Friday, January 31, 2014

NO - IT'S NOT THE BIG FURRY GUY FROM STAR WARS

ChewBacca - The Trojan







On a post yesterday from the RSA Blog, they reported new malware aimed at POS (point-of-sale) computers by installing itself in the startup folder under a common name like "spoolsv.exe".

Untitled 
For more detailed information I suggest you read their Blogpost HERE.

'Nuff Said,
Brian

Posted by at No comments:

Thursday, January 30, 2014

YAHOO EMAIL ACCOUNTS HACKED


FROM YAHOO'S BLOG -







Important Security Update for Yahoo Mail Users

Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. 

Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

What we’re doing to protect our users
  • We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
  • We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
  • We have implemented additional measures to block attacks against Yahoo’s systems.
What you can do to help keep your accounts secure

In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services.  
Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.

We regret this has happened and want to assure our users that we take the security of their data very seriously.

For more information, please check our Customer Care help page.

By Jay Rossiter, SVP, Platforms and Personalization Products
Posted by at 1 comment:

Tuesday, January 21, 2014

A NEW "KING OF THE HILL"

YES, USING THE WORD "PASSWORD" FOR YOUR PASSWORD HAS BEEN KNOCKED OFF THE TOP SPOT






In a year where we saw hacks into Adobe, various Internet email sites, etc. there had to be a shakeup of 2013's worst passwords used. Splashdata [security firm] comprised a list of the worst 25 passwords used last year, and they were:
Here's the full list of worst passwords from 2013, according to Splashdata:
  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000
Hopefully none of these were used by you, and that you've already read my Blog posts on how to be creative when choosing a password. This list came from an article on PC Worlds website and you can read it HERE.

'Nuff Said,
Brian
Posted by at No comments:

Friday, January 17, 2014

COMPUTERS, CELL PHONES, AND PHONE SCAMS

HAVE YOU BEEN A VICTIM?








Below is a video of someone who is seeing how these scams work. In this case it was an advertisement about slow Android phone repairs. They quickly told him to connect the phone to his computer, then told him they would have to remote into it to check his phone....




Posted by at No comments:

Thursday, January 16, 2014

MICROSOFT IS ENDING SUPPORT OF XP IN APRIL BUT....

YOUR FAVORITE ANTI-VIRUS COMPANIES WON'T






Yes, while Microsoft will no longer offer security patches for XP after this April you will still be able to get anti-virus software to offer some sort of protection, in some cases, for years to come. Andreas Marx posted an article about this subject, and listed what A/V software companies are planning. The list is below, but I suggest you read the full article HERE.

Last updated: 16th January 2014
Manufacturer Support Information
AVGNo end of support announced; support available for at least 2 more years (1)
AvastNo end of support announced; support available for at least 2 more years (1)
AviraSupport will end on 8th April 2015 - further details...
BitdefenderSupport for home-user products available until January 2016; support for corporate products available until January 2017 (2)
BullguardNo end of support announced; support available for at least 2 more years (1)
Check Point / ZoneAlarmNo end of support announced; support available for at least 2 more years (1) - further details...
ComodoNo end of support announced; support available for at least 2 more years (1)
EmsisoftSupport available until at least April 2016 (2)
ESETSupport available until at least April 2016 (2)
FortinetNo end of support announced; support available for at least 2 more years (1)
F-SecureNo end of support announced; support available for at least 2 more years (1)
G DataSupport available until at least April 2016 (2)
IkarusNo end of support announced; support available for at least 2 more years (1)
K7 ComputingNo end of support announced; support available for at least 2 more years (1)
Kaspersky Labsupport will continue at least until 2018 for consumer and at least until 2nd part of 2016 for business products (2)
KingsoftNo end of support announced; support available for at least 2 more years (1)
McAfeeNo end of support announced; support available for at least 2 more years (1)
Microsoft (Security Essentials)Support will end on 14th July 2015 - further details...
MicroworldNo end of support announced; support available for at least 2 more years (1)
NormanSupport available until at least January 2016 (2)
Panda Security No end of support announced; support available for at least 2 more years (1)
Qihoo 360Support available until at least January 2018 (2)
QuickhealNo end of support announced; support available for at least 2 more years (1)
SophosSupport will continue at least until 30th September 2015 (2) - further details...
Symantec / NortonProducts support Windows XP, no end-of-life decision has been made yet
TencentNo end of support announced; support available for at least 2 more years (1)
ThreatTrack / VipreSupport available until at least April 2015 (2)
Trend MicroSupport will end on 30th January 2017 - further details...
WebrootSupport available until at least April 2019 (2)
[Source: AV TEST - The Independent IT-Security Institute]
(1) These manufacturers have not yet announced the cancellation of their support for these products on Windows XP systems but have instead stated that they will continue to provide support for this platform for at least two more years.
(2) It is possible that these manufacturers will further extend the duration of their support if the market demand remains high enough.

'Nuff Said,
Brian
Posted by at No comments:

Wednesday, January 15, 2014

RAM SCRAPERS

AND THE FOX SAYS: "HUH?"








