Help
News Bulletins

News Bulletins

News Bulletin November-December 2016






CV_PSAB_NewsletterWelcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:
The Pennsylvania State Association of Boroughs and CourseVector, LLC.


Alerts

Scam: Domain Name Renewal Notices

Please be aware that illegitimate companies are still sending scam domain renewal notices! If you receive a questionable notice from a company such as “iDNS”, do not send payment, and contact CourseVector to confirm that the domain expiration is valid.

 

Millions of Wix.com Users Vulnerable to Hackers

Websites hosted with Wix.com were open to attacks because of an unpatched vulnerability.

Joomla Users Vulnerable In Recent to Attacks

Joomla recently released a patch to fix critical flaws in its programming. In conjunctions with the release, the Joomla users were hit with a new wave of attacks.

CourseVector offers secure and managed WordPress hosting options. We take all threats seriously, and work tirelessly to protect our customers and their websites.

 

Spotify Serving Malicious Ads to Freemium Users

Spotify users are reporting that ads running on Spotify Free, the streaming music service’s free product, automatically open malicious websites without their permission.

 

Compromised eCommerce Sites Targeting Retail Customers

Magecart, a recently observed instance of threat actors injecting a keylogger directly into a website, is one obscure method of targeting customers via retailer payment platforms. Since the widely publicized breach of Target Corporation, there has been a significant increase in awareness of activity surrounding POS (point of sale) system breaches.

 

6000+ Compromised Online Shops

RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates payment card information users enter to pay for their shopping. The number of compromised online shops keeps rising.

 

Current Happenings

Managed WordPress Maintenance – Remote Server Program

CourseVector now offers Managed WordPress Maintenance to clients on remote servers. Now, even if you are not hosting your website with CourseVector, you can take advantage of our hassle-free maintenance, including updates, backups, and plugins. Let us handle the hard work for you. Contact us today to set up Managed WordPress Maintenance.

 

Security News

Massive Bot Net Attack and How To Make Sure You Did Not Contribute

Mirai Botnet linked to massive DDoS attacks on Dyn DNS. See this link to check the internet connection to your home or office to see if there are any devices that can contribute to a DDoS attack.

 

Hacker Compromises 43 Million Weebly Accounts

Web hosting service Weebly has confirmed a major data breach, following a report stating that 43.4 million accounts were stolen from the company’s main database in February 2016. CourseVector understands the security threat of malicious data breaches and provides our hosting customers the best protection against such threats.

 

Locky Ransomware Learns New Evasive Tricks

According to the Microsoft Malware Detection Center team, Locky Ransomware authors have shifted the type of malicious attachments used in their spam campaigns to evade detection.

 

Vulnerability Patched in WordPress Theme that Allows Unrestricted Uploads

WordPress theme publisher DynamicPress fixed a flaw Monday that let anyone upload malicious files to sites running its business-themed Neosense WordPress templates.

 

AmEx Users Hit With Phishing Email Offering Anti-Phishing Protection

American Express users are being actively targeted with phishing emails impersonating the company and advising users to create an “American Express Personal Safe Key” to improve the security of their accounts, then taken to a bogus log-in page and instructed to input personal information.

 

Nine Info Security Mistakes Employees Make Over and Over Again

Some of the most common security issues are caused by bad habits ingrained in employees’ day-to-day routines. Thankfully, these potential threats and vulnerabilities are possible to reduce, by improving organisation-wide awareness of the most common information security mistakes.

 

Cybercriminals Already Able to Hack ATM Biometric Readers

The first test running biometric scanners on ATM started about a year ago, but Kaspersky Labs has found for sale on the Dark Web 12 sellers of devices allegedly capable of stealing fingerprints. The research has also located evidence that three other groups or individuals are working on a way to steal data from palm print and iris recognition systems.

 

Backdoored D-Link Router Should be Trashed, Researcher Says

The router suffers from 20 vulnerabilities, including a backdoor, backdoor accounts, and a default Wi-Fi Protected Setup PIN, to name a few of them. D-Link’s DWR-932B security issues are too numerous to patch.

 

Malicious Websites Visited Every Five Seconds by Enterprise Workers

A user at an enterprise organization accesses a malicious website every five seconds, according to research published by CheckPoint Software Technologies.

 

Book Examines U.S. Justice System

CourseVector recently created a website for author James Bowers Johnson. In his book, The End of Justice, Johnson gives an account of his experiences with the U.S. justice system. The End of Justice was a free website design by CourseVector, with minimal customization of an ecommerce package. Johnson is offering free copies of his book to those who are interested.

 

Featured Websites

Broken Laptop Screen

Broken Laptop Screen

CourseVector designed and built the website for Broken Laptop Screen, UK laptop screen repair specialists.

Paddleboard New Smyrna

paddleboard new smyrna

Paddleboard New Smyrna offers paddleboard rentals, lessons, and tours in New Smyrna Beach, Florida. CourseVector completed a redesign of the website and designed a logo needed for a specific event.

Sustainable Horizons Institute

shinstitute

Sustainable Horizons Institute is a non profit organization dedicated to building sustainable and inclusive scientific communities. CourseVector converted their outdated website to WordPress.

Freeport Borough

freeport borough

CourseVector designed the website for Freeport Borough in Armstrong County, Pennsylvania.

 

FAQ of the Month

Why should CourseVector handle my WordPress and Plugin updates? Will I have an issue with the 6-month update cycle?

Don’t let a WordPress update break your site! Managed WordPress Hosting includes updates and patches. We suggest that all of our clients allow us to do WordPress and CourseVector-installed plugin updates on their website(s). We always take responsibility for this maintenance and any issues that may arise as a result. Your site’s maintenance will be performed every 6 months, or sooner if there is a critical update. If you are concerned about the 6-month period between updates, know that our external firewalls help to protect against numerous vulnerabilities. Read more on our FAQ page. We’re always here to answer your questions. Don’t hesitate to contact us at any time!

Where is Internet Explorer? Why is my browser so different?

Some banks and government sites don’t support modern browsers, so the easiest way is to use Internet Explorer. But on Windows 10, they hid it and replaced it with Microsoft Edge. This video shows how to find Internet Explorer again.

 

 

News and Tips

The Events Calendar Plugin: Easily Add Events to your WordPress Site

The Events Calendar is free WordPress Plugin that makes managing events from your site easy and efficient!

Someone can Empty your Bank Account with the Information on the Front of Every Check you Write

The organization in charge of processing check payments warns that you should stop using paper checks.

Appointy: Online Appointment Scheduling Software

Appointy all-in-one scheduling software has everything you need to grow and manage your business in one easy-to-use interface. For information on this and other helpful plugins, visit our support-files WordPress plugins page.

 

Comedy Corner

comedy corner

 

News Bulletin September 2016






CV_PSAB_Newsletter

Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:
and .


Alerts

Tech Support Scams and Google Chrome Tricks

Tech support scams, phishing pages and fake alerts are commonplace these days. Here are some tech support scam techniques targeting Google Chrome users.

Dropbox hack bigger than previously realized

In 2016, we’re just now hearing about the scope of a 2012 Dropbox hack that affected over 68 million accounts.

GoDaddy customers target of phishing scam

A phishing scam aimed at GoDaddy customers lures victims by notifying them that their email storage has reached capacity.

OneLogin SecureNotes Breached

Single sign-on company OneLogin began notifying customers that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure.

June Ransomware Attack on Microsoft Users

In June, millions of Microsoft Office 365 users were hit with a ransomware attack. Microsoft reported that the attack was not specific to Office 365, and only a small percentage of users were affected.

Flaws Discovered in Symantec, Norton AV Products

A Google researcher found “critical vulnerabilities” in Symantec and Norton Anti-Virus Products in June.

Current Happenings

Security Upgrades to Managed Hosting Program

As most of our clients know, CourseVector runs some of the most monitored and secure servers available for our clients. This past month, we have made some changes to the firewall to prevent attacks from TOR based networks. This should significantly lesson hacking risks for our clients. CourseVector constantly monitors and updates security features of our managed hosting packages. If you are not part of our managed program, please check out the managed hosting features.

WordPress Malware Removal

“Your website has been hacked” is the last thing a business owner wants to hear. CourseVector now provides a hassle-free solution to this problem through our advanced WordPress malware removal service. Our malware removal services differ from other removal services because we do things by hand rather than relying on scanning software to find malicious code. You will also receive a report on the attack and suggestions to protect your website from future attacks. If you suspect that your website has been hacked, contact CourseVector for an evaluation.

Security News

New Ransomware Poses Additional Risks Due To Delayed Execution

This crude “Hitler-ransomware” displays an ominous one-hour countdown and demands payment, before it deletes all your files.

Virtually all business cloud apps lack enterprise grade security

Out of 15,000 apps analyzed, 99 percent do not provide sufficient security, compliance controls and features to effectively protect enterprise data in the cloud.

Microsoft Leaks Secure Boot Key, Raises Security Concerns

Microsoft has accidentally leaked a key that can enable users to unlock Secure Boot-protected smartphones and tablets running Windows 8.1 or later.

Cybercrime gang hacks five cash-register providers that supply hundreds of thousands of businesses

Hackers have breached at least five cash-register providers that supply as many as 1 million point-of-sale systems globally.

Android malware is spreading using Google’s online ad network

Security researchers have discovered a nasty new piece of smartphone malware that targets users of Google’s mobile operating system — and it uses Google’s popular advertising network AdSense to do it.

LastPass zero-day can lead to account compromise

A zero-day flaw in the popular password manager LastPass can be triggered by users visiting a malicious site, allowing attackers to compromise the users’s account and all the sensitive information in it.

SQL Injection flaw found in Ninja Forms WordPress plugin

A dangerous SQL Injection vulnerability has been disclosed and patched that could affect the Ninja Forms plugin for WordPress, impacting the 600,000 sites using that website construction software.

Spammers modify sites’ core WordPress files for long-lasting compromise

In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying core WordPress files.

Featured Websites

K9 Bug Finder

K9 Bug Finder Bed Bugs and Pest Control Services

CourseVector designed and built the website for K9 Bug Finder, a San Francisco Bay Area Pest Control Company. Jay and his K9, Maggie, sniff out bed bugs in the Bay Area. K9 Bug Finder is more than just bed bugs, though. Jay provides complete pest control services to keep the creepy-crawlies out of your home or business.

Ewa Samples Photography

Ewa Samples Photography San Jose Bay Area Family Photographer

CourseVector designed and built the website for Ewa Samples Photography, a lifestyle photographer based in San Jose, California. Ewa’s fun approach and eye for natural photography captures the essence of families and individuals, creating lasting memories through fine art quality keepsakes.

Allied Old English

Allied Old English Website Port

Allied Old English is a specialized wholesaler and leading manufacturer of branded and private label bottled food products. CourseVector took their old, outdated ASP website and converted it to a WordPress site that uses WooCommerce for ecommerce.

Monroe County Control Center

Monroe County Emergency Services

Monroe County Control Center provides prompt and professional 9-1-1 public safety emergency dispatch services for all of Monroe County, Pennsylvania. Monroe County wanted an updated website that is easy for their control center employees to maintain and update. It was also important that the community found the design easy to navigate.

FAQ of the Month

How does CourseVector’s Postlayer Spam Filter work?

This spam filtering service we provide to clients has historically been 99% effective. For information on how it works, please see the Postlayer Spam Filter article on support-files.com.

News and Tips

Every page on your website must have a call to action

A call to action, or CTA, is that thing that you want your users to do when they visit your website. For some, signing up for a newsletter is their call to action. For others, buying a product might be the end goal. No matter what your goal is, you have to tell your users what you want them to do. Having a call to action on each page of your website is imporant. Without one, your users will be left to their own devices, which is never a good thing! A solid call to action on each important page of your website shoud be a part of your overall search engine optimization (SEO) plan.

If you aren’t sure what your CTA should be, or if you’d like some help designing an eye-catching button, feel free to contact CourseVector for a consulation! Our SEO program is very different from most, and we happily offer a free analysis to every new client.

CourseVector partners with WordPress Web Design firm Zevon Media

Through strategic partnership with small design firms, CourseVector is proud to offer technical expertise and secure hosting platforms to help web designers and developers to grow their businesses.

Visit ZevonMedia’s website to learn more about his work and services.

WordPress Accessibility plugin

WordPress accessibility plugin helps with a variety of common accessibility issues in your WordPress website. Visit our support-files WordPress plugins page for more information on CourseVector’s favorite WordPress plugins.

Comedy Corner

newsletter

News Bulletin July 2016






CV_PSAB_Newsletter

Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:
and .


Alerts

Watch for Domain Registrar Scams

Another wave of fraudulent domain registrar notices are circulating, notifying users of a false need to switch or re-register their domain. If you receive one of these notices, do not pay the fee without contacting us first.

See other examples of fraudulent notices.

Netgear D6000 and D3600 routers compromised. Patch available.

Netgear has released firmware updates for two of its router products lines, patching vulnerabilities that were reported in January.

Cisco’s small business Wi-Fi routers open to attack

A security researcher has discovered four vulnerabilities in Cisco’s RV range of small business Wi-Fi routers, the worst of which could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system.

D-Link Patches Weak Crypto in mydlink Devices

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE.

Current Happenings

Email Spam Filter Updated

For those clients who take advantage of our spam filtering service, there was an update this month to help prevent malware spread by attachments. If you are interested in spam and email virus filtering, please see our Spam Filtering service offering.

Security News

Data Breaches Lead to Email Extortion Attpemts

A June FBI PSA warns users of extortion attempts related to high-profile data thefts. The hackers threaten to expose sensitive or private information about victims through email or social media.

Millions of Health Insurance Records Up For Sale

As a product of a June data breach, a reported 655,000 patient records and a database with 9.3 million records from an unnamed U.S. health insurer were up for sale.

Another Wave of Phishing Emails

Millions of messages are sent with hope of some victims falling into the trap. This time, it was a classic email containing a malicious file disguised as an “Important Notice”.

WhatsApp Gold ‘premium’ version lures users to malware

A new scam is tricking users of WhatsApp into downloading a so-called exclusive version of the app called ‘WhatsApp Gold’, which infects mobile devices with malware.

Website Ads and Flash Ransomware

A criminal enterprise well known for using malware-laced fake display ads is ramping up its efforts by infecting dozens of popular websites using a recently patched Flash Player exploit to deliver the Angler Exploit Kit in a drive-by style attack.

New Locky ransomware campaign sets sights on Amazon customers

Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.

Microsoft warns of new, self-propagating ransomware in the wild

A new version of ransomware is able to move iself from computer to computer, reproduce, and spread to other systems via removable media devices.

Noodles & Company Probes Breach Claims

Restaurant chain says it has hired outside investigators to probe reports of a credit card breach at some locations.

Tech Support Scammers Get Serious With Screen Lockers

More serious malware-like techniques and tech support scams are forcing people into calling rogue tech support call centers.

Featured Websites

K9 Bug Finder

K9 Bug Finder Bed Bugs and Pest Control Services

CourseVector designed and built the website for K9 Bug Finder, a San Francisco Bay Area Pest Control Company. Jay and his K9, Maggie, sniff out bed bugs in the Bay Area. K9 Bug Finder is more than just bed bugs, though. Jay provides complete pest control services to keep the creepy, crawlies out of your home or business.

Upland Borough

Upland Borough Website Design

Upland Borough, located in eastern PA, near Philadelphia, has strong ties to Caleb Pusey, William Penn, the Crozer Family, and Martin Luther King Jr.

FAQ of the Month

Is CourseVector’s Analytics Website Mobile Friendly?

Unfortunately, our analytics software was not designed for use on mobile decives. To have complete access to the data, use a desktop or laptop computer, or download the app available on Google Play or iTunes. For more information and links to the app, please see the Piwik Mobile App article on support-files.com.

To see the analytics dashboard, please visit our CourseVector Analytics Demo Site.

News and Tips

Links are one of the most important factors in SEO

Internal and external links both carry weight for for SEO purposes, but external links may be the most important source of ranking power.

How to protect your business from ransomware

Unfortunately, this trend in cyber crime is not going away.

Be sure to back up your files and invest in layered security. CourseVector offers multi-tiered protection through our Hosting services, with added security measures, updates, and backups. For more information, contact CourseVector today.

Do 50% of adults really not recognize ads in search results?

Around half of adults are unable to recognize ads in Google’s search results, according to a survey.

Comedy Corner

comedy corner cartoon

News Bulletin June 2016





CV_PSAB_Newsletter

Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:
and .


Alerts

WordPress plugin with 10,000+ installations being exploited in the wild

A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin. Read more…

See how CourseVector can take the guesswork out of updates, backups, and security by visiting the WordPress Managed Hosting page.

Current Happenings

Website or email issues? Open a ticket and send us your IP address.

If you are having an issue with your website or email, please open a ticket by emailing support@coursevector.com. Tickets are answered more quickly than phone calls because there are more technicians monitoring tickets. Additionally, if you’ve been locked out or are unable to log into your website or email, we will need your IP address to fix the issue. Send it directly to us via our Send My IP form. Thank you for your cooperation.

Security News

Dental Association Mails Malware to Members

The American Dental Association may have inadvertently mailed malware-laced USB thumb drives to thousands of dental offices nationwide. Read more…

US companies need to gear up for new EU data privacy regulations

Thousands of American companies that do business in Europe or online with European customers will need to start planning now for new EU data privacy regulations. Read more…

Insider Security Breaches Becoming More Prevelant

Five major FDIC breaches have put the personally identifiable information of taxpayers at risk. Read more…

Google Researcher Finds Gaping Security Hole in Symantec Antivirus

A security researcher discovered and helped Symantec fix a grave security issue affecting its Symantec Antivirus Engine, the core of many of Symantec’s security products. Read more…

Tech support scammers start locking Windows computers

Tech support scammers have come up with a new way to trick users into sharing their payment card information: screen lockers showing fake Windows alerts. Read more…

Fearing ransomware, House bans Google-hosted apps, Yahoo Mail

Concern for hacking prompted an information technology team of the U.S. House of Representatives to block fellow lawmakers from accessing software apps residing on a Google cloud service. Read more…

Featured Websites

Big Bee Self Storage

Big Bee Self Storage, Duncannon PA

Big Bee Self Storage is a family owned and operated business providing secure and monitored storage units with convenient 24/7 access. CourseVector designed the website and logo.

Lake City Borough

Lake City Borough, Erie County PA

Lake City Borough is a growing community based on continuous development, located in Erie County, Pennsylvania.

News and Tips

Finding Your Family By Cell Phone

“Find My Phone” feature and several apps are available to keep tabs on kids and family across iPhone and Android devices. Read more . . .

Make sure your website is responsive and mobile friendly

A growing percentage of users are accessing your site from a smartphone or tablet, so it’s crucial that your website is designed and optimized for mobile devices. This affects your visitors’ experience with your site as well as search engine rankings.

