Posts filed under: Security

How does DNS works?

  1. DNS Client send DNS Request of the requester host server to Recursive DNS Server

  2. Recursive DNS server send DNS Request to Root DNS Server

  3. Root DNS Server resolve and provide IP Address of the Authoritative DNS Server

  4. Recursive DNS server send DNS Request to Authoritative DNS Server

  5. Authoritative DNS Server resolve and provide IP address of the requested host server

  6. Recursive DNS server send IP address of the requested host server to DNS Client

What is DNSSEC?

DNSSEC (Domain Name System Security Extensions) is a technology that was developed to, among other things, protect against such attacks by digitally ‘signing’ data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.icann.org). Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall processii. Importantly it does not encrypt data. It just attests to the validity of the address of the site you visit.

https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en

Why do you need DNSSEC?

DNSSEC is intended to protect against ‘man-in-the-middle’ DNS spoofing attacks and ‘cache poisoning’ by ensuring DNS information is validated cryptographically before end-users traffic are directed to a website.

When users access a website using its domain name e.g. http://www.example.sg, the system’s DNS resolver will first query for the IP address of the website. When the DNS resolver (e.g. ISP’s resolver) is making its query, it is possible for an attacker to trick the resolver to accept a fake IP address. This is known as a ‘man-in-the-middle’ attack.

Most DNS resolvers also cache the returned IP address to speed up responses for future queries for the same domain name, either from the same user or other users. Therefore, if an attacker has managed to trick the DNS resolver to accept a fake IP address, the fake IP address is now cached by the DNS resolver. This is known as ‘cache poisoning’. When there are subsequent queries of the same domain name by other users (e.g. other users on the same ISP), they will now be re-directed to the fake IP address as they are receiving the cached, and incorrect, IP address as opposed to the legitimate website’s IP.

How to know if the Domain has DNSSEC?

 

You can check at https://centralops.net/co/DomainDossier.aspx

How does DNSSEC work?

DNSSEC uses cryptography signatures to create a “chain of trust”. DNSSEC uses this “chain of trust” to validate that the information users receive originates from the correct DNS servers. If the information cannot be validated, it discards the information. Thus if users visit a DNSSEC-protected website and the DNS response is modified by a hacker (through a ‘man-in-the-middle’ attack), the DNSSEC-aware DNS resolver or application can detect the fake information and discard it.

How to get DNSSEC?

We can help you to enable DNSSEC for your domain. Please contact us for more details.

 

Continue Reading →

PayNow Corporate for Business

IT Outsourced paynow

PayNow is an enhanced peer-to-peer funds transfer service available to customers of these nine participating banks: Bank of China, Citibank, DBS Bank/POSB, HSBC, Industrial and Commercial Bank of China Limited, Maybank, OCBC Bank, Standard Chartered Bank, and United Overseas Bank

With PayNow Corporate coming on 13 August 2018, you can make and receive payments instantly with just your Unique Entity Number (UEN), without the need to know or disclose any account numbers.

Simultaneously when PayNow Corporate is implemented, it will be part of the Singapore Quick Response (SG QR) Code. This will enable retail, businesses and corporates to make instant PayNow transfers by scanning the merchant’s or individual’s QR via their bank’s mobile banking app. Customers will need to update their bank’s app to avail of this function, which is available on both Apple iOS and Android smartphones.

dbs-posb
OUB Bank

Uses for PayNow Corporate

Pay Part Time Pay via Mobile Number to NRIC

Company that regularly employs temporary staff for events that they organise. Since the workers are employed on a one-off basis, the company frequently pays its workers via cash or cheque. Using PayNow Corporate, the company can make payments to the workers with their registered mobile numbers or NRIC, without having to go through the hassle of collecting their bank account details. This helps the company reduce the costs associated with handling cash and cheques.

Make Instant Refund to Online Shoppers

Online shop that sells apparel,  allow for customers to return the purchases within a week, they have to process refunds to customer regularly. With PayNow, they can refund the monies directly to their customers’ registered mobile number, hence shortening the refund process and providing a better customer experience.

Provide Customer with alternative payment method

A small retail shop can receive cash payments frequently. With PayNow Corporate, the company is able to display their UEN or QR code at the cash register. Customers can easily pay for their purchases by keying in the UEN or scanning the QR code, and the company can receive the payments into their account immediately.