It has been determined that the POS (Point-of-Sale) computers at Target were infected with Malware, which in turn caused the breach of security that allowed over 70 million people have their credit/debit card information stolen.

Security experts determined that the Malware included "Ram Scrapers". What is a Ram Scraper you ask?

"A RAM scraper is a specific type of malware which targets information stored in memory, as opposed to information saved on the hard drive or being transmitted over the network."

If you own a business with a POS computer (and most do), perhaps you should read an article from PCMAG.com's website. You can find it HERE.

'Nuff Said,
Brian
Posted by at No comments:

Tuesday, January 14, 2014

ONE QUESTION I GET ASKED AT LEAST ONCE A DAY

"WHAT IS MALWAREBYTES?"








So, here is a short video from the Malwarebytes folks to explain it....



Posted by at No comments:

Monday, January 13, 2014

MONDAY 01-13-14

SECURITY BITS








TARGET

 I'm sure everyone has heard, read, or seen news stories about the breach in Targets security where 40 million cards numbers and other information was hacked, right? Then late last week that number almost doubled to 70 million cards, and this morning I saw that the 2nd number was bumped up to over 100 million cards/people affected by this hack. Will it stop at the 3rd estimate? Time will tell.
ONLINE GAMING

 Online gamers have grown into tremendous numbers, so it's not exactly a surprise to read a report from Kaspersky which said that over 11 million online gamer accounts were hacked in 2013. Expect that number to rise this year by almost double.
RANSOMEWARE

 Until "Cryptolocker", ransomware was something that in most cases could be removed without affecting your data files, but now the ransomware game has changed and it will only get worse, which is why you should BACK UP your data files. Do it by external USB drives, or various online backup sources [I personally prefer Carbonite]

 If you don't keep your data files [ed. - by data files I mean: Photos, music, documents, pdf's, spreadsheets, etc.] backed up daily [and Carbonite does it automatically for you several times a day], you'll have only yourself to blame when the PC technician tells you that your hard drive will have to be formatted with a fresh OS install, and "please have your backups ready to be restored to the freshly formatted hard drive."

'Nuff Said,
Brian
Posted by at No comments:

Tuesday, January 7, 2014

I TOLD YOU...


ONE OF THE FIRST NEWS ARTICLES I READ THIS MORNING






Yahoo Users Hit By Malicious Ads

from the disable-java dept

There has been an unfortunately long history of malware attacks via ad networks, often created by hacking into networks, but sometimes just by sneaking in a legitimate-looking ad that that is able to then sneak in an exploit. Over the weekend, it came out that hundreds of thousands of Yahoo users in Europe were exposed to ads that automatically tried to install malware as part of an attempt to build a botnet. The exploit used security holes in Java (not Javascript, which, once again, we need to remind people is entirely different). It's long been recommended that you turn off Java completely in your browser, so this is yet another reminder.

Read the rest of the story HERE. Remember, this could happen on ANY website that uses advertisements. And if you don't know what I'm talking about, see my post from yesterday morning.
 
'Nuff Said,
Brian 
Posted by at No comments:

Monday, January 6, 2014

DON'T TOUCH THAT

THINK TWICE WHEN CLICKING YOUR MICE




When on a virus removal call usually when I ask "How did it happen?" 9-out-of-10 times the response is "I don't know. I was just on a regular page I always read and then all of these pop-ups appeared".

 This is usually a truthful statement, and I take them for their word. Sometimes though it's a bit more complicated. Everyone has their favorite homepage to catch the latest news [I use Yahoo], but whatever news page you use, it's always good to be on alert. 

 For instance, the other day I was on "MY YAHOO" going through the various news sections when I saw an article under "US NEWS" about the winter conditions in Michigan. While scrolling down the page there are news links related to the story you're reading, or something that didn't make the top 10 stories on my page on the sidelines, so if something seems newsworthy I'll read it too. 

In-between these links you'll often come across other things like my example below:


I've circled the lighter print which reads "Advertise" because it doesn't stand out like the rest of the text and the...er picture. These are paid advertisements and can be bought by anyone with enough money to put it on the page. Some are legit, some are not. The non-legit links may lead you down the rabbit hole and infect your computer. Are these legit or non-legit? I couldn't tell you as I don't want to take the risk of my computer being infected to find out.

 Most websites are all too happy to take in money, because that's what keeps them going, and very often a malicious advertisement with a picture that makes you wonder what it's all about will tempt you to click on it. 

So in the words of one of my favorite deceased news reporters, Paul Harvey-

 "....and now you know the rest of the story".

'Nuff Said,
Brian
Posted by at No comments:

Friday, January 3, 2014

2014

FACEBOOK: IN THE NEWS





I recently read an article about a lawsuit being brought against Facebook in regards to privacy. The lawsuit claims that Facebook is scanning private messages and selling select information to third party buyers. Looking back at 2010 when they said privacy was their number one priority, if this pans out in the courts I foresee many people looking for another place to nest.

 You can read the article HERE.

'Nuff Said,
Brian
Posted by at No comments:
Subscribe to: Posts (Atom)