See CourseVector’s Web Design plans for complete website redesign options. To optimize your existing site for mobile, contact CourseVector for a quote.

Be found by more customers: claim your business address on Google Maps

Claiming your business address helps people find you by making your business location, hours, and contact information available in Google search results and Google Maps. Register through your Google Business Account. You’ll receive a postcard in the mail stating your verification code. Upon entering the code in your Google Business Account, your business will be considered verified. An SEO service provider can manage your listings for you, as long as you add them as an authorized representative.

Comedy Corner

The founder of Facebook has been hacked, and has betrayed one of the first rules of personal cyber-security.

Read more…

News Bulletin May 2016





CV_PSAB_Newsletter

Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:
and .


Alerts

Attackers inject code into WordPress header file to redirect random users

If you are not on our managed hosting program, please update your wordpress installation. If you would like to be part of our managed program, send an inquiry to support@coursevactor.com.

Read more…

Current Happenings

How to get support quickly…

If you are having an issue with your website or email, please open a ticket by emailing support@coursevector.com. Additionally, if you suspect you’ve been locked out and are unable to log into your website or email, we will need your IP address to fix the issue. Send it directly to us by using our Send My IP form. Tickets are answered prior to phone calls because there are more technicians monitoring tickets. Thank you for your cooperation.

Security News

Bitdefender’s free tool protect against TeslaCrypt, Locky, CTB-Locker infections

Anti-virus software vendor Bitdefender released a free tool that can be used to protect systems infected by several growing ransomware strains. Read more…

Beware of phishing emails sporting your home address!

The latest (likely very successful) ransomware delivery campaign takes the form of spear-phishing emails targeting specific individuals and, for added credibility, includes their real-world home addresses and names. Read more…

Facebook scam promises friend’s video, delivers malware instead

A new spam campaign tries to fool Facebook users into downloading malware by luring them to a fake YouTube page supposedly featuring a friend’s video. Read more…

New technique hides RATs in memory, never touching disk during its execution

Researchers discovered a new trick for concealing the installation of Remote Access Trojans (RATs) after identifying malware samples that never touch the hard drive throughout execution, remaining in memory until the malware is fully enabled and cybercriminals can take control. Read more…

Phishers use registered Facebook apps to trick users into providing information

Netcraft researchers have recently spotted an extremely convincing Facebook phishing attack. The fraudsters made it look like the fake “Facebook Page Verification” form they’ve asked the victims to fill and submit is legitimate, as the page serving it is on a Facebook subdomain and uses HTTPS. Read more…

Featured Websites

Asset & Reputation Protection

A Custom Website by CourseVector

Asset & Reputation Protection is an independent insurance agency specializing in delivering sound commercial solutions for businesses and helping ultra-affluent individuals maintain and protect their lifestyle.

Shoemakersville

A website provided through PSAB

Founded in 1765 by Charles & Henry Shoemaker, Shoemakersville was incorporated as a Borough in 1921. Shoemakersville is located in northern Berks County on the east bank of the Schuylkill River.

FAQ of the Month

Do I need to have a program to update WordPress?

No, you do not need to have a special program to update your WordPress installation. When you log into your WordPress website, a notification will be present if your version of WordPress is outdated. Simply click the link or button to update. Be aware that some updates do not play nicely with various plugins. If you update WordPress and notice that your website is not functioning properly, please open a support ticket. If you do not want the hassle of keeping WordPress up to date, or you don’t want to riske breaking your website with an update, consider our Managed WordPress Hosting. CourseVector will provide updates and backups throughout the year, taking the guesswork out of keeping your website updated and secure.

News and Tips

Locky ransomware, disguised in Word docs, latest from Dridex creators

Locky ransomware, likely an endeavor from the actors behind Dridex, is “a vicious new strain” spotted disguised in Word documents. Users are warned to take steps to protect themselves. Read more . . .

How Hackers Hurt Your SEO

“Website hacked” are two words no webmaster or SEO manager wants to hear. As if a breach to an enterprise’s website (and the financial cost and public relations fallout associated with it) is not bad enough, a website hacked with malware or spam can cause an entity’s organic search engine rankings to take a nosedive. Read more . . .

One way to protect yourself from being hacked is through CourseVector’s Managed WordPress Hosting plan. With added security measures, updates, and backups, this plan outshines most other hosting companies’ plans. For more information, contact CourseVector today.

Set Up A Google Business Account

Setting up a Google Business Account is an important step in good SEO practices. It is how a business can get their address, phone number, and hours listed on a Google search results page and on Google maps. An SEO service provider can help you to get set up, but a business owner must participate in the process. Google sends a postcard through the U.S.P.S. for varification. This postcard goes directly to the registered address of the business applying for the account.

Comedy Corner

Watch as a KCCI meteorologist was prompted to upgrade to Windows 10 on live TV.

News Bulletin April 2016





NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.


Current Happenings

Part Time Job Available
CourseVector_Help_WantedPart time work from home. 2 – 10 hours per week. Flexible hours. $10 per hour first 45 days, then $20 per hour. Must be located in U.S. Duties to include but not limited to: light writing, newsletter publication, customer service, data entry. Familiarity with WordPress a plus. Some duties may be technical in nature but training will be provided when needed.

If interested, please provide resume including references for positions held with similar duties. Also include your primary motivation for seeking this position.

Use the following, secure link to forward information.
message.coursevector.com

Interactive WordPress Tutorials
We now have “walk through” tutorials available through our demo WordPress site. These tutorials are interactive, requiring the individual to actually participate and make changes to pages during the tutorial. They are very helpful for someone needing a quick overview of how update a website built with WordPress.

Secure Messaging System
At CourseVector we are very security minded and have never been thrilled with online systems that claim to transmit messages and/or files securely. So, we wrote our own and addressed most major concerns with secure online messaging systems. Our system has the ability to send files and/or messages. The information is transmitted via SSL and is encrypted prior to saving on our servers. The encryption keys are random and unknown, even to our staff, eliminating the vulnerability of having the information exposed through the ISP’s back end system. As an additional layer of security, the message and/or file is completely destroyed once read or when a specific number of days (set by the sender) has elapsed. Yes, this is over kill as we are erasing a message/file that is already encrypted with an unknown encryption key, however, we figure more is better in this instance. In addition, the system tracks and notifies the user of the creation of a secure document as well as confirmation that the secure document was read and/or downloaded. Bottom line is that the system will allow you and your client to send messages and files, securely, with with tracking and confirmation.

Our aim is to provide this service to clients for a small fee in the future. We are thinking $3 to $5 per month. For now, we are allowing our clients to use and share this system at no charge. Please feel free to check it out and let us know what you think. The system can be access at message.coursevector.com.

Security News

Ransomware and how to prevent it
The Crypto Virus, a unique ransomeware virus, has the ability to encrypt your hard drive, hold your machine for ransom, and infect any other peripheral connected to it, including the cloud.
Read more…

Hacker picks 1-800-FLOWERS’ customers credit card info
About 7,000 post-Velentine’s Day customers placing orders on 1-800-FLOWERS’ ecommerce site may have had their personal and payment information compromised.
Read more . . .

New York Times, BBC and Newsweek dish up malvertising
An array of global entertainment, news and commentary sites have been hit with perhaps the largest malvertising campaign yet.
Read more . . .

McAfee uses web beacons that can be used to track and serve advertising to users
A test of seven OEM laptops running Windows has shown consistent privacy and security issues, including an interesting revelation that the McAfee Antivirus running on six of them is using web beacons to serve ads and possibly even track users online.
Read more . . .

Researchers discover customized support scams that detect IPs
Tech support scams now use customized malvertising email messages that appear as if they were sent from the targets’ internet service providers. The campaigns identify potential victim’s IP address and then create realistic landing pages that imitate a webpage on the site of the targets’ internet service provider.
Read more . . .

Cyber crooks spread Surprise ransomware via TeamViewer
A new ransomware family has been encrypting users’ files and appending the .surprise extension to them. The malware is propogated using the popular (and legal) remote control tool TeamViewer.
Read more . . .

New USB-based data stealing malware detected in wild
A new malware type that spreads using USB devices has been detected, according to ESET’s blog. The trojan leaves no trace on the victim’s computer and is very difficult to detect.
Read more . . .

Verizon Enterprise Data Hit, Hackers Seek Big Payday
Verizon Enterprise Solutions is the latest company to fall victim to a data breach where cyber-criminals are targeting potentially lucrative corporate information, rather than details about consumers.
Read more . . .

Printers all over the US “hacked” to spew anti-Semitic fliers – Help Net Security
One of the two men who were prosecuted and convicted for harvesting e-mails and authentication IDs of 114,000 early-adopters of Apple’s iPad from AT&T’s servers, is back to his old tricks: using publicly accessible assets for furthering his own goals.
Read more . . .

Petya, ransomware that targets the Master Boot Record
First ransomware locked desktop computers. Then it encrypted files. Not long after, webservers, shared drives and backups were targeted. Now? Introducing Petya, ransomware that targets the Master Boot Record.
Read more . . .

 

Featured Websites

Dignity at Home
Dignity at Home, LLC currently provides compassionate and dependable in-home healthcare to seniors and adults with disabilities in Adams, Cumberland, Dauphin, Franklin and York Counties in Pennsylvania. Their new, mobile-friendly website is easy to navigate and easy to read.

Gordon Borough
Gordon Borough is located just northeast of Harrisburg near interstate 81. The Borough of Gordon is abundant in history, having been deeded prior to 1788 to James and David McKnight of Reading and referenced as the “Camden Treete.” Today, Gordon is a quaint rural community, rich in culture and traditions. Their mobile-friendly, updated website is the place to get borough information for residents and visitors alike.

 

FAQ of the Month

I cannot see my website! Has my IP been blocked?
If you cannot see your website, there is a good chance your IP address has been blocked by the server. If you, or someone in your office, has entered incorrect login credentials too many times in a specified period of time, the server sees this as an attack. It blocks the IP address to protect itself. These security measures are necessary. Coupled with Managed WordPress Hosting, CourseVector provides unmatched security for our clients.

Causes of an IP being blocked:

  • 5 incorrect login attempts on the dual authentication popup
  • 5 incorrect login attempts to log into webmail
  • 5 incorrect login attempts to log into email via email program such as Outlook
  • Failed login attempts with FTP

Symptoms of a blocked IP:

  • Email stops working
  • Can’t access website and/or webmail
  • Website appears to be “broken”
  • Can access website/email at home or on phone, but not at work (or vice versa)

If you suspect that your IP address has been blocked, fill our our IP inquiry form at ip.coursevector.com. This will send your IP address to our support staff so that we can investigate. If we find that your IP has been blocked, you will receive an email address from us letting you know the problem has been fixed.

 

News and Tips

Smush image compression plugin
This free plugin allows for quick optimization of image uploads.
Read more . . .
If you have questions or concerns about any plugin you’re thinking about installing, check out our plugin recommendations.

Fakespot helps determine fake Amazon reviews
Fakespot launged in 2015 to help users determine which Amazon reviews are real and which are paid or fake.
Read more . . .

International domain structures and SEO: what works best?
Businesses with multiple websites across different countries have a number of decisions to make on how they structure their various sites. But what are the advantages and disadvantages of each?
Read more . . .

No Support For Windows 7, Windows 8.1 PCs With New CPUs
Microsoft issued an update to its support policy, in a move that will likely speed adoption of its new operating system Windows 10 — whether its customers are ready to make the change or not.
Read more . . .

News Bulletin March 2016

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 

Alerts

Serious flaws discovered in Netgear and D-Link devices during mass firmware analysis
A team of security researchers has found serious vulnerabilities in over a dozen wireless routers and access points from Netgear and D-Link with the help of an open-source framework that can be used to perform dynamic security analysis on embedded firmware.
Read more . . .

Drown attack could break TLS for third of websites
A new vulnerability could kill a certain kind of encryption for plenty of websites. An OpenSSL update has been rushed out to fix major flaw.
Read more . . .

Custom Content Type Manager (CCTM) WordPress plugin opens backdoor
If you are one of the 10,000+ users of the Custom Content Type Manager (CCTM) WordPress plugin, consider your site to be compromised and proceed to clean your installation up, Sucuri Security researchers have warned.
Read more . . .

Locky ransomware ‘on the rampage’ globally
First spotted in the wild just a month ago, the Locky ransomware has exploded onto the world’s computers and skewered some significant victims.
Read more . . .

 

Security News

US fast-food chain Wendy’s investigating possible card data breach
The company was notified about the possibility by its payment industry contacts in January, and it has hired a cybersecurity company to investigate the matter.
Read more from Helpnet Security. . .
More from SC Magazine…
Even more from SC Magazine…

Ebay Vulnerability
Check Point researchers have discovered a severe vulnerability in eBay’s online sales platform, which allows criminals to distribute malware and run phishing campaigns.
Read more . . .

WeatherWizard app delivers tech support scam, not a forecast
Malwarebytes has discovered that amateur meteorologists get more than a weather forecast when they download the deceptive WeatherWizard app.
Read more . . .

Fake Amazon survey-for-money offer leads to account compromise
“As a valued customer we would like to present you with an opportunity to make a quick buck,” says the email, decked out with the Amazon logo and using a similar color scheme. But buyer beware – it is a scam!
Read more . . .

Mac Scareware hides behind fake Flash Player update
The attack starts on Facebook, where potential targets are tricked into clicking a link via a click-baiting item.
Read more . . .

Need to call the FBI? Hacker offers you 20,000 numbers
Personal information on nearly 30,000 government employees, including members of the Federal Bureau of Investigation, may have been released on the Web.
Read more . . .

IRS hackers try to use stolen SSNs to generate E-file PINs
The Internal Revenue Service (IRS) pinned a recent attempt to infiltrate its systems on malfeasants using a bot and Social Security numbers stolen from other sources but said the attackers didn’t compromise or expose personal information of taxpayers.
Read more . . .

IRS Scammers Call Cops
Scammers took the common IRS ruse to dangerous new heights this week in Colorado Springs, calling in multiple fake emergencies to 911 and causing armed police to surround their victim’s daughter, Consumerist reports.
Read more . . .

Phishers successfully tricking payroll pros into sharing employee data
In February, the US Internal Revenue Service (IRS) issued a warning about a 400 percent surge in tax related phishing and malware incidents. The alert said that the most noticeable increase was that of emails and messages impersonating the IRS or other persons and entities in the tax industry.
Read more. . .

 

Featured Websites

Denver’s Quality Auto Care

Denver’s Quality Auto Care has offered reliable car care, service, and repairs since 1986. They needed a website that was packed with information for their clients, easy to use, and easy to maintain. A WordPress website was the answer!

Albion Borough

Albion Borough is located in Erie County in northwestern PA. The borough’s Conneaut Creek is a great place for trout fishing, while their antique carousel has been delighting visitors since 1948.

 

FAQ of the Month

How can I contact CourseVector of PSAB about my website or email issue?

Please contact us by emailing support@coursevector.com for CourseVector clients and webdesign@boroughs.org for PSAB clients. Please do not email our personal email addresses. Sending email to anything other than webdesign@boroughs.org for PSAB or support@coursevector.com may not get a response. If the issue is an emergency, you can page us for a quick response.

 

News and Tips

So, what is really the issue with Apple’s refusal to obey government requests
In February, a federal court ordered Apple to help the F.B.I. unlock an iPhone used by one of the attackers who killed 14 people in San Bernardino, Calif., in December. Apple said in a strongly worded letter that it would challenge the court’s request.
More…

CourseVector revamps SEO Program
In March 2016, CourseVector restructered their SEO strategy and pricing. Beginning April 1, all of our existing customers will be switched to the new payment structure. We designed the new program to work in our clients’ favor. They now pay only for work completed. Please contact us for more information about how search engine optimization can help your business.
Read more . . .

Interested in seeing how your website performs and how to improve that performance?
Seo Reports

CourseVector offers clients access to our analytics software for $60 per month. Not only will you get access to your analytics account, every 3-4 months our SEO team will review your website and offer suggestions on what you can do to improve your rankings! Contact us today for more information, or request a free marketing analysis.

Easy Online Scheduling
Take the hassle out of scheduling bookings and manage them yourself with this free Appointments plugin – it will save you time and money and it’s a cinch to set up.
Read more . . .

If you have questions about any plugin that you’re thinking about installing, please feel free to ask us for advice.
Get more of our favorite WordPress Plugins…

 

Comedy Corner

Donald Trump Buys Jeb Bush Domain Name
During the 2016 election frenzy, Florida Governor JebBush let his domain name expire. Guess who purchased the domain. None other than his opposition Donald Trump. Did you know that CourseVector will manage your domain name for you? Please contact us for more information.
Read more . . .

News Bulletin February 2016

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 

Alerts

13 million MacKeeper users exposed in data breach
The company pushing MacKeeper, the security and utility software suite for Macs many consider to be scareware, has confirmed that the database containing passwords and personal information of its 13 million users was accessible to anyone who knew what to look for.
Read more . . .

Joomla! being hit with a zero day assault, despite patch – SC Magazine
The content management tool Joomla! is being targeted by a zero-day vulnerability just days after the weakness was discovered with the first attacks hitting just before the patch was issued.
Read more . . .

Scammers pose as Microsoft support, look to install malware
Researchers at Tripwire warn of cyberscammers calling victims during the holiday season and posing as Microsoft tech support in order to gain access to a victim’s computer and load malware.
Read more . . .

Malware that resets browser
Hackers are using a new version of the adware server WebSearcher PUP (potentially unwanted program)
that when downloaded resets the permissions on the three most popular browsers to only use the proxy that the adware sender has desires
Read more . . .

 

Security News

The FBI is investigating Juniper’s big, embarrassing securit…
Things have gone from bad to worse over a big security hack that put “unauthorized code” inside security equipment sold by Juniper Networks.
Read more . . .

Possible Dell security breach
Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years
Read more . . .

Attackers Use SQL Injection to Manipulate Search Results
Akamai has identified a sophisticated SEO campaign that uses SQL injection to attack targeted websites. Affected websites will distribute hidden HTML links that confuse search engine bots and erroneously impact page rankings.
Read more . . .

Customer banking and Social Security information compromised
Tax software maker TaxAct is informing some of its customers that an unauthorized third party accessed their TaxAct account in late 2015.
Read more . . .

IoT Doorbells Expose WiFi Passwords
The Ring WiFi doorbell, an IoT device, not only allows users to view whomever is on their doorstep via the internet from a mobile device when they are not home, but also gives away the homeowners WiFi password.
Read more . . .

Hyatt Hotels Release Breach Information
In late December, the Hyatt Hotels Corporation announced that they found malware on computers that operate the payment processing systems for Hyatt-managed locations, but offered no details about how long the compromise went on and which hotels have been affected.
Read more . . .

LastPass Easily Hacked
Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users’ email, password, and two-factor authentication code via a simple phishing attack.
Read more . . .

