Sorry for the delay in posts recently. We were working on the new website. It had been years since our old website was really updated, and we wanted to give the site a fresh, new look. We’ve opted for a single-page website design. Look it over and see what you think.
Here’s a current snapshot of our customer base:
Patch Tuesday Is Today
Since today is Microsoft’s day to patch, please save your work at the end of the day. If your PC is set up to automatically download and install these patches, it will likely restart Wed at 3:00 am. Or, it may ask for an install or a restart when you come into work Wednesday morning.
Adobe Flash Player Needs Patching
We’ve already been alerted that Adobe’s Flash Player has gotten an update that should be installed ASAP. The latest version is 18.104.22.168. Some sources are saying it’s available for download now. Your mileage may vary.
As long as we’re talking about Flash Player, why not just uninstall it? It’s a hackers’ paradise as it’s prone to vulnerabilities and it exists on almost every new PC sold. Most websites have moved away from using it (moving toward HTML5, WebGL and WebAssembly), and many web browsers (Chrome, Edge and Safari) are blocking it by default. Adobe has announced the Death of Flash Player in 2020. Microsoft will disable Flash Player in Edge and Internet Explorer in 2019. Apple hasn’t allowed it in iOS since 2010, Android since 2012. (Yeah, that Android Flash Player download is actually a banking trojan.)
Android Malware Abounds
There are probably more articles about malware for Android devices than we can discuss here. MOST, but not all, are obtained by downloading apps from outside of the Google Play store. Please don’t do that. Again, most are being installed on jailbroken phones. (If you don’t know what that means, you probably didn’t jailbreak your phone!)
However, some do make their way into apps found in the Google Play store. One piece of info-stealing malware, Xavier, found its way onto over 800 apps in the Google Play store. It also has the ability to “download and execute other malicious codes, which might be an even more dangerous aspect of the malware.” Here’s good advice when downloading apps (even from the official store): “[install] applications only from trusted developers on Google’s Play Store. [You] should also read the reviews of an app before [you] install it, update [your] devices regularly, and install an anti-virus solution onto [your] phones.”
Another piece of malware known as Judy could have victimized as many as 36.5 million Android users. It too was available from apps on the Google Play store. Thankfully, Google has since removed those apps. The best advice to avoid this malware? “Android users should steer clear of any future apps developed by ENISTUDIO corp. They should also install a mobile anti-virus solution to help protect threats like Judy and read the reviews of an app before they install it.”
Mac Malware Is on the Rise
We’ve discussed this before: Mac users are not immune to viruses—it’s just that less time is spent creating them. However, they seem to be on the increase. One is known as FruitFly. One researcher described the threat as “a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time.” It seems to have the ability to capture screenshots and obtain webcam access. (Keep that sticky note over your webcam.) While the first iteration of this malware seemed to target specific industries (it’s since been patched), the second iteration seems to target average users living in the US and Canada.
A second piece of malware (actually ransomware) is called MacSpy. Its developers offer it as malware-as-a-service. Anyone with a low level of expertise can use it. It has a sneaky install method to stay hidden. And, when it sends data it collects to the criminal, it then deletes any traces that data had been sent. That data includes “screenshots, keystrokes, photos synced with iCloud, recorded audio files, retrieved clipboard content, and browser information.” That’s what the criminals can do for free. If they want to pay for the advanced version, they can “access emails and social media accounts, retrieve any files/data, and encrypt the user directory within ‘a few seconds.’”
If they really want to go for demanding a ransom, they can just purchase MacRansom from the same developer. That ransomware demands an approximate $700 ransom for the decryption key.
Stop Creating Dumb Passwords
The National Institute of Standards and Technology (NIST) has acknowledged in a draft report that there is no reason to change your password every “x” days. The only real reason to change it is if you think it may have been compromised. Thank goodness! Part of the problem is that when a person is forced to repeatedly change a password, it gets simpler and simpler to crack. The current thinking is that longer passwords (up to 64 characters) which include things like spaces, are actually harder to crack than shorter ones using upper and lowercase letters, numbers and special characters. So, “mississippi bravo peanut butter collie” is much harder to crack than “P@55w0Rd”. “NIST now recommends that we no longer force periodic password changes and we no longer should force complexity requirements.”
The older rules were based on research by Bill Burr back in 2003. He now admits that periodically changing your password causes most people to “make the same, predictable changes — such as switching from a 1 to a 2 — which makes it easy for hackers to guess.” That research was hurriedly put together, and the use of passwords wasn’t so widespread so as to have a lot of data to look at. It worked at the time. It doesn’t really apply today.
DocuSign Was Hacked
If you use the DocuSign digital signature service, make sure to use caution before clicking on links purportedly coming from them. Some of those emails were sent by hackers trying to get you to click on an attached, infected Word document. “The company is also underlining that it will never ask recipients to open a PDF, Word document or ZIP file attachment in an email.”
Back in June, a number of British Universities were hit with a ransomware attack. Although most ransomware is distributed by emails, these seemed to be caused by “malvertising”. You know how you visit a legitimate webpage and see those ads on the top/sides of the screen? Some bad guys inject code into ads in such a way that just visiting the site can cause an infection to occur. You don’t even need to click on the ad!
One security researcher encourages using an Ad Blocker. “An ad blocker will prevent ads from appearing in your browser. It means that your browsing will not only be faster and more private (unscrupulous advertisers are known to track your movements online), but also safer.” One of the more popular browser extensions is Adblock Plus.
Just a word about running extensions in your browser. Sometimes the extension developer falls victim to an email phishing campaign. His account gets hacked, and immediately a new, poisoned version of that extension is pushed out to all users. That has happened twice recently: once with the Copyfish extension, and more recently with the Web Developer extension. So, when it comes to running browser extensions, try to keep them to a minimum, and try to use ones from trusted developers. We liked what the developer of the Web Developer extension had to say about getting phished: “I could make excuses about how I am extremely busy at work or I seem to constantly be logged out of my Google account so having to log in is not unusual, but the reality is that I am a bloody idiot and blindly logged into my developer account after clicking on a link in the email. To add to my stupidity, the developer account did not have two-factor authentication turned on.” I guess that’s a good lesson for all of us, too.
Well, that’s a wrap. We look forward to keeping you in the loop with upcoming posts.