March 26th, 2014
The danger of a zero-day exploit is that users are left vulnerable to a known vulnerability while a manufacturer scrambles to patch it. This can sometimes result in weeks of known vulnerabilities being available to attackers. The latest zero-day reported involves Microsoft Word and would allow for remote code execution if exploited. A post at the Symantec blog explains the details of this issue.
Microsoft has alerted the public through a security advisory that the Word exploit exists, but have not yet released a patch that fixes it. In the advisory, they report that attacks, although limited, have been observed using this exploit in the wild. Those attacks have only exploited Word 2010, but other versions are considered vulnerable. Those versions include Word 2003 and 2007, Office for Mac 2011, Office Web Apps 2010 and Office Web Apps Server 2013.
Unfortunately, there have been no specific details released about how attackers are exploiting the vulnerability. The issue comes from opening a malicious .RTF file with Word. But, even previewing an .RTF file attached to an email in Outlook could allow an attacker access to a user’s system. So, the attack could stem from malicious email attachments, or it could stem from websites that trick users into downloading and opening a file.
There has been a temporary solution released through Microsoft’s FixIt tool, which makes it impossible for Word to open any .RTF document until a more permanent solution is found. Similarly, Outlook can be configured so that previews of attachments open as plain text, rather than through Word, which would also serve as a temporary solution, but could also be a safer way to operate from now on.
All Word and Outlook users are urged to watch for a patch that fixes this vulnerability and update as soon as it’s made available.
At Geek Rescue, we help help make your computer and your network as secure as possible. We also help you recover from attacks. Call us at 918-369-4335.
March 25th, 2014
A primary concern for computer users is avoiding malware. Unfortunately, not all users make it a priority and often put themselves at risk by foregoing proper security tools. Surfing the web without antivirus or anti-malware applications in place is asking for trouble. But, with so many options available, how do you know which security tools are most effective? As Larry Seltzer of ZDNet reports, a recent test conducted by AV-Test Institute set out to find the anti-malware programs that are most trustworthy for Windows 7 users.
AV-Test Institute brought in a total of 34 anti-malware products to test with 9 being for business and 25 for consumers. The testing involved malware detection, zero-day exploits with no signatures detection, performance impact and false positives.
A good anti-malware program will be able to operate without slowing down your system. It’s also capable of detecting malware before it infects your system and capable of spotting zero-day exploits based on suspicious characteristics. The product that scored the best in these tests was Trend Micro’s Office Scanner 10.6. The top scoring consumer product was Bitdefender Endpoint Security.
Multiple products were able to detect all of the malware used in the test. On average, 94-percent of the zero-day malware was also detected.
Bitdefender’s consumer entry was able to detect all malware with no false positives and tied for the top score in the performance impact testing. Trend Micro’s Office Scanner was also able to detect all malware and scored the highest possible score on performance impact, but wasn’t able to make it through testing without any false positives.
For a full list of results and products tested, visit AV-Test.
With an effective anti-malware program in place, like many of those tested, users can feel secure and know that malware will be detected before it can do any real damage. Security programs need to be updated constantly, however, to give them any hope of detecting the latest malware threats.
If you’ve been infected by malware or would like to explore your options for better security, either at home or the office, call Geek Rescue at 918-369-4335.
March 24th, 2014
Regardless of what mobile operating system you use, there’s bound to be some security flaws. The latest issue is a way for malicious apps on Android devices to receive elevated privileges without a user’s knowledge. Adrian Kingsley-Hughes of ZDNet reports on these so-called “Pileup flaws”.
Pileup is short for privilege escalation through updating, which adequately describes this type of attack.
Each time an update for a device’s current operating system is installed, which can be as often as every few months, a user is at risk. Updates require thousands of files to either be replaced or added to a device. This includes carefully adding new apps without damaging or changing any existing apps. This method creates a vulnerability.
If an existing app is malicious in nature, it’s developer can request additional permissions that are only available in an updated operating system. Those permissions won’t affect users before they update and an app may seem legitimate. Once the user updates, however, those permissions are automatically granted with no warning or verification required from the user.
