Look Ma, No Macros!

Successful hackers should be very proud—they’ve created yet another way to trick the masses and infiltrate the systems of countless victims. Kaspersky Lab researchers found an undocumented and little-known feature in Microsoft Office that allows hackers to gather configuration data on targeted systems without the need to create macros. Microsoft Word, Microsoft Office for iOS […]

Massive Ransomware Attack Underway

Barracuda researchers confirmed that a massive ransomware attack is presently underway. Over 20 million SPAM emails with infected attachments carrying a Locky variant have been sent so far and there are no signs that it is slowing down. Researchers have identified the sources of the attack as coming from Vietnam, India, Columbia, Turkey and Greece. […]

Security Alert: Supply Chain Attack Nabs CCleaner

Researchers at Cisco Talos discovered that CCleaner’s 32-bit version (v5.33.6162 and CCleaner Cloud v1.07.3191) were compromised using the app’s v5.33 installer. According to the Graham Cluley post, once a user downloaded and installed the tainted version, malware would determine if the user had admin rights and then proceeded to steal data, sending it to the hacker’s server. […]

Official Photo From CIANJ: XSolutions Wins CIANJ Best Practices Award

This is the official CIANJ photo of Joe Jr. accepting the 2017 Best Practices award on behalf of XSolutions from Commerce and Industry Association of New Jersey (CIANJ) President, Anthony Russo at the Annual Best Paractices Conference on September 12, 2017. As a matter of fact, I attended the CIANJ’s Human Resources forum on Employee Handbook […]

XSolutions Wins CIANJ Best Practice Award For 2017

We are proud to announce that XSolutions Consulting Services is a recipient of the CIANJ’s Best Practices Award for 2017. Joe Jr. accepted the award at the Commerce and Industry Association of New Jersey’s 2017 Best Practices Conference held on September 12th at Nanina’s In the Park. The award was given for our use of […]

Security Alert: Equifax Data Breach Impacts 143 Million People

Reporting agencies and security blogs are ablaze today with the news that Credit-reporting giant Equifax suffered a data breach possibly exposing critical information on 143 million U.S. consumers. Hackers supposedly exploited a vulnerability in a website application and gained unauthorized access to files as far back as mid-May. Information exposed in the hack: names, Social Security […]

Security Alert: 23 Million Bogus Emails Spreading Ransomware

In just 24 hours, over 23 million phishing emails carrying the Locky Ransomware virus have been distributed in one of the largest malicious campaigns of the year. The emails have utilized subject lines like: please print documents photo images scans pictures The emails come with an attachment, this time it’s a ZIP file containing VBS […]

Security Alert: New IRS/FBI Ransomware Scam

A new ransomware phishing scam is going around using IRS and FBI emblems to trick unsuspecting victims into clicking infected links that when clicked will encrypt your files and hold your data for ransom. Remember, the IRS does not email, send text messages nor will they contact you through social media to discuss tax issues. […]

To A Hacker—You’re Not Important But Your Data Is!

Your information is everywhere—on your personal computer’s hard drive, shopping sites, social media sites, online services you’ve signed up for, etc. How many online forms have you filled out in the past three months? Probably more than you can remember. Where do you think all this information goes? To corporate and Government databases, that’s where. […]

Attended The CIANJ’s Forum On Alternative Sources of Working Capital

I had the pleasure of attending the Alternative Sources of Working Capital forum hosted by the Commerce and Industry Association of New Jersey (CIANJ) on Wednesday, July 26th at the Saddle Brook Marriott. The meeting opened with CIANJ President, Tony Russo giving a Legislative Update informing us about current Government legislation and their affects on NJ businesses […]

Criminals Attack On A Global Scale

As you’ve undoubtedly heard, a second global ransomware attack is underway affecting the countries of Russia, Ukraine, Europe and the United States so far. Here are some facts about the latest attack: Attackers are using multiple attack vectors to spread the virus, such as: ETERNALBLUE, ETERNALROMANCE, and the PsExec command line utility. The ransomware, known […]

Security Through Reading Links

As I stated before, bad guys are very smart. One way that they fool millions of people is by using links that appear legitimate but will take you to fraudulent sites (often replicas of legitimate websites) where they’ll steal your info, money, credentials and so on. To protect yourself, learn to distinguish good site addresses […]

Malware Evolves To Dangerous Levels

Criminals are an adaptable bunch. Now that most people know not to enable macros and avoid Microsoft Word attachments, hackers came up with new ways that don’t require macros to execute downloads. The first is a malware called “Zusy” that is infecting users with compromised PowerPoint attachments that automatically downloads an executable banking trojan using […]

Sometimes Low-Tech is the way to go

I’ve spoken about this at meetings and written about it in blog posts, but hacking into cameras and spying on people can and does happen. There are high-tech solutions you can use to protect yourself that will make it harder for a hacker to penetrate your security, but if they’re determined enough they’ll eventually find […]

Anatomy Of A CEO-Wire Fraud Attack

CEO-Wire Fraud is a dangerous Social Engineering attack that cost businesses billions in losses. A good Social Engineer will study potential victims sometimes for months before attacking and craft convincing spoofed emails, targeting accounting personnel with wire transfer responsibilities. Recently, one of our best clients experienced such an attack and they graciously allowed us to use […]

Security Alert: NYS DMV Email Scam Going Around

News reports on local stations here in Rockland County, NY plus notifications on various security blogs I follow announced that an email scam pretending to be from the New York Department of Motor Vehicles is going around notifying people that they have outstanding tickets that must be paid within 48 hours or their license will be revoked. If […]

9 Online Shopping Security Tips To Keep You Safe

  Statistics show that 51% of Americans prefer to shop online and that percentage is growing rapidly. Cyber-thieves are just waiting to steal your money, information and identity. But, taking common-sense precautions will go a long way to keeping you safe:   Never use a debit card. If a hacker gets your information, they’ll be […]

Security Alert: DocuSign Breach Leads To Phishing Attacks

A recent breach at DocuSign has led to phishing campaigns designed to infect recipients with credential stealing and banking trojans: Pony, EvilPony and ZLoader. DocuSign is one of the most widely used electronic signature applications with 200+ million users. As an immediate measure, DocuSign recommends that you delete any email that appears to come from […]

How To Identify A Phishing Email—An Example

One of our good clients sent us a phishing email supposedly from Microsoft. It fooled a very experienced user and so would be a good example to use to show our readers how to identify Phishing emails. Fortunately, the bogus link did not forward to an infected website where ransomware could have been instantaneously downloaded, […]

Hackers Step Up Phishing Attacks

  It seems that phishing attacks have increased exponentially during the last few months and businesses and individuals must always be on their guard.     Recently, an employee of one of our very good clients forwarded an email to me saying that it looked suspicious. It invited my client to click a button to […]