Computer News & Safety tips  – Harry Waldron MVP Rotating Header Image

Black Friday – Six real-World phishing attacks for 2017

This slide show provides good security awareness to avoid social engineering tactics, phishing, and malware during 2017 Black Friday & Cyber Monday sales ahead

http://www.darkreading.com/mobile/6-real-black-friday-phishing-lures/d/d-id/1330468

As the mega-shopping day approaches, here’s a look at six examples of phishing attacks – and ways to avoid taking the bait.

1. Ray-Ban 80% Discount Sale (too good to be true)
2. Neuberger Berman Gift Card Perk (free gift cards when “fill out form”)
3. Free Apple iPhone 6 (too good to be true)
4. Americanas 60% Laptop Sale (off-brand model used to lure for detailed info)
5. Free Preloaded Amazon Gift Card (fake Amazon web site used)
6. Michael Kors 80% Handbag Sale (too good to be true)

Windows 10 – Four DVD player product reviews NOV-2017

This PC Magazine review shares four DVD player software products for Windows 10 (and some work with earlier versions of Windows as well)

https://www.pcmag.com/news/355889/how-to-play-dvds-in-windows-10

Unfortunately, if you pop a DVD into your Windows 10 computer, you’ll run into some trouble because Windows 10 Media Player doesn’t support DVDs. Microsoft offers a Windows DVD Player app, but it costs $15. A better option lies with free, third-party programs. Products like VLC Media Player, 5KPlayer, and Daum’s Pot Player can play your DVDs with little muss or fuss. Let’s look at Microsoft’s DVD Player app as well as these free products.

Microsoft’s Windows DVD Player — The Windows DVD Player app sold by Microsoft is a barebones affair. To buy the program, click on the Windows Store icon on the taskbar and search for “Windows DVD player.” You’ll notice from the many reviews that this software doesn’t get high marks, often from folks unhappy about spending $15 for an app they believe should be free.

VLC Media Player — A solid DVD player is VLC Media Player developed by VideoLAN. This skillful program can play music and videos stored on your PC or home network, as well as DVDs, CDs, and Blu-ray discs. VLC Media Player is free, though you can always donate some funds to its development.

5KPlayer — Served up by an outfit named DearMob, 5KPlayer can play high-def videos, DVDs, and even online radio stations. A built-in Apple AirPlay feature lets you stream audio and video from your iPhone. And you can snag videos from YouTube and other streaming services.

Daum’s Pot Player — A multimedia program from the folks at Daum, Pot Player can handle video, audio, DVDs, and Blu-rays, among other formats. The software even supports certain types of 3D glasses so you can immerse yourself in 3D videos.

Windows – US-CERT advisory for WIN8 and WIN10 ASLR vulnerability

A new CERT advisory has been issued for an ASLR vulnerability, in Windows 8 and 10.  There is an issue there ASLR may not randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

http://www.kb.cert.org/vuls/id/817544

https://www.us-cert.gov/ncas/current-activity/2017/11/20/Windows-ASLR-Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.  US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

Windows 10 – Networking and security tips NOV-2017

ZDNet’s senior author Ed Bott shares some key & valuable tips for Windows 10 networking and security as follows:

http://www.zdnet.com/article/windows-10-networking-and-security-tips/

On Windows 10 PCs, connecting to a network is normally as simple as plugging in a network cable or entering a passphrase at a Wi-Fi prompt. The networking tips in this category cover administrative tasks, such as weeding out saved Wi-Fi credentials and looking up your IP address, as well as occasional troubleshooting demands.

Unfortunately, in a world where connectivity is easy and fast, there’s also a constant need to keep cybercriminals from taking advantage of those always-on connections. As recent attacks have demonstrated, even experienced PC users can be a victim of malware, and less technical users are even more likely to install unwanted software or click a bad link.

The tips in this category also cover two of the most important parts of any security program: Encrypting data, especially on removable devices, and creating robust backups so you can recover quickly in the event of a security incident or a hardware crash.

  1. Keep unwanted software off PCs you support2.
  2. Stop using the horribly insecure SMBv1 protocol
  3. Solve network problems with a one-click reset
  4. Create a full image backup using this hidden tool
  5. How to enable the built-in Administrator account (and why you shouldn’t)
  6. Protect removable storage devices with BitLocker encryption

Android 8.0 – Five new features of Oreo release

PC World shares five new features for Android 8.0 Oreo that Google is piloting on their devices like Pixel

https://www.pcworld.com/article/3235178/android/five-hidden-features-of-android-8-0-oreo-you-should-be-using.html

Google is pushing Android 8.0 Oreo to Nexus and Pixel devices as device makers scramble to get their phones updated. Google’s devices will be the only ones running the new software, at least for a while. What’s this Oreo update all about, anyway? Everyone knows about the big stuff, like picture-in-picture and autofill apps, but a lot more is going on if you dig deeper. Here are five awesome hidden Oreo features to get you started.

1. Widgets via app shortcuts — Google has changed the location and appearance of the home screen widget picker several times, and Oreo brings yet another alteration. This one might make using widgets much easier, though. All of an app’s widgets are accessible with a long-press on the app icon.

2. Enforce background limits of applications — Android 8.0 comes with a new raft of tweaks to background processes that prevents apps from bleeding your battery dry.