This way, an app can lay dormant until the user updates, then take control of a device. With expanded privileges, malicious apps can control text messages, download malware and monitor activity.
In a similar attack, malicious apps with the same name as a trusted system app can be upgraded to a system app during an update. This gives malicious third party apps the power to access nearly everything on a device and control functions.
Researchers claim to have found six examples of Pileup vulnerabilities in Android devices, which puts about a billion total devices at risk. Google has been alerted about these vulnerabilities and has already begun patching them.
Discoveries like this reinforce how important it is to exercise caution when downloading apps. Only download from the official app store and, even then, be cautious about what you decide to add to your device.
If your device has been infected with malware or you’re having other issues, bring it to Geek Rescue or call us at 918-369-4335.
March 21st, 2014
There are many tools and applications available to keep your information and your network safe from attacks. When it comes to online accounts, however, security starts from the user’s end with effective passwords. A strong password doesn’t guarantee that your account will never be compromised, but it does protect you from a number of attacks a weaker password would succumb to. At About, Andy O’Donnell explains the characteristics of strong passwords so you can create one for all of your online accounts.
Do’s
Most brute force attempts at cracking your password involve guessing off of a set list of common passwords. The more random your password is, the less likely it will be guessed by an attacker.
Random is good, but not if it’s still overly simple. Passwords that only use letters or only use numbers are much easier to crack than those that use both. Adding symbols into your password will further strengthen it.
Longer passwords take much longer to crack than shorter passwords. The reason is simple mathematics. When a password is 12-characters long, there are 12 different blanks to fill in and millions of different combinations. A password that’s only 5-characters long drastically cuts down on the number of combinations possible.
Don’ts
Everyone has so many accounts online, it’s almost impossible to remember a unique password for each one. That’s why many users opt to use the same password for multiple websites. That creates the possibility, however, that if one of your accounts is compromised, all of them will be. Some sites don’t use as robust security as others. So, using the same password for your bank as you do for an online message board is creating an easier path for criminals to infiltrate your bank account.
Everyone knows that ‘12345’ is a weak password, but some users believe that “qwerty” is strong. It isn’t an actual word, but attackers know this is a popular password. If typing your password forms a pattern on the keyboard, it’s likely going to be guessed in the case of an attack.
Many websites have started demanding users use longer passwords by implementing a minimum character length. To get around that, some users simply put in the same password twice. That breaks a number of these rules, however. It forms a pattern and isn’t random.
There are a number of ways a criminal can break into one of your online accounts. More intelligent attacks are even able to circumvent the number of failed log-in attempts some sites limit you to. To stay safe, you need a strong password that’s changed regularly.
If you are the victim of an attack and need help getting rid of malware or implementing better security, call Geek Rescue at 918-369-4335.
March 20th, 2014
There are a number of resources online to help you protect yourself from malware infections. From security tools to tips and best practices for avoiding malware, it’s fairly easy to learn how to create an effective security infrastructure for your home network. What happens if malware is still able to get through, however? At the BullGuard blog, Kirsten Dunlaevy published a list of helpful signs that your computer may have been infected. Here’s what you need to watch for.
We’ve all experienced the frustration of having your computer freeze while you’re in the middle of working on it. That could be a one-time problem, a compatibility issue with an application or it could hint at a malware infection. If you’re seeing a growing number of problems like freezes, sudden shut downs or restarts and applications not working properly, the most likely cause of your problems is malware.
The internet used to run on pop-ups, but most legitimate sites have stopped using them. Now, if you see pop-ups, it usually means you’re on a site that’s not trustworthy or that you’ve been infected with malware. Especially if you see pop-ups when you aren’t using a web browser, it’s likely that there malware hiding somewhere on your system.
- Suspicious email and social media messages
Even if your computer is absent of any other signs of malware, your email and social media profiles may tell a different story. Be sure to regularly check the “Sent” folder of your email to make sure that everything that appears there is actually messages you’ve sent. If you see messages with suspicious looking subjects, it’s likely that malware has been used to hack your email and spam your contacts. Similar problems can plague your social media profiles. Facebook and Twitter are particularly at risk.
