Adobe Releases Security Updates for Flash Player

Adobe Releases Security Updates for Flash Player

Original release date: September 21, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, ChromeOS, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-23(link is external) and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Posted in Uncategorized | Comments Off on Adobe Releases Security Updates for Flash Player

Why It’s Worth Divorcing Information Security From IT

Back in the 1990s, it made perfect sense for security to be an IT function. Corporate networks had a hard perimeter, firewalls were the foundation of IT Security, Kevin Mitnick was the face of corporate hacking, and corporate owned laptops – and Palm Pilots – were a status symbol. These days, enterprise-computing environments are global, borderless, fully mobile, and extremely complex. Despite all this change, the cyber security function has yet to scale and evolve accordingly.

With record breaking breaches occurring on a regular basis it’s clear that corporate cyber security requires a major overhaul. The good news is that the needed changes do not require magic fairy dust or genie lamps. They require the confidence and willingness to re-engineer corporate organizational charts and business processes to account for how quickly enterprise computing environments – and the threat landscape – have evolved. And a great first step towards modernizing corporate cyber security is to consider “divorcing” it from IT.

Modern day IT organizations are primarily service-oriented, tasked with managing and maintaining the infrastructure and technology resources workers rely on to do their jobs. As such, the mindset of IT operations is all about time and productivity: The time it takes to resolve and close a ticket, the time and cost of delivering and maintaining applications and other resources quickly and reliably, and ensuring end-user satisfaction.

Today’s threat landscape requires security professionals to adopt a post-breach mindset and assume their organization has already been compromised. Security professionals must adopt the mindset of a detective, never taking anything at face value, looking for links between malicious events and intent behind seemingly innocent ones, in order to solve a crime that has already occurred. If security teams continue to operate in a culture dominated by the IT mindset, they will be more likely to miss important clues and hinder the ability to detect cyber-attacks,

Too often, when Security reports to IT, we find the IT mentality interferes with security processes and priorities. These days, there is little to no common ground between keeping IT systems up and running for authorized users and monitoring them for signs of compromise by smart, stealthy criminals. Identifying and securing an already compromised system requires the capability to differentiate malicious activity from normal behavior, and hackers are very good at making their activity look normal. The only way to find them is through a combination of new technologies and human judgment.
Being a subdivision of the IT department makes security blind to important business processes and to decision making at the corporate and department level. For example, security teams often don’t have visibility into planning processes in HR, Marketing, and R&D departments, making them, at best, late to know about technologies that are being deployed and project sunder development, and at worst, blind to the risks that already exist.

Even on their own home ground – the IT department – security rarely gets to review investments early enough. Being late for the game, security teams have no other choice than acting as showstoppers to reduce risk. Bringing security in earlier to the planning stage will enable them to identify and mitigate IT risk pre-deployment, transforming security from “the folks who say no,” to those who enable the business to move forward with minimal risk.

Today’s security pros are no longer sentries guarding clear, digital borders – they are risk managers and strategists. As such, it makes sense for them to sit outside of IT and be involved in strategic planning. Ideally they would be affiliated with those functions that oversee and manage business risk and report into the CFO or CEO (or both). The only way the security team can foresee information security risks across the entire organization is to have full visibility into all enterprise risk vectors, including those the organization has little to no control over (e.g. cloud service providers, business partners, customers, etc.).

With barely a week passing without a data breach making headlines, business leaders are finally paying attention to cyber security. Many organizations have recently started inviting CISOs to boardroom discussions. But this is only the start of making security the priority it should be. Organizations must be willing to integrate security to every aspect of operations in order to better address the complexity of today’s cyber threats.


Lior Div, CEO and cofounder of Cybereason

Posted in Uncategorized | Comments Off on Why It’s Worth Divorcing Information Security From IT

‘Your PC may be infected!’ (The shady world of antivirus telemarketing)

EZ tech support office


The first day of Zifka’s unpaid training involved listening in on sales calls. But within three hours, Zifka felt something wasn’t quite right.