Collect monthly Bill payments from your customers

Company that provides utilities services to their customers, and sends their bills to them monthly. While the company offers various modes of electronic payments, many of their customers still pay them using cheques. With PayNow Corporate, the company can include a QR code on their monthly bills so that their customer can make payment simply by scanning the QR code.

Getting Started with PayNow Corporate

Receive Payments

Step 1: Register your UEN and the UOB SGD Current Account that you wish for payments to be made to.

Step 2: Generate your QR code that is linked to your UEN. QR codes can be generated via BIBPlus for display at collection channels. For QR codes to be included in bills/invoices, UOB will assist with the generation of QR code.

Step 3: Receive notifications of the inward payments via email or SMS when you sign up for UOB eAlerts!

IT Services paynow

Make Payments

Step 1: Ensure that you have the PayNow ID (i.e. mobile number/NRIC/FIN/UEN) of your payee in order to make a payment via PayNow Corporate. Ensure your payees are registered for PayNow.

Step 2: Make single or bulk payments to your recipients using electronic channels such as BIBPlus or BIBPlus Mobile. PayNow Corporate will be available to all existing BIBPlus customers who are on either the Professional or Premium Package.

Continue Reading →

Upgrade to HTTPS or risk your website search engine ranking

What is SSL?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

Why need SSL for HTTP? Secure HTTP

  • Get HTTPs which elicits a stronger Google ranking
  • Create safer experiences for your customers
  • Build customer trust and improve conversions
  • Protect both customer and internal data
  • Encrypt browser-to-server and server-to-server communication
  • Increase security of your mobile and cloud apps

How does Secure HTTP work?

How HTTPS Works

From July 2018, Google Chrome will detect all website with normal http as “Not Secure”. Visitors to the website will see as “Not Secure” and may not risk to enter to a “Not Secure” Website. This information is extracted from Google Security Blog,

As a result, website without secure https will start to lose its website search engine ranking.

Upgrade-https-now-risk-losing-your-search- engine-ranking

Many international major websites has already upgraded their secure https website. Interestingly, there are still many big local Singapore sites not are not secured yet.

Upgraded to https

  • https://www.apple.com/sg/
  • https://www3.lenovo.com/sg/en/
  • https://www.moe.gov.sg
  • https://www.fragrancehotel.com/
  • https://www.marinabaysands.com

Not Upgraded to https (as at 17 May 2018)

  • http://www.samsung.com/sg/
  • http://www.minds.org.sg/
  • http://www.nus.edu.sg/
  • http://www.ntu.edu.sg
  • http://www.hotel81.com.sg/

Running short of time!

Want to upgrade HTTP to Secure HTTPS now?

Contact Ronald 93806619

[email protected]

Continue Reading →

Hidden Miners on Google Play on Android Mobile Phone

Hidden miners on Google Play

When a computer shows signs of slowing down, many tend to blame viruses. But in the case of smartphones, sluggishness, overheating, or short battery life are usually put down to age. Time to buy a new one, people say. In fact, there is a chance that the problem may lie elsewhere — hidden mining, to be precise.

When it comes to mining, computing power matters. Of course, in terms of performance, mobile devices cannot hope to compete with desktop computers armed with the latest graphics cards, but in the eyes of cybercriminals, the sheer number of devices makes up for their lack of power. For those accustomed to feeding off other people’s processing power, the millions of devices out there present an opportunity too juicy to ignore.

It’s actually alarmingly simple to infect a smartphone or tablet with a hidden miner. There’s no need for the device owner to knowingly install a miner or download an app from a dubious source. Hidden miners can be picked up by downloading and running seemingly innocuous apps available on the official Google Play store.

Hidden Miners on Google Play on Android Mobile Phone

Typical miners pretending to be handy tools or games don’t perform as described — instead, they show ads and covertly mine for cryptocurrency. But Google Play and other official stores keep out such fakes or, if they do manage to sneak in, quickly find and remove them. Therefore, malicious apps of this sort are distributed mainly through forums and nonofficial stores. The problem for cybercriminals is that too few people download anything from such resources.

