croom new

Flexible Solutions Blog

Flexible Solutions has been serving the Griffith area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Endless Line of Costs from a Data Breach

The Endless Line of Costs from a Data Breach

Picture this… In your office you have a bag filled with thousands of envelopes. In each envelope there is $242 in cash. Unbeknownst to you, a thief has gained access to your office, but you don’t realize this until 279 days later. How much is this going to cost your business?

0 Comments
Continue reading

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Fishing for Answers to Keep Phishing Attacks from Sinking Your Business

Phishing attacks have been in the social consciousness now for a while, and for good reason: it is the predominant way that hackers gain access to secured networks and data. Unfortunately, awareness to an issue doesn’t always result in positive outcomes. In this case, hackers get more aggressive, and by blanketing everyone under a seemingly limitless phishing net, 57 billion phishing emails go out every year. If a fraction of those emails accomplish their intended goal, the hackers on the other end of them really make out.

0 Comments
Continue reading

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

0 Comments
Continue reading

Uber Demonstrates the Importance of Disclosing a Data Breach

Uber Demonstrates the Importance of Disclosing a Data Breach

If your business was breached, would it be better to keep it a secret, or should you disclose it to your clients? Uber has proven that trying to hide it is a mistake, and a costly one at that.

0 Comments
Continue reading

Looking Back at This Year’s Cybersecurity Issues

Looking Back at This Year’s Cybersecurity Issues

Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact, as a quick glance back can show.

0 Comments
Continue reading

Tech Term: Hacker

Tech Term: Hacker

The term “hacker” is possibly one of the best-known technology-related terms there is, thanks to popular culture. Properties like The Girl with the Dragon Tattoo and the Die Hard franchise have given the layman a distinct impression of what a hacker is. Unfortunately, this impression isn’t always accurate. Here, we’ll discuss what real-life hackers are like, and the different varieties there are.

0 Comments
Continue reading

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

0 Comments
Continue reading

Is Your Security Prepared to Stop a DDoS Attack?

Is Your Security Prepared to Stop a DDoS Attack?

If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it be able to recover in a timely manner? Do you have measures put into place to keep them from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half of them have simply proven to be ineffective against DDoS.

0 Comments
Continue reading

30 Schools Shut Down In Montana After Cyber Attack

30 Schools Shut Down In Montana After Cyber Attack

Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.

0 Comments
Continue reading

Charity Scams Are Very Real. Here’s How To Dodge Them

Charity Scams Are Very Real. Here’s How To Dodge Them

Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.

0 Comments
Continue reading

Getting Greedy: Ransomware Hackers are Asking for Way More Money

Getting Greedy: Ransomware Hackers are Asking for Way More Money

If fiscal reasons have stopped you from securing your network against ransomware thus far, you may want to reconsider your strategy. Not only are attacks still becoming more and more prevalent, but the developers of ransomware have lowered the price of admission for aspiring cyber criminals. Fortunately, there are some steps you can take to keep your business protected against a ransomware attack.

0 Comments
Continue reading

The Most Popular Domains Make the Biggest Targets for Email Spoofing

The Most Popular Domains Make the Biggest Targets for Email Spoofing

Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.


According to a Swedish cybersecurity firm called Detectify, there are major online domains that are at risk of email spoofing due to misconfigured server settings. Email spoofing is the act of sending a message, while masking the true email address that it comes from. This allows hackers to forge the sender address to suit their needs. Generally speaking, email messages don’t have automatic authentication built into them. This is something that must be configured on the server side of things.

Thankfully, there are ways to properly configure your email server, but unless you’re a hardcore techie, you run the risk of either configuring the system incorrectly, or changing settings that may compromise your security. Yet, it’s still important to keep in mind how the solutions that prevent email spoofing, work. Here’s a breakdown of the details:

  • Sender Policy Framework (SPF): This is a record that’s checked alongside the DNS (Domain Name System) record, in order to decide whether or not the server is allowed to send email using the specific domain. SPF uses three identifiers for its messages: softfail (accept the message, but mark it as spam), hardfail (reject the message entirely), and neutral (do nothing and let the message through unhindered).
  • DomainKeys Identified Mail (DKIM): DKIM hashes the body and the header of the email separately, and creates a private key that gets sent with the message. Once the message is received, the key will perform a DNS request to see where the email originated. If everything adds up properly, the message is received.
  • Domain-based Message Authentication Reporting and Conformance (DMARC): DMARC is considered the ideal solution, as it makes use of both SPF and DKIM to identify an email. DMARC’s functions split into three: reject (a full rejection, and the end-user never sees the message), quarantine (the message is stored for your review), and none (allow the message through). The idea is to either identify messages as fraudulent, or provide the system administrators with the ability to review them and make the decision themselves.

You might be wondering why we’re even bringing this up, and it’s because Detectify discovered that, out of the top 500 sites on the Internet, 276 of them can be spoofed. Detectify considers servers that don’t have SPF or DMARC configured correctly to be vulnerable to email spoofing - this includes using no SPF at all, using SPF with softfail only, and using DMARC with action none. Therefore, you need to take measures to ensure that your team knows how best to identify spoofed email domains, and phishing messages in general. If you don’t, you could be placing your business in harm’s way. On top of that, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The best way to keep your employees from falling into this trap is by ensuring that you’ve educated them on security best practices, and to limit their exposure to such threats in the first place. This includes taking the time to explain to them how phishing threats and other security discrepancies behave, as well as implementing solutions to keep suspicious messages out of your inbox in the first place.

Your business needs to consider security a top priority, and only Flexible Solutions can help. Reach out to us at 02 6969 0333.