Cisco has an SDN for you
Cisco is out to prove it has an SDN for everyone.
“Everything about it was so weird,” he recalled.

The company’s 15 agents answer calls from people who’ve seen a pop-up message saying their computer may be having problems, and advising them to call a number, which rings at the offices of EZ Tech Support.

The agents are instructed to stick to a 13-page script. They ask callers whether they have an antivirus program installed. If they do, Zifka said, callers are usually told that whatever they’re using isn’t a “full-time real spectrum virus protection program.”

But the agents have a solution: callers can purchase an antivirus program called Defender Pro Antivirus, from Bling Software.

EZ Tech Support sells a perpetual license for the program for $300. Agents also tell callers they can perform a one-time fix on their computers for them, which starts at $250. Callers can haggle for lower prices.

Those dialling in are typically in their late 30s or older. “A lot of mothers would call in and say, ‘I’m sure it’s something my son did on my computer. This has happened before’,” Zifka said. “Older gentlemen — seniors specifically — that was the most unfortunate part.”

Within 20 minutes, some callers spent up to $600 to “fix” their computers. “I was blown away by this,” he said.

EZ Tech Support’s general manager, Gavynn Wells, said the company abides by U.S. Federal Trade Commission regulations.

“We don’t tell customers that they have issues they don’t have,” Wells said in phone interview. “We are not pushing them into a corner and telling them if they don’t do business with us, their computer is going to blow up.”

A $4.9 billion industry

Consumer antivirus software has become a highly competitive business, in part because data breaches are in the news almost every week, and people feel a need to protect themselves. It’s also a huge market, with an estimated $4.9 billion in annual sales, according to Gartner.

That’s drawn all types of players, some of whom specialize more in affiliate marketing than in security.

Tech support services abound on the Internet, and phone numbers for some of those businesses are often found in bundles of questionable software known as adware. People willingly download adware, often to get a free program, but it can also be foisted on them through vulnerabilities in their software.

Some adware programs display messages to people suggesting their computer is at risk, even though the adware programs aren’t designed to detect security problems.

Lawrence Abrams, who runs the popular Bleeping Computer security forum, said people have complained about pop-up windows in their browsers that they can’t close. In some recent cases, a man or a woman’s voice tells them their computer has become infected.


Short Take: Apple Music, Siri integration and other WWDC thoughts

Teams prep for DARPA Robotics Challenge Finals

Insights into the Apple Watch
“You just cannot shut the program down,” said Abrams, who deliberately downloads harmful programs for his research. “So people panic, and they call the number.”

Those most vulnerable are people who know little about computers and find the warnings intimidating, he said.

The FTC has started to go after some of the biggest U.S.-based tech support companies that take this type of inbound call. In November, it filed two complaints alleging tens of thousands of consumers had been conned out of more than $120 million by companies using high-pressure, deceptive sales tactics to sell software and support services.

Wells, of EZ Tech Support, used to work for one of the companies targeted by the FTC, Inbound Call Experts, before moving to Portland last year.

Although a federal judge shut down Inbound Call Experts shortly after the lawsuit was filed, the company was allowed to resume business after it agreed to changes in how it markets its services. The case, however, continues, and court records show that Inbound Call Experts and the FTC have agreed on a mediator to discuss a settlement.

The poor perception of companies offering remote support services has made it harder for legitimate ones to operate, said Dan Steiner, CEO of Online Virus Repair, based in San Luis Obispo, California.

“It’s definitely not a positive image,” said Steiner, who added that not many companies offered remote computer support when he started his business back in 2008.


Your Money or Your Files – A Short History Of Ransomware

Buyer’s Criteria for Advanced Malware Protection
But the industry exploded, with many companies opening call centers outside the U.S. For legitimate companies, marketing their services online proved near impossible amid the high volume of unethical businesses.

