to offer this elite Security Service for your companies IT Infrastructure.

The CARVIR™ security team provides the first line of defense – without the noise of managing threat intelligence, research, analysis and false positives. CARVIR will:

  • Kill malicious processes
  • Quarantine malware and infected files
  • Disconnect infected endpoints from the network to prevent lateral spread
  • Alert IT Security personnel via email and SMS
  • Immunize all other protected endpoints on the network against new, never-before-seen threats
  • Report and escalate

Heaps of deep forensic data are transformed into an intuitive visualization in real time. The attack storyline depicts the threat execution flow in high resolution, from inception. Our team can view a specific process on the attack story line and drill down into the individual network, file, process, or data actions that occurred. This information allows our team to take decisive action towards securing your network.

If escalation is needed, we will provide an outline of the attack details. This will often include attack statistics, file information, path, machine name, IP, domain, along with information about where else on the network the attack has been seen, what we’ve done to isolate or eliminate the threat and what your team’s next step should be, if any.

In addition, we can provide cloud reputation, certificate information (if the file is signed or not), and advanced attack details (such as a list of known packers that may have been used). And lastly, we will provide a .csv or .json file of the attack providing forensic level reporting on the threat for your incident response team reporting – especially helpful in compliance driven environments.

Detection

Leverage powerful, behavior-based threat detection to protect data from the types of advanced malware, exploits, drive-bys and script-based attacks that evade outdated, signature based anti-virus technology and sandboxing solutions in Windows, Apple and Linux environments.

Our team actively detects and prevents attacks, even those using memory, PowerShell scripts, insider attacks and browser based drive-by exploits. Once detected, we automatically shut down the attack on the infected machine and prevent lateral movement across the network.

Prevention

Prevention starts with silent monitoring of all user- and kernel-space activity on the endpoint. Our security agent rapidly builds a complete context of normal system activity, which serves as the backdrop for the industry’s most advanced behavior-based threat detection.

With full visibility into the endpoint, the engine pinpoints malicious activity—even by the most sophisticated, stealthy attacks.

We secure Windows, OS X, and Linux endpoint devices (servers, workstations and laptops) for full endpoint protection.

Rollback Ransomware

Eliminate threats the instant they are detected with fully integrated response capabilities. If something slips through, we can reverse any attack-driven file damage and restore* files back to their previous trusted states with the click of a button.

Well, technically our team says it’s two clicks. But who’s counting?

And it’s not just ransomware. We protect data from the types of advanced malware, exploits, drive-bys and script-based attacks that evade outdated, signature based anti-virus technology and sandboxing solutions.

* Requires use of Windows Shadow Copy

Contact CLASS COMPUTING for a QUOTE today!

sales@classcomputing.com

(312) 262-3930

Microsoft’s Patch update is breaking Outlook and touch screen machines

Microsoft latest patch Tuesday has caused many issues with users of outlook and touchscreen machines. The Windows KB Update is 3097877 Some of the major issues that have been seen after this update is applied is that computers wont logon, outlook buttons will not work, outlook will not open at all, or emails with certain fonts will crash outlook. Microsoft has release an update to this patch. Call Class Computing if uou need any help 312-262-3930

Missing Just One Of These Could Instantly Open Up Your Computer Network To A Cyber Attack

Welcome to the brave new world of cyber-warfare.

 

Gone are the days when software patches were just for nifty little feature add-ons or updates.

 

Today, a software update notice could mean your whole computer network is suddenly at risk. Dangers include data theft, crippling malware attacks and mischief you may not discover for months, or even years…

 

As with graffiti on your garage door, if you don’t pay attention and clamp down on bad behavior, your problems have likely just begun…

 

And, like those who hire a professional security firm to keep thieves out of the warehouse, thousands of CEOs and business owners are now waking up to the fact that it’s absolutely imperative to hire a pro when it comes to securing your data network.

 

Here’s why you need a professional handling this:

 

#1: Speed is of the essence.

“If you didn’t update to version 7.32 within seven hours, you should assume you’ve been hacked.” That’s what software maker Drupal told millions of its customers around the world last year. It’s just one example of what can happen if you don’t respond with lightning speed.