Authorized Symantec reseller scams users into buying security software
Malwarebytes researchers have discovered a new tech support scam that, unlike most, is being perpetrated by an active member of the Symantec Partner Program.
Read more . . .

Fake Facebook emails deliver malware masquerading as audio message
A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same.
Read more. . .

Nest, other IoT devices, sent user info in the clear
Researchers at Princeton University’s Center for Information Technology Policy (CITP) found security vulnerabilities in many of the most popular IoT devices that they looked at, including Google’s Nest Thermostat.
Read more . . .

Amazon.com Social Engineering
As a security conscious user who follows the best practices like: using unique passwords, 2FA, only using a secure computer and being able to spot phishing attacks from a mile away, I would have thought my accounts and details would be be pretty safe? Wrong.
Read more . . .

 

Featured Website

Muncy Borough

Muncy is an historic town nestled in the beautiful upper Susquehanna Valley. Muncy is located along the West Branch of the Susquehanna River in North Central Pennsylvania in Lycoming County. It was founded in 1797 and incorporated as a borough in 1826. The Borough Council along with its residents invite you to visit with us whenever you are able. We would enjoy meeting you!

 

FAQ of the Month

How are backlinks obtained? Is it well-received to ask for a backlink from an affiliate or partner website?

Back links are one of the most important factors in gaining search engine positioning. In the eyes of a search engine, backlinks signify that a website is important and useful. However, they are also one of the most difficult optimization techniques.

The more links that a site can obtain from an external source, the better the ranking on most search engines. However, a major mistake of rookie search engine optimizers is to attempt to obtain as many backlinks as possible without paying attention to the quality. There are many services where one can buy back links. Unfortunately, these links do not take into account the two major considerations to obtain ranking position: Page Rank and content. A backlink is most valuable to a site if the page rank of the incoming link is better than your own page rank. In addition, the content on the linking site must compliment the content to which they are linking. As a matter of fact, links that do not qualify on these two counts can actually impede search engine rankings.

As far as obtaining back links, it is a long and laborious process. The two ways to get quality back links are to ask for them or to publish content that another website would want to link to in order to complement their site. It takes a lot of thought, planning and marketing in or to obtain quality back links. In most cases, a few back links per year is the best one can hope for. However, if done properly, those few are worth far more than hundreds or even thousands of low quality links.

Find information here on how to create quality content that users want to share.

 

News and Tips

Many domain name registrars send out notices, and bills, even though you do not have your domain name registered with them. Worse, they tend to charge more money, and, sometimes they can tie up your domain name to the point where you end up losing it or paying an extraordinary sum of money to get it back.

For most clients, your web site included a domain name and is included and paid for with your annual fee. If you get a domain name renewal notice or bill, please do not renew or pay without checking with contacting us. We will be happy to assist you in whatever way we can.

For the record, a domain name should only cost approximately $12. Normally, the companies that send out notices charge significantly more.
Examples…

Plugins for WordPress
Plugins can add functionality to a WordPress website. Here are a few of our favorite WordPress Plugins:

Gonzales WordPress Speed Up
Did you know that plugins like slider, map or contact form load CSS and JS files on each page? This can significantly increase the time it takes for a website to load.
Read more . . .

Backup Plugins:
VaultPress
BackWPup
WordPress Backup to Dropbox
Updraft
BackUpWordPress

Job Board Plugin
Nowadays, job boards are gaining popularity, as more and more employers are looking for the right candidates online, and several job-seekers are turning towards the internet in their quest for employment
Read more . . .

Unique Headers
Different header images can add interest to a website. This plugin gives users the ability to use unique custom header images on individual web pages, posts, categories or tags. More at:
Read more . . .

If you have questions about any plugin that you’re thinking about installing, please feel free to ask us for advice. Get more of our favorite WordPress Plugins…

 

Comedy Corner

Telemarketer video
Things take a crazy turn when Jessica Gottlieb tells ‘Mark’ she’s recording call.
Read more . . .

News Bulletin January 2016

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 

Alerts

New strain of malware attempts to entirely replace browser
PCRisk security researchers have reported a new form of malware that imitates local installations of the Google Chrome browser to steal personal information, install more malware and displaying pop-up ads for other malicious websites.
Read more . . .

WordPress sites once again being compromised
Several WordPress-based websites, including the Reader’s Digest site, have been on the receiving end of a another hacking campaign, this one injecting the sites with malware that has uses Angler exploit kit upload various trojans.
Read more . . .
Our managed WP service offers maximum protection against these types of attacks. For more information click here – Security and the CourseVector Difference

Linux web servers targeted in new ransomware scam
The Linux.Encoder.1 ransomware campaign is targeting web servers using the Linux operating system and is demanding a payment of one bitcoin, or $380, from its victims for the release of the captured files.
Are you backing up?
Read more . . .

Cisco Warning of CSRF, XSS Vulnerabilities
Cisco warned users in December that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities, including one critical one.
Read more . . .

McAfee Enterprise Security Manager failed to manage own security
McAfee has had to admit to an embarrassing vulnerability in one of its own products that could allow hackers to bypass the security in its Enterprise Security Manager product.
Read more . . .

Comcast users hit with malvertising, malware and tech support scam all in one go
The intended victims are the customers of Comcast, the largest home ISP in the United States. They are targeted via a malicious advert that has been showing on Comcast’s Xfinity search page.
Read more . . .

 

Security News

Domain name holders hit with personalized, malware-laden suspension notices
A clever new email spam campaign has been spotted targeting domain name holders, trying to trick them into downloading malware on their systems.
Read more . . .

Meet the Android rooting adware that cannot be removed
Researchers have identified a new strain of malicious adware that is impossible for affected Android device owners to uninstall.
Read more . . .

Reverse Social Engineering Tech Support Scammers
There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.
Read more . . .

Tech support scams join forces with Nuclear EKs to distribute ransomware
Apparently tech support scams never get old. But they have gotten more aggressive, according to a Symantec blog post penned by researcher Deepak Singh.
Read more . . .

How malware peddlers trick users into enabling Office macros
In November of 2015, SANS ISC handler and freelance security consultant Xavier Mertens analyzed a Word document containing malicious macros, and unearthed in it a VBA function that changes the document layout.
Read more . . .

Popular App Called ‘Privacy Nightmare’ for Facebook Users
In just a few days, more than 16 million people used a new app that creates a word cloud out of their most-used words on Facebook. But Comparitech claims the app’s privacy policy leaves Vonvon wiggle room to store users’ personal information on servers in countries where privacy laws don’t apply.
Read more . . .

MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection
Dubbed MagSpoof, a device developed by Hacker and security researcher Samy Kamkar can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.
Read more . . .

A $10 Tool Can Guess (And Steal) Your Next Credit Card Number
Samy Kamkar compared the numbers on his replacement credit card with those of his previous three American Express cards—as a universally curious security researcher and serial troublemaker, he’d naturally recorded them all—and a pattern emerged. Kamkar immediately saw the potential for a nasty fraud technique.
Read more . . .

VTech data breach gets worse: Children’s pictures and chat logs were also compromised
The hacker who breached VTech’s customer database and shared with the world the fact that the exploit was so easy anyone could do it (SQL injection), has found additional critical user data stored on the company’s servers: tens of thousands pictures of children and parents, their chat logs and even some audio recordings made by children.
Read more about the breach . . .
Read more as reported by the NY Times. . .

Intuit again in hackers crosshairs, this time with phishing scam
Consumers and businesses using Intuit’s Quickbooks financial software should be on the lookout for a phishing scam that is using a fake “Intuit Security Warning” email subject line.
Read more . . .

New ransomware campaign pilfers passwords before encrypting gigabytes of data
A new wave of crypto ransomware is hitting Windows users courtesy of poorly secured websites. Those sites are infected with Angler, the off-the-shelf, hack-by-numbers exploit kit that saves professional criminals the hassle of developing their own attack.
Read more . . .

 

Featured Website

Lickity Split Signs and Banners
Lickity Split is proud to offer custom banners and signs in Merritt Island and the rest of Central Florida. With today’s hectic pace in mind, they work hard to produce the signage you need in the time you need it, even if it’s a rush job! Thus the name: Lickity Split Signs & Banners.

 

FAQ of the Month

It was brought to our attention that some businesses employ a policy NOT to send information to any web mail addresses that end in .com because they are unsecure. Can you please verify that we do indeed have a secure email server and that this is not the case?

There is no such thing as a secure email server. To give you an example, in the past year or so even Google was hacked by the NSA despite all their securities in place. Mail was sent securely into their server, between data centers, but not internally. The NSA hacked into their internal networks and could read email easily. If there is a will, there is a way to access information on a computer that is connected to the internet.

With that said, email can be SENT securely ONLY if both the sender and the recipient servers support sending securely (think SSL certificates for websites). If not, it’s sent at the lowest common denominator, even if it means in clear text. That’s how all mail servers work. But even if it’s RECEIVED securely, it’s still stored on the server in clear text (like the Google example above). At that point the security referred to is how secure it is at keeping intruders out of the mail server. In which case we are one of the best as our servers haven’t been hacked in the decades we’ve been running servers. Not impossible, but very unlikely.

As to the other point they mentioned whether emailing a .com address is any less secure, that is complete nonsense. The end of a URL (.com, .org, .net) does not determine a website’s or email address’s security.

 

News and Tips

Can You Trust Your Cloud Vendor’s Employees?
Insider threats run rampant, and cloud customers often find it difficult to pull back the veil and see what their supplier is doing with their data.
Read more . . .

Recipe Plugins
Get Me Cooking Recipe Template
Recipe Card
Recipe Hero
WP Ultimate Recipe

 

Comedy Corner

Hackers Prove They Can ‘Pwn’ the Lives of Those Not Hyperconnected
Mrs. Walsh did not consider herself a digital person. As far as she knew, her home was not equipped with any “smart devices,” physical objects like refrigerators and thermometers that transmit information to the Internet. It took the hackers less than two hours to take over Patsy Walsh’s life.
Read more . . .

News Bulletin October 2015

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.




Alerts

Campaign Injects Spyware and Unwanted Apps Into WordPress Sites
An injection attack inserted code into 2,000 WordPress web pages, according to a post on ZScaler’s ThreatLab blog.
Read more . . .

Massive Magento Infection
A massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“ has been detected. Google already blacklisted about seven thousand sites because of this malware.
Read more . . .

Akismet Vulnerability
Developers at Automattic, the parent company behind the blogging platform WordPress, fixed a nasty stored cross-site scripting error this week in Akismet, an anti-spam plugin that figures into millions of websites. If you are a managed client, and did not request otherwise, we automatically remove aksimet from most WordPress installations as it creates unnecessary overhead.
Read more . . .

EMV Credit Card Processing Now Required For Retailers
On October 1 all retailers in the United States were supposed to be prepared to accept EMV, or EuroPay, MasterCard, Visa, cards as a form of payment. However, according to the National Retail Federation, citing data from creditcard.com, only 40 percent of Americans have so far received a chip card. On the retail side, MasterCard told SCMagazine in an email on Wednesday that 26 percent of national and regional merchants are accepting the new cards along with 320,000 local retailers.
Read more . . .

Belkin Router Vulnerability
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17, and potentially earlier versions of the firmware, as well. The vulnerabilities have not been patched by Belkin, the advisory from the CERT/CC says there aren’t any practical workarounds for them.
Read more . . .

Netgear Routers Exploited
A critical security vulnerability affecting nine Netgear router models is being exploited in the wild. The only good news about this entire situation is that fewer than 5,000 affected routers are currently in service. The vulnerable firmware versions are N300 1.1.0.31 and 1.1.0.28, installed on the following Netgear router models: JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, and WNR618.
Read more . . .


Security News

Hilton Hotels Investigates Data Breach
Hilton Hotels and Resorts is reportedly looking into claims that some of its point-of-sale devices were compromised, some potentially as far back as November 2014.
Read more . . .

Chinese Promotion Company Hijacks Android Devices Around the World
A Chinese mobile app promotion company has created malicious adware that allows them to gain complete control of users’ Android devices. The company misuses this access to make the phones download additional apps and to show ads. Naturally, they get paid for installing these apps and promoting a variety of services.
Read more . . .

AVG Will Sell User Browsing And Search Info To Advertisers
Starting on October 15, when its new privacy policy comes into effect, Czech AV maker AVG will start selling user activity information to online advertisers.
Read more . . .

Schwab Retirement Services Hacked
Schwab Retirement Plan Services (SRPS) is notifying approximately 9,400 plan participants that a spreadsheet containing their personal information was accidentally emailed to a participant in another retirement plan serviced by SRPS.
Read more . . .

Dow Jones Hacked
Dow Jones & Co. reported that hackers have breached its computer systems, looking for contact information to send fraudulent solicitations.
Read more . . .

E-Trade Hacked
Financial services company E-Trade notified about 31,000 customers that some of their personal information may have been accessed during a cyberattack in late 2013.
Read more . . .

Scottrade Hack Exposes 4 Million Customers Private Information
Popular investment firm Scottrade announced a data breach that affects around 4.6 million of their customers. Any customer with an existing Scottrade account before February of 2014 may have had their contact information and Social Security numbers taken.
Read more . . .

Experian Breach Spills Personal Info of 15 Million T-Mobile Customers – Already Available For Sale
The personal info of 15 million T-Mobile USA customers stolen in the recently revealed Experian breach is possibly being already sold on the Dark Web.
Read more about the breach . . .
Read more about the release of the information. . .

Home Depot Breach Expected To Cost The Retailer Billions
Owing to a slew of lawsuits filed by banks and credit unions, the expected cost to Home Depot for a cyber intrusion may reach into the billions, according to Insurance Business America (IBA).
Read more . . .

Malware-infected Game Discovered On Google Play, Up To 1 Million Users At Risk
Check Point researchers found sophisticated new malware on Google Play which has infected between 200,000 and 1 million users. The malware is packaged within an Android game app called BrainTest, which was published to Google Play twice. Each instance had between 100,000 and 500,000 downloads according to Google Play statistics.
Read more . . .

Customer Data Possibly Compromised In Online Photo Store Malware Attack
PNI Digital Media, CVS and Costco have issued statements indicating that some customers’ personal information may have been compromised following the July malware attack that shut down the online photo print operations at six PNI-run retailers.
Read more . . .

Vulnerabilities In WhatsApp Web Affect 200 Million Users
Significant vulnerabilities can exploit WhatsApp Web, the web-based extension of the popular WhatsApp application for phones.
Read more . . .

Malvertising Campaigns Increase 325 Percent
Cyphort investigated the practices used by cyber criminals to inject malicious advertisements into legitimate online advertising networks. Researchers found that malvertising campaigns carried out by hackers increased 325 percent in the past year.
Read more . . .


Featured Website

Cobalt Security Services
Cobalt Security Services, Inc. is a security services agency that serves Westlake, Thousand Oaks, Simi Valley, Moorpark, Agoura, Northridge, Calabasas, Chatsworth, Malibu, Woodland Hills, Oak Park, Newbury Park & more. We were formed and developed with the purpose of setting a new standard in the security industry by placing our clients first and providing them with security professionals that far exceed the industry standard.


FAQ of the Month

I have sent you folks an email and have not heard anything back?
One of our strong suits is that we are a family run business. To us, that means all of our staff are family. For you, that means all of us will go out of our way to provide the best service possible. In so doing, we sometimes provide clients with a personal email address or phone number, even though we know better. Again, that happens to provide superior support and service. Unfortunately, that also leads to some issues. Personal emails do not get checked consistently and personal phone calls, if not associated with a contact, get ignored. By far, the best way to reach us is through the ticketing system. We have several technicians that monitor the system throughout the day and responses should, for the most part, be very timely. If you are a CourseVector client, simply send an email to support@coursevector.com and that will automatically open a ticket. If you are a client of The Pennsylvania State Association of Boroughs, send your request to webdesign@boroughs.org. We can also be reached by phone at 717-516-6955, but please be advised that tickets are responded to first.


News and Tips

iOS 9 Users Get Increase Bills for Bandwidth Usage
If you’re using iOS 9 and your data rates are reaching new highs, watch out for an otherwise-useful feature called “Wi-Fi Assist.” It automatically allows your phone to download data via your cellular plan when Wi-Fi coverage isn’t great.
Read more . . .

Google+ Links and Reviews Dropped From Google Search Results
Read more . . .

Did You Ever Wonder What Stolen Data is Worth?
Over the years, the McAfee Labs team has worked with IT security vendors, law enforcement and others to identify and evaluate numerous websites, chat rooms, and other online platforms, communities, and marketplaces where stolen data is bought and sold. Drawing on this experience, its researchers can now provide an overall assessment of the “state of the cybercrime economy” along with illustrations of key types and prices of data.
Read more . . .



Comedy Corner

Target Does It Again!
If you call the proper phone extension, you have complete control over the public address system at a Target store. You will never guess what the hackers did with this one!
Read more . . .

News Bulletin August 2015

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.




Alerts

Critical Flaw in Count Per Day Plugin
The Count Per Day Plugin is a stat counter and is most likely installed on your website. If you are a managed client of PSAB or CourseVector, our security prevention measures render this vulnerability useless and the plugin will get updated during your next maintenance cycle. Non-managed clients are strongly urged to update the plugin as soon as possible. At the time of this writing, an update was available from the author’s website but is not being pushed as an automatic update to the WordPress plugin panel. Therefore, it is necessary for users to download the updated copy and manually install the patch. If you have any questions, please feel free to open a ticket at support@coursevector.com or webdesign@boroughs.org.
Read more . . .

Serious Windows Vulnerability Patched
Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows.
Read more . . .

Windows XP Anti-Malware Support Terminated
Millions of Windows XP users are now left vulnerable to malware attacks as Microsoft has decided to terminate support and security updates for Microsoft Security Essentials package for Windows XP. Please note that third party virus scanners “may” continue to support XP, however, without critical updates from Microsoft, security issues may still arise.
Read more . . .

FireFox Disables Flash
Mozilla, the developer behind Firefox, announced this week that it has disabled the ability of Adobe Flash — the ubiquitous multimedia and software platform used for Internet and mobile apps, rich content, and animation — from its Web browser. Users can still re-activate the feature by selecting the option in Firefox’s settings menu, but from now on Firefox’s use of Flash has been automatically disabled.
Read more . . .
Why did Mozilla disable flash?

Magento Flaw Being Used to Steal Payment Card Details
Attackers are exploiting a vulnerability in eBay’s Magento platform to steal users’ billing information (including payment card info), warns Sucuri Security’s Peter Gramantik.
Read more . . .


Security News

Hershey Park Investigates Potential Payment Card Breach
In a statement emailed to SCMagazine.com on Wednesday the park said, “We have received reports from some of our guests that fraud charges appeared on their payment cards after they visited our property.”
Read more . . .