Steiner now focuses on word-of-mouth advertising, and partnerships with those he trusts in the antimalware industry.

Worth the money?

Several years ago, it wasn’t uncommon for adware-promoted security products to be classified as malicious software. But tactics have changed, and unscrupulous companies now sometimes sell functional products but greatly overcharge for them.

It’s a tough situation for regulators: the FTC can’t protect people from companies that stay within the law while marketing what may not be the world’s greatest product.

The product EZ Tech Support sells, Defender Pro, appears to be legitimate antivirus software, said Andreas Marx, CEO of AV-Test, an independent organization in Germany that tests consumer antivirus suites.

The product uses a well-known antivirus engine licensed by a reputable company called Cyren. Marx said his analysts tested a trial version downloaded from Defender’s Pro website. It was effective at detecting malware but also “really buggy,” he said via email.

“After an update, for example, it repeatedly crashed,” he said.

The retailer Target at one time sold Defender Pro in its stores. A spokesman declined to say why it is no longer stocked. Target’s website still has an old product page for Defender Pro 2012, which sold for $19.99.

Marx said $300 is too much for Defender Pro, given that there are similar, basic antivirus scanners available for free from companies such as Avira, Avast and AVG. Products with Defender Pro’s feature set should cost no more than $30 per year, he said.

By that measure, a user would need to keep the same computer for 10 years to justify EZ Tech Support’s pricing for Defender Pro.

Closing the sale

Zifka, who quickly left the company, said EZ Tech Support agents install a remote control tool called LogMeIn Rescue to get access to callers’ computers with their permission. They then install Webroot’s Analyzer program, a legitimate tool that flags issues on a computer.

But Zifka said agents call out anything flagged by the software, even if it’s not a security risk for the user.

“We used whatever it states as a selling point,” Zifka said.

In lawsuits, the FTC has accused telemarketing companies of installing a remote tool and then using other programs, such as the Windows Event Viewer, to illustrate errors and warnings that actually have no material effect on a computer.

Wells disputes Zifka’s characterization and maintained that callers aren’t informed of problems that don’t exist. If a caller says he is already using AVG’s free antivirus product, Wells said agents will say they have good protection against viruses “but they could benefit from having something that protects them against malware.”

When it was pointed out that AVG’s product does protect against malware, Wells said: “Well, I was just using that as an example.”

Although EZ Tech Support is registered in Wells’ name with Oregon’s Secretary of State, he said the business is owned by an investment company which he declined to name.

Wells said he’s also not involved in the adware campaigns that distribute the phone numbers that ring to EZ Tech Support. But he said the company will remove the adware for people who call.

“We really pride ourselves in doing a good job for our customers,” he said.

Posted in Uncategorized | Comments Off on ‘Your PC may be infected!’ (The shady world of antivirus telemarketing)

How to Safeguard Your Mobile Privacy

Written by Doug Bernard
FILE - In this Tuesday, Sept. 9, 2014, file photo, the iPhone 6 plus, left, and iPhone 6 are displayed, in Cupertino, Calif.

FILE – In this Tuesday, Sept. 9, 2014, file photo, the iPhone 6 plus, left, and iPhone 6 are displayed, in Cupertino, Calif.

A great deal has been written over the years about the necessity of computer users to be proactive if they want to guard their privacy and keep their machines clean of viruses. Habits such as changing passwords, updating software, running anti-virus and using encryption when possible are often referred to as “good web hygiene.”

But as the use of mobile phones and other devices has skyrocketed, users often have failed to transfer these precautions to the mobile digital environment, leaving millions vulnerable.

This was put on display in the fall of 2014 during the “Occupy Central” protests in Hong Kong, as Chinese hackers flooded protestors’ phones with a variety of malware.

Some phone manufacturers have stepped in to fill the security gap.