If your computer has none of the above problems and seems to run normally, it doesn’t necessarily prove the absence of malware. As threats grow more intelligent, they’re increasingly able to hide evidence of their actions. Some malware tampers with antivirus applications to make it appear that your system is clean when it’s not. Or, malware can even trigger a false positive to make you feel secure after dealing with the supposed threat.
Keeping malware from infecting your computer starts with putting security tools in place and practicing smart, safe surfing online. Then, it’s important to stay vigilant and watch for signs of infections. Also, be aware of actions you take that could potentially lead to a malware infection.
If you’ve been infected with malware, or are just having issues with any of your devices for unknown reasons, call Geek Rescue at 918-369-4335.
March 17th, 2014
Each year, people gather in Vancouver for what’s called a hackfest. Experts attempt to break through the security of popular applications to reveal potential vulnerabilities. This year, web browsers were the focus with each of the most popular browsers being hacked successfully with at least one exploit. As Sebastian Anthony of Extreme Tech reports, Mozilla’s Firefox experienced the most security problems and four zero-day exploits were found.
A zero-day exploit refers to a way to successfully attack an application that’s discovered by someone outside of the manufacturer. These are dangerous exploits because they are revealed before the manufacturer has an opportunity to patch them. This leaves users vulnerable for days or weeks.
The vulnerabilities in Firefox are said to allow hackers to “do just about anything with your computer” when attacked correctly. These attacks all stem from convincing users to visit malicious websites specifically created for attacks.
Mozilla’s web browser has always been considered less secure than the other leading browsers. It was first included in the hackfest in 2009 and has been successfully exploited every year except 2011. In the past three years, however, all four major browsers, Chrome, Internet Explorer, Safari and Firefox, have all been successfully hacked at least once. Seeing four successful exploits in a single year is still a surprise.
Experts point to Firefox’s lack of a sandbox for its primary security shortcomings. A sandbox is a way of segregating one application from the rest of the system. This way, a successful exploit on the application doesn’t make the rest of your system vulnerable. Chrome, Safari and Internet Explorer, since version 9, all have implemented sandboxes. Firefox still does not use one, which allows attackers to exploit the browser to gain access to other applications and functions of a user’s computer.
All of the exploits discovered during the three day hackfest are reported to the browser manufacturer so they can be patched. Even so, it’s important to remember that no browser offers you perfect security. All have vulnerabilities that can be exploited if you aren’t careful or don’t have the correct security infrastructure in place.
If you’ve been the victim of an attack of would like to explore better security options, call Geek Rescue at 918-369-4335.
March 14th, 2014
Once each month, Microsoft releases a batch of patches to close security vulnerabilities and fix bug and compatibility issues in their products. Last month, just days after the monthly patch release, an exploit was discovered and publicized for Internet Explorer 10. That exploit stayed vulnerable until this week when March’s patch release included a fix. This situation, as Antone Gonsalves of Network World points out, reveals the flaws in the current patching schedule for Microsoft and many other software manufacturers.
Not only was a known exploit unpatched for weeks, but that exploit was also made public. That means those with the means and motivation to attack unprotected users knew exactly how and where to strike.
After a few days, Microsoft did release a temporary solution in their “Fix It” tool. Unfortunately, very few users know how to access that tool, which leads to low numbers of installations. So, while a temporary fix was available, it was neither widely publicized or used.
The other option for overcoming this particular vulnerability was to upgrade from IE 10 to IE 11. For most individual users, this was a viable solution. However, for enterprise level users, changing web browsers company-wide often takes more time and planning.
Meanwhile, attackers struck multiple websites in multiple countries on multiple continents.
Despite this specific shortcoming in the patch schedule, Microsoft is actually ahead of many other software companies in this regard. For example, while Microsoft routinely releases new patches and updates once per month, Oracle releases updates quarterly and Cisco releases updates only twice per year.
The best solution suggested so far is to remove Internet Explorer from this monthly patching schedule. While it’s more than enough to update most applications once per month, IE faces a high number of attempted attacks and exploits each day. It’s much more likely that a critical vulnerability will be found and immediately exploited in IE than other applications. Even with a faster patch release, however, some IT departments might struggle to stay up to date and fully patched.