Photo Center Hack May Compromise Personal Information
A third-party vendor is investigating a potential credit card incident that has prompted Rite Aid, Costco, Sam’s Club and Tesco to follow CVS and Walmart Canada in taking their respective photo center websites offline.
Read more . . .

FTC Accuses LifeLock of Violating Settlement
The Federal Trade Commission on Tuesday accused LifeLock, an identity theft protection service, of making deceptive claims in its advertising, in violation of an agreement the company made with the agency in 2010.
Read more . . .

Zero-day in Fiat Chrysler Feature Allows Remote Control of Vehicles
Fiat Chrysler owners should update their vehicles’ software after a pair of security researchers were able to exploit a zero-day vulnerability to remotely control the vehicle’s the engine, transmission, wheels and brakes among other systems.
Read more . . .

Hackers Take Over a Jeep From 10 Miles Away
I WAS DRIVING 70 mph on the edge of downtown St. Louis when the exploit began to take hold. Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
Read more . . .

UCLA Hack Exposes 5 Million Records
Bad news for nearly 5 million people who are patients or employees of UCLA’s sprawling health care system: Hackers might have your private medical records. The health system said today that the sophisticated hack tapped into the network that contains personal and medical information, reports the Los Angeles Times. The good news is that authorities aren’t sure the hackers actually stole people’s information, only that it was exposed. The bad news is that if they did, that information includes names, addresses, Social Security numbers, insurance identification, and treatment records.
Read more . . .

Army National Guard Breached
Personal information from more than 850,000 current and former Army National Guard members may have been compromised, according to a Friday release.
Read more . . .

The Soaring Cost of Malware Containment
Organizations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable, according to a new report from The Ponemon Institute, which surveyed 551 IT and IT security practitioners across EMEA.
Read more . . .

Android Games Stealing Facebook Credentials
Researchers with two security firms independently observed apps on the Google Play store that are stealing Facebook credentials, and one of the apps has been downloaded by up to a million Android users.
Read more . . .

Second OPM Breach
The second data breach at the U.S. Office of Personnel Management (OPM) compromised the background forms and Social Security Numbers (SSNs) of 19.7 million individuals, as well as 1.1 million fingerprints.
Read more . . .

Hacking Team Breach Explained
After having 400 GB of its internal communications and company secrets stolen and leaked online earlier this week, Hacking Team faced something like a PR nightmare.
Read more . . .

Fake Twitter Verification
A little over 18,000 Twitter users looking for a way to get their accounts verified have been duped by a single fake account promising to provide the service into visiting a phishing page.
Read more . . .

New Password Recovery Scam Hitting Gmail, Outlook and Yahoo Mail Users
A simple yet ingenious scam is being used by scammers to compromise accounts of Gmail, Outlook and Yahoo Mail users, Symantec researcher Slawomir Grzonkowski warns. “To pull off the attack, the bad guys need to know the target’s email address and mobile number; however, these can be obtained without much effort,” he explains.
Read more . . .


Featured Website

Mercer Borough
This Website was designed to provide our residents a source for correct and current information concerning Mercer Borough Government. On this webpage you will find information ranging from Permits to Zoning and Ordinances plus be kept up to date on current and future projects throughout our Borough. The Website is and always will be a work in progress with periodic updates, so as you browse through the website please feel free to make suggestion on how we can make this a better tool for you.


FAQ of the Month

How Can I Tell If A Link In An Email Is Valid?
Beware! What you see as a link may not be the real destination. It is not at all uncommon for links in email message to “look” like they go to a legitimate site, when, indeed, they will lead the reader to a malware or scam site.

The best way to identify whether a link is legtimate is to hover over the link itself. Do not click on the link! Simply hover over it with the mouse pointer. A box will pop up indicating the true destination of the link. If the pop up box and the visual link do not match exactly, the link is probably not valid and may actually result in a malware or viral infection.

Below is a sample PayPal phishing email. Note the link popup vs. the visual link in the email. They do not match.
Paypal_phish
Always hover over an email link prior to clicking!


News and Tips

10 Uses For Drones In Your Municipality
Drones are becoming more than mere law enforcement adjuncts, as cities find new ways to save money and even raise revenue with the unmanned aerial vehicles.
Read more . . .

Spending Too Much Time on Facebook and Social Networks?
Check out this app . . .

Do You Backup Your WordPress Site?
WordPress_Backup-300x171

In a shocking survey conducted by CodeGuard, it was found that only 47% of WordPress users back up their website every month. Likewise, only about half of WordPress users update WordPress on a regular basis. Why does this matter?

  • Hackers – If someone hacks a website, it is very easy to enter malicious code. The quickest and cheapest way to restore the site is through a reliable backup.
  • Server Failure – This is unlikely to happen, but in the even that it does, you don’t want to be stuck rebuilding your site.
  • Employee Errors – This is more likely to happen than a server error. Very few employees have received any formal WordPress training. According to the CodeGuard survey, 63% of users have deleted a file that was not backed up.
  • No Guaranteed Backups – Most hosting companies do not guarantee their backups. How well do you know your hosting contract? It might be worth looking into.

Many business owners don’t have the time or the resources to make regular website updates. It takes even more time and expertise to perform regular backups. Luckily, there are many paid services available. Companies like CourseVector take the guesswork out of backups and management. Their Managed WordPress Hosting takes care of backups and updates, making a WordPress website virtually maintenance free.

Even if one chooses to outsource website backups and updates, it would be wise to do a website backup once in a while. There are no guarantees provided by most hosting or management companies. Most do their best to have the latest backup available at all times. However, there is no guarantee that this backup will restore properly or that their backup includes your most recent website changes.

There are some free or very affordable plugins available to WordPress users that make backups easy. Many of these plugins come with basic instructions. There are also paid FTP-based backup options that are secure and reliable. If you are uncomfortable doing backups on your own, consider attending a WordCamp, two or three day training groups for WordPress. A local WordPress consultant is another option to consider. Person-to-person training takes less time and it is more personalized. Can’t find a skilled trainer in your area, consider an online WordPress training instead. You get the same personalized service right from your home or office.

Jennifer Mariani
CourseVector



Comedy Corner



Senator Lindsey Graham Shows How to Smash Your Phone

News Bulletin June 2015

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 

 

Alerts

Object Injection Vulnerability in WooCommerce
The vulnerability is only present when WooCommerce’s “PayPal Identity Token” option is set. If it is, your site is vulnerable to an Object Injection type of vulnerability, which essentially means that depending on the context the site is running in, it may be used to do a variety of things.
Read more . . .

Kaspersky Labs Compromised
Researchers at Kaspersky Lab uncovered evidence that some of the company’s own systems have been compromised.
Read more . . .

 

Security

A History and Perspective on the OPM Breach
The recent breach of the Federal Government, virtually disclosing private information on everyone in their database, including individuals and identities of those with top security clearances, will affect our lives for many years to come. Read the latest updates below:
Catching Up on The OPM Breach
Vast Amounts of Extremely Sensitive Data Stolen
Security-clearance Information Likely Stolen During Breach of Government Agency
Hack of Government Employee Records Discovered by Product Demo
Hackers May Have Hit Every Federal Employee
US Army Shuts Website After Hacking Attack

LastPass Password Manager Acknowledges Breach
LastPass, the online password manager, announced Monday in a blog post that its network was breached and that hackers made off with user email addresses, password reminders and encrypted master passwords.
Read more . . .

Poweliks Trojan Goes Fileless to Evade Detection and Removal
A recently-discovered Trojan in the wild does not exist as a detectable file on compromised PCs.
Read more . . .

Microsoft Flags Ask Toolbar as Unwanted and Dangerous
From this month on, all versions of Ask.com’s infamous browser toolbar except the very last will be detected as unwanted software by Microsoft security products and removed.
Read more . . .

Bug in iOS Mail App is a Dream Come True for Phishers
A serious bug in the default Apple iOS Mail application can be easily exploited to show extremely realistic-looking pop-up prompts and trick users into sharing their Apple iCloud login credentials, security researcher Jan Soucek warns.
Read more . . .

Beware the New EBay and Paypal User Agreement
The auction site’s updated user agreement says it may contact its 157 million buyers to “collect a debt” or “poll your opinions through surveys or questionnaires” or “contact you with offers and promotions.”
Read more . . .

Vulnerabilities Found in D-Link Storage Devices
Researchers have identified dozens of vulnerabilities in several D-Link products, some of which allow attackers to bypass authentication requirements or upload arbitrary files to target devices.
Read more . . .

Crypto-Malware Sleeps on Infected Machine, Wakes Up at Predefined Time
A piece of ransomware with file encryption capabilities called Locker enters into a sleep state after compromising a computer and activates at a certain time, defined by the attacker. This is particularly dangerous as if the virus “sleeps” long enough, all backup files would be compromised preventing the restore of valid data.
Read more . . .

Woolworths Leaks $1 Million of Gift Cards in Massive Data Breach
Grocery giant Woolworths has scrambled to cancel over $1 million worth of shopping vouchers after a massive leak of customer data, in which it mistakenly emailed the redeemable codes of 8000 gift cards containing the customers’ names and email addresses.
Read more . . .

Hospitals in at Least 3 States Affected By Employee Data Breach
Thousands of patients were alerted in hospitals across New York, New Jersey, and Pennsylvania that their medical records may have been compromised by an outside contractor.
Read more . . .

Fake PayPal Payment Reversal Notification Leads to Phishing
PayPal phishing attempts take many forms, and one of the most often used techniques is fake emails containing a warning and a prompt to act quickly. An active phishing campaign of this sort is currently targeting users, trying to make them believe that a payment they received was reversed.
Read more . . .

A QR Code on Heinz Ketchup Linked Straight to German Porn
When Daniel Korell scanned a QR code on a bottle of Heinz Ketchup, he got more than he bargained for. Rather than bring up the competition page he was expecting to see, it instead linked to a German porn site called Fundorado. Oops.
Read more . . .

 

Featured Website

Home Lifeguard
Help at the touch of a button!

 

FAQ of the Month

Question:
Just recently I set up email accounts for each member of council using the tool provided with our website subscription. One of my fellow council members brought up a concern about RTK requests and I am not sure of the answer. If a person is no longer on council and the account has been deactivated, does the system admin still have access to the history of emails (in the event that an RTK request is filed)?

Answer:
If you download email, through Outlook for instance, and delete it from the server, then the email is NOT on your web server. Your question is then one of whether it was deleted from “your” local computer.

If you leave email on your web server, it piles up, no matter what ISP you are using, and, eventually you have to delete some of it. At that point, it is gone form your web server. Again, the burden is back on you.

Your web server comes with an email archiving function. It will record and archive ALL email, both in and out of the system. Again, though, the issue with this is the storage. We can set the system to archive mail for whatever period you want form 90 days to 90 years. We can also provide you with additional storage, when and if needed, at the following rates:

Tier 2 $75/year 5-10G
Tier 3 $135/year extra 11-25G
Tier 3+ $20/year extra per 5G increments

You get 4G with your current plan, so you would need to do nothing for months if not years.

If we were to set this up, you would have access to a mailbox that would contain ALL emails form ALL email boxes for whatever length of time you told us to set. If you found yourself needing to find 3 year old emails, that would be cumbersome, at best. However, there is a free program that can be used to download the entire archive. It converts the emails into a compressed database and can search millions of emails in seconds. If it became necessary, we could help you with that. Would not bother unless “the need arose.”

Good question and we hope we have provided a comprehensive answer.

 

What everyone should know about Potentially Unwanted Programs (PUP)

Potentially Unwanted ProgramsEver wonder how Ask.com is suddenly your search engine default? Even though you did not “ask” for a change to your browsing options by physically going to your settings and making the change. Thanks to potentially unwanted programs, or PUPs, it is likely that, at some point during your internet browsing experience, you did, in fact, ask for the change.

Some PUPs are quite useful, and under different circumstances might even be a good addition for your system; however, it is the underhanded manner in which they are introduced that is the unwanted part of the equation. Unfortunately, software developers are using more and more sophisticated ways to dupe even computer savvy users into accepting PUPs.

Here are the top five methods used to introduce PUPs to your system and how to avoid those “potentially” unwanted changes.

Top Five methods of introducing PUPS to your System

Download Portals

1. The preferred method unscrupulous software companies use to introduce PUPs to your computer is through download portals. PUP programmers might place an ad on a site with a legitimate, useful download. They make the ad flashy, with a big green “download now” button in hopes that users will click this button rather than downloading what they came for.

Here is an example. Skype is popular video chat software, available for free to its users. Many people will Google “Skype free download” to find and download the software. “CNET free download portal” is one of the choices on the search engine result page (SERP) which brings users to a page showing two or three green download buttons. Without paying much attention, the logical choice is the biggest green button, which states beside of it: Free Download Manager. What is about to download is not Skype at all, but a download manager. This can be a good feature if desired, but it can change a systems performance in undesirable ways as well.

The safest way to avoid this error is to skip download portals altogether and go directly to the source. Google “Skype” and go directly to their home page. If there is a free download available, and of course there is for Skype, there will be a download page or button.

Express Installations

2. The second most popular method is through an express installation of software or updates. Choosing the express download is the quickest way to get the desired software with a few not necessarily desirable add-ons. The express install is always recommended, at least by those providing the extras, such as changes to your home page, search engine, and other PUPs. A lot of non-savvy computer users will automatically choose the express install thinking that is the quickest and simplest method, but don’t believe it. Avoid express installs and use the custom install instead.

Installation Check Boxes

3. Even with the custom install recommended above, programmers will try to introduce PUPs. There are a series of boxes which are already checked with many program installations. Some examples include “change my home page to Yahoo!” or “change my search engine to Bing”. To avoid more PUPs, simply click off those check marks. Some may also be added at the end of the End User License Agreement (EULA), which most users do not take time to read, yet click “yes” anyway to finish the installation process.

Forced Installations

4. The fourth PUP installation method is by far the worst and at first glance seems unavoidable. When you begin the install, there are two or three choices to change your home page or search engine, but the boxes are not checked. Click next, and the problem appears. There is a dialogue box that states, “To continue with the install you must choose at least one option.” This is what is known as a forced install. It is very clever, but avoidable. To avoid this bit of trickery, click cancel and get your software somewhere else. It isn’t worth proceeding.

Sharing Your System

5. Others may not be as computer savvy and visits to chat, online gaming, and streaming sites with your computer could produce automatic changes to browser settings and shell the system with ads. Even forcing others to use a separate login is not effective, as changes to the system will affect computer performance. The only real way to avoid this is to deny shared usage.

If all else fails and unwanted software begins to plague your system, there are a few tips that can clean up most damage and get the machine back to peak performance in no time.

Top Five Tips to avoid Potentially Unwanted Programs

  • Always use quality anti-virus software with malware filters
  • Never use express installs and click off unwanted add-ons
  • Install a Free Emsisoft Emergency Kit and use it to scan your system frequently
  • Take your time with all installs, “know before you go!”
  • Go to the source for downloads whenever possible

If an install looks suspicious, even if it is what you want installed, get the software somewhere else. There are lots of reputable downloads available, particularly from the source!

CourseVector

 

Comedy Corner

Really?
A Republican lawmaker accidentally cast his party’s first vote for the California budget in years because he was distracted by Facebook.
Read more . . .

Egyptian Repairman Outranks Google
This Egyptian HVAC Technician is ranking number one in organic search results with a Google Places listing that outranks Google’s own knowledge graph snippet. His business name doesn’t even include the keyword, nor is it in any way related.
Read more . . .

News Bulletin May 2015

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 



Alerts

Critical Magento Update
Magento released a new bundle of patches on Thursday night to address several security-related issues, including flaws that made it easier for attackers to initiate password attacks and gather address information from store customers. Magento is warning users of all current versions of Magento CE and EE to update immediately.
Read more . . .

VENOM Vulnerability Enables Virtual Machine Escapes
A researcher with CrowdStrike has identified a vulnerability in virtual floppy drive code used by numerous computer virtualization platforms that, if exploited, can enable an attacker to escape from a virtual machine (VM). This affects a large majority of web servers on the Internet. Most websites, in one way or another, are contained within virtual machines. CourseVector has applied a patch that prevents this breach, but for those of you not on our servers, this could present a major problem. Check with your ISP to make sure your website is not vulnerable. (Those of you who host with us are already patched!)
Read more . . .

New Domain Name Scams
Read more . . .

Researchers Find Vulnerability in WordPress Shopping Cart Plugin eShop
The eShop WordPress Plugin version 6.3.11 was discovered on April 15 to have insufficient validation of user-supplied input in the “eshopcart” HTTP cookie. eShop is a shopping cart plugin with a variety of features, and is used by over 10,000 websites, all of which are potentially vulnerable, pending a patch.
Read more . . .

TheCartPress Plugin Puts Sites At Risk
A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers’ data, execute arbitrary PHP code, and perform Cross-Site Scripting attacks against users of WordPress installations, claim High-Tech Bridge researchers.
Read more . . .


Security

Do People Correctly Identify Phishing Emails?
An Intel Security quiz presented ten emails and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to correctly identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to fall victim to an attack.
Read more . . .

Ad Network Redirects Users To Malware Site
Attackers compromised an ad network’s server in an apparent attempt to redirect visitors of websites using the platform to the Nuclear exploit kit (EK), new research reveals.
Read more . . .

Penn State Offline Following Advanced Two-Year Cyberattack
Penn State University President Eric J. Barron announced Friday that the university disconnected its networks from the public Internet after sustaining an intrusion into the College of Engineering that had lasted longer than two years. It will be a matter of days before Penn State brings its networks back online.
Read more . . .

Email Delivery Service SendGrid Confirms Data Breach
Sendgrid, the email delivery and management service that counts among its clients companies like Pinterest, Airbnb and Uber, has admitted that they have been breached.
Read more . . .


Featured Website

Folic Acid Everyday
From the Spina Bifida Resource Center


FAQ of the Month

Why Should I Use WordPress
Many people still think of WordPress as a new technology that is untested or somehow flawed, like Windows 8, or they consider it as simply a good platform for blogging. The truth is WordPress has been providing business owners as well as blogger an excellent content management system (CMS) for nearly 12 years.

WordPress is an absolutely free Content Management System (CMS) for any website. The only necessary payments will be the URL (website name)/domain, which would be necessary with any web development software. A WordPress website can be put online for less than $5 per month. WordPress has become the place to go to set up a new website and millions are taking that first step toward success of their internet business goals. Billy Bob from Biloxi can use the same platform and can access the same tools and plugins as BBC Business News. WordPress has the capability to grow with your business.

Ease of Use
WordPress is unbelievably easy to use, even for beginners and people that do not know a programming language. Most sites require at least a minimum knowledge of codes and how those work, but with WordPress the codes are working in the background.

