Prevent Social Engineering in the Workplace!!

Prevent Social Engineering in the Workplace!!

Back on August 15th 2022, UBER was hacked again. It was compromised as a hacker gained access to an inter-departmental chat service called “SLACK” …and used that to spoof an administrative appearing message to gain an employee’s password and used that to access the rest of the network. Here is a link to the Tech Republic Article from the internet:  Uber Social Engineering Leak August 15, 2022
 
How does this happen? How do you KEEP THIS FROM HAPPENING AT YOUR COMPANY???
 
By LEARNING YOURSELF, THEN TRAINING YOUR EMPLOYEES!!
 
Here is a document that can help you do just that. I didn’t write it, I’m just sharing it so that the information can get out there, because obviously it’s not getting out there or these breaches would not continue to occur in late 2022.

 

UPDATE YOUR PHP TO VERSION 8.0 NOW!

UPDATE YOUR PHP TO VERSION 8.0 NOW!

UPDATE YOUR PHP TO VERSION 8.0 NOW!

if you haven’t updated your website to version 8.0 yet, you should. It came out early this year. There should not be anything in it that would break a site. The first main reason you should update is that support has ALREADY ended for versions 7.1 and 7.2 and and is in the timeline (the clock is running) until support for version 7.3 will also be ended. I updated 4 sites today without a glitch on any of them.

Some of the newer additions are the JIT compiler, which should add a little speed to your site, “union types” which is an interesting coding feature that allows more than 1 type to be used in conjunction, and “attributes” which now allows you to add meta data to a class. Also added are “name arguments”, a “match” expression which is like a super switch element, Constructor properties have also received a “step-up” in the game. There are new return types, and many other fun toys you will like if you are a programmer.

If you are not a programmer, you will just enjoy the added abilities it will give your site for any new code that is written in PHP 8.0, and the updates are likely coming if they are not already here, so you want your back-end to have the necessary tools to comply any new theme or plugin updates that are using it. If you don’t update the code version in your hosting environment, you can’t benefit fully from some of the updates.
If you are not a “techie” but you still want to benefit from this new update, give Everything I.T. a call, and let them safely backup your site and do the upgrade for you, or better yet, consider one of their annual maintenance plans.

CONTACT US NOW AND GET YOUR SITE UPDATED!

WHERE IS MY MONEY? About ACH Bank Transfer Delays…

So I recently was trying to figure out “how” and “why” money can leave 1 account, and not show up posted or pending at my banks account yet, but still not actually be “missing” (which everyone kept telling me, and told me to sit around and “wait” for it, which no one knows is easy, right?) What I did was try to transfer money from 1 account to another account, the money CLEARLY left the 1st account RIGHT AWAY…but when I logged into my bank account, it never showed up. Not today, and not the next day. And neigther was it even a “pending” transaction. So I began to panic…when everyone told me everything was fine and I still couldn’t find it, I began to panic. After I panicked, I did some research, and discovered this information.

If this has ever been you, you may want to read this clear and comprehensive article to how and what ACH payment processing is and how it works. It was very interesting and helpful information to me. I hope you find it helpful as well. (I’m amazed at how many bank and financial institution supervisors could never explain this information to me!) You would think they would be able to explain this simple process to me.

https://blog.abacus.com/where-the-hell-is-my-money-the-dirty-secrets-of-ach

How a programmer views the #1 Most Hated thing about 2020

How a programmer views the #1 Most Hated thing about 2020

Masks & Programming

Just a little 2020 Covid-19 Mask Humor For Your Day

It’s not THAT bad, right? We know you will look back on this year at times in the future, and this year was such a struggle for so many. We will look back with affection and remember how IMPORTANT it was to maintain a little light humor during all of it. When we are on the other side looking back, I want to give you a warm feeling.

Awesome New Divi Mobile Plugin

Awesome New Divi Mobile Plugin

You may or may not be aware, that if you own the worlds BEST wordpress plugin DIVI,  that you ALSO get ALL the other Elegant Themes products included with the original cost of your license…in other words, NO ADDITIONAL CHARGE. Divi in itself, is completely worth the purchase price of the theme simply by itself, it does hundreds of times more than any other theme on the market, all without needing to know any coding at all to design your website. It will literally do anything you want it to.But to get all these other products included with it, just puts the icing on the cake. How can you NOT be working with this awesome website tool?