 

Once a security breach has been identified, hackers rush in. On “Day Zero,” cyber-crooks around the world go after at-risk targets. You’ve got to be quick to patch the gap, or else you risk a system compromise.

 

Unless you have the time, knowledge, experience and tool set to respond instantly, you are far better off leaving this to a professional IT firm you can trust.

 

#2: It’s not just the big boys they’re after.

Sure, the top news stories are about the attacks on companies like Target, Home Depot and Sony…

 

Yet your business is just as vulnerable, if not more so.

Chances are, you simply do not have the resources that giant corporations have to manage a data disaster. The statistics bearing this out are shocking: more than 60% of small businesses close their doors following a serious data breach.

 

The threat is not confined to giant corporations. Small and medium businesses are being attacked every day, and, unfortunately, your business is no exception.

 

#3: Dealing with data breaches requires specialized knowledge, skill and experience

Here are just a few of the things a competent data guardian must be able to do to effectively protect

your systems:

Review documentation and monitor forums. Sometimes your software vendor doesn’t tell the whole story. It’s critical to check online forums and other communities to see if anyone else is having issues with the new patch before jumping in with both feet.

 

Know when to apply a patch immediately and when to wait. Typically, somewhere around 95% of patches work hassle-free. The trick is to spot the 5% that don’t — before installing them. This requires identifying unique patching requirements, and applying exceptions accordingly. For instance:

 

Does the patch deal only with a security issue?

Or does it just add new features or fix non-security-related bugs? Obviously, security issues get top priority.

 

Is the system currently having issues?

If not, and if the patch doesn’t address a security issue your system is vulnerable to, it may be better to heed the old adage “If it ain’t broke, don’t fix it.”

 

What security gaps does it address? How severe is the threat to your particular network? If, for example, the only way a virus can enter your system is through an e-mail attachment and this functionality has been disabled for all users, perhaps the threat needn’t be a great concern.

 

Keep options open in case of complications. Once a patch has been applied, if things aren’t working, it’s critical to restore the data network to pre-patch functionality, with little if any downtime. That means having good backups in place along with a tested and proven recovery process.

Does just thinking about data security give you a headache? We strongly advise that you let us handle this critical part of your business for you.

 

Call (312) 262-3930 and schedule our no-cost Security Update Audit today. You’ll discover how easy it is to rest assured that your network is secure 24/7.

Free Report Download: If You Are Considering Cloud Computing For Your Company—Don’t, Until You Read This…

If you are considering cloud computing or Office 365 to save money and simplify IT, it is extremely important that you get and read this special report, “5 Critical Facts Every Business Owner Must Know Before Moving Their Network To The Cloud.”

 

This report discusses in simple, non-technical terms the pros and cons of cloud computing, data security, how to choose a cloud provider, as well as 3 little-known facts that most IT consultants don’t know or won’t tell you about cloud computing that could end up causing you MORE problems and costing you more money than you anticipated.

 

Even if you aren’t ready to move to the cloud yet, this report will give you the right information and questions to ask when the time comes.

 

Get Your Free Copy Today: http://www.classcomputing.com/cloudreport

 

 

XP and Office 2003 end of life

An URGENT Security Warning For Businesses Running
Windows XP Or Office 2003

If your organization is currently running either Windows XP or Office 2003 on one or more computers in your office, you need to know about a dangerous security threat to your organization that must be addressed within the next 3 months. Please take a moment to read this important announcement.

As your local Microsoft Partner, we are aggressively reaching out to all businesses within Southeastern New England area that use Windows XP and Office 2003 to alert you of this serious security risk to your organization and inform you about what you need to do now to protect your company.

XP And Office 2003 Changes Must Be Made By April 8, 2014

Microsoft has officially announced that it will retire support on the XP operating system and Office 2003 software suite on April 8, 2014. That means any computer with these software programs installed will be completely exposed to serious hacker attacks aimed at taking control of your network, stealing data, crashing your system and inflicting a host of other business-crippling problems you do NOT want to have to deal with.

This is such a serious threat that all companies housing financial and medical information are being required by law to upgrade any and all computer systems running XP or Office 2003 because firewalls and anti-virus software will NOT be sufficient to completely protect them (or you).

Unless you don’t care about cyber criminals running rampant in your company’s server, you MUST upgrade any equipment running these programs.