LastPass is almost everywhere! (Now on Apple Watch)
We strongly recommend a good password system for everyone. For many that means implementing one of the password services. The one we most often recommend is LastPass and one of the reasons in you can get a client for almost any browser and device. Now it seems you can have one for a watch.
Source: LastPass
Ransomware attacks up 113 Percent in 2014
Beginning in 2013 a new type of Malware was spreading via email: Ransomware. Even today in 2015 most people are unaware of Ransomware and are unable to take steps against it.
As the name implies, “ransomware” is malware that prevents you from accessing data or information on your computer until you pay a ransom or a specified amount of money.
Just as sophisticated phishing emails appear to be from trusted financial institutions or other respected companies, ransomware can appear to be from legitimate sources such as legal authorities or even government officials. A demand is usually made for a fine to be paid for the “illegal activity” that was supposedly found originating from your computer. The illegal activity claim could be items like copying songs or duplicating videos and violating copyright laws.
The two commonest forms of ransomware will: lock the screen with a full-screen image or Web page to prevent access to the computer; or encrypt files with a password that prevents access to data or information.
The other bad news for those infected with this malware is that paying the ransom does not always return your computer to normal.
Source: Symantec
End of updates for Java v7
After April 2015, Oracle will no longer post updates of Java SE 7 to its public download sites. Existing Java SE 7 downloads already posted as of April 2015 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download.
Oracle Critical Patch Update Advisory
The Critical Patch Update released by Oracle includes 98 security fixes for a wide range of product families.
Systems running Oracle Products (Especially Java) need to ensure the latest updates are applied.
Source: Oracle
Security: Phishing attack (Albany area)
Yesterday we had a client receive an email claiming to be from administrator@TheirCompanyName.com asking them to follow a link to receive an encrypted email. None of our clients would be getting such a message from an account named as such. This was malware designed to convince the user receiving it that the message was legitimate and from an internal account.
Should you receive a similar message you should delete the message immediately. IN addition to coming from the account “Administrator” it may also arrive with the name of a legitimate user on your network.
Example message:
**********Important – Internal ONLY********** File Validity: 10/04/2015 Company : “YourCompanyName.com” File Format: Adobe Reader Legal Copyright: Adobe Corporation. Please follow this link :https://YourCompanyName.com/file/internal/encruptedmessage” ********** Confidentiality Notice **********. This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s). This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from your system and destroy all copies of it.
Android Locker Trojan in the wild
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: Nero.lockphone
Version number: 1.0
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about the Wi-Fi state.
- Change Wi-Fi state
- Start once the device has finished booting
- End background processes
- Access list of current or recently running tasks
- Prevent processor from sleeping or screen from dimming
- Send SMS messages
Installation
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.
Functionality
When the Trojan is executed, it creates a service with the following name:
- killserve
Next, the Trojan locks the screen to block the user from accessing the compromised device.
Microsoft Surface 3 firmware update released
Yesterday Microsoft released a second Surface Pro 3 update for the month of March. You will probably find the update ready to install but if not you can manually check for the update by following the instructions below. This business focused firmware update adds support for enterprise disk encryption, enhances the advanced configuration settings for device security, and adds configurable support from the Windows OS for provisioning scenarios.
| Step 1: | Swipe in from the right edge of the screen, and tap Settings. (If you’re using a mouse, point to upper-right corner of screen, move the mouse pointer down, and click Settings.) |
| Step 2: | Tap or click Change PC settings, and tap or click Update and recovery. |
| Step 3: | Tap or click Check now. |
| Step 4: | If there are updates available, tap or click View details. |
| Step 5: | Tap or click to select the updates you want to install, and tap or click Install. You will need to restart Surface after the updates have been installed. |
Flash Player zero-day exploit infected nydailynews.com
Visitors to the New York Daily News website or Metacafe website recently could have been infected with malware, according to Malwarebytes.
The malware was being delivered via advertising redirected users to the Hanjuan Exploit Kit. Researchers only observed the exploit taking advantage of a recently patched Adobe Flash Player zero-day vulnerability – CVE-2015-0313.
The threat is a an auto download attack that requires no user interaction, meaning no clicking is required to become infected
This a stealth infection on a very public site that users expect to be “safe”. This is an example of why workstations need to be running up to date virus programs and have the latest security updates installed.
Apple updates its Safari browser: addresses 17 security vulnerabilities
Safari updates 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, another vulnerability affects the user interface and could open the door to phishing attacks.
Source: Apple
iOS 8.2 Released, addresses “FREAK” vulnerability
The FREAK vulnerability could allow attackers to conduct man-in-the-middle attacks on encrypted networks, including SSL and TLS. The vulnerability only affected connections to servers that support export-strength RSA cipher suites. IN addition to this security fix there were several additions and changes with the update including the Apple Watch App and stability tweaks and foxes for the operating system.
capitalregionit 