0 Comments
Continue reading

A Zombified Botnet is as Scary as it Sounds

A Zombified Botnet is as Scary as it Sounds

Botnets are proving to be a difficult hurdle for security professionals, and it’s easy to understand why. Distributed Denial of Service attacks that can knock down servers or services, as well as hordes of remote-controlled zombie computers, are two of the most dangerous ways that hackers use botnets to serve their purposes. What can you do to protect your business from botnets?

0 Comments
Continue reading

Hackers Target Voter Information Databases to Steal Personal Data

Hackers Target Voter Information Databases to Steal Personal Data

Hackers are always getting their hands into sticky situations, but one of the hot topics in world politics--the 2016 United States presidential election--is one of the nastier ones in recent years. In the past few months alone, hackers have reportedly breached not only the Democratic National Committee, but have also infiltrated at least two state election databases.

0 Comments
Continue reading

This NSA Employee Made a Mistake. How Hackers Exploited it is Worrisome

This NSA Employee Made a Mistake. How Hackers Exploited it is Worrisome

One of the biggest hacks of 2016 was the United States National Security Agency, by a hacking group calling themselves the Shadow Brokers. This hack came to light after tools belonging to the NSA were discovered on the black market. How could a data breach of this magnitude happen to one of the most secure IT systems in the world? Newly released evidence may provide the answers.

0 Comments
Continue reading

Shhhh! Library of Congress Hacked

Shhhh! Library of Congress Hacked

Not since the British burned the Library of Congress to the ground in the War of 1812 has there been a more devastating attack on the famous library. Only this time, the recent attack was of the digital variety and King George III had nothing to do with it.

0 Comments
Continue reading

Some Evil Genius Just Combined the Pyramid Scheme With Ransomware

Some Evil Genius Just Combined the Pyramid Scheme With Ransomware

The ransomware machine keeps moving forward, despite significant opposition. In particular, the ransomware tag-team duo of Petya and Mischa have steamrolled most attempts to block them from accessing critical systems, always finding ways to outsmart security professionals. Now, these ransomwares have adopted a Ransomware as a Service model, which has made significant changes to the way that this ransomware is distributed.

0 Comments
Continue reading

Scammers Use Whaling Attack Emails to Pose as Upper Management

Scammers Use Whaling Attack Emails to Pose as Upper Management

The average business owner may already be aware of what are called phishing attacks - scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.


Whaling attacks are designed to mimic the behaviors of CEOs or other members of upper management. This could be in the form of a manager, a COO, or even a CIO. Whaling attacks are often successful because they appear to come from a legitimate source; nobody expects their boss to get hacked, and naturally they will want to do as they say. It appeals to the nature of the office worker to want to avoid conflict with upper management, and the fear of getting in trouble for insubordination. In addition to looking like an official business email, some whaling schemes may even resemble documents from the FBI or other government institutions.

Once this fear has been instilled in the hearts of the average office worker, it’s only a matter of time before one of two things happen: 1) The hacker gets what they want, be it sensitive credentials, a fraudulent wire transfer, or otherwise, or 2) The office worker realizes that they’ve been duped, and deletes the email. Unless the worker knows what to look for in a phishing message, however, the more likely scenario is the former.

In the face of any type of phishing attack, be it a spear-phishing attack or a targeted whaling attack, it’s important to remember that you should always think with your brain first before immediately reacting to a message like this. Take a moment to consider how much sense it makes to follow the instructions in the email that you’ve received. By simply taking a deep breath and calmly analyzing the email, you could be saving yourself a lot of pain and frustration.

As is the case with any phishing attack, look for irregularities in both the message itself, and the address that the message came from. Does it come from a legitimate sender? If so, what’s the email address? Look it over carefully and try to spot anything that’s out of place. Are there any numbers or letters that are trying to mask the true email address? Is there anything suspicious about the contents of the email? Look for curiously repetitive or urgent requests. Hackers like to use time-sensitive language to rush users into making a decision.

In dangerous situations like this, wouldn’t it be great if any whaling attacks and other phishing schemes stayed out of your inbox in the first place? With a spam blocking solution, your business will have little to fear from dangerous or fraudulent messages by eliminating them from your inbox entirely. We offer powerful enterprise-level spam blocking solutions that are designed to keep your business free of malicious or wasteful messages. To learn more, give us a call at 02 6969 0333.

0 Comments
Continue reading

FBI Issues Warning About Critical Infrastructure Getting Hacked

FBI Issues Warning About Critical Infrastructure Getting Hacked

There aren’t many instances of hackers targeting physical infrastructure, but the few that make themselves known tend to be quite catastrophic. Take, for example, the devastating cyber attack on the Ukrainian power infrastructure, which left thousands of citizens powerless. Now, several months later, authorities believe that other major countries could also become a target of similar attacks.

0 Comments
Continue reading

This Hacker Stole 1.17 Billion Credentials. You Won’t Believe How Much He Sold it All For

This Hacker Stole 1.17 Billion Credentials. You Won’t Believe How Much He Sold it All For

In a bizarre reminder of why security best practices are so critical to the world of IT, it has been reported that one of the largest collections of hacked and stolen login details are currently making the rounds in the Russian black market.

0 Comments
Continue reading

Mobile? Grab this Article!

Qr Code

Newsletter Sign Up

  • First Name *
  • Last Name *

      Latest Blog Entry

      One of the most - if not the most - critical resource your business relies upon is your workforce. Your employees are what keep your operations, well, operational. As a result, they are one of your most important resources to maintain as well. They are human beings, and with...

      Latest News

      Flexible Solutions launches new website!

      Flexible Solutions is proud to announce the launch of our new website at www.flexiblesolutions.com.au. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

      Read more ...

      Account Login