With access to nearly 35,000 plug-ins, most of which are free, even a novice can set up plugins that help manage everything on a website, from registering guests to credit card and PayPal payments for products and services. We live in a truly global age, with global dreams and aspirations, WordPress helps us realize those endeavors in real-time.

WordPress is SEO Friendly
WordPress is also Search Engine Optimization (SEO) friendly. With those clear and concise codes working in the background, search engines can easily inspect the page and index keywords and Meta descriptions and tags, which users can easily apply to content and images.

WordPress is Browser-Based
Since WordPress is an internet-based system, it can be managed from any computer, by anyone that has internet connectivity and administrator privileges anywhere, on any browser around the world.

Social Media Compatibility
With plugins such as Floating Social Bar, Shareaholic, or Sharethis it is easier than ever to share and get articles shared on social media platforms like Facebook, LinkedIn, Twitter and many more. WordPress makes it easy to link websites and social media platforms and track social bookmarking efforts.

Website Growth
As your business grows you will need more pages to display products and services. WordPress is a scalable CMS that allows additional pages without conceding efficiency or speed. Even when adding optimized photo galleries, videos, or product images and descriptions.

Built-in Blog Platform
Since WordPress was originally built as a platform for bloggers, it has all the “bells and whistles” a blogger desires. With Editorial Calendar, a WP plugin, scheduling everything for your blog has never been easier, from scheduling tasks to automatic posting of future blog spots; it’s as easy as marking a calendar. A blogger can even make corrections in the blog from the calendar.

Plug-Ins Make WordPress Even Easier
Just about anything that needs to be done with a website, WordPress has a plugin that will do it. Actually, for every point or paragraph in this article there is at least one plugin. Just use care in adding plugins to any site, as a lot of plugins provide the same service and adding too many will slow down your processes.

Friendly for Mobile Devices
One does not need to be a rocket scientist to figure out that more people are spending more time on mobile devices, just look around. In the not too distant past, people were afraid to use their mobile device to order things online, those days are gone. In fact, one quarter of all searches are conducted from a mobile device. WordPress makes it easier to adapt a website to make it mobile user friendly, so they won’t have to pinch or stretch their screen to view your products.

WordPress is Dependable
Lots of the top corporations depend on WordPress to bring their message to the world, from media mammoths like Forbes, The New York Times, Reuters, and CNN to tech titans such as IBM, Samsung, and Sony, to the present President and some of the hopefuls.

Adaptable & Customizable to the User’s Needs
WordPress can be customized to the user’s needs, with more than 35,000 free themes and lots more inexpensive options the user can adapt their website to meet their objectives and business mission.

Should you get stuck, there is plenty of free help available online. There are literally hundreds of WordPress training tutorials on YouTube to help anyone from the beginner to the more advanced users with step-by-step instructions. If you prefer one-on-one training, that is available too!


News and Tips

The Parallaxer WP – Parallax Effects On Content
We do not recommend Parallax if you intend to optimize your website for search engine placement. However, depending on the purpose of your site, Parallax designs can be very dynamic. The Parallaxer WP is a Parallax blocks builder plugin for your WordPress site. It features Shortcode Generator, Visual Composer generation and many options along the way!

easelly
Easel.ly is a website that features thousands of free infographic templates and design objects which users can customize to create and share their visual ideas online. Using the site is as easy as dragging and dropping design elements, and users can either choose a template from our extensive library, or they can upload their own background image and start from scratch. Over 300,000 users have already registered with Easel.ly, and thousands of infographics are produced using the site every month.
Read more . . .

Font Resizer
This plugin allows you to give the visitors of your site the option to change the font size. The plugin acts over jQuery and saves the settings in a cookie. So the visitor sees the same font size if they revisit your site. Which content is going to be resized, the resize steps and other options can be set on the plugin admin page.
Read more . . .

Tutorial Video On TablePress
If we used a table on your website, chance are, it was done with TablePress. If you would like a table on your website, we suggest the use of TablePress. Following is a video that explains how to use this plugin. Of course, we are always available to help with any issues you may experience.

News Bulletin April 2015

NewsletterLogoNew
Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of:

The Pennsylvania State Association of Boroughs
and
CourseVector, LLC.
 


Alerts

XSS Vulnerability Affecting Multiple WordPress Plugins
If you use any of these plugins, make sure to update them now!
Jetpack
WordPress SEO
Google Analytics by Yoast
All In one SEO
Gravity Forms
Multiple Plugins from Easy Digital Downloads
UpdraftPlus
WP-E-Commerce
WPTouch
Download Monitor
Related Posts for WordPress
My Calendar
P3 Profiler
Give
Multiple iThemes products including Builder and Exchange
Broken-Link-Checker
Ninja Forms
Security Advisory
Additional Information

FBI Public Service Announcement
Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.
Read more . . .
For those clients who are part of our managed WordPress services, all required “hardening” has already been implemented.

WP-Super-Cache Vulnerability Potentially Leaves 1 Million+ Websites Exposed
There are still several “non-managed” clients running the compromised version of WP Super Cache. If you are not on a managed program, please review your website and make any required updates. Always make sure you have a good backup prior to doing updates.
Read more . . .

Security

Beware of Malicious “Internal ONLY” Emails
Malware peddlers are once again trying to trick users into downloading malware by sending out fake emails impersonating domain administrators.
Read more . . .

Thousands of Websites Hacked Through RevSlider
Returning to the present day, the RevSlider vulnerability is being exploited once again by bad actors that have been injecting malicious iframes on vulnerable websites in an effort to redirect visitors to domains hosting exploit kits. This is an older alert, 30 days, however, several clients run RevSlider, so it was worth mentioning. Also, for our designers, RevSlider is built in to some themes that have slide show access. Please review your themes for potential issues.
Read more . . .

Another PayPal Phishing Email
“You must confirm your account information!” is the strident declaration of the latest PayPal phishing email. Apparently the recipient’s PayPal account needs updating within 72 hours, or else their PayPal account will be limited.
Read more . . .

Malicious Android Malware Scanner
Malware peddlers are exploiting fear of the Android Installer Hijacking bug.
Read more . . .

Social Engineering Used In Successful Enterprise Breaches
“An experienced and resource-backed cybercrime gang” is using the relatively new Dyre/Dyreza banking Trojan coupled with effective social engineering to steal millions from businesses, IBM Security Intelligence researchers John Kuhn and Lance Mueller warned.
Read more . . .

5 Largest Hosting Companies Hacked
Once again, Syrian Electronic Army (SEA) has gained media attention by compromising a number of popular web hosting brands of one of the leading web-hosting companies Endurance International Group INC that manages over 60 different hosting brands.
Read more . . .

Critical Flaw In WiFi Routers Puts Hotels and Millions of Guests At Risk
The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS). This vulnerability affects 277 hotels, convention centers and data centers across 29 countries.
Read more . . .

Experts Discover Phishing Campaign Leveraging .gov TLD Loophole
Researchers have picked up on a new spam campaign that sends victims phishing messages from a .gov account that thwarts email validation systems.
Read more . . .

Beware Of Malicious Online Advertising
If malware and virus-infected email, spoofed identities, phishing exploits and straightforward hacking into personal and enterprise IT systems aren’t enough, there’s a lesser-known security phenomenon wreaking plenty of havoc on its own: malvertising.
Read more . . .

Drupal SQL Injection Vulnerability Attacks Persist, Despite Patch Release
We are basically a WordPress shop, however, many of our clients use Drupal and other CMS systems. Nearly six months have passed since a major Drupal SQL injection vulnerability was disclosed, and yet attackers are continuing to try, sometimes successfully, to exploit websites that have failed to update their systems.
Read more . . .

Drupal Patches Flaw That Allowed Hackers to Forge Password Reset URLs
Content management system Drupal is addressing two moderately critical vulnerabilities with the release of versions 6.35 and 7.35.
Read more . . .

Scammers Use Whatsapp Calling Feature As A Lure
The lure comes via a Whatsapp message: a message saying that the user has been invited to try “Whatsapp Calling” and to visit a particular site to activate the feature.
Read more . . .

FAQ of the Month

Are there calendars that offer more features than the basic calendar provided in WordPress?

Absolutely! There are probably hundreds of calendar plug-ins. We have compiled a list of a few of the most widely used:

Birchpress Scheduler

Booking Calendar

Booking System Plugin

Calendarize It! Plugin

WP Simple Booking Calendar

Featured Site

Prosthetic Orthotic Solutions International
It is our intent to offer you useful information about orthotics and prosthetics and reassurance that you can have a very fulfilling and functional lifestyle no matter what circumstances have brought you here. We hope you get answers or, perhaps, pose a question. Using our experience and resources our practice spends the time to meet your needs and goals.

News and Tips

Calendarize It! Plugin
This is a WordPress calendar plugin with enough features to keep even this most demanding webmaster happy.

Backing Up WordPress
We thought it was time to revisit this topic. A complete backup of WordPress requires two elements: the database which contains all the text and settings for WordPress, and the files, consisting of media, themes, plugins, and WordPress itself. Without both, a site will not function.

There are basically two ways to backup:
1) Manually, using your hosting control panel.
2) Use a backup plugin. If you have CourseVector’s WordPress Hosting, we use a plugin that automatically saves the website every week and archives 5 weeks of backups at all times. The PSAB program does not provide that service at this time, however, we will be offering it in the near future at a small additional cost. The extra cost involves the backup space. We save all backups on the Amazon S3 cloud, which is offsite from our main servers. If your municipality is interested in this service, please contact webdesign@boroughs.org and we will notify you as soon as it is released.

Tip: Make sure you are keeping your backups off site. Never leave your backups on the same server as your website. We suggest your desktop or a cloud storage service. If you have any questions concerning backups, simply use the Contact Us link at the top of this page.

A Picture Is Worth A Thousand Words
Have you ever needed to create a quick visual? Now you can easily create and share visual ideas. easel.ly makes it a snap to put your thoughts and ideas into an infographic you can use in your slide show, PowerPoint, or on your website. Watch the video to see just how easy it can be to represent your thoughts, in a professional, graphical format.

Feedback

We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and give us your comments.

News Bulletin March 2015

Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

One-On-One Live WordPress Training


Training-Webpage-Graphic_final
We are very excited about providing a new service requested by many of our clients – One-On-One Live WordPress Training focused specifically on end users. This is how it will work:

  • The client will request a training session by completing a form providing acceptable dates and times as well as questions and goals for the training session.
  • One of our end user trainers will contact the client, via email, to schedule the date, time and approximate length of the session.
  • At the designated time, our trainer will call via phone, and also provide a link allowing the client to view their actual website, but from the trainer’s computer. This allows the training to demonstrate and teach, live, using the client’s actual WordPress site.
  • The cost of the service will be $50 for the first hour and $30 for each additional hour. After the first hour, training will be billed in 15 minute increments.

    If the client has a speaker phone available, several people can attend the training session, further enhancing the value.

    New Training Client Offer

    Mention this article when you sign up for WordPress training, and if you are one of the first 3 to take advantage of the service, we will give you a $25 discount on your training session! So, if you have been looking for a way to learn or improve your WordPress skills, sign up today at http://coursevector.com/services/wordpress-training/training-request-form/.

    Alerts

    WooCommerce Vulnerability Requires Immediate Patching
    An SQL injection vulnerability has been discovered in WooCommerce requiring immediate patching to version 2.3.6. If you are a PSAB client and have opted for periodic patches and updates, or, if you are a CourseVector client with WordPress hosting, we have already reviewed your WordPress and made any necessary updates. All other WordPress users should review their website immediately.
    Read more . . .

    MainWP Child Plugin Compromised
    A vulnerability in the MainWP Child plugin for WordPress – identified by researchers with Sucuri and deemed a critical security risk – can be exploited by an attacker to take full control of a website. We do not deploy this particular plugin, but thought we would update our clients and designers, just in case.
    Read more . . .

    WP-Slimstat Plugin Allows Website Compromise
    Users who run their websites on the popular WordPress CMS and are also using the WP-Slimstat web analytics plugin should update as soon as possible. The reason behind this warning is the fact that all but the recently released version of the plugin (3.9.6) have been found to contain a bug that could ultimately allow a remote hacker to hijack the site. There are a limited number of sites on our servers using the Slimstat plugin. If you are a PSAB client and have opted for periodic patches and updates, or, if you are a CourseVector client with WordPress hosting, we have already reviewed your WordPress and made any necessary updates. All other WordPress users should review their website immediately.
    Read more . . .

    Huge IT Slider WordPress Plugin Allows SQL Injection
    The 50,000+ active users of the Huge IT Slider WordPress plugin are advised to update to the latest version, as it closes a vulnerability that can be exploited by website administrators and anonymous attackers to inject and execute arbitrary SQL queries within the application’s database. Neither CourseVector or PSAB deploy this particular plugin.
    Read more . . .

    Security

    Cyber Crooks Take Advantage Of Ad Networks
    Malware peddlers are taking advantage of real time advertising bidding networks to deliver ransomware to unsuspecting users, FireEye researchers are warning.
    Read more . . .

    Heimdal Security has published an interesting list of which types of websites are being used to deliver malicious attacks by hackers:
    90.0% – delivered from advertising networks
    4.63% – websites being used only for malicious purposes
    4.10% – delivered from remarketing networks
    1.20% – the actual website itself, which is malware infected
    0.04% – typo squatting normal websites
    0.03% – Content Delivery Networks.

    Malware Targets Home Routers
    Researchers with Trend Micro have analyzed malware that first connects to home routers and scans for connected devices, and then sends the information it gathers to a command-and-control (C&C) server before deleting itself without a trace.
    Read more . . .

    71% Of .orgs Were Successfully Attacked in 2014
    The number of successful cyber attacks against organizations is increasing, according to the “2015 Cyberthreat Defense Report” from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations – in 19 industries – across North America and Europe.
    Read more . . .

    USB Drives Rigged To Destroy Computers
    The idea, roughly, is to fill a standard-looking USB case with hardware that will pulse a high-voltage charge into a USB port and just fry everything nearby.
    Read more . . .

    Facebook Bug Compromises Other Websites
    A bug in Facebook login that a Sakurity.com blog said the social network has failed to fix after a year allows attackers to compromise accounts on websites that leverage Facebook Login, notably, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and others.
    Read more . . .

    TorrentLocker Copycat CryptoFortress Leads New Wave Of Ransomware
    A new version of TorrentLocker, called CryptoFortress, is being used in in-the-wild to encrypt files and forcing ransom payments.
    Read more . . .

    WhatsApp Free Voice Calling Scam
    Fake WhatsApp invites are actively luring users to sites where they are urged to fill out surveys and download unknown applications.
    Read more . . .

    Mass Infection Malware Attack Targets Android
    The malware, dubbed Gazon, which uses victims’ mobile phone contacts to propagate, sends messages to their contacts linking to offers for spoof Amazon vouchers, which when opened, installs malware to their Android device.
    Read more . . .

    Up To 18.8 Million Non-Anthem Members Possibly Affected In Breach
    Anthem health insurance members might not be the only ones affected by the company’s recent data breach. Of the approximate 78.8 million people whose information was accessed by hackers, anywhere from 8.8 to 18.8 million of those affected include non-members, Bloomberg reported on Tuesday. The non-members used their Blue Cross or Blue Shield insurance in states, such as Texas and Florida, where Anthem has partnerships.
    Read more . . .

    Android Trojan Fakes Shut Down And Spies On Users
    A new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks.
    Read more . . .

    Flaw In Netgear Routers Exposes Passwords
    A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device.
    Read more . . .

    FAQ of the Month

    How Are Website Updates Billed
    Website updates are billed in 15 minute increments. For example, if an update takes 10 minutes, 15 minutes will be billed. Here is a money saving tip for those of you using CourseVector’s or PSAB’s update services. Group your updates as much as possible. On average, a client update takes about 10 minutes which includes reviewing the ticket, logging in and creating documentation. However, usually, several updates can be accomplished in 15 minutes. If a client requests 3 updates, on 3 separate days, the billable time will be 45 minutes. Under normal circumstances, if those 3 updates were all submitted on one ticket in a single day, the billable time would only be 15 – 30 minutes. Grouping updates, where possible, can save a significant amount of money over a year’s time.

    Featured Site

    New Holland Borough

    News and Tips

    3 Rules When Buying A Website
    It can be easy to buy a template online to build a website on the cheap. However, there are times when an out-of-the-box website just won’t cut it. It is then that one must hire a custom web designer to complete their website wish-list. Here are a few things to keep in mind before getting started with your custom website design.

    A Custom Website Is Not a Product
    Buying a custom website is not like purchasing a template off of the internet. There will be back and forth between you and your designer, so be patient. Most of the time, clients have a vague idea of what they want in a website, but they aren’t entirely sure until they see something on the web. The very nature of this process makes purchasing a custom website more of a journey and less of a product purchase.

    While a Contract May Be Necessary, a Hard Deadline is Not Always Feasible
    Remember that purchasing a custom website is a process. For this reason, deadlines may not be set or met. If you purchase custom work, the designer wants to be sure that a.) you are getting what you paid for and b.) you are happy with the design. This will take time and a certain amount of back-and-forth between client and designer. Try to get a soft deadline and the bones of the project (how many pages, how much artwork, etc) in writing. As the design moves forward, do not get too frustrated if deadline and deliverables move slightly.

    Don’t Always Think of Custom Design as a Dollar-Per-Hour Commodity
    If you could put a dollar value on an hour of a designer’s or programmer’s time, you could certainly price out the cheapest person available to get the job done. However, you’ve hired a designer whom you trust to design a website that will look great, increase your leads or sales, check off your wish list, and make your life easier. At times, yes, you might have to pay an hourly rate for adjustments beyond the scope of work. However, you’re paying for expertise here. The value of your new website should not be a function of how much a designer’s time is worth.

    WordPress Announcer Plugin
    Display awesome Announcements, Welcome notes, Greetings, Events, News etc with attractive style, colors, themes and position it anywhere in the page.
    Review the plugin . . .

    Use Any Font Plugin
    Use any font you wish and give your site a elegant look. No css knowledge required.
    Review the plugin . . .

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and

    News Bulletin February 2015

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    Alerts

    WordPress Plugin Fancybox Vulnerability
    Malware from this plugin allows for malware (or any random script/content) to be added to the vulnerable site.
    Read more . . .

    D-Link Routers Vulnerable To DNS Hijacking
    At least one and likely more D-Link routers, as well as those of other manufacturers using the same firmware, are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered.
    Read more . . .

    Security

    Jeb Bush Posts SS Numbers of 12K Floridians
    Bush is under fire for revealing personal info—names, birth dates, and Social Security numbers—of at least 12,000 Floridians.
    Read more . . .

    Hackers Hit 100 Banks in ‘Unprecedented’ $1 Billion Cyber Heist: Kaspersky Lab
    A multinational gang of cybercriminals infiltrated more than 100 banks across 30 countries and made off with up to one billion dollars over a period of roughly two years.
    Read more . . .