But they found a way around that particular problem: If an app actually does what is promised in its description, and the malware is neatly disguised, it may slip through. That’s already happened — an attempt to create a smartphone-based botnet bypassed the safeguards on Google Play and a number of other app stores. Kaspersky Lab experts recently found several other specimens as well, this time with built-in miners.

The most popular apps we found of this type were soccer-related: a family of apps with names including PlacarTV (placar means score in Portuguese), one of which had been downloaded more than 100,000 times. It contained the Coinhive miner, which mined Monero coins while users streamed games. It’s a clever ruse, and not that easy to spot: Your mind is on the match, and watching videos heats up the phone and drains the battery anyway, just like the miner does, so you’ll have no reason to be suspicious.

Our experts also found a miner in a free VPN app called Vilny.net. This malware’s trick was to keep tabs on the phone’s temperature and battery. It then suspended mining as needed to avoid overheating or draining the device and attracting the owner’s attention. A more detailed and technical post on this miner is available on Securelist.

Hidden miners on Google Play

Here’s what detect of a hidden miner look like. Technically, it’s Not-a-virus, nasty nevertheless

We alerted Google about these apps, and the soccer-related ones have been removed from the Google Play store — Vilny.net is still available in the store, though. What’s more, there is no guarantee that some other apps with hidden miners won’t sneak in there in the future. So staying safe from them is up to you.

How to guard against hidden miners on Android

  • If your smartphone is behaving oddly, don’t ignore it. If it heats up quickly and loses power for no apparent reason, it might be infected. You can find out if an app has suddenly started eating too much battery with a special app such as Kaspersky Battery Life.
  • When looking for new apps, take the developers of those apps into account. Software from reputable developers is far less likely to contain infections.

Install Kaspersky Internet Security for Android on your device. It will help detect all miners, including ones that don’t noticeably overheat or discharge your device. Even a miner designed to back off periodically will eventually wear out your phone — and a crude one could toast it

Buy Kaspersky Internet Security for Android 

Continue Reading →
MIC 1

A genuine copy of office home & business on the Microsoft webstore

$349.00

Microsoft Original
ILLE

False copies found on resale sites

$89.90

False Copy

Have you ever feel the need to buy a brand-new copy of Microsoft Office for your new computer?

Well, many of us do need to get a copy of Microsoft Office along with our new computers so that we have these powerful computing tools to help us access and create wonderful files and projects.

It is almost essential to have on a home computer as it opens the opportunity to be just as productive at home, without the hassle of bringing back a laptop from work.

“Where is the cheapest version of Office I can get? I want to save money!”
The question above is one of the most popular one around today.
Naturally, we will look at the online marketplace, with our fingers crossed, hoping to snap up a good deal.

Surprisingly, there are some sellers that are selling it at seemingly huge discounts, with no information on the background of the keys that they are selling.  One can read the product details and be easily fooled by their claims of “Genuine copy” and simply purchase it with a click of a button. But here is the low down.
Shockingly, it is a stolen copy of Microsoft Office!

Here is where I break out the secret to such scams.

Microsoft themselves provide a little-known service called the Microsoft HUP (Home Use Program) at an amazing rate of $15.

This program is designed for company employees who want to bring Microsoft office home. So, with this in mind, a middleman could potentially be selling you a copy of the Home Use Program. The hidden drawback of this is that the company can simply retrieve the licenses for the Home Use Program and re-assign it. When it happens, not only you’ll lose access to Microsoft Office, you could potentially lose all your data and files that are stored within the Office applications.

So, to protect you from having to experience uncertainty and data loss from having a shady copy of Microsoft Office. We urge you to reconsider carefully and purchase Microsoft office from Microsoft themselves or from official retailers.

Cheers!
Have a good day ahead.

Illegal Reseller

$89.90
  • Online resale websites

Win-Pro

$276.10
  • Best Price!

Microsoft (Direct)

$349.00 / $619
  • Directly from Microsoft

Forfeit access to customer support, upgrades, technical documentation, training, and bug fixes

Increase their risk of exposure to a malicious viruses that can destroy valuable data;

Risk potential negative publicity and public and private embarrassment;

Are subjected to significant fines for copyright infringement; and

Risk-free

Valid Warranty & Assurance

Regular updates to protect your valuable data

Competitive pricing

Official retailer

Risk-free

Valid Warranty & Assurance

Regular updates to protect your valuable data

 

 

Learn more on the new Microsoft Office

Continue Reading →

Ransomware is the digital version of extortion. It’s as simple as that.

