Change isn’t always perfect, but this time it’s worth it. Microsoft has been pushing notices to users of windows 7 that support for the operating system will be ending on January 14 2020. This means you have only one option for a secure operating system going forward and that option is windows 10. It’s time to upgrade. You may not love it at first but I promise it will grow on you!
Adobe has released a statement shortly after its monthly security update that it has found a new vulnerability that affects all previous versions of flash player.
Adobe issued an out of cycle security update to spear head the issue and get the vulnerability taken care of as quickly as possible. The original vulnerability was found by researchers at Trend Micro.
If you don’t update or keep your flash up to date your system can easily be compromised via a hijack website.
We strongly recommended everyone update their flash as soon as possible to help prevent the possibility of getting a virus or having your system compromised.
Trend Micro reports that this particular vulnerability is already being used in phishing attacks by a group called “Pawn Storm” on several targeted governments.
In the wake of these new vulnerabilities it begs to answer the age long question on exactly how secure flash really is. It seems like every couple of months a new vulnerability is found.
Adobe has their work cut out for them if they want to double down and actually make their plugin secure.
Source: CNET Security
Here’s a quick preview of the newest operating system from Microsoft: Windows 10.
At first I was skeptical, mostly because of my poor experiences with windows 8/8.1. However-Microsoft has finally delivered something that works right, is visually appealing and doesn’t get in the way of the user.
It’s a newer better version of windows 7.
In the video I’ll be showing you several different features including Cortana, the new web browser “Microsoft Edge,” Task View, The Xbox App and more. Check out the video below for more.
A new security in flaw in almost all versions of windows operating systems allows attackers to gain “complete control” of your computer.
The flaw affects all versions of Windows Vista, Windows 7, Windows 8 and 8.1 as well as Windows RT. This means that two out of every three computers running windows around the world are vulnerable. Microsoft suggests that everyone update their systems as soon as possible if you haven’t already got the update from this last Monday. In most situations Microsoft releases their patches or updates on Tuesdays, thus the term “Patch Tuesday” but this was top priority for the software developer so they issued an emergency update on Monday.
Microsoft says an attack could take place simply by visiting a web page or opening a document. This is because the vulnerability affected OpenType which is a widely used format for fonts.
This just goes to show how important updates are. You should always keep your system up to date and stay away from unknown or untrusted websites as much as possible.
Microsoft has credited the security company FireEye’s Genwei Jiang and Mateusz Jurczyk, part of Google’s Project Zero as the one’s who found the flaw and reported it.
As we progress into the beginning of a new year we often reflect back on the previous years mishaps, achievements and forgotten new years resolutions. But what about MALWARE?
That’s just what Panda Security has done in it’s year end annual report and the results are chilling to say the least.
Panda reports that it’s malware detection rates have doubled in comparison to it’s 2013 statistics, making 2014 the worst year for malware infections ever.
In 2014 the malware creation broke new levels, with 200,000 new samples being spotted every single day. – Panda Security Annual Report 2014
In it’s annual report panda went on to say that they detected 200,000 new samples every day as well as over 75 million new malware strains in 2014 alone. Even though the year was filled with reports of large companies becoming victim to more and more cyber attacks, other threats have taken the spotlight in what is being considered the worst year ever for computer security. Just as an example malware like Cryptolocker which encrypts users documents and pictures and holds them for ransom, making the infected pay to get a decrypter so they can get their files back. You can read the full annual report by panda here.
The total number of malware samples in our collection is 220 million, which means that 34 percent of all malware ever created was coded in 2014. – Panda Security Annual Report 2014
As malware hits new levels we as security professionals and even baisc computer users must adapt and do the same. Which is why it’s always best to ensure you’re running up-to-date software on your computers(adobe flash, internet explorer, java, etc) and have updated and are running great antivirus software(We would recommend you install Avast! Free Anti-Virus 2015 due to its nifty software updater feature). It is also important that you keep your operating system up-to-data via it’s updater feature to avoid potential security loop holes or exploits.
A new form of ransom ware has hit the web recently. This particular one is an encryption virus called “KEYHolder.”
It works by scanning your computer for valuable information(pictures, documents, backups, etc) and encrypts your data with a RSA 128 bit key that is currently impossible to crack.
KEYHolder will also create HOW_DECRYPT.gif and HOW_DECRYPT.html (shown in the pictures below) in each folder where your files were encrypted. These files contain information on how to access the ransom payment website where the hackers are asking for $500 USD to give the data back.
At this time it is unclear on how this virus is being distributed but it is thought by many in the pc repair field to have been installed manually through various exploit kit Trojans or hijacked Remote Desktop Connections.