    Active Spam Campaign – PayPal Phishing Sites
    PayPal-themed phishing campaigns are nothing new, but they are more and more legitimate-looking as time goes by. Researchers with OpenDNS Labs have spotted one such campaign that started on January 26th, and some of the spoofed PayPal login pages are still up.
    Read more . . .

    AOL Advertising Network Distributing Malware Again
    An AOL advertising network was used to distribute malware as part of a continuation of an attack observed in early January.
    Read more . . .

    Spam Campaign Spreads Trojan Via Fax Messages
    The spam contains phony fax HTLM files that link to URLs that lead users to obfuscated Javascript code that automatically downloads a zip archive from a remote location.
    Read more . . .

    No. 2 Health Insurer Anthem Suffers Historic Hack
    In what is believed to be the biggest-ever health care data breach and one of the biggest data breaches anywhere, Anthem says hackers may have stolen the details of tens of millions of customers.
    Read more . . .

    Fake Facebook Account Suspended Emails Lead to Trojansand Ransomware
    Fake Facebook account suspension emails are doing rounds of inboxes around the world, trying to convince the recipients that their account has been temporarily disabled due to the social network’s “Terms and Policies renewal”.
    Read more . . .

    Beware of Emails Pushing Google Chrome Updates
    Google Chrome users are being actively targeted with a spam email campaign impersonating the Internet giant, urging them to download a newer version of the popular browser because theirs is “potentially vulnerable an out of date”.
    Read more . . .

    Info Graphic on Data Breaches

    Affordable Care Act Phishing Campaign
    The United States Computer Emergency Readiness Team (US-CERT) issued an advisory stating it is aware of phishing campaign that involves communications claiming to be from a U.S. federal government agency. “The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.”
    Read more . . .

    FAQ of the Month

    Is My Email Secure?
    The simple answer is no. 99% of the email systems operating on the Internet today are not set up to handle “true” secure email. Some “experts” will tell you that if you are connecting to an email server that has TLS (Transport Layer Security) enabled, that your email is safe. True, it would be transported encrypted, however, the server the email “lands” on is the issue. There are very few email servers available that have encryption at rest, meaning that emails and attachments are stored in clear text, regardless. Unless you have an in-house email server, or, you are using a specially designed secure portal, assume that anyone can see your messages and attachments. Public mail servers, including Hot Mail, Google, Yahoo, etc., can be accessed by staff members of the ISP. In addition, in most cases, those servers are backed up and replicated to hundreds of backup servers, usually located throughout the world. ISP’s do this for redundancy as well as disaster recovery. All of the hundreds of copies and archives are in clear text, and, again, available to anyone with access to the mail server.

    If you need communications to be secure, services like http://privnote are available, however, the safest method is a secure transfer portal. For questions or additional information contact support@coursevector.com

    Featured Site

    Leap Technology Partners
    This is one of CourseVector’s Free Web Designs for small business. $96 for two years of hosting and CourseVector will design and post your website!
    CourseVector’s Free Web Design Program

    News and Tips

    FCC Raises Minimum Broadband Speed to 25 Mbps
    The Federal Communications Commission voted to change the definition of broadband Internet. Now, a connection must have a 25 Mbps download speed and 3 Mbps up to be classified as broadband.
    Read more . . .

    PUP (Potentially Unwanted Programs)
    Ever wonder how Ask.com is suddenly your search engine default? Even though you did not “ask” for a change to your browsing options by physically going to your settings and making the change. Thanks to potentially unwanted programs, or PUPs, it is likely that, at some point during your internet browsing experience, you did, in fact, ask for the change.
    Read more . . .

    Ease Your WordPress Experience
    This may sound like a strange tip, but it can save a lot of time. For most, WordPress is not used every day and it is easy to lose track of how to do something. Making notes on WordPress tasks helps to alleviate update stress. A sample list might look something like this:
    I make blog entries under Posts
    My sidebar is run by Widgets, which are under Appearance
    I can change my Menu under Appearance
    The Plugin I use a lot for website statistics is found in Plug-ins, Count Per Day.

    In addition, sometimes creating a list on how to do certain tasks can be a big help, for instance:
    What are the steps for creating a blog post?
    How to upload an image into a Post or Page?
    How do I update the home page?
    How do I change the news ticker?

    And, of course, we are always available to help with any of the above or issues you may have with WordPress!

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and

    News Bulletin January 2015

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.



    wordpress-superman_sm
    One of our clients and all around WordPress Guru has launched a new site called The WordPress Helpers. Useful information for all things WordPress. One of the more interesting features of this new venture is one-on-one WordPress training. Check it out!




    PSAB-Annual-Conference1



    For our PSAB clients, please remember the upcoming Annual Conference, April 26-29, 2015 at the Lancaster Marriott & Convention Center.
    Click here for more information . . .





    Alerts

    New Version of CryptoWall
    The infamous Cryptowall ransomware is back: the newest version has been spotted compromising users in the U.S. and Europe.
    Read more . . .

    Phishing Scam Targeting LinkedIn Users
    A wave of emails, supposedly sent by LinkedIn Support, have been linked to scammers who are attempting to steal credentials from members of the networking service.
    Read more . . .

    Security

    Huffington Post Serves Up Malware
    Visitors of several popular sites including the Huffington Post and Gamezone.com were unknowingly serving malicious ads that ultimately led to a ransomware infection.
    Read more . . .

    Terrific Visual of Breaches In 2014

    Chick-fil-A Possible Hack
    Chick-fil-A is working with law enforcement to look into potential unusual activity involving card payments.
    Read more . . .

    New Ransomware Spotted
    Although the Justice Department announced in July that the Cryptolocker threat had been neutralized, new ransomware with the same name and a low detection rate on VirusTotal is being delivered via emails purporting to come from the State Debt and Recovery Office in Australia.
    Read more . . .

    1.6 Million Credit Cards Compromised At Staples
    Staples announced that malware infected its point-of-sale systems at 115 of its 1,400 U.S. retail stores, possibly affecting roughly 1.16 million payment cards.
    Read more . . .

    Top Facebook Scams Of 2014
    Millions of people fell for Facebook scams in 2014. Though security experts, companies and tech-savvy users guard against Facebook cyber attacks, many unwary users continue to fall victim to scams on the social network every day, with veteran users still falling for the same old e-threats.
    Read more . . .

    FAQ of the Month

    What Is A WordPress Plugin
    A WordPress Plugin is a piece of software that can be easily uploaded to a WordPress site that extends the functionality of WordPress. It would be like adding Office or Photoshop to a Windows computer.

    Plugins can do almost anything you can imagine and there are hundreds of thousands of them throughout the Internet. WordPress can be extended, through plugins, to display calendars, booking systems, real estate, photo galleries, email lists, and much more.

    Of course, like Windows programs, care must be taken to choose “legitimate” plugins that are virus free and function as expected. Plugins can, and have, broken websites. Also, plugins require updates, periodically, to keep them safe, secure and operating correctly. Our WordPress Hosting Service includes periodic plugin maintence and updates for those who would rather not be bothered.

    Featured Site

    Evans City – Seven Fields Regional Police Department

    News and Tips

    The Ultimate In Social Engineering

    For those of you who may have missed the piece on the Jimmy Kimmel show, here it is again. This is a “must see” if you need a laugh!

    Adding A Full Screen Background Image To WordPress
    All that is required to add a full screen background image to WordPress is the following plugin. The key to making the background image work is to size the image to at least 1600×1200 px. Larger is better, but maintain the aspect ratio if at all possible. The Pro version of the plugin offers many additional features that make it worth the added expense. Have fun!

    Simple Full Screen Background Image

    Simple Full Screen Background Image Pro

    New WordPress Videos
    We have updated our WordPress Video Tutorial Library to include the latest reslease of WordPress. If you have not checked out the videos, now would be a good time to brush up on your WordPress skills.
    WordPress Video Tutorials

    New WordPress How To Book
    How to: WordPress 4: The Answers Inside
    A hands-on how-to book for people who need to get things done, and want fast, reliable solutions.

    If you own a website powered by the WordPress CMS, or you are a web developer looking to build a WordPress CMS site, you want quick, reliable solutions. HowTo: WordPress 4 is made especially for you — a no nonsense, how-to book that focuses on proven solutions to the most common issues you encounter in WordPress.

    Wi-Fi Traveling Scams
    If you are a road warrior, consider this hotel attack. You plug your computer into the hotel network, either wired or wireless. Shortly after the connection is made, your computer indicates there is a download for Google Toolbar, Adobe Flash, Windows Messenger, or some other program you have loaded on your computer. You allow the update and the backdoor software known as Darkhotel is now loaded on your computer. From that point forward, the hacker, usually located somewhere in the hotel or with a relay, can see everything you do on your computer, from documents, to emails, to bank accounts and passwords. Road warriors beware!

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note.

    News Bulletin December 2014

    xmas

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    Alerts

    WordPress Vulnerability
    WordPress version 4.0.1 addresses more than 20 vulnerabilities, and WordPress versions 3.9.3, 3.8.5 and 3.7.5 address a critical cross-site scripting (XSS) vulnerability.
    Read more . . .

    If your organization is part of the PSAB web design program or managed services through CourseVector, these types of patches are done under your service contract every 6 months. If you feel your site is not on version 4.0.1, or, if you want more information about managed hosting, simply contact us.

    WordPress 4.0.1 Could Break Installed Plugins
    With the release of WordPress 4.0.1, there have been reports of plugins breaking due to the update. For example, Cool Video Gallery is broken because of the way it handles custom shortcode attribute parsing instead of using the Shortcode API built into WordPress.
    Read more . . .

    If you are part of our managed services, this is not an issue as we handle any such problems when we do updates and patches on your website. Should you have any concerns please feel free to contact us.

    SoakSoak Malware Leaves 11,000 WordPress Sites Blacklisted by Google
    More than 11,000 websites using the WordPress blogging platform have been blacklisted by Google, after they were infected by the “SoakSoak” malware.

    We do not use or install this plugin, however, we thought the alert may be of importance to those clients managing their own websites.

    Read more . . .

    Security

    Windows Patch Issue
    Not sure we agree with this article, however, the issue with the update is valid and should be noted.
    Read more . . .

    New Crypto-Ransomware
    A doozy of a new malware campaign uses powerful next-generation encryption to lock up your personal files, then demands you pay a ransom in Bitcoin to get the decryption key. The campaign spreads via malvertising, or malicious Web ads that can infect your PC when you click on them, or even just let them load onto your Web browser.
    Read more . . .

    Vendors Sell DroidJack App
    For $210, any user can purchase a lifetime DroidJack package, according to a Symantec blog post. The RAT comes with more than 50 features, including the ability to gain access to a device’s messages, contacts and camera. Addtionally, the RAT’s purchasers can listen to live call conversations, copy files from a device to a computer and obtain a device’s last GPS location check-in.

    A remote access Trojan (RAT) is a malware program that gives an intruder administrative control over a target computer. RATs are usually downloaded invisibly with a user-requested program — such as a game — or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute more RATs for a botnet.
    Read more . . .

    Breach Impacts Maryland School
    Prince George’s County Public Schools (PGCPS) in Maryland is notifying roughly 10,000 employees that their personal information – including Social Security numbers – was inadvertently included in a report that was shared internally via email, and also disseminated outside of the PGCPS email domain.
    Read more . . .

    Hackers Shut Down Sony Pictures
    Computers at the company have been completely unresponsive, showing a glowering CGI skeleton, a series of URL addresses, and a threatening message from a hacker group that identifies itself as #GOP.
    Read more . . .

    FAQ of the Month

    Why Are Attachments Sent To An AOL Account Not Being Received?
    AOL has a setting on their side that strips attachements.
    read more . . .

    Featured Site

    Kane Borough’s new website, designed and hosted by PSAB. Welcome aboard!

    News and Tips

    Ticketing System Is The Fastest Way To Obtain Support
    When requesting support, the online ticketing system is the fastest way to obtain a response. Under normal circumstances, we reply to tickets prior to phone calls. Tickets allow us the ability to research the issue reducing support time and frustration for our clients. The ticketing system is extremely easy to use. If you are a CourseVector client, simply send an email to support@coursevector.com. If you are part of the PSAB web design program, address your email to webdesign@boroughs.org.

    Embedding A Google Calendar In Your WordPress Website
    Go to Google Calendar on the web. On the left sidebar of Google Calendar there is a list of calendars, assuming you have set up and are using Google Calendars. Click on the calendar to be embedded and select “Calendar Settings”.

    This will display a list of options for events. Choose Embed This Calendar. Select options on the left side to customize the calendar display. Copy the embed code at the top of the page.

    Go to the WordPress site and click Post -> Add New to insert the calendar into a post or Page -> Add New to add it in a page. You can also insert the embed code into an already existing page if desired. Make sure the WordPress post editor is in “Text” mode rather than “Visual” mode before pasting the code. Paste the code into the page or post and save changes. The calendar will now display on the website and any changes made in Google will appear on the website in real time.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note.

    News Bulletin November 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    HappyThanksgiving1
    Just wanted to take this opportunity to thank all of our clients and associates. We enjoy working with all of you and if there is anything you need, simply let us know!

    Alerts

    Fake Dropbox Login Page, Hosted on Dropbox, steals Credentials
    An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.
    Read more . . .

    Reflected Download Malware
    This malware does not require any direct input on part of the end user. Rather, it literally forces the infected browser to create a piece of malicious software code, from where the attacker can then gain direct control of a computer, netbook, tablet, and even a smartphone.
    Read more . . .

    Masque Attack Against iPhone Apps
    Researchers have discovered a new attack on iOS devices that could allow attackers to unsuspectingly access and steal users’ personal and financial information from their app caches.
    Read more . . .

    Security

    Sophisticated Android-based Botnet A Danger To Enterprise Networks
    Even though it has yet to be spotted being used to target protected networks, a device carrying the malware and connecting to an organization’s network can be used to enumerate vulnerable hosts inside the network, exploit vulnerabilities, search for exposed data, and so on.
    Read more . . .

    Email Promises Free Pizza, Ensnares Victims In Botnet Instead
    The Email states that Pizza Hut is celebrating its 55th anniversary and the recipient can click a link to get a coupon for a free Personal Pan Pizza in any of its restaurants.
    Read more . . .

    CurrentC Hack Shakes Consumer Confidence in Mobile Payment Security
    CurrentC is a digital payment app that uses the customer’s smartphone. Customer and payment information is stored in an encrypted cloud. The app would benefit retailers by allowing them to track customer spending habits and avoid paying payment processing fees to credit card companies.
    Read more . . .

    Drupal Hack
    Content management system Drupal told users on Wednesday that unless they updated their Drupal 7 sites within seven hours of the SQL injection announcement last week, they “should proceed under the assumption that every Drupal 7 website was compromised.”
    Read more . . .

    Staples Credit Card Breach
    Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.
    Read more . . .

    FAQ of the Month

    Do we own our domain name and website?
    In short, absolutely. Most of our clients prefer to have us be responsible for all domain fees, DNS settings, routing, etc. Therefore, domain names are placed in our reseller account, which offers substantial fee discounts that are passed along to our clients. Assuming no outstanding invoices, you are free to do whatever you wish with your domain name, at any time.

    All website work, content, logos, art, etc., again, assuming no outstanding invoices, are the sole and exclusive property of the individual or corporate entity we have on file for the account.

    Bottom line, our clients are always free to do whatever they wish with any aspect of their online presence that we have created or manage. To that end, we go as far as to make every effort to ensure that a client’s entire account can be backed up and restored to another ISP or server running cPanel as the operating system. CPanel is offered by more than 60% of all hosting companies.

    Featured Site

    Westbridge Church
    Westbridge Community Church serves the greater Northwest New Jersey and Lehigh Valley Areas and has been based in the Phillipsburg Area in New Jersey since 2002. We are a non-denominational, Bible-teaching church.

    News and Tips

    WordPress Login and Security
    You can access your WordPress website by adding /wp-login.php to the end of your domain name.

    Always remember to logout! WordPress keeps you logged in for a period of 2 days, 14 if you checked remember password. If you have password protected pages or posts within your website, WordPress will keep a user logged in to view those pages for 10 days. Logging out of WordPress will prevent the browser from caching the password and allowing access without logging in.

    Help Menu
    If you are stuck on how to accomplish something within the admin section of WordPress, the upper right corner of the screen contains a Help Button. Many procedural answers can be found within this help section.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note.

    News Bulletin October 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    Alerts

    Lots of hacking and malware as indicated below, but no new critical threats to report.

    Security

    Dairy Queen Confirms Breach
    A data breach at International Dairy Queen, Inc. has resulted in systems at 395 of its more than 4,500 U.S. stores and one Orange Julius location being infected with the same Backoff malware that has plagued other retailers nationwide and exposed customer payment information.
    Read more . . .

    US Government Faces Cybersecurity Risk Due to Faulty Cloud Contracts
    Although most commercial cloud contracts included some of the required items not a single one included all of them.
    Read more . . .

    Dropbox Confirms Compromised Account Details
    An anonymous Pastebin user has claimed to have compromised almost seven million Dropbox account credentials (emails and passwords), posting the first 400 direct to Pastebin with a call for Bitcoin donations to leak more.
    Read more . . .

    Kmart Payment Data Breached in Latest Hack
    If you’ve shopped at a Kmart store in recent weeks, it may be time to check your credit card records: The company is the latest retailer to fall victim to hackers.
    Read more . . .

    State Governments under Daily Assault from Increasingly Sophisticated Cyber Attacks
    Those who run state computer systems have found themselves in a battle with hackers over protecting information-rich data on their citizens and in some cases the good guys are losing the fight.
    Read more . . .

    ComputerCOP Aimed At Protecting Kids Is Really Spyware
    In a twist of security irony, software that was supposed to help parents protect their kids online—and widely distributed by law enforcement agencies—was actually malware in disguise that could expose and capture sensitive information and now it has drawn the scrutiny of the Electronic Frontier Foundation (EFF).
    Read more . . .

    Bash Vulnerability
    As Bash damage spreads, experts warn of network attacks and an internet meltdown.
    Read more . . .

    iPHone 6 Touch ID Hacked
    A researcher, who hacked the iPhone 5S Touch ID sensor a year ago, found that little progress has been made security wise with the release of iPhone 6.
    Read more . . .

    What Hackers Can Do With Customer Relation Management (CRM) Data
    CRM data may not seem to be the low hanging fruit of, say, a nationwide sweep of Home Depot customer accounts, but a closer look suggests it is – and possibly even more lucrative for hackers. CRM data can contain everything from financial records, corporate email addresses, notes and documents about late-paying customers, intellectual property and sales forecast data.
    Read more . . .