But now, in addition, you can also this amazing new plugin that allows you to customize the mobile menu…a new feature. (There are other amazing plugins as well, social network sharing, email account contact management connecting, and others) To check out the new plugin, go here: DIVI MOBILE PLUGIN

To check out DIVI, if you don’t know what it is yet perhaps…you should go here and play with the demo…it’s awesome! Check the links below…

DIVI INFORMATION PAGE

DIVI DEMO TO PLAY WITH

880 PREMADE LAYOUTS TO MAKE IT EVEN EASIER!

Divi WordPress Theme

Hacking at an All Time High, & Zoom Phishing

Hacking at an All Time High, & Zoom Phishing

yes, Hacking is at an all time high right now, so it’s not a time to be slack on security at all…and being as Zoom is so popular right now, there are really good quality Zoom phishing attempt to get into your system and they are working.

How it works is you get a phishing email saying you ‘missed a scheduled Zoom meeting” that will contain a link that promises a video of the meeting and recording. If you click the link it will take you to a malicious website that dupes a Microsoft Login page, and if you login, guess what, they now have your Microsoft credentials which they can now use to log in to your computer. It is very effective. If you want to read more on how the attack works, read about it in more detail here: Phishing Campaign

The attack is successful because it will appear to have your legitimate information…it will have your real name in the email. These are TARGETED attacks usually for certain company employees.

Here is another article on ZOOMBOMBING which is an entirely different Zoom hack…read about that one also.

If you do get hacked, you can get a hold of us, and we can clean up your system pretty thoroughly. I’ve done 3 people in the last week, so don’t feel like you are the only one. These guys are sitting around in lockdown/quarantine with nothing better to do than improve their hacking skills, and wreak havoc. Don’t give them an open door, lock it down folks. 🙂

WordPress Cross-Site-Scripting Vulnerability

WordPress Cross-Site-Scripting Vulnerability

I just got a notice that the plugin

GDPR Cookie Consent

has a XSS vulnerability in it. Just released today:

This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry   0 Replies

Description: Improper Access Controls
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Patched Version: 1.8.3

If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:

or search it out on the WordFence blog.

Thanks for visiting. Share this information with your developer friends! 🙂

Why email passwords are not enough

Why email passwords are not enough

Do you have security on your email account? How much…a good password maybe? It’s not enough. And here is why…

Your email account gives access to ANY other account you may hold. If someone can access your email account, they can ‘verify’ and get into ANY of your online accounts. Maybe you think people don’t try? Well that would be a very bad mistake. Here is my account that someone has been trying to get in to unsuccessfully for 24 hours now. It’s been unsuccessful because #1 I have 2-step verification on my microsoft account.  And #2, because I have 2-step verification on, you need another ‘special’ password to set up email, because the regular password won’t work in an email setup if you have 2-step security turned on.

If you look at the image, you will see the protocol they were trying to access was/is IMAP …which is email. When the request hit my phone today, I changed the password to make it even more difficult, now they have to start over if they want to continue…but somehow they got my email password, or I would have never got a request on my phone. So that should be proof to you that passwords alone are not enough.

There are certain accounts that need to be protected harder than other accounts…these are banking, hosting, and email accounts. Don’t take chances with them. You may never need it for 5 years…but if you have it in place and use it regularly…the 1 time you do need it, it will protect you.

Call Everything I.T. if you need help with security. We can help you.

email account security

Hackers Are Not That Smart…

Hackers Are Not That Smart…

Don’t Fear Hackers, Just Protect, and Sleep At Night

I just wanted to write a brief post, in light of all the internet hacking and malware that is going on lately. There are some pretty nasty infections going around the web at the moment. But people shouldn’t fear them. If you have your security up tight, if you have done all the basics, and follow all the rules, life will go on, and everything will be ok. Most hackers are not actually that intelligent. Granted, there is a handful of extremely bright coders/programmers out there. But you need to know that this is NOT the majority of the crowd out there. The majority of the crowd falls into the category of what we like to call “script kiddies” …people with zero skills, who download malicious programs from the internet and the darkweb (if they actually survive without getting hacked themselves) and attempt to put them to work. (more…)

WOW, this is AMAZING!

WOW, this is AMAZING!

AMAZING launch returns boosters to the pad for the first time!

It’s not I.T. related, but being a veteran, and also working for both Lockheed Martin, and Astro Aerospace in the past, I have a great appreciation for these projects as well. In any regard, this is a tremendously amazing acheivment, and glorious to observe. I watched this video on my TV …full screen! Don’t check out early, or you will miss the best part.

WordPress 5.1 Released Today

The latest version of WordPress, 5.1, has some great improvements. You will want to read about them:  (REF: https://make.wordpress.org/core/2019/02/08/wordpress-5-1-field-guide/ )  CHECK IT OUT!

