Happy New Year … Not!
With the New Year comes a new class of malicious attack that can impact IT systems. This time, the attack is hardware based, affecting mostly Intel based systems, and to some extent, AMD systems as well.
Here is a list of resources that highlight what it is all about and how to mitigate against this new threat. In the words of Microsoft, “Don’t panic.”
It’s time to remind everyone again. Malware, Crypto Viruses and all kinds of nasties are still out there, and pose a bigger threat than ever.
Check out this latest ransomware variant – https://blog.knowbe4.com/its-here.-new-ransomware-hidden-in-infected-word-files
And from TrendMicro – http://blog.trendmicro.com/trendlabs-security-intelligence/recent-crypto-ransomware-attacks-a-global-threat/
And Sophos: The current state of ransomware – https://blogs.sophos.com/tag/ransomware/
Here’s a reminder from way back in 2012 on how to detect and identify these viruses when they pop up in your mailbox.
- DO NOT OPEN ZIP ATTACHMENTS.
- DO NOT OPEN ATTACHMENTS. Right click and save them to a temporary location on your computer, and check it out before opening it.
- DO NOT CLICK ON LINKS IN EMAILS. Hover your mouse over the link and be absolutely sure it is a legitimate link before you click on it.
- REVIEW THIS BLOG POST. Again. http://blog.powerbiz.net.au/security/how-to-detect-and-deal-with-malicious-email-viruses/
Check out the list and remove them off your iPhone or iPad immediately. http://www.redmondpie.com/xcodeghost-malware-list-of-infected-ios-apps-that-you-should-delete-right-now/
- Angry Birds 2 (Chinese App Store only)
- Card Safe
- China Unicom Mobile Office
- CITIC Bank move card space
- Didi Chuxing
- Eyes Wide
- Freedom Battle
- guaji_gangtai en
- Guitar Master
- Hot stock market
- Jane book
- Lazy weekend
- Mara Mara
- Marital bed
- Microblogging camera
- nice dev
- OPlayer Lite
- Pocket billing
- Poor tour
- Railway 12306
- Stocks open class
- Telephone attribution assistant
- The driver drops
- The Kitchen
- Three new board
- Watercress reading
- WinZip Sector
- WinZip Standard
Have you ever gone out and walked up to someone you don’t know and given them the keys to your house?
Security (your keys, your alarm system, the locks and doors) are the protection you have for your physical home and the contents that you posses. We tend to look after these things fairly carefully.
In the electronic world today, people are less careful about the security in your “electronic” home. Your cloud accounts (email, data storage, shopping, banking, etc) define who we are just as much as our physical possessions. Yet, we tend to be less conscious about how we protect these personal “belongings”.
Jimmy Kimmel live put a reporter on the streets to interview people and as them what their password is. The results? Well, see for yourself…
Guard your online privacy, and if you have one of these passwords (http://blog.powerbiz.net.au/security/here-are-the-worst-passwords-for-2013-do-not-use-these/), please change them ASAP!
The video is well worth watching.
The bottom line is that if you have a third party flashlight app, you should remove it immediately … especially if you have an Android based phone (Samsung etc).
Here is the full report – http://www.snoopwall.com/threat-reports-10-01-2014/
Oh, and by the way, check your NAS devices to ensure that they are safe. Disconnect direct Internet access right now, until the devices are patched.
QNAP says that they are vulnerable to this, and urge users to take immediate action. http://www.qnap.com/useng/index.php?lang=en-us&sn=885&c=3036&sc=&n=22457
Apparently, Synology units are not generally affected (interesting…), but nevertheless, they are also coming out with a patch (also interesting…) https://www.synology.com/en-global/support/security/bash_shellshock
It was bound to happen. A major bug targeting the Linux community, and not Windows users. Thanks to Trend Micro labs, here are some related resources that will bring you up-to-date with this latest threat.
The original blog post can be found here – http://blog.trendmicro.com/trendlabs-security-intelligence/summary-of-shellshock-related-stories-and-materials/
Here is an example of an email phishing attack. If you are using outlook, you can hover the mouse pointer over the link “click here”. DO NOT CLICK ON THE LINK. Just move the mouse over it. You will see the highlighted link, which has nothing to do with ebay or paypal. Always look for the part between “http://” and the next “/”. If that does not sat ebay.com or paypal.com or something that you are expecting, then it is a phishing/malware attack.
If you would like more practice, go to this link to take the Phishing Quiz – http://www.opendns.com/phishing-quiz/. How well did you do?
For more information on detecting email malware and phishing attacks, review my earlier blog – http://blog.powerbiz.net.au/security/how-to-detect-and-deal-with-malicious-email-viruses/
A number of major news sites have reported today that a list of 5 million Gmail addresses and passwords were leaked to a Russion hacker site on Wednesday.
What can you do about this?
- Check if your account password was leaked – https://isleaked.com/en
- Change your Gmail password. Use a strong password – http://windows.microsoft.com/en-au/windows-vista/tips-for-creating-a-strong-password
- Take this as a reminder to run a manual virus and malware check – http://blog.powerbiz.net.au/useful-links/free-security-products/