We’ve assisted several businesses in the area who have had issues with this virus and unless you have a backup stored somewhere on an external hard drive, getting the data back is near impossible.
This is just another reason you should always backup your data and store it on an external hard drive that inst connected to your pc.
You can find more information regarding KEYHolder here @ bleepingcomputer.com
A new software bug in all iOS versions 7 and higher allows hackers or attackers to install any fake or malicious app simply by the user clicking a link and following the presented prompt.
The attack can be spread by text message, e-mail, and web links. Once the user clicks the ‘Install’ button an attacker can practically do anything within the phone including stealing precious information(as shown in the cnet video attached). In this circumstance an example has been made where the malicious app installs it’s self over an existing Gmail application. When the user goes to read mail they are asked for a user and password–This user and password is then forwarded over to the attacker.
However, What’s more concerning is how the app can overwrite the existing application and grant the attacker access to your personal information without you ever knowing. This new type of attack is being labeled a ‘Masque Attack’ by FireEye and they say apple was notified of the issue as far back as July of this year.
This is just one of several new security issues that have been recently discovered for iOS. Palo Alto Networks just discovered a security flaw last week that allows installation of unapproved apps to iPhone’s connected via mac computers.
In response to last weeks exploit Apple said that they were unaware of the vulnerability discovered by Palo Alto Networks, and were working on a fix for the issue.
As always, we recommend that users download and install software from trusted sources,” the company said.
Apple has made no other comments regarding these issues. As of today there has been no issued fixes for the problems.
For more information see the attached video below – SOURCE: CNET
Earlier this summer facebook released information on a study that it ran to see how specific posts can alter it’s users moods.
How did they do it? They promoted specific posts on users News Feeds and then listened in on it’s 1.3 billion users responses. Shocking right?
Of course this brought question to exactly how safe using their service could be and at what point did this never ending onslaught against it’s users privacy end. So last Thursday(after receiving tons of criticism) they developed a research framework and have finally released information and guidelines for their future studies. However, these guidelines still remain extremely vague.
What is this Framework and how does it work?
Projects now go through a review process to ensure they don’t impede on deeply personal user data during it’s process.
Further review is required if the work involves someone from the academic community.
Senior subject researchers then look at the potential project in collaboration with engineering, legal, privacy and policy team members.
Engineers now go through a six week training process.
Is something missing? What’s missing? Well i dunno, Consent maybe?
Read more here.
Microsoft announced it’s newest operating system today, “Windows 10.”
You read that right, “Windows 10” – guess they decided to skip 9 all together. The operating system is said to launch in final form sometime next year and features both the windows 8 style tiles and the windows 7(or classic style) start menu combined into one.
“Windows 10 will be our most comprehensive platform ever,” Windows chief Terry Myerson said at a briefing with reporters in San Francisco.
Windows 10 is built to run across an array of devices including desktop computers, tablets, the xbox and various mobile devices. With not a lot of information released at the moment(release date, pricing, etc) Microsoft is said to be discussing more in later events this year.
“We want all these Windows 7 users to have the sentiment that yesterday they were driving a first-generation Prius, and now with Windows 10 it’s like a Tesla,” said Belfiore.
With a new addition of the Task feature it allows one view for the user to browse multiple open files and programs. Other new features include Snap for tips and help on filling out your space on the desktop and a universal search function, which includes web results too. One of the highlight features is the ability to add a desktop so that you can multitask with your work program on one desktop instance and your personal home programs in another.
“it’ll be a natural step forward in the evolution of the phone.” Belfiore on how Windows 10 will impact smartphones in the future.
Tomorrow Microsoft will also launch an “Inside Program” to allow select users a chance to try out some of the operating system’s newest features and maybe even iron out some of the creases ahead of its release.
We’ll have more information as it comes.
Source: MSN MONEY
A new rootkit has hit the internet in mass form.
Spread directly through false installers and other ad-click-script-exploits, once it takes over your system it’s quite a pain to remove(even by specialists). Not only does it add it’s self as extensions on all known browsers it also plugs it’s self in as a backdoor to give remote access of your computer to hackers worldwide.
The extension that it adds to your browsers automatically adds its own advertisements to any website you browse thus generating money for the attackers every time an infected user clicks the links by mistake. If you’re experiencing lots of ads on websites lately you might be a victim of this new virus. Contact someone immediately for removal, as it’s full destructive potential is unknown.
Stay safe people, browse secure and make sure you know what you’re downloading before you get it. Read the installers properly and don’t accidentally install unwanted programs. Only download from trusted sources!