For example, Apple now automatically offers end-to-end encryption for iMessage and FaceTime, as well as offering a range of other encryption services and applications.

But most security analysts say these steps aren’t enough, and that mobile phone and tablet users around the world need to step up and take more responsibility for keeping themselves safe and secure in the wireless world.


The first step is with the device itself.

The latest versions of the world’s three most common mobile operating systems, Google’s Android, Apple’s iOS and Microsoft’s Windows Phone, already offer complete encryption as an option. It’s activated in different ways, but common to all is that users create a passcode they must enter every time they power up or unlock their phones.

Once encryption is enabled and tied to the passcode, all data on the device will be encrypted and unreadable without the passcode.

This means it’s important for users to choose a code that will be sufficiently challenging to crack. A simple four-digit code is practically meaningless; a 15-character code that uses digits, upper- and lower-case letters, and symbols would be magnitudes harder to break.

Downloading Apps, remote wipe

Users should also be careful when and where they download apps or document attachments. Applications downloaded from Apple’s iTunes or Google’s Play Store are generally fairly secure, but downloading from other services can be an iffy proposition. As always, it’s not a good idea to download any email attachments you didn’t specifically ask for.

Anti-virus packages are available for mobile phones, but security analysts are roughly split on whether they would be required for the majority of phones. What is recommended, however, is for users to install some sort of “remote-wipe” application, which would allow a user to remotely erase all the phone’s data in case it’s stolen.

Secure WiFi

Mobile phones traditionally connect to the world by two means: wireless phone service for actual phone use, and a wireless local area network, or WLAN, for Internet and data. Tablets mostly just use a WLAN. Both the phone service and WLAN use provide potential security holes, but many of those can be mitigated.

First, when connecting to a WLAN using WiFi, users should choose their service carefully. In crowded urban environments, it’s not uncommon for phones to sniff out 20 or more WiFi services with decent signal strength. If possible, users should only connect to secure WiFi services; these are denoted by a locked padlock icon and require some type of password to access.

Free, open WiFi services – those available to anyone without any passcode – should be avoided if at all possible. It’s simply too easy for a bad guy on open WiFi to break into others also online and create havoc.


Text messages (SMS), which are transmitted via the phone service, are relatively (but not completely) secure from infections. But as with actual phone calls, they can be intercepted by third parties.

There are numerous apps available designed to keep text messages private and secure. WhatsApp is one of the most popular around the world, logging around 700 million users worldwide, with more users in India than in any other country.

The app by-passes the mobile phone service, using the Internet to send and receive secure text, photos and video in what it calls “chats.” Other selling points are its ease of use and low price, costing just $1 a year.

Its parent company, Facebook, says WhatsApp chat sessions are completely secure; however a handful of high-profile security breaches beginning in 2010 have raised concerns among privacy advocates.

Encryption Apps

For the more security minded, some users have moved to TextSecure, an open-source text encryption app produced by Whisper Systems, a data security company endorsed by no less than former NSA contractor Edward Snowden. It offers end-to-end encryption for users running TextSecure for text, audio, video, and images.

Whisper Systems engineers say that in addition to robust encryption, the app offers a user verification system to prevent man-in-the-middle attacks.

Whisper Systems also has an app for securing mobile phone calls. Called RedPhone, the app was aimed at first specifically for people who live under repressive governments that routinely tap and monitor phone calls.

RedPhone uses the Internet for end-to-end encryption of real-time two-way voice conversations between two RedPhone users. Additionally, two matching words appear on both phones during the call, allowing the users themselves to verify a secure, encrypted connection. RedPhone has proven to be very popular in a number of nations, including Venezuela and Egypt.

Another popular application, Ostel, is an outgrowth of the Guardian Project, a cooperative venture to develop applications that secure users’ privacy. Like RedPhone, Ostel uses VoIP (“Voice over Internet Protocol”) for end-to-end encryption between Ostel users; an additional benefit is that there are no costs for long-distance or international calls.

