croom new

Flexible Solutions Blog

Flexible Solutions has been serving the Griffith area since 1988, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

65 Bitcoin Ransom Paid by Florida City

65 Bitcoin Ransom Paid by Florida City

65 of any currency doesn’t seem like a lot of money, but when you are dealing in the cryptocurrency Bitcoin, it adds up quick. One city on Florida’s Atlantic coast is finding that out the hard way after getting hit with a ransomware that stymied the city of 35,000 government’s ability to function. Let’s take a look at the situation that made the city’s leaders agree to pay hundreds of thousands of dollars to scammers.

0 Comments
Continue reading

The SamSam Ransomware Is Absolutely No Joke

The SamSam Ransomware Is Absolutely No Joke

The funny thing about ransomware is that they give them very strange names: Bad Rabbit sounds like the name of a villainous bunny who gets his comeuppance in some type of modern nursery rhyme, not malware that would ravage hundreds of European businesses. Locky seems like the son of Candado de seguridad, a character Medeco would come up with to educate kids on proper physical security. The latest in a long line of funny-named ransomware, SamSam, isn’t a pet name for your pet ferret you perplexingly named Sam, it is one of the worst ransomware strains ever, and it has caught the attention of U.S. Federal law enforcement.

0 Comments
Continue reading

Here is How Antivirus Keeps a Business Safe

Here is How Antivirus Keeps a Business Safe

A lot is made about antivirus as a part of a comprehensive network security platform, but how does the system really work to eliminate threats? Today, we will take a look at an antivirus solution to show you how it goes about removing unwanted files and other code.

0 Comments
Continue reading

Looking Back at This Year’s Cybersecurity Issues

Looking Back at This Year’s Cybersecurity Issues

Every business in operation today needs to have some kind of comprehensive network security. Simply put, there are too many threats that can come in through an Internet connection for them to continue doing otherwise. The past year provides plenty of anecdotal proof of this fact, as a quick glance back can show.

0 Comments
Continue reading

Reexamining Meltdown and Spectre

Reexamining Meltdown and Spectre

It’s been about a year and a half since the Meltdown and Spectre exploits became publicly known. While patches and updates were administered to reduce their threat, they continue to linger on in a less serious capacity. Of course, this doesn’t mean that the threat has entirely been neutered--you still want to know what these threats do and whether or not you’re safe from them.

0 Comments
Continue reading

A Ransomware Cyberattack Struck Atlanta, Georgia

A Ransomware Cyberattack Struck Atlanta, Georgia

Ransomware doesn’t discriminate with its targets, as the city of Atlanta, Georgia now knows so painfully well. The city became the target of a ransomware attack that crippled many of its critical system workflows. The municipal government suffered from one of the most advanced and sustained attacks in recent memory.

0 Comments
Continue reading

Targeted Ransomware Checks for Particular Attributes

Targeted Ransomware Checks for Particular Attributes

Put yourself in the shoes of a cybercriminal. If you were to launch a ransomware attack, who would be your target? Would you launch an indiscriminate attack to try to snare as many as you could, or would you narrow your focus to be more selective? As it happens, real-life cybercriminals have largely made the shift to targeted, relatively tiny, ransomware attacks.

0 Comments
Continue reading

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

0 Comments
Continue reading

Is Your Security Prepared to Stop a DDoS Attack?

Is Your Security Prepared to Stop a DDoS Attack?

If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it be able to recover in a timely manner? Do you have measures put into place to keep them from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half of them have simply proven to be ineffective against DDoS.

0 Comments
Continue reading

Your Computer's Infected... What Do You Do Next?

Your Computer's Infected... What Do You Do Next?

It’s one of the most commonly-known computer issues: infection. There are plenty of threats out there that could potentially take hold of your PC. The question is, do you know how to proceed if one does? This blog will go into just that.

0 Comments
Continue reading

What We Can Learn From IT Statistics

What We Can Learn From IT Statistics

Technology plays a pivotal role in the way modern businesses function, and as a result it carries some element of risk. An example of this is how companies store electronic records. While the implementation of measures that are designed to provide greater ease of use and organization for a business’ employees make business move faster, it also makes it that much easier for a hacker to locate and steal data. Small and medium-sized businesses, in particular, are vulnerable, as they may not have dedicated IT security.

0 Comments
Continue reading

Would You Share Your Browser History? This Ransomware Will

mobile_ransomware_400

Ransomware is a tricky piece of malware that locks down the precious files located on a victim’s computer, then (in theory) will return access to them when a ransom has been paid. Depending on the files stored on a victim’s computer, they might simply blow it off and not worry too much about losing access to a couple of pictures or videos--but what if this ransomware threatened to expose your web browsing history?

0 Comments
Continue reading

Tip of the Week: Understanding Spyware is the First Step to Preventing It

Tip of the Week: Understanding Spyware is the First Step to Preventing It

The term ‘spyware’ has some clearly negative connotations to it, and rightly so. This variety of malicious software can cause no small amount of trouble if left unchecked. What follows is a brief overview of spyware, and what measures you can take to protect yourself and your business from it.

0 Comments
Continue reading

Ask Yourself, Does My Smartphone Have Malware Preinstalled?

Ask Yourself, Does My Smartphone Have Malware Preinstalled?