It uses age-old tactics to carry out a modern day crime, but the elements behind it are as old as the human criminal activity itself.

 

Here are 10 tips on how to protect your data from ransomware attacks:

 

1) BACK UP YOUR FILES REGULARLY. 

The only way to ensure that you can immediately handle a ransomware attack is to implement a regular backup schedule so that your company can get access to the files it needs without dealing with the cyber criminals. Your backup should have certain restrictions, such as read/write permissions without an opportunity to modify or delete the files.

 

2) CHECK YOUR BACKUPS

There are times when something can damage your files. Be sure to check regularly that your backups are in good shape.

 

3) PROTECT AGAINST PHISHING ATTACKS

Cyber criminals often distribute fake email messages that look like an ocial message from a vendor or bank, luring a user to click on a malicious link and download malware. Teach employees that they must never open attachments from an unknown sender or even suspicious attachments from a friend in case they have been hacked.

 

4) TRUST BUT VERIFY

Malicious links can be sent by your friends or your colleagues whose accounts have been hacked. Let employees know that if they receive something out of the ordinary from a friend, they should call that person directly to verify that they sent it and find out if their accounts have been compromised.

 

5) ENABLE ‘SHOW FILE EXTENSIONS’ OPTION IN THE WINDOWS SETTINGS

This will make it much easier to distinguish potentially malicious files. Because Trojans are programs, employees should be warned to stay away from file extensions like “exe”, “vbs” and “scr.” Scammers could use several extensions to masquerade a malicious file as a video, photo, or a document.

 

6) REGULARLY UPDATE YOUR OPERATING SYSTEM

Cybercriminals tend to exploit vulnerabilities in software to compromise systems. With Kaspersky Lab’s automated Vulnerability Assessment and Patch Management tools, you can rest assured that your system will be scanned and that patches will be distributed regularly in order to keep your system updated.

 

7) USE A ROBUST ANTIVIRUS PROGRAM

Protect your system from ransomware. Kaspersky Lab products employ a multi-layered system of defense that checks malware from many dierent angles to ensure that it does not corrupt your system.

 

8) CUT OFF YOUR INTERNET CONNECTION IMMEDIATELY

If you discover ransomware, shut o your internet connection right away. If the ransomware did not manage to erase the encryption key from the computers in question, then there is still a chance you can restore your files.

 

9) DON’T PAY THE RANSOM

If your files become encrypted, we do not recommend paying the ransom unless instant access to some of your files is critical. Each payment made helps the criminals to prosper and thrive to go on to build new strains of ransomware.

 

10) TRY TO IDENTIFY THE MALWARE

If you are hit by ransomware, try to find out the name of the malware. Older versions of ransomware used to be less advanced, so if it is an earlier version, you may be able to restore the files. Moreover, cyber security experts, including Kaspersky Lab experts, collaborate with law enforcement to provide file restoration tools online and, hopefully, detain the adversaries. Some victims are able to decrypt the files without having to pay the ransom.

 

Source

 

Continue Reading →

 

Managing your endpoint and infrastructure security is becoming an ever more complex and more frustrating job. Faced with wide-ranging challenges including implementing disparate, disjointed solutions against a backdrop of escalating security threats, you need a new, uncomplicated way to secure and manage your world.

 

1.      One Platform

Kaspersky’s technology platform is developed in-house by their own engineers. This fully integrated architecture allows for stability and streamlined IT policy creation by the security administrator. A single policy set covers anti-malware, endpoint controls, encryption, and other security features.

 

 2.      One Console

From one intuitive central console you can identify, control and protect all your endpoint assets (physical, virtual, mobile), conduct fast but thorough vulnerability assessments that help you prioritize the most critical patches, achieve real-time hardware & software inventories and obtain clear, actionable reporting.

 

 3.      One Cost

With Kaspersky, you don’t have to evaluate, budget for and order a new IT tool every time you need to protect a different area of the network. We’ve developed a comprehensive set of security and IT efficiency tools, all built into one integrated platform. Which means only one evaluation and one budget request!