    FAQ of the Month

    Should I use an autoresponder?
    The short answer is no! Use of an autoresponder will result in your domain being reported as spam or blocked. Autoresponders respond indiscriminately to forged and legitimate email. Spam and virus messages are almost invariably forged so as to appear to be “from” an unrelated third party. When an autoresponder receives one of these forged messages, they in turn send misdirected mail. Because of this, they become spam sources themselves and are the subject of blockades.

    Traditional Autoresponder Issue:
    A message is sent in response to inbound email informing the purported sender that you are on vacation, listing FAQs, suggesting an alternate email address, or otherwise sending a standard message – all too often, to the wrong person as the autoresponder will respond to phishing, hackers, spam, and any other type of attack. Not only will this get a domain blacklisted, but it discloses to the attacker that the email address is valid and allows for a much more targeted, hard to detect attack. In addition, if alternate email addresses are specified, that will open them to attack as well.

    Please keep the above in mind when configuring an autoresponder as the potential damage far outweighs any benefit!

    Featured Site

    Lewistown Borough
    Lewistown Borough is the County seat of Mifflin County. With just 2.0 square miles, the Borough is home to 8,338 citizens (as of 2010 census). The Borough of Lewistown lies 61 miles northwest of Harrisburg, along the Juniata River, and 30 miles southeast of State College.

    What’s News

    WordPress Sites Being Used In Attacks
    According to SC Magazine, WordPress sites are increasingly being used to serve up phishing attacks and Malware. Most of the sites in question have not updated WordPress to the latest version, implement industry standard security procedures and plugins, or backup regularly. Remember, these services are provided free, as part of your web design contract with the Pennsylvania Association of boroughs and Course Vector offers various hosting plans that can include updates, security and backups. However, in today’s ever changing environment, the above measures must be reviewed and adjusted approximately every 6 months. If you are a PSAB client, you can simply request the service and we will keep your site in tip top shape. If you are a CourseVector client and have one of our advanced hosting packages, the above maintenance is done for you automatically. Since there is always a risk of liability with un-maintained websites, we strongly advise all of our clients to take advantage of this service. If you have any questions, please feel free to contact webdesign@boroughs.org (PSAB clients) or support@coursevector.com (CourseVector clients).

    Cracking Corporate Passwords

    WordPress Privacy
    WordPress does not have any mechanism that would allow hiding a site, page or post from the public. If someone has the URL of a WordPress page, then they will be able to display the page.

    The one feature that is used to “hide” or protect pages is the page password function. For each page or post, under the Visibility option for the page, the webmaster can set a password. If a WordPress page requires a password, instead of seeing the page itself, the visitor will be prompted for a password. Without the password, the contents of the page will not be visible.

    If you have a need to “hide” or “protect” pages and are having trouble with the password feature, feel free to contact your support representative.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note.

    News Bulletin September 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    PSAB Fall Leadership Conference

    The Pennsylvania State Association of Boroughs Fall Leadership Conference is being held in Gettysburg this year from October 17-19. Mike Vandling and Gabe Mariani will be at the PSAB exhibitor’s booth from 6 – 9 P.M. Friday, October 17th. If you are part of the PSAB Web Design Program or you are thinking about a new or updated website, stop by and see us!

    Alerts

    Apple ID Phishing Campaign
    According to security researchers from Symantec, the Kelihos botnet has started sending spam emails that purport to be security alerts from Apple informing recipients that a purchase was made using their Apple ID from the iTunes Store. Apple IDs are the accounts that customers use to access Apple’s online services.
    Read more . . .

    Salesforce Malware Issue
    Cloud giant Salesforce.com has been forced to warn customers that remote access trojan (RAT) malware known as Dyre may be targeting their PCs to steal log-in credentials.
    Read more . . .

    gmail Account Passwords Compromised
    5 million Gmail user names and passwords were posted on a Russian Bitcoin forum called BTCsec.
    Read more . . .

    Stolen iCloud Data Phishing Campaign
    A new phishing campaign that plays off Apple users’ fears of stolen iCloud data popped up this past week following the compromise that exposed celebrity nude photos.
    Read more . . .

    Researchers Discover Two SQL Injection Flaws in the WordPress All In One WordPress Security and Firewall Plugin
    We do not use this plugin for our managed clients, however, we are providing this information for those who manage their own sites and may use this plugin.
    Read more . . .

    Home Depot Breach Bigger Than Target?
    The scoop originally came from Brian Krebs of Krebs on Security, who reports that most if not all 2,200 US stores were affected and that the breach may go back to April of this year. If so, “this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.
    Read more . . .

    Hackers Hit Medical Network
    Hackers hit Community Health Systems, a company that operates 206 hospitals across the United States, accessing the records of some 4.5 million patients.
    Read more . . .

    Ebola Virus Phishing Campaigns
    Cyber criminals are exploiting the Ebola virus’ recent notoriety to bait and infect victims with malware via phishing campaigns.
    Read more . . .

    Security

    Potential Breach At Temple University
    An unencrypted desktop computer with the personal information of 3,780 patients was stolen from a Temple University physician’s office in July.
    Read more . . .

    How Hackers Monetize the Information They Obtain
    Ever wonder what hackers do with all the information they gather. This article explains how that data can be turned into cash.
    Read more . . .

    iCloud Breach
    iCloud Data Breach A Black Eye For Cloud In General.
    Read more . . .

    How Cyber Attackers Operate and How to Stop Them
    The video illustrates how Cyber Attackers can breach your network and offers some suggestions about security.

    Security Overview Video
    This video demonstrates how easy and potentially dangerous lax IT security can be.

    Malvertising Hits Major Websites
    Some visitors to several high-profile websites last week were redirected to browser exploits that installed malware on their computers because of malicious advertisements on those sites.
    Read more . . .

    Microsoft Reissues Flawed Patch
    Microsoft re-released the updates for security bulletin MS14-045. This update had been released on the August Patch Tuesday, August 12, but withdrawn later in the week after user reports of blue screen crashes and disabled systems. The plugin should be uninstalled.
    Read more . . .

    US Nuclear Regulatory Commission Hacked
    Computers at the US Nuclear Regulatory Commission (NRC) have been hacked three times in the last three years, according to documents obtained under an open-records request.
    Read more . . .

    Take the Phishing Quiz!
    How Will You Do?
    PhishingQuiz

    UPS Breach
    More than 50 of The UPS Store’s U.S. locations were found to have malware on their computer systems, and in some cases, it’s been present since mid-January.
    Read more . . .

    Android Devices Face Data Reset Flaw
    Three separate investigations of Android’s data deleting systems found it was possible to recover information.
    Read more . . .

    FAQ of the Month

    Is there a way to add a sub-category to posts and pages.
    This depends on your theme, however, for most themes, the answer is yes. If a Post is being created, clicking on Add New Category will allow a new root Category to be created. However, directly below is a drop down containing the words Parent Category. By choosing a Category as a Parent, the post would become a child to that Category. Therefore, if the Parent Category was Parks and Recreation, and a new Post was added, say Joe’s Memorial Park, choosing the Parent Category of Parks and Recreation would make Joe’s Memorial Park a “fly-out” of the Parent and thus a sub-category.

    The same function exists for Pages with a drop down called Parent. Post sub-categories are usually flyouts within the left or right column(s) of your website. While Page sub-categories are usually across the top and will fly-out from a top drop-down list when a link is moused over.

    Featured Site

    FTL Painting
    It is not how you start, it is how you finish!

    What’s News

    Karen Brown
    Karen Brown is our LinkedIn partner. We are pleased to offer her expertise to our clients to build or improve their LinkedIn personal or business profile. If you are interested in improving your LinkedIn image, check out Karen’s new, free ebook called Mastering LinkedIn.

    Statistical Analysis Is Included With Every Website We Design.
    Count Per Day is a very robust site analytics plugin that provides the user with all types of statistical data on the website. The webmaster can see the number of visitors, the geographical areas of the visitors, which pages are being read, and much more. A link should be available within the WordPress Dashboard link called Count Per Day. From there, all statistics for the website are available. For more information about Count Per Day, check out our tutorial.

    Remember To Keep Your WordPress User Email Address Up To Date.
    Keeping your user email address up to date is important because if you ever forget your password, WordPress’s lost password function will email a link the the user address. If the user address is not valid, the database must be changed manually through SQL.

    You update the email address in the User Profile, accessible from the top right of any admin screen.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note.

    News Bulletin August 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC.

    We Need Your Help

    We would love to have your suggestions for topics, and, if you would like to contribute, please feel free to submit your suggestion, link or article to support@coursevector.com or webdesign@boroughs.org.

    Alerts

    Category Post Plugin Alert
    Both CourseVector and PSAB use a plugin on almost all of our WordPress sites called Category Posts. Plugins are written and maintained by various individuals and companies across the web. On 07/19/14, the author of this plugin decided to make some major changes which not only broke the plugin but will also break the websites on which the plugin resides. This will only occur if the plugin is updated. As long as the plugin is not updated, the website will be unaffected.
    Read more . . .

    Major Security Vulnerability in WordPress
    This exploit can render a website or web server unusable. The vulnerability can cause 100% CPU and RAM usage, cause the server to become unavailable and also create a Denial of Service attack on the MySQL database program. This XML vulnerability affects WordPress versions 3.5 to 3.9. Update to the current version, 3.9.2 or greater as soon as possible.
    Read more . . .

    WordPress Constant Contacts Form Security Risk
    Hundreds of thousands of websites running a popular WordPress plugin are at risk of hacks that give attackers full administrative control.
    Read more . . .

    Facebook Color Change App is Malicious
    A malicious “color change” app has once again reared its ugly head on the social network, and it’s already infected thousands of users.
    Read more . . .

    LinkedIn Phishing Scam
    Alert: watch out for ‘confirm your email address’ LinkedIn phishing scam
    Fraudsters are purporting to be from the businesses social network LinkedIn claiming your account has been blocked due to inactivity and, to restore access; you are required to click a link to confirm your email address.
    Read more . . .

    Zero-day flaws found in Symantec’s Endpoint Protection
    Symantec’s Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.
    Read more . . .

    New Site Recovers Files Locked by Cryptolocker Ransomware
    Two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.
    Read more . . .

    Pre Installed Malware
    According to a study by independent forensic science lab, Truth Labs, 65 per cent of the tested samples of DVDs and PCs with pre-installed softwares are affected by one or more kind of malwares.
    Read more . . .

    Russian Hackers Put ‘Digital Bomb’ in Nasdaq Computers
    Russian computer hackers placed a “digital bomb” capable of sabotaging data and derailing the US economy into Nasdaq’s computer systems.
    Read more . . .

    Domain Registry of America Under Review
    Most of you have gotten them. The letter telling you your domain is expiring and you must renew now. Over the years, we have had a few fall for the scam and have had to pay to retrieve their valuable domain name. The Internet authorities have finally decided to investigate, and most likely stop, this deceptive practice.
    Read more . . .
    Information about this scam can be found at our help site http://support-files.com.

    Hackers Hit StubHub
    Neither the company nor law enforcement has indicated the exact amount that was allegedly stolen or how many arrests are imminent, but the StubHub spokesman did note to Reuters that the scheme involved multiple countries.
    Read more . . .

    FAQ of the Month

    How do I add an image gallery to WordPress?
    We recently came across a great link that provides detailed instructions for adding and managing a basic image/photo gallery on a WordPress website. Most folks start searching for WordPress plugins that will help create a gallery in WordPress, but no plugin is needed. WordPress has a built-in gallery feature. The article can be found on wpbegginer.com.

    Featured Site

    The DogAlong
    The DogAlong is a customized pet carrier for your pampered pet.

    What’s New

    Ever want to call special attention to something on your WordPress website? Enter the WordPress Notification Bar. This plugin places a bar across the top of each web page, calling attention, and linking to a special event, function, notice, etc. We are now deploying this plugin, upon request. It is easily enabled and disabled allowing the bar to be displayed or removed at will. One of the more recent uses of this plugin is located at the Middleburg Borough Website.

    Did You Know?

    A backup should be made before “any” updates are done to WordPress. This past month, a critical plugin called Category Posts, which is used in almost all of our websites, got an update. Unfortunately, the update broke the the plugin and deleted all navigational functions of the website, leaving it inoperable.

    For those who are part of our managed program, this did not present an issue as we do all updates and patches. Backups are made before patches are applied and an archival backup is created after patches.

    Some clients, who manage their own sites, ended up deleting their menu and navigational links, and most had not created a backup prior to applying the updates.

    The moral of the story is, always backup before applying patches of any type. Alternatively, sign up for or take advantage of our managed hosting package.

    You can find additional information about backups on our Support Files website.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin July 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. In this issue you will find . . .

    Alerts

    WordPress “MailPoet” Plug-in Vulnerable
    According to Sucuri the WordPress plug-in named “MailPoet” is vulnerable, which allows an attacker to upload any files to the compromised website. An attacker with MailPoet can post notification, send newsletters and hijack auto responders from WordPress equipped websites. Over 1.7 million people have downloaded this plug-in. An attacker can upload PHP file on victim’s website; further attackers can abuse website with phishing fraud, spreading spam, and infect shared servers. Neither CourseVector or PSAB uses or installs this plug-in, however, clients who are self managing or not part of our maintenance program should review their plugins for possible issues. Questions and comments can be sent to support@coursevector.com or webdesign@boroughs.org.

    Security News

    2014 Security Threats Summary
    Following is an executive summary of the Kaspersky Labs security survey for 2014:

  • Spam is the number 1 security threat.
  • 94% of companies experienced some type of cyber security issues.
  • 12% of companies experienced targeted attacks.
  • The protection of confidential data is now the top corporate priority.
  • Damages from each security instance are estimated at $720,000.
  • Damages for a successful security issue are estimated at $2.54 million.
  • Spam Tops Malware as Most Common External Security Threat to Companies
    Spam has passed malware as the most common external security threat to companies, but the number of companies facing targeted attacks rose by 25 percent in the past year.
    Read more . . .
    Postlayer is an inexpensive solution to the rise in spam.

    Malware Creation Breaks All Records
    Malware creation has broken all records in the previous quarter. According to Panda Security, there are now more than 160,000 new malware samples appearing every day.

    Mobile Malware Is An Increasing Threat
    The manipulation of legitimate mobile apps and services played a key role in the expansion of mobile malware at the beginning of 2014.
    Read more . . .

    Video Representation of An Internet Attack
    This shows the attack on Facebook that shut them down for 30 minutes last month.
    Watch Video

    Hotel Keystroke-Logger
    The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.
    Read more . . .

    E-ZPass Phishing Scam
    Read more . . .

    FAQ of the Month

    What is the WordPress Autosave Feature?
    The autosave feature of WordPress automatically saves changes made to a post, page, or custom post type. Since version 3.6, changes are saved even if a user loses internet connectivity. If you are working on a post and your browser crashed or you lost power, then your work will not be lost.

    Featured Site

    American Clear Water
    American Clear Water is about you and your water. They talk to you to get a complete picture of what you do not like about your water and how you use water. Water treatment solutions are custom designed for you and your situation.

    What’s New

    Your Website, WordPress, email and online data are probably not backed up. ISP’s do not provide backups, which are always the responsibility of the client. We are now able to provide an automatic backups service for those who are not manually backing up their website. Please read this article for more information on how you can protect your online investment. If you have any questions, please feel free to contact us at webdesign@boroughs.org or support@coursevector.com.

    Did You Know?

    You can embed videos in WordPress from a number of the most popular video sites by simply pasting the URL of the video page into your editor.

    Simply place the video URL on its own line in your editor.

    Get more information on this handy function.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin June 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. In this issue you will find . . .

    Alerts

    WordPress Cookie Flaw Could Lead To Near Account Takeover
    A recently discovered WordPress cookie flaw could lead to a near account takeover if leveraged, according to a blog penned by Yan Zhu, a staff technologist at EFF.

    If you have not updated your WordPress and plugins, please do so immediately. If you are part of the PSAB Web Design Program, these services are provided as part of your contract. Simply send an email to webdesign@boroughs.org and we will do the maintenance on your site. If you are a CourseVector client, we offer WordPress hosting that includes site maintenance and patches, or, you may request service at support@coursevector.com

    Those of you who have been updated to our dual authentication login (you enter a user and password twice), probably are not vulnerable to this hack. If you have not been updated to dual authentication, please contact webdesign@boroughs.org or support@coursevector.com.
    Read more about this hack. . .

    Very Scary Statistic
    Hackers have exposed the personal information of 110 million Americans — roughly half of the nation’s adults — in the last 12 months alone.
    Read more . . .

    Ebay’s Security Breach
    eBay is the latest victim of a cyberattack — and if you are one of the 145 million users with an active account, or even one of the many millions more with inactive accounts, you may well be affected.
    Read more . . .

    PA Payroll Company Hacked
    An undisclosed number of individuals may have had personal information – including Social Security numbers and payment information – compromised after hackers took advantage of a vulnerability in systems belonging to Paytime Inc., a Pennsylvania payroll company.
    Read more . . .

    Q1 Targeted Attacks Aimed at Government Organizations
    A quarterly report found that 76 percent of targeted attacks – primarily launched by hacktivists or nation-state actors – were aimed at the government sector
    Read more . . .

    FAQ of the Month

    Can you transfer my website to WordPress?
    Our WordPress CMS conversion specialists can take almost any website, from any platform, and convert it to a WordPress CMS. The finished website will look almost identical to the original. Here is a recent before and after image:

    Non-WordPress Site Before Conversion:
    WordPress-CMS-Before-Conversion-to-WordPress

    Finished Website Converted to WordPress:
    WordPress-CMS-Before-Conversion-to-WordPress

    Featured Site

    Wilson Construction Associates
    Whether it’s that time of year to complete your daunting outdoor landscape jobs or finally tackling that basement, bathroom or kitchen remodel, Wilson Construction Associates, LLC has your back!

    Web Design/WordPress Tips

    Leave No Screen Unsaved
    It is very common for people to think that WordPress has recorded what they have done and what is visible on the screen. That is not the case! For WordPress to remember you changes, you must click on the blue button Update/Publish/Save/etc. This can be done every few minutes, if desired, making sure the work has been saved for future recall.

    WordPress is Forever
    We do not mean WordPress will never go away, however, with over 20% of the internet now using WordPress as their content delivery system, it is very unlikely. Our statement is aimed at the WordPress theme and general site appearance. WordPress, all of its plugins, colors, customizations, etc., never needs to be “redone.” The appearance of a website done in WordPress, including the number of columns, slide shows, footers, headers, can all be changed very easily, while the text, plugins and customizations remain in place. In other words, a brand new website can be “wrapped” around the content of the current WordPress site. So, never believe someone who tells you that you need to completely redo your WordPress website. It is just not true. And, better yet, it takes only a minimal amount of time to completely redesign a WordPress making it quick and cost effective.

    What’s New

    We are now using Google Maps to complement a contact page. Your business location is visible with driving instructions optional. It you are interested in adding this feature to your WordPress site, simply contact us webdesign@boroughs.org or support@coursevector.com.