  1. Cron Improvements with PHP-FPM in WordPress 5.1
  2. Cron API changes in WordPress 5.1
  3. Preparing WordPress for a JavaScript Future Part #1: Build Step and Folder Reorganization
  4. Build tools: We’ve enabled running WordPress from /src again
  5. New Styling for Admin Table Pagination Links in WordPress 5.1
  6. WordPress 5.1 String Changes in HTML/PHP Files

There are even more goodies in 5.1 like updates to values allowed for the WP_DEBUG_LOG constant, new test config file constant in the test suite, new plugin action hooks, short circuit filters for wp_unique_post_slug() and WP_User_Query and count_users(), a new human_readable_duration function, improved taxonomy metabox sanitization, limited LIKE support for meta keys when using WP_Meta_Query, a new “doing it wrong” notice when registering REST API endpoints, and more!

  1. Miscellaneous Developer Focused Changes in 5.1
  2. New function: human_readable_duration
  3. Improved taxonomy metabox sanitization in 5.1
  4. LIKE support for meta keys in 5.1
  5. New REST API Notice in 5.1

There are also a few additional changes that will receive a dev note shortly:

  • Object Caching can now degrade gracefully (#22661)
  • New parameter for the wp_check_filetype_and_ext filter (#45707)
  • New filter for filtering and overriding block attributes (#45451)

But Wait, There is More!

Over 303 bugs, 156 enhancements, 9 feature requests, and 23 blessed tasks have been marked as fixed in WordPress 5.1. Some additional ones to highlight include:

  • Bootstrap/Load: WSODs protection returns incorrect content type for JSON Requests (#45933)
  • Cache API: Allow object caches to degrade gracefully (#22661)
  • Customize: Improve browser compatibility of X-Frame-Options and Content-Security-Policy headers for window in preview iframe (#40020)
  • Customize: Use iframe sandbox attribute to restrict browsing in Customizer preview instead of attempting to rely on JS to intercept top navigation (#42341)
  • Customize: Fix counting of sections for widget sidebars, allowing non-sidebar sections to not interfere (#43556)
  • Customize: Prevent wp_targeted_link_rel() from corrupting Customizer changeset data (#45292)
  • Media: Parse the creation date out of uploaded audio files (#42017)
  • Media: No placeholder for ico file in list view of Media Library (#43458)
  • Media: media_handle_sideload() may unexpectedly return 0 on error (#44303)
  • Menus: Improve headings and instructions for better accessibility (#43397)
  • Menus: Show an appropriate message when no menus exist (#45155)
  • Networks and Sites: Improve site creation in multisite (#40364)
  • Networks and Sites: Introduce ms-site.php and ms-network.php files (#40647)
  • Networks and Sites: Implement wp_initialize_site() and wp_uninitialize_site()(#41333)
  • Plugins: Disable “Install Plugin” button for PHP required version mismatch (#43986)
  • Privacy: Show the comment / awaiting moderation message even without opt-in (#43857)
  • Query: post__in orderby not working when passed in an array to orderby (#38034)
  • REST API: Allow to filter the query in the search controller (#45454)
  • Taxonomy: Add un|registered_taxonomy_for_object_type action (#44733)
  • Users: New filter to short circuit WP_User_Query results (#44169)
  • Widgets: Make the Widgets screen “Enable accessibility mode” link more discoverable (#42778)
  • Widgets: Fix Gallery Widget preview after an image is deleted (#43139)
  • Widgets: Fix custom HTML widget editor content not updating after save (#43657)
Give the Gift of I.T.

Give the Gift of I.T.

Everything I.T.’s gift certificates make the perfect Christmas (or other occassion) gift for the person that is difficult to buy for, because they can be used for so many different things. If the recipient is non-technical, they can be used to set up email, for computer tutoring or training, or for remote technical assistance if they get in a jam they just can’t resolve on their own. It can be used for a computer repair, for home or business. For the more technical person, it can be used for computer hardware upgrades (for your favorite gamer) like graphic cards, hard drives, extra memory, or whatever. It can use used to help them get that website going that they know they need but haven’t been able to afford, or if they already have one, they can get upgrades to it, or even an annual maintenance contract. The best part is, …you don’t have to choose. You just chip in, purchase the gift certificate, and let them use it however they want! It’s perfect really…There are very few people who can’t find some use for it. You can purchase the gift certificate for any amount you choose, from $35 and up. ($35.00 is still the minimum 1 hour rate for any job) It’s perfect for young and old alike. I tutor students, and work with seniors, I’m very patient, and can help anyone who needs it to adapt to the technical era. Get one today!


AMOUNT (add quantity later)
Name of recipient
Recipient Mailing Address