8 total posts
YOU are the computer security problem!
Graham Cluley wrote in his above titled blog post yesterday .......
Today law enforcement agencies warned the public about the Dridex malware that has been targeting customer of online banks for the last year or so.
Interestingly, Dridex doesn't rely upon any vulnerabilities or sneaky shortcuts in its quest to infect your Windows PC. Instead, the malicious hackers spam out their attacks as email attachments using social engineering lures to trick potential victims into opening, say, a poisoned Word document and enabling macros to allow the malicious code to run.
In other words, you allowed your computer to become infected by Dridex by opening an unsolicited email attachment, and then perhaps gave its malicious macro to run.
How are you going to "patch the bug in your brain" that so many internet attacks rely upon?
The post and his VIDEO response can be found here:
Researchers Find 85 Percent of Android Devices Insecure
Roughly 85 percent of Android devices been exposed to one of 13 critical vulnerabilities that plague the operating system – and because of a chronic failure by carriers to issue patches, many linger without getting fixed for far too long, researchers said.
Especially in the wake of Stagefright, the disparity between how carriers apply Android patches has been well documented – some devices remain vulnerable for months, others years. Now researchers are assigning numbers to each company to identify just who’s better protecting users, in hopes that it serves as an incentive for them to deliver more prompt fixes.
Continued : https://threatpost.com/researchers-find-85-percent-of-android-devices-insecure/115030/
Windows 10 upgrade installing automatically on some ..
.. Windows 7, 8 systems
"Microsoft says that the optional update was enabled by mistake."
For the first year of its availability, Windows 10 is available for free to most Windows 7 and 8 users, and Microsoft has been trying to coax those users to make the switch by delivering the operating system through Windows Update. Until now, the OS has been delivered as an optional update; while Windows Update gives it prominent positioning, it shouldn't be installed automatically.
This system has already generated some complaints, as Windows Update will download the sizeable operating system installer even if you don't intend to upgrade any time soon, but, over the last couple of days, the situation seems to have become a little more aggressive. We've received a number of reports that people's systems are not merely downloading the installer but actually starting it up. [Screenshot]
Continued : http://arstechnica.com/information-technology/2015/10/windows-10-upgrade-installing-automatically-on-some-windows-7-8-systems/
Phishing sites exploit trust in valid SSL certificates
"Cyber criminals are taking advantage of cheap, low-cost options to grab valid SSL certificates for phishing sites"
Certificate authorities aren’t scrutinizing who gets their SSL certificates, and now a large number of phishing sites have legitimate certificates, said Netcraft, a United Kingdom-based Internet security and research company.
SSL certificates rely on trust. Website operators deploy SSL on their sites so that the data transferred between the Web browser and the server are sent over a secure connection. Certificate authorities issue SSL certificates to show the holder is a legitimate owner of the site. Web browsers typically display a padlock sign to indicate the site has a valid certificate.
Continued : http://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html
Google Patches Chrome, Changes Mixed Content Warnings
Google has made some changes to the way it presents browser warnings in Chrome.
Starting with Chrome 46, don’t expect to see the yellow warning icon on HTTPS pages with minor errors. Google announced on Tuesday that it would start marking those pages with the neutral icon it uses on unencrypted HTTPS pages; the change, it said, will affect HTTPS pages with mixed content.
“Site operators face a dilemma: Switching an HTTP site to HTTPS can initially result in mixed content, which is undesirable in the long term but important for debugging the migration. During this process the site may not be fully secured, but it will usually not be less secure than before,” Lucas Garron and Chris Palmer of the Chrome security team wrote in a blog post yesterday.