You might take extreme measures to keep your business’s devices from contracting the odd virus or malware, but what if all of your efforts are for nothing? You could have the greatest preventative solutions out there, but you can still get infected by some nasty threats, the reason being that the device was infected before you even started using it. You might be surprised by how often this happens, even to wary business owners.

0 Comments
Continue reading

The Most Popular Domains Make the Biggest Targets for Email Spoofing

The Most Popular Domains Make the Biggest Targets for Email Spoofing

Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.


According to a Swedish cybersecurity firm called Detectify, there are major online domains that are at risk of email spoofing due to misconfigured server settings. Email spoofing is the act of sending a message, while masking the true email address that it comes from. This allows hackers to forge the sender address to suit their needs. Generally speaking, email messages don’t have automatic authentication built into them. This is something that must be configured on the server side of things.

Thankfully, there are ways to properly configure your email server, but unless you’re a hardcore techie, you run the risk of either configuring the system incorrectly, or changing settings that may compromise your security. Yet, it’s still important to keep in mind how the solutions that prevent email spoofing, work. Here’s a breakdown of the details:

  • Sender Policy Framework (SPF): This is a record that’s checked alongside the DNS (Domain Name System) record, in order to decide whether or not the server is allowed to send email using the specific domain. SPF uses three identifiers for its messages: softfail (accept the message, but mark it as spam), hardfail (reject the message entirely), and neutral (do nothing and let the message through unhindered).
  • DomainKeys Identified Mail (DKIM): DKIM hashes the body and the header of the email separately, and creates a private key that gets sent with the message. Once the message is received, the key will perform a DNS request to see where the email originated. If everything adds up properly, the message is received.
  • Domain-based Message Authentication Reporting and Conformance (DMARC): DMARC is considered the ideal solution, as it makes use of both SPF and DKIM to identify an email. DMARC’s functions split into three: reject (a full rejection, and the end-user never sees the message), quarantine (the message is stored for your review), and none (allow the message through). The idea is to either identify messages as fraudulent, or provide the system administrators with the ability to review them and make the decision themselves.

You might be wondering why we’re even bringing this up, and it’s because Detectify discovered that, out of the top 500 sites on the Internet, 276 of them can be spoofed. Detectify considers servers that don’t have SPF or DMARC configured correctly to be vulnerable to email spoofing - this includes using no SPF at all, using SPF with softfail only, and using DMARC with action none. Therefore, you need to take measures to ensure that your team knows how best to identify spoofed email domains, and phishing messages in general. If you don’t, you could be placing your business in harm’s way. On top of that, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The best way to keep your employees from falling into this trap is by ensuring that you’ve educated them on security best practices, and to limit their exposure to such threats in the first place. This includes taking the time to explain to them how phishing threats and other security discrepancies behave, as well as implementing solutions to keep suspicious messages out of your inbox in the first place.

Your business needs to consider security a top priority, and only Flexible Solutions can help. Reach out to us at 02 6969 0333.

0 Comments
Continue reading

A Zombified Botnet is as Scary as it Sounds

A Zombified Botnet is as Scary as it Sounds

Botnets are proving to be a difficult hurdle for security professionals, and it’s easy to understand why. Distributed Denial of Service attacks that can knock down servers or services, as well as hordes of remote-controlled zombie computers, are two of the most dangerous ways that hackers use botnets to serve their purposes. What can you do to protect your business from botnets?

0 Comments
Continue reading

This Halloween, Dress Like a Hacker and Terrify Your IT Administrator

This Halloween, Dress Like a Hacker and Terrify Your IT Administrator

Halloween is a time when people of all ages dress up as something spooky that they’re really not. For the scariest of hackers, every day is like a reverse Halloween as they try to scam victims by pretending to be someone safe and trustworthy--a persona that they’re really not. This Halloween, don’t get tricked by the haunted hack!

0 Comments
Continue reading

5 Best Practices to Protect Your Business From Ransomware

5 Best Practices to Protect Your Business From Ransomware

Ransomware is an online threat that continues to develop and evolve to accommodate the motives of cyber criminals around the world. Ransomware locks down your business’s files and demands a decryption key for their safe return, which makes it difficult (or impossible) to move forward with operations. How can you prevent ransomware from destroying your business’s chances of survival?

0 Comments
Continue reading

Alert: Android Malware Can Control Your Phone Through Twitter

Alert: Android Malware Can Control Your Phone Through Twitter

Hackers continue to innovate and cause trouble for businesses of all industries and sizes. One of the more interesting recent tactics includes utilizing a malicious Twitter account to command a botnet of Android devices to do its bidding. Twitoor is considered to be the first real threat to actively use a social network in this manner, making this a major cause for concern.

0 Comments
Continue reading

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

If your employees are given an Android device to use for work, or if they bring in their own as a part of BYOD, you may want to pay special attention to what follows.

0 Comments
Continue reading

Latest Blog Entry

“By failing to prepare, you are preparing to fail.”This quote is frequently attributed to Benjamin Franklin, and while it may not have actually been said by the Founding Father, it still teaches a valuable lesson - especially where disaster recovery is concerned. In other wo...

Latest News

Flexible Solutions launches new website!

Flexible Solutions is proud to announce the launch of our new website at www.flexiblesolutions.com.au. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Read more ...

Account Login