KRACK Wireless Security Vulnerability

A vulnerability in the WPA2 wireless protocol called Krack potentially allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.

To protect yourself, many Wi-Fi product vendors will be releasing updated firmware and drivers for their products. It is strongly recommended that users update their hardware or have it updated as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.

Microsoft October Patch Tuesday Fixes 62 Issues

The October 2017 Patch released this past Tuesday, addresses important security issues including a Word zero-day vulnerability. Users who are not on auto updates should install them immediately.

Adobe Product Updates

Adobe just released its monthly security updates and this month the company patched vulnerabilities in three products — Adobe Flash Player, Adobe ColdFusion, and Adobe RoboHelp. Adobe patched eight security bugs ; two in Flash Player, four in ColdFusion, and two in RoboHelp.

Another Locky email campaign

The new campaign was discovered by App River. Potentially 23 million of emails were sent with subjects such as ‘please print’, ‘documents’ and ‘scans’ in an effort to spread Locky ransomware.

As with all Phishing campaigns end user education is your best defense. With this number o emails, even if it is overestimated by 90% there will be significant numbers of users caught but it and they potentially will send more mail messages.

Security: Office 365 Phishing email

The past two mornings have had businesses in the Albany area who use Microsoft’s Office 365 receive a Phishing email claiming that users passwords have had a password change request and please follow the link included  in order to cancel the request.

The sender will be listed as “Office” or “Office 365” and the Subject line will read “Password Reset Alert”

This email should be deleted immediately.

 

Mozilla moving Firefox 32Bit users to 64Bit

Mozilla has revealed that 64-bit Firefox will soon become the default build for 64-bit Windows versions. In the near future, users whose PCs fit the hardware requirement will be migrated to Firefox 64-bit automatically with Firefox 56 scheduled to be released on September 26th. The default the Windows installer will default to
64-bit Firefox beginning on August 8th.

Security Update for Windows Defender Released

Microsoft has released an out of out of band security update for Windows Defender found on Windows 7, 10 and Server 2008. If you are running a third Party Anti Virus solution your version of Windows Defender will be disabled. If not you should run Windows Update to ensure you apply the update ASAP.