3. Snooze notifications — In Android 8.0 Oreo, you can snooze notifications until later

4. Granular control over sideloading applications — In past versions of Android, the “unknown sources” permission was all or nothing. Either every app on your phone could install apps as sideloaded APKs, or none of them could. Android 8.0 changes that to make sideloading a per-app setting. It’s safer, sure, but it’s also a bit of a pain to manage.

5. Customize Notifications — Oreo includes several changes to notifications, including notification dots and notification channels. If you want to filter out some of the noise, both these features include some handy customization options.

Ransomware – New Magniber variants impacting South Korean users

The new Magniber ransomeware family is targeting South Korea. However, it appears to only being targeting a Korean language version of Windows at this point. Still all new variants & further developments should be closely watched.  This appears to be a possible replacement for the Cerber family in the future.

http://blog.trendmicro.com/trendlabs-security-intelligence/magnitude-exploit-kit-now-targeting-korea-with-magniber-ransomware/

A new ransomware is being distributed by the Magnitude exploit kit: Magniber (detected by Trend Micro as RANSOM_MAGNIBER.A and TROJ.Win32.TRX.XXPE002FF019), which we found targeting South Korea via malvertisements on attacker-owned domains/sites. The development in Magnitude’s activity is notable not only because it eschewed Cerber—its usual ransomware payload—in favor of Magniber. Magnitude now also appears to have become an exploit kit expressly targeting South Korean end users.

Mozilla – Firefox 57 Quantum version improves performance

Mozilla introduces Firefox version 57 designed to improve performance.  They have branded this as the “Quantum version” as it is about 2X faster than one year ago.

https://www.mozilla.org/en-US/firefox/57.0/whatsnew/

The new Firefox. Fast for good. Today we’re thrilled to introduce you to our brand new browser — Firefox Quantum.  What you’ll notice first is that the new Firefox is blazing fast. In fact, you’ll enjoy speeds up to twice as fast as a year ago. It’s also more powerful. We’ve rebuilt Firefox from the ground up to focus on how you use the Web today to watch, listen, create and play without limits. We’re excited to deliver a browser that feels completely different — modern, quick and efficient. We think you’ll agree: It’s a quantum leap forward in how you’ll experience the Internet.

Google Chrome – versions 64 and 65 feature ad re-direct blocking

Improved ad blocking controls for Google Chrome versions 64 and 65 will tackle the more complex re-directed approach as shared below

https://www.pcmag.com/news/357265/googles-chrome-browser-to-stamp-out-sneakier-pop-up-ads

https://blog.chromium.org/2017/11/expanding-user-protections-on-web.html

An upcoming version of Google’s Chrome browser will stamp out surprise ads that activate when a website you’re visiting unexpectedly navigates you to a new page.  Chrome already blocks pop-up ads, but sneaky developers have managed to bypass these protections. They can do so by secretly embedding some code into a website that’ll trigger a redirect to a new destination

Chrome version 64 will prevent the redirects, keeping the user on the page they were reading. When encountered, the browser itself will show an info bar, stating “Success! The navigation was blocked.”  The next version of Chrome, 65, will tackle another form of pop-up ad that appears when users click a link. The link itself will open a new tab to the correct destination. However, the original browser window will navigate to an unwanted page.

Apple – Wireless WPA2 KRACK Vulnerability patched in iOS 11.1

The Apple iOS 11.1 update provides a key patch for the new wireless WPA2 KRACK Vulnerability as noted below:

https://threatpost.com/apple-patches-krack-vulnerability-in-ios-11-1/128707/

Apple has patched iOS, macOS and other products to protect against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol. KRACK, short for key re-installation attack, allows an attacker within range of a victim’s Wi-Fi network to read encrypted traffic with varying degrees of difficulty.

Many vendors had patched KRACK in their respective products prior to the Oct. 16 public disclosure. Researcher Mathy Vanhoef of Belgium found and privately disclosed to numerous organizations starting in July and helped coordinate disclosure.

Apple was among the holdouts to repair its offerings until today; the update is part of iOS 11.1 and includes patches for 13 bugs in Webkit, and other fixes in the kernel, iMessages, and elsewhere. Apple also patched KRACK in macOS High Sierra, Sierra and El Capitan, all of which were updated today, as well as in tvOS and watchOS

Given that KRACK is a protocol-level bug, it had many experts on edge in its early days. Since then, some of the anxiety has eased given the varying degrees of ease of exploit and conditions that must be in place for an attack to be successful.

WordPress – Version 4.8.3 Patches critical SQL Injection Bug

As shared below, blog and web site administrators should install the latest version of Word Press which provides safeguards against a critical SQL Injection Bug

https://threatpost.com/wordpress-delivers-second-patch-for-sql-injection-bug/128723/

WordPress 4.8.3 Security Release

A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover.  WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately,” according to WordPress. The vulnerability is not tied to the WordPress Core, rather plugins and themes that could be used to trigger a SQL injection attack, WordPress said.

“Worst case would be remote code execution where they could take over installs of WordPress and the servers they are running on,” said Anthony Ferrara, the researcher who identified the flawed WordPress 4.8.2 patch.  The roots of the SQL injection date back to a vulnerability (CVE-2017-14723) first reported on Sept. 17, 2017. WordPress then attempted to mitigate the vulnerability with WordPress 4.8.2. That patch did not fix the issue, worsened the underlying security vulnerability and “broke” a large undisclosed number of third-party WordPress plugins.