 

 4.      Flexible, granular controls

With pre-defined or customized configurations, you can set and enforce security policies to manage application behavior and permissions, connected peripherals, and web use — in the office, or on the move.

 

 5.      Painless, straightforward mobile security

Mobile endpoint protection can be deployed remotely through centralized Mobile Device Management (MDM). Kaspersky enables you to secure and protect your data, even on employees’ own smartphones and tablets.

 

 6.      Powerful Encryption

File or Full-disk encryption protects corporate data in the event of accidental device loss or theft. Kaspersky’s technology is transparent to users and applications while rendering data unreadable to cyber-criminals.

 

 7.      Efficient patch management

Advanced vulnerability scanning and patch management ensure you’re always up-to-date and fully notified about your most critical security exposures.

 

 8.      Robust systems management tools

A powerful toolkit designed to make time-consuming IT tasks like OS installation, network inventory, system provisioning, remote administration, network admission control and license management both faster and less complex.

 

 9.      End-to-End Protection

Kaspersky has long been a leader in protecting all aspects of network infrastructure. Wide-ranging support covers Windows®, Linux®, Apple, Exchange, Netware, Notes/Domino, SharePoint, iOS, Android™, Windows Mobile, Symbian and more. From the endpoint all the way to the internet gateway, you can protect it with Kaspersky Lab.

 

 10.     Proof of performance

Again and again in independent tests, Kaspersky Lab comes out on top. So don’t compromise on your security and don’t waste resources with other vendors who just can’t keep up with the threats!

 

Source

 

Continue Reading →

Need Help unlocking your digital life without paying your attackers*?

Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files.

When this happens, you can’t get to the data unless you pay a ransom. However, this is not guaranteed and you should never pay!

intel-kaspersky-ransomware

https://www.nomoreransom.org/

  • ChimeraDecryptor tool is designed to decrypt files encrypted by Chimera
  • TeslaDecryptor can decrypt files encrypted by TeslaCrypt v3 and v4
  • ShadeDecryptor can decrypt files with the following extensions: .xtbl, .ytbl, .breaking_bad, .heisenberg.
  • CoinVault decryption tool decrypts files encrypted by Coinvault and Bitcryptor.
  • RannohDecryptor tool is designed to decrypt files encrypted by:
    • Rannoh;AutoIt;Fury;Crybola;Cryakl;
    • CryptXXX versions 1 and 2 (files encrypted by Trojan-Ransom.Win32.CryptXXX version 3 are detected, but not decrypted).
  • RakhniDecryptor tool is designed to decrypt files encrypted by:
    • Chimera;Rakhni;Agent.iih;Aura;Autoit;Pletor;Rotor;Lamer;Lortok
    • Cryptokluchen;Democry;Bitman (TeslaCrypt) version 3 and 4.

 

5 Steps to prevent and to recover from this is 

  1. Update your OS regularly.
  2. Install a good and robust antivirus software. But, bear in mind, there is no 100% protection from this. Using a layered antivirus is highly recommended. It means that you can have a perimeter AV on the firewall like Fortinet. Install EndPoint Security Protection like Kaspersky, Intel, McAfee, Symantec
  3. Get a backup software like ShadowProtect or Acronis Backup Cloud or Azure Backup and backup NAS like Qnap or Synology.
    1. For the server, you must have at least 2 local backup and 1 cloud backup.
    2. For Workstation, you must have at least 2 local backup or 1 local backup and 1 cloud backup
  4. Disconnect from Network once you suspected something is wrong.
  5. Trust No One. Always be wary.

 

Contact Win-Pro for methods to mitigate the effect of Ransomware. We have possible solutions and suggestions to help you prevent future attacks.

You need to start planning now. Let us help!

Continue Reading →

IRAS Scam

Scam impersonating IRAS.

Please do not open this email. This is a spam email with a virus payload as an attachment.

The email carries a message that a report on the recipient’s  tax refund is attached and that they should go through the PDF attachment to view the tax refund report.

Members of the public should not respond to this email or click on any attachment or file from the email. They are advised to delete it as soon as they have seen it, and refrain from opening it. They should also scan their computers/mobile devices with anti-virus programs.

They are advised to delete it as soon as they have seen it, and refrain from opening it. They should also scan their computers/mobile devices with anti-virus programs.

Continue Reading →