Category Archives: Security

WARNING. Watch out for those email attachments.

It’s time to remind everyone again. Malware, Crypto Viruses and all kinds of nasties are still out there, and pose a bigger threat than ever.

Check out this latest ransomware variant – https://blog.knowbe4.com/its-here.-new-ransomware-hidden-in-infected-word-files

And from TrendMicro – http://blog.trendmicro.com/trendlabs-security-intelligence/recent-crypto-ransomware-attacks-a-global-threat/

And Sophos: The current state of ransomware – https://blogs.sophos.com/tag/ransomware/

Here’s a reminder from way back in 2012 on how to detect and identify these viruses when they pop up in your mailbox.

  1. DO NOT OPEN ZIP ATTACHMENTS.
  2. DO NOT OPEN ATTACHMENTS. Right click and save them to a temporary location on your computer, and check it out before opening it.
  3. DO NOT CLICK ON LINKS IN EMAILS. Hover your mouse over the link and be absolutely sure it is a legitimate link before you click on it.
  4. REVIEW THIS BLOG POST. Again. http://blog.powerbiz.net.au/security/how-to-detect-and-deal-with-malicious-email-viruses/

 

Apple IOS hacked – check and delete the infected apps

Check out the list and remove them off your iPhone or iPad immediately. http://www.redmondpie.com/xcodeghost-malware-list-of-infected-ios-apps-that-you-should-delete-right-now/

  • air2
  • AmHexinForPad
  • Angry Birds 2 (Chinese App Store only)
  • CamCard
  • CamScanner
  • Card Safe
  • China Unicom Mobile Office
  • CITIC Bank move card space
  • CSMBP-AppStore
  • CuteCUT
  • DataMonitor
  • Didi Chuxing
  • Eyes Wide
  • FlappyCircle
  • Flush
  • Freedom Battle
  • golfsense
  • golfsensehd
  • guaji_gangtai en
  • Guitar Master
  • Himalayan
  • Hot stock market
  • InstaFollower
  • installer
  • Jane book
  • Lazy weekend
  • Lifesmart
  • Mara Mara
  • Marital bed
  • Microblogging camera
  • MobileTicket
  • Musical.ly
  • NetEase
  • nice dev
  • OPlayer
  • OPlayer Lite
  • PDFReader
  • Perfect365
  • Pocket billing
  • PocketScanner
  • Poor tour
  • QYER
  • Railway 12306
  • SaveSnap
  • Stocks open class
  • SuperJewelsQuest2
  • Telephone attribution assistant
  • The driver drops
  • The Kitchen
  • Three new board
  • TinyDeal.com
  • Wallpapers10000
  • Watercress reading
  • WeChat
  • WeLoop
  • WhiteTile
  • WinZip
  • WinZip Sector
  • WinZip Standard

Passwords are the keys to your House

Have you ever gone out and walked up to someone you don’t know and given them the keys to your house?

Security (your keys, your alarm system, the locks and doors) are the protection you have for your physical home and the contents that you posses. We tend to look after these things fairly carefully.

In the electronic world today, people are less careful about the security in your “electronic” home. Your cloud accounts (email, data storage, shopping, banking, etc) define who we are just as much as our physical possessions. Yet, we tend to be less conscious about how we protect these personal “belongings”.

Jimmy Kimmel live put a reporter on the streets to interview people and as them what their password is.  The results? Well, see for yourself…

Guard your online privacy, and if you have one of these passwords (http://blog.powerbiz.net.au/security/here-are-the-worst-passwords-for-2013-do-not-use-these/), please change them ASAP!

Shellshock bug and NAS devices – QNAP, Synology and others

Oh, and by the way, check your NAS devices to ensure that they are safe. Disconnect direct Internet access right now, until the devices are patched.

http://www.neowin.net/news/shellshock-bug-impacts-nas-devices-like-qnap-and-synology

QNAP says that they are vulnerable to this, and urge users to take immediate action. http://www.qnap.com/useng/index.php?lang=en-us&sn=885&c=3036&sc=&n=22457

Apparently, Synology units are not generally affected (interesting…), but nevertheless, they are also coming out with a patch (also interesting…) https://www.synology.com/en-global/support/security/bash_shellshock

Resources for the Bash Bug (aka ShellShock)

It was bound to happen. A major bug targeting the Linux community, and not Windows users. Thanks to Trend Micro labs, here are some related resources that will bring you up-to-date with this latest threat.

The original blog post can be found here – http://blog.trendmicro.com/trendlabs-security-intelligence/summary-of-shellshock-related-stories-and-materials/

More email Phishing and Malware – Take the Phishing Quiz

Here is an example of an email phishing attack. If you are using outlook, you can hover the mouse pointer over the link “click here”. DO NOT CLICK ON THE LINK. Just move the mouse over it. You will see the highlighted link, which has nothing to do with ebay or paypal. Always look for the part between “http://” and the next “/”. If that does not sat ebay.com or paypal.com or something that you are expecting, then it is a phishing/malware attack.

ebaymalware

If you would like more practice, go to this link to take the Phishing Quiz – http://www.opendns.com/phishing-quiz/. How well did you do?

For more information on detecting email malware and phishing attacks, review my earlier blog – http://blog.powerbiz.net.au/security/how-to-detect-and-deal-with-malicious-email-viruses/

5 million Gmail account passwords leaked

A number of major news sites have reported today that a list of 5 million Gmail addresses and passwords were leaked to a Russion hacker site on Wednesday.

What can you do about this?

  1. Check if your account password was leaked – https://isleaked.com/en
  2. Change your Gmail password. Use a strong password – http://windows.microsoft.com/en-au/windows-vista/tips-for-creating-a-strong-password
  3. Take this as a reminder to run a manual virus and malware check – http://blog.powerbiz.net.au/useful-links/free-security-products/

 

 

Major Bug Alert: CVE-2014-0160 aka Heartbleed Bug

heartbleed

A serious vulnerability has been discovered in the OpenSSL cryptographic software library which allows an attacker to steal information that would normally be protected by SSL/TLS encryption. This vulnerability allows anyone to compromise and steal data that is normally protected by this protocol, which can lead to further attacks and the compromise of IT systems that are breached.

There are many popular firewalls and systems that are exposed on the Internet that use this protocol, which makes this vulnerability a serious threat. Many common Linux based operating systems are vulnerable, and the vendors have released patches to fix this issue. It is recommended that firewalls, servers and appliances that use OpenSSL be patched immediately.

For more information on this threat and some answers to common questions, read this – http://heartbleed.com/

To test your system for this vulnerability, go to this site – http://filippo.io/Heartbleed/