    See a sample of this new feature.

    Did You Know?

    According to W3Techs, WordPress is used by 60.2% of all the websites whose content management system we know. This is 22.4% of all websites.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin May 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. In this issue you will find . . .

    Alerts

    Maintenance Reminder
    Please remember that WordPress should be reviewed, about every 6 months, by a WordPress/security specialist. Just like Windows operating systems, WordPress has updates that occur on a regular basis. In addition, plugins can also have updates available. Failure to perform these updates and reviews could lead to a hacker gaining access to, and destroying your website.

    If you are part of the PSAB Web Design Program, these reviews are included in your contract, and, assuming you have time remaining, are free of charge. If you are a CourseVector customer, we have web hosting packages that include this service.

    For more information about when your website needs to be reviewed follow this link.

    U.S. Postal Service Target of Card Skimming Attack
    The United States Postal Service (USPS) is the latest target of a card skimming scheme that has affected at least 13 states and the District of Columbia.
    Read more . . .

    More than 300,000 servers are still vulnerable to Heartbleed
    One month after the critical Heartbleed vulnerability was first revealed, there are still more than 300,000 servers vulnerable to the bug, according to security researcher Robert David Graham.
    Read more . . .

    Android Heartbleed Alert: 150 Million Apps Still Vulnerable
    Warning to Android users: No patches are available for 150 million downloaded Android apps that remain vulnerable to the OpenSSL vulnerability known as Heartbleed. That finding comes from the security firm FireEye, which scanned more than 54,000 apps available via Google Play that have been downloaded at least 100,000 times.
    Read more . . .

    Massive new security flaw is a big problem for Windows XP users
    Microsoft published a new security advisory warning users that a new vulnerability has been found to affect all Internet Explorer versions, from Internet Explorer 6 to Internet Explorer 11. XP will not be patched.
    Read more . . .

    Heartbleed Tool Actually Malicious Software
    Researchers have uncovered a new attack campaign that lures users into downloading a supposed Heartbleed vulnerability detection tool that infects computers with malware.
    Read more . . .

    AOL Hacked
    AOL has confirmed what many suspected: The company suffered a major security breach. Hackers were able to steal the email addresses, postal addresses, address books, encrypted passwords and the encrypted answers to security questions of “a significant number of user accounts,” the New York-based company said Monday.
    Read more . . .

    Attackers Target Facebook to Deliver Android iBanking Malware
    Attackers are using a Windows banking trojan to inject malicious content into Facebook, which they hope will ultimately lure unsuspecting users into downloading a nasty piece of malware on their Android devices, according to researchers with ESET.
    Read more . . .

    FAQ of the Month

    Why can’t I see anything in the edit box of WordPress?
    Because there is an obscure WordPress issue that causes this behavior. It only shows up for users and not the administrator that created the site. Further, only certain variables trigger this issue. Therefore, most sites are not affected. In reality, the information “is” in the edit box, but WordPress displays white text on a white background effectively making it invisible.

    If you experience this issue, please open a ticket and request the patch. The issue is usually easily corrected and will not happen again once corrected.

     

    Featured Site

    Kingston Borough A Website Makeover
    Kingston Borough is a member of the Pennsylvania State Association of Boroughs and has been part of the Web Design program for many years. Recently, they took advantage of one of the many benefits and had their website completely redesigned. The updated web design was free with their membership in the program! For more information concerning the PSAB web design program, contact webdesign@boroughs.org.

    Web Design/WordPress Tips

    We added a new WordPress manual to our help library. This manual is for beginner through intermediate. Check it out!

    Featured Product/Service

    This month’s featured product is a free online tool called The Anti Abuse Project. This online tool can be helpful in the event email does not seem to be functioning properly. The tool will search all major email black lists on the internet and report back indicating if the entered domain name appears on any of them. Always a good place to start if email issues are suspected.

    Did You Know?

    Many people, especially those using Internet Explorer, mistake the “search bar” for the “address bar”? In many instances, this will cause a website that is actually functioning properly to not display or return a “web page not found” error. If you have been experiencing errors when trying to view or find websites, check out the full article.

    Feedback

    We value your feedback. It takes time and effort to produce this bulletin and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin April 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. In this issue you will find . . .

    Alerts

    Heartbleed
    You’ve probably heard about Heartbleed. You’ve probably been told that, as far as security vulnerabilities go on the Internet, it’s pretty scary. But what is Heartbleed? How does it work? Why is it something that you should care about?
    What Is Heartbleed Video
    Heartbleed OpenSSL Vulnerability
    Heartbleed FAQ
    Android Devices Await Heartbleed Fix
    Hundreds of Canadian Tax ID Numbers Stolen in ‘Heartbleed’ Breach
    Heartbleed Is About To Get Worse, And It Will Slow the Internet To A Crawl

    Excellent, Down To Earth Article on Windows XP End Of Life
    After 12 years, Windows XP officially becomes an unsupported OS. Here’s what you need to know, from old PCs to dicey ATMs.
    Read more . . .

    Uncommon New Worm Targets Word and Excel Files
    Trend Micro researchers have uncovered a new malware family targeting Word and Excel files: the Crigent worm (a.k.a. Power Worm). It comes in the form of an infected Word or Excel document, downloaded by users or by some other malware that has already found its way to the victims’ computer.
    Read more . . .

    WordPress Sites Hijacked Via “Free” Premium Plugins
    If you run a WordPress site, think twice before installing “free” versions of premium plugins. Researchers from Sucuri have recently analyzed a couple of third-party websites offering plugins for download, and have discovered more than one plugin equipped with malicious code aimed at hijacking any WP site on which they are installed.
    Read more . . .
    If you subscribe to our managed services where we act as Webmaster for you site, we screen and test all plugins before we use or recommend them and secure backups prior to installing any plugins. If you you are unsure if you subscribe to our managed services, or if you are interested in signing up, please feel free to contact us.

    Convincing Apple Phishing Scam
    ISC user Craig Cox wrote in alerting us of a fairly sophisticated phishing campaign that is currently in progress. The website appleidconfirm.net has a seemingly realistic Apple login page that is being sent out by email.
    Read more . . .

    20% of All Malware Ever Created Appeared In 2013
    According to the latest PandaLabs report, malware creation hit a new milestone. In 2013 alone, cyber-criminals created and distributed 20 percent of all malware that has ever existed, with a total of 30 million new malicious strains in circulation, at an average of 82,000 per day.
    Read more . . .
    So stay tuned to our News Bulletins for up to date alerts!

    FAQ of the Month

    How do we know if you are experiencing an issue or if our website and email is not working?

    1. Our support site, http://support-files.com remains online, even during outages. Always check there first.

    2. If nothing is posted on the home page of http://support-files.com, there is a network button at the top of the screen labeled Network Status. That button will show real time information on all of our servers. If there are any red x’s, then our network may be experiences an issue and you should stand by until service is restored. The Network Status links display the following in case you would like to bookmark them:
    CourseVector Network Status
    Pennsylvania State Association of Boroughs Network Status

    3. If both of the above seem to indicate no network issues, try http://www.downforeveryoneorjustme.com. This site will tell you if your website is actually down or if there is an issue on your end.

    4. You can check if you internet is functioning properly by doing a speed test at http://www.speedtest.net.
    If, after reviewing all of the above steps, you still believe you have an issue with your website or email, please open a support ticket.

    One of Our New Sites

    Manheim Borough
    Featuring a nice slide show on the home page of various pictures from throughout the borough.

    Web Design/WordPress Tips

    Don’t Underline
    Although some formatting conventions are changing, underlining words, headings, or just about anything is a bad practice. Since the Internet was born, the way to denote a link was by underlining. That holds true to this day. Therefore, if you underline items on your pages that are not links, it get confusing for your readers. So, watch the underlining.

    Use Bold Formatting to Break Up Big Blocks of Text
    Bold formatting can be a very effective way to break up large blocks of text on a page. One way to do that is to bold the first sentence of a paragraph that introduces a new concept. As with anything, too much is a bad thing. Keep bold formatting in your bag of tricks to be used for only the most important concepts.

    It is very difficult to “break” WordPress.
    You can put a post in the wrong place, misspell a word, or place an image or link improperly, but all of these are easily corrected. Doing something that is impossible to easily repair takes some serious effort.

    WordPress maintains up to 20 revisions of any post or page and any one of those revisions can be made “live” at any time. Further, almost any mistake can be corrected with just a few mouse clicks.

    So, feel free to play around. That is the best way to learn!

    Featured Product/Service

    New WordPress Video Library
    We have added a full, free, video instruction library for WordPress. These videos cover beginner to intermediate and we hope that you find them useful. If you have questions about using WordPress, check them out.

    Did You Know?

    Your Pennsylvania Boroughs Association web design package is all inclusive. Yes, for the most part, everything is included in one small yearly fee. This can include complete web site redesigns, all updates of content to your website, hosting, email, DNS and domain management, patching and security, support and more. The program was designed for budget conscious municipalities where staff time and/or money is at a premium. PSAB becomes the municipalities Webmaster for all things web site related. And, all for one yearly fee that is less than the cost of most hosting services alone.

    Consider this: you “could” have a completely new website, each and every year and have one of our qualified technicians post all of your content, simply by sending your request or information to webdesign@boroughs.org. It really is that easy! No additional fees.

    If you know a municipality that may be interested in the PSAB web design program, please pass along our contact information. Or, if you are currently part of the program but are not taking advantage of all the benefits and services, please feel free to contact us at webdesign@boroughs.org.

    Feedback

    We value your feedback. It takes time and effort to produce this bulleting and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin Mar 2014

    Welcome to the latest edition of our News Bulletin, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. In this issue you will find . . .

    Alerts

    Google Docs Phishing Scam
    An extremely convincing phishing spam campaign is currently targeting Google Docs and Google Drive users.
    read more . . .

    Account-hijacking Trojan Spreads via Facebook Messages
    Private messages delivering what seems to be an image are spreading on Facebook, as the file in question triggers the download of a Trojan that compromises the victims’ computer and Facebook account to spread the malware further.
    read more . . .

    Massive Attack on Android Devices Occurring Through Facebook
    This highly elaborate ploy originates on Facebook, where cyber-criminals advertise a series of apps. When users access Facebook from their Android mobile device, they will see different messages under the title “Suggested Post” advertising WhatsApp tips like: “Want to know how to see your contacts’ chats on WhatsApp?” or “Want to hide your WhatsApp connection status?”. If the intended victim clicks on any of these ads, they are redirected to a fake version of Google Play.
    Read more . . .

    First-rate Phishing Email Claims “Your Paypal Transaction Was Declined”
    A well formatted email sporting the PayPal logo – explains that “unusual activity” from a “suspicious location” has been spotted in the recipients’ account and “someone is using your PayPal account without your knowledge.”
    read more . . .

    Drive-by Downloads – Unseen Intruders
    How can you protect yourself against something that you cannot see? A Drive-by download occurs when a compromised website downloads malware to your computer. This usually occurs while visiting a website that appears legitimate, but, in reality, is fake and will attempt to download malware, steal personal information, or hold your computer data for ransom. Unfortunately, it can be very hard to tell which websites are safe and which sites to avoid.
    read more . . .

    Phishing Attacks On The Rise
    The number of phishing campaigns increased by more than 20 percent in the third quarter of 2013, with crimeware attacks evolving and proliferating, according to the APWG.
    read more . . .

     

    FAQ of the Month

    Why Does WordPress Double Space Everything?
    HTML editing, which is basically what is being done in WordPress, is different than a word
    processor. If you are working in the visual editor, pressing return between lines inserts a
    paragraph, which, by default is “double-spacing.”

    To get single spacing between paragraphs hold the SHIFT key down and simultaneously
    press ENTER at the end of the paragraph or line.

    If you are working in the HTML/Text editor, ENTER will give you a single-spaced line, and
    two clicks of ENTER will result in a double spaced line.

    WordPress Tips

    Have you used the Kitchen Sink?
    Don’t ask. We have no idea why the extended text formatting toolbar is called the Kitchen Sink. The Kitchen Sink, however, provides you with a lot of extra options for your WordPress posts and pages.

    To access the Kitchen Sink, click on the Kitchen Sink button.
    Kitchen Sink1

    Once there, you will see many more text formatting options to help make your pages stand out.

    Kitchen Sink2

    Scheduling Your Post
    In WordPress, you can schedule posts to go live at a particular time and date. So, if you have an upcoming event, brochure, etc., you can get your page or post ready at any time and then have WordPress automatically display it starting on a certain day.

    Simply go to the edit screen for the page or post you wish to schedule.

    1. In the top-right of the page, look for a box titled “Publish,” where you’ll find an option that reads “Publish on.”
    2. Click the blue “Edit” text next to “Publish on” and choose the month, date, year and time you want your post to be published. Remember to use military time (3:00 p.m. would be 15:00).
    3. Click the gray “OK” button.
    4. Click the Publish button.

    Your page or post will not stay hidden until the date and time your specified.

    With the introduction of a plugin, this functionality can be extended to automatically remove a post after a certain date so you do not have to remember to remove old, outdated posts. If you are interested in this functionality, contact your support representative for installation of the plugin.

    Featured Website

    This month we are featuring Schwenksville Borough. They took advantage of one of the outstanding features of using WordPress as a development platform. With WordPress, a complete website design change can be done in a matter of a few hours. The reason is that all content that populates the site will automatically flow into the new design so that no updates to the text and information are needed. In this case, Schwenksville added a slide show for their header and an additional column. Further, their columns can be configured to show up only on certain pages. You will notice that the left column is not on any of the additional website pages. In most cases, even these extensive design changes can be completed in a few hours, and, if you are a member of PSAB’s Municipal Web Design Program, in most cases, they can be accomplished at no charge and are included in your yearly hosting and design package. Take a moment and check out the Schwenksville Borough web site. Oh, and we just put together the technicals. The Borough provided us with an excellent design concept to work from!

    Web Design Tips

    DON’T SHOUT
    We are often asked to port non-WordPress sites to WordPress, or to help make a site look more “professional.” One of the most frequent mistakes we encounter is the use all capital letters as an attention grabber.

    First and foremost, this is very poor internet etiquette. Capital letters on the Internet mean shouting. Shouting constantly on a website is just as unprofessional as shouting verbally face-to-face

    Second, when we run across a website that improperly uses capital letters, often we find that 15-20% of the website is in capital letters. Too much of anything causes a loss of effectiveness. Even if the author intended to shout at the audience, if you shout your entire page, or most of it, the page becomes completely ineffective.

    Bottom line, use strong or header tags to emphasize your points. Stay consistent and use the same formatting on all pages. And, an added benefit is that search engines like properly formatted pages, while most ignore capital punctuation.

    Featured Product/Service

    Mobile App To Detect Data Leaks
    We decided to veer off track this month with our featured product. With all the mobile apps on the market, and recent security concerns, we thought this product may be of interest.

    ViaProtect monitors all apps for mobile risks. For instance, viaProtect can detect if an app handles your personal data insecurely by transmitting it unencrypted or to servers located overseas. viaForensics estimates that as many as 75 percent of apps are “leaky”, or insecure.
    Read more . . .

    Did You Know?

    WordPress can be used for online surveys.
    Suppose you want to do a survey on recycling within your community. With the right tools and plugins, this can be accomplished very easily and results can be provided in spreadsheet form for easy breakdown and evaluation.

    To find out more about survey capabilities withing WordPress, contact your support representative.

    Feedback

    We value your feedback. It takes time and effort to produce this bulleting and we would love to know if you find it useful. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    News Bulletin Feb 2014

    Welcome to the first edition of Support-Files Update, provided as a service for web and hosting clients of The Pennsylvania State Association of Boroughs and CourseVector, LLC. Our aim is to publish at least one update per month with additional notices if major security issues arise. We hope you find this Update useful.

    Alerts

    Advanced Government-Hunting Virus Discovered
    A stunningly advanced malware threat has been targeting government institutions, diplomatic offices, energy companies, private equity firms, activists, and more for five years.
    read more . . .

    Bogus Google Sign In Emails
    A very convincing phishing attempt aimed at harvesting users’ Google account credentials has been spotted by a security researcher.
    read more . . .

    FileZilla FTP Client Compromised
    Trojanized versions of the hugely popular FileZilla FTP client are being offered to unsuspecting users via hacked websites with fake content.
    read more . . .

    Crypto Locker Virus Resurfaces
    CryptoLocker, the ransomware menace, has infected as many as a quarter of a million machines since it first surfaced last September.  The latest nasty is notable because it comes as fake Adobe Photoshop and Microsoft Office software activators. read more . . .

    In a related story, a law firm in North Carolina has reported losing all of its legal documents to the Cryptolocker ransomware, even though the company tried to pay the US $300 ransom. Because the firm’s IT staff attempted to decrypt the files, by the time the decision was made to pay the ransom, the three-day ransom deadline period had expired.
    read more . . .

    Bogus “My Army Benefits” SIte May Have STolen Soldiers’ Information
    Military investigators are alerting members of the Army about an unofficial benefits site that purports to offer users unclaimed benefits and then bags their credentials. The sham site is easily mistaken for myarmybenefits.us.army.mil, a real site hosted by the Army.
    read more . . .

     

    Featured FAQ

    Why Would Someone Want To Hack My Site?
    No matter how small or obscure your business may be, we’re all targets for hackers. Hacker attacks are in the news more and more.
    read more . . .

     

    WordPress Tips

    WordPress Video Library
    The WordPress Video Library offers a series of short videos on various WordPress subjects. They are easy to understand and great for anyone who wants to gain a quick, general understanding of WordPress.
    read more . . .

    When To Update WordPress
    Like Windows, and most software, WordPress requires updates.  Periodic patches are released for both WordPress, as well as installed plugins, that improve performance, security and usability.
    read more . . .

     

    Featured Product/Service

    Use Postlayer For Superior Spam Control
    Controlling spam is one of the most frustrating chores in today’s email world. Over the years, we have used and tested many ways to control spam and eventually settled on Postlayer. Postlayer is an online spam control solution that we have found to be 99% accurate. And, for just $3 per year per user, you cannot beat the price.
    read more . . .

     

    Web Design Tips

    Simple Web Designs Yield Increased User Engagement
    Simplicity. People are constantly trying to simplify their lives. Perhaps it’s also time to simplify your website. Believe it or not, complex websites are viewed as less appealing than simple designs. There is a time and a place to be new, different, and exciting. Your website is not one of those places.
    read more . . .

     

    Did You Know?

    Google Can Search A Single Site
    Google can search a single site.  Let’s say you want to find all the listings for Nexus 7 on eBay.
    read more . . .

     

    Feedback

    We value your feedback. Please take a minute and send us a note. Let us know how we are doing, what we can do to improve, what you would like to see in our News Bulletin, or whatever is on your mind.

    0