Computer News & Safety – Harry Waldron Rotating Header Image

October 31st, 2013:

Malware – Ploutus ATM malware

 Symantec shares an overview of Ploutus ATM malware currently found in Mexico and may be spreading to other areas

QUOTE; A malicious software program found in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec. Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified. In contrast to most malware, Ploutus is installed the old-fashioned way: by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier. On September 4, 2013, we were the first to discover and add detections for a new malware targeting ATMs named Backdoor.Ploutus, as reported by our Rapid Release Definitions. Recently, we identified a new variant of this threat and realized that it has been improved and translated into English, suggesting that the ATM software is now being used in other countries



Business Systems – New Architecture emerges for future

From business perspective, many changes noted in insurance sector are occuring in other professions

QUOTE: As insurance shifts from being a risk product to a consumer product that is more usage-based, there will be dramatic changes in the way insurance is bought, sold and distributed.   The shifts in business models will dramatically change the way insurance is bought, sold and distributed. The historical strength and pride of every insurer has been agency. The future consumer will want experience, ease and choice. The old model of distribution based on trust, relationships — the agency — will face extinction and will move to a more experienced, choice-based, real-time distribution model via Facebook, Amazon, eBay and many other channels. Insurance will no longer be an annuity product or even a term-based. It will be a choice and usage based.

Consumerization will force the death of fixed-cost in insurance companies. Just as their customers are demanding of them, insurance companies will demand variable cost and “pay as you go” models from their suppliers of technology. Large change programs will be replaced by small agile based many projects. Software licensing will be replaced by utility.   The insurance industry will demand a new, fresh approach to talent building.   It won’t be too long until there will be a green field virtual insurance company which will completely disrupt the way insurance is bought and sold. Underwriting will be on the spot, policies will be simple, customer behavior will be analyzed to petabyte and claims will be handled in real-time with customer interaction at its finest.

Mobile Security – 2013 study on top user concerns

Key mobile phone user concerns were recently assessed and they center around security

QUOTE: It’s easy to see we’re attached to our devices. Of those surveyed, 63 percent of users said they’d be upset if they left the house without their phones. Without phones, 29 percent of users would miss texting the most followed by calling with 26 percent and email with nine percent. Not to say this saturation is a bad thing, it’s just the world we’re living in now.

However, this new world has new rules for keeping vulnerable, personal information safe and not all users are following them. 18 percent of those surveyed store password information on their phones while 26 percent remain uninformed of the risks of clicking strange links and downloads. Nearly half of all users still don’t bother using a passcode at all, one of the simplest security measures. Bad habits can be hard to notice and harder to break. But, if users are really worried about privacy and don’t know what to do, being cautious and paying attention to their mobile activity is a good place to start.

Aside from the serious potential risks that come with stolen data, one out of three users under 30 said they’d just be embarrassed if their information was exposed. That’s not surprising considering how much of ourselves we can now put on the internet, and how much of it is apparently ripe for the taking. “Smartphones have become our most personal computers and in many cases know more about us than our best friends,” said diVittorio. Users are worried about losing personal info (42 percent), bank info (33 percent), contacts (29 percent) and texts (23 percent).

Facebook – Fake Social Empires gaming scam in circulation

Bitdefender warns regarding a fake scam pretending to be associated with FB Social Empires game

QUOTE:  Facebook games have amassed huge audiences with their broad, social appeal. However, among these expanding user bases are some more casual players who aren’t necessarily the world’s most tech-savvy people. Case in point, 135,000 players of the popular Facebook strategy game Social Empires have recently been scammed through a fake cheat according to Bitdefender’s Hot for Security blog.   Like many in Facebook games, the economy of Social Empires, from Spanish developer Social Point, works by making its over six million monthly users wait or pay real money for the resources needed to proceed. The purposefully frustrating yet addicting mechanic controls the pace of play keeping players locked into the system. Knowing this, the scam entices players by offering maxed out food, gold, wood, stone and cash reserves. All they have to do is Like and spread the page by sharing it on other Facebook walls. It sounds like a steal, but the real theft is happening to the user.

SPAM – USA top nation sending in 2013

Sophos shares recent detailed study on SPAM

QUOTE:  Prepare yourself for the results of the latest Spampionship. SophosLabs conducted a study calculating the “Dirty Dozen” spam sending countries.  United States, Belarus, and India take the leading three spots on the “Dirty Dozen” list for countries that send the most amount of spam; consistent with what SophosLabs has seen this past year. Countries on this list aren’t necessarily spammers, but they are spam senders. Spam senders and spammers are two different things.  Spammers usually don’t send their own spam in bulk because it makes them easy to identify. Out of the ten million unwanted emails they attempt to send, one million could get sent before either recipients or data centers start resisting. At this point, spammers are blocked from using the servers and sending the remaining emails.

Trend – Halloween infographic theme on Malware

Trend has published a creative theme that documents the dangers of malware

QUOTE: Happy Halloween! Ready for a really good scare? Check out our latest infographic titled “The Scariest Cyber Security Threats.” Our clever team of researchers have created this creepy artwork by comparing the traditional frightening Halloween characters with their associated cyber threats.  For example, vampires compare quite well to online banking Trojans that “suck cash out of your accounts.” Zombies in the “reel world” of Hollywood Halloween movies were the role models for hackers who created their own zombies—“mindless creatures that are controlled by botmasters who make them do their [nefarious] bidding.”  Ghosts” represent targeted attacks that are designed to be neither seen nor heard. Our research indicates that for this type of attack, the average time from initial breach to detection has increased dramatically over the past couple of years.

WordPress 3.7 – Introduces automated server based updating

EWeek shares the new automated Server based updating found in WordPress 3.7

QUOTE: A new version of the open-source WordPress content management and blogging platform, Version 3.7, has been officially released, providing users with improved stability and security. The impact of the new WordPress platform on the Web as a whole is nontrivial, as WordPress currently is the technology behind some 72 million Websites.

One of the biggest changes in the WordPress 3.7 release is the much anticipated introduction of background updates. Until the 3.7 release, WordPress users needed to manually click the update button inside WordPress or download a new release to update an installation for security fixes. It’s a situation that could well have left countless millions of sites with older versions of WordPress, which could potentially be exploited by attackers.

However, the new background updater in Version 3.7 can now automatically update WordPress installations for maintenance and security. Introducing automatic updates for a server-side technology like WordPress, however, could be riskier as it could potentially also impact the myriad plug-ins or underlying technology that the site is running on

Windows 8.1 – Ten improvements in October 18th release

EWeek highlights 10 improvements found in Windows 8.1, including security

QUOTE:  Windows 8.1 promises to strike a proper balance between Microsoft’s vision for the future of its operating system and the average user’s view on what features it needs to make the OS as effective for their needs as possible. While Windows 8.1 is an improvement over Windows 8, it’s an admission that the software company might have misjudged what users would find acceptable in the latest edition of Windows. This is not unfamiliar territory for Microsoft. When the company launched Windows Vista, users were displeased with its redesign of the user interface. But Windows 7 fixed that, and Microsoft moved on. Now, after Microsoft’s mistakes with Windows 8, company officials hope improvements in Windows 8.1 will put the OS in users’ good graces. This slide show looks at the improvements in Windows 8.1 that Microsoft hopes will placate alienated users

It Includes Better Security Features.   Overall, it’s hard to not be happy with the improvements Microsoft made to Windows 8.1’s security. The company has updated Windows Defender to provide improved antivirus and anti-spyware protection. It also has finally delivered device encryption across its entire software line, not just its mobile platforms. Windows 8.1 will even work with enhanced biometrics—a feature that enterprise buyers eagerly desire