Finally, for users who want proven Internet security for their mobile Android device, and don’t mind giving away a little speed of access, there’s Orbot. Essentially Tor for mobile, it’s just like its online counterpart, routing all text, Internet and email data through a randomized series of computers.

Like Tor, Orbot offers users some of the strongest privacy protection to be found – but it comes at a cost. Because the user’s data is being routed through a shifting set of nodes on the Tor network, Orbot can significantly slow down uploads and downloads. It’s not for everyone, but for those who want to remain as anonymous as possible, it’s just about the best bet available.


Posted in Uncategorized | Comments Off on How to Safeguard Your Mobile Privacy

2014 Out with the Old and in with the New

January 2014     E-News   
Mobile IT, Inc.
 Microsoft Colors

2014 Out with the Old and in with the New

       Let’s talk about software upgrades . . . .

As we celebrate a new year, many people reflect on the past year’s accomplishments or failures. While others set goals for the year with the desire to start anew. Windows has announced that support will end on April 8, 2014 for Windows XP SP3 and Office 2003. This is not because they wanted to, it’s based on their support life cycle policy. This deadline also includes companies that developed software for XP.

Windows 7 or Windows 8 are acceptable versions to use. If your business is still using an older version of Windows and you wish to continue obtaining Microsoft patch upgrades or support, start planning and testing immediately. The average deployment can take 18 to 32 months (Time based on Enterprise wide upgrades).  Failure to act on this could expose your business to risks when using the internet. ASK ME WHY!


Are you suddenly puzzled, 
confused and asking yourself:
1) Do I have Windows XP or something else?
2) If I do have Windows XP, then how do I get it changed?
3) If I do, then what are the costs associated with the change?
4) What are the risks if I don’t get it changed?
5) What’s the difference between Windows 7 and Windows 8?
Start the New Year off right by ensuring the safety of your business. Mobile IT, Inc. will provide expert advice, answers to your questions and valuable guidance.  ACT NOW!

Mobile IT, Inc.
“Bringing Simplicity to Mobility”
About Mobile IT, Inc.
IT support and computer system consultants specializing in virtual helpdesk support, cloud services, network/server management, virtualization and business continuity since 2003 in Atlanta, across America and around the world. 


Contributor Rhonda Mack
Office  404-814-5255  /  Support Line  770-465-6147
Stay In Touch

Like us on Facebook    Follow us on Twitter    View our profile on LinkedIn    Pinterest

Posted in Uncategorized | Comments Off on 2014 Out with the Old and in with the New

Hurricane Preparedness




Mobile IT, Inc.

“Bringing Simplicity to Mobility”


Lose It or Save It – It’s Your Choice


Remember all of the HYPE generated with the pending millennium and how all of the HYPE generated was for absolutely nothing. Well it’s hurricane season and that’s definitely a reason to generate the HYPE.  And for good reason – Typhoon Haiyan recently reminded residents of the Philippines how dangerous and damaging strong winds can be. Hurricanes have winds exceeding 74 miles per hour, with rain, thunder and lightning.  Storms of this severity can cause flooding, water damage, power outages, and the list goes on. If you’re not prepared, then you, your business or your family may suffer loss.


Every business should have a continuity of operations in place (aka recovery plan) in the event of such unfortunate loss. Your computers, ipads, and servers should be protected. Mandatory annual drills should be required and your equipment serviced to make sure you’re prepared. Even though the Atlantic hurricane season continues through November 30th make sure your data and electronic devices are safe all year round for all types of weather. 


Contact Mobile IT, Inc. to explore secure & safety measures for all your electronic devices.  Mobile IT, Inc. has affordable business continuity plans and backup plans for critical data files.



Office:  404-814-5255 | Support Line: 770-465-6147
November 2013 | Contributor: Rhonda Mack


Posted in Uncategorized | Comments Off on Hurricane Preparedness