For those companies affected by unpatched vulnerabilities, there are some ways to better protect yourselves while you wait for the application manufacturer. Segmenting network assets, limiting user permissions and using application whitelisting are all ways to significantly improve security and lower the chances of a devastating and costly attack.
For help implementing an improved security infrastructure, call Geek Rescue at 918-369-4335.
March 10th, 2014
A common piece of security advice is to regularly update your antivirus program to protect against the latest threats. New malware is formed every day and it’s difficult for security applications to keep up, but it’s impossible if they aren’t updated daily. Alastair Stevenson illustrates the need for up to date definitions with his report at V3 that three new threats emerge every second of every day.
That statistic comes from security company McAfee’s Threat Report from the fourth quarter of 2013. Part of that report reveals that McAfee learned of 200 new attacks every minute, which likely means that the number of new attacks being launched is actually even higher.
Overall, in just the fourth quarter in 2013, 200-million malware variants were found by McAfee. That’s 90-million more than was found during the same time span in 2012. Experts believe one reason for this significant increase in malware production is the increase in “Point of Sale” malware, which refers to variants that are available to be purchased online by anyone and used without a need for expertise. This allows nearly anyone to launch an attack.
Malware isn’t targeting PC users alone, however. The report states that nearly 2.5-million new forms of malware targeting Android mobile devices was collected. That’s significantly lower than the amount of malware targeting PC users, but it’s nearly double the output of mobile malware from just a year prior.
Ransomware, the malware that encrypts or locks down files on your PC and demands payment to give you access to them, also saw a large jump in number of attacks in 2013. After 1-million observed forms of ransomware attacks in 2012, 2013 saw about 2-million.
The clear lesson here is that security on your personal devices and your company’s network is becoming even more important as more attacks are being produced and those attacks are becoming more intelligent.
For help improving security or help recovering from an infection or attack, call Geek Rescue at 918-369-4335.
March 10th, 2014
Recently, Apple has been making headlines for the wrong reasons. Multiple security flaws have been reported that affect users of both iPhones and iPads and Macs. While in the past, a lower number of targeted attacks made Apple’s operating systems safer environments than Microsoft’s Windows these reports suggest that Apple doesn’t necessarily have a more secure operating system. At Network World, Bob Violino takes a closer look at OS X, the operating system used on Macs, to expose the potential security flaws within.
How often an operating system is patched and updated often makes the difference in keeping attacks at bay. Unfortunately for Apple device users, support is usually only given to the current operating system and the previous version. This leaves a number of users with older machines in the lurch. Currently, users of OS X Snow Leopard from 2009 are already missing out on some updates and the critical security patches they are given access to come slowly. This is in contrast to Windows users who typically enjoy support for much longer. Windows is ending support for XP users this April after nearly 13 years.
Many users aren’t certain about how to properly secure their computer. Even more advanced users may not be aware of points where they are most vulnerable. To help users protect themselves, security configuration guides from the manufacturer are extremely helpful. Unfortunately, no recent version of OS X has been provided with a configuration guide from Apple. This leaves users in the dark about proper security and leads to many believing they’re more secure than they actually are.
As mentioned in the first section, updates are key in protecting users from attacks. Apple has been slow to update OS X, however, especially concerning its open source components. Slow updates mean that users could be vulnerable to a known exploit. Even if it doesn’t affect security, compatibility and other issues aren’t being fixed in a timely manner.
- Easy To By-Pass Passwords
OS X includes a feature that’s designed to make working with your Mac more convenient. Any attached disk that includes an installed version of OS X can be used to boot the machine. Unfortunately, this allows someone to by-pass the password required to log-in on your machine by booting from an attached disk. This only comes into play if your laptop or computer are stolen, but it still a concern.
This isn’t a exhaustive list of potential security issues with OS X, but it illustrates that there’s additional security required for most users.
If you’re having problems with your Mac, bring it to Geek Rescue for a fix. If you’d like to explore security options to protect yourself from future attacks, call us at 918-369-4335.
March 7th, 2014
A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.
CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.
Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.
It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.
With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.
Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.
The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.
If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.