Security

  1. home
  2. blog
  3. Security

SECURITY UPDATE: Adobe Updates for Flash Player – Multiple Vulnerabilities

FlashPlayLogo

Original release date: February 13, 2013 –

 “Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected systems.” (CERT)


As a review, Denial of Service or (DoS) is a brute force attack that can stop a machine or network service making it unavailable to the user.   It does this by overloading the machine or service with too many requests at once.

Advice:

Go to the Adobe Flash Download Center and make sure your system is updated.  Chrome users should see the following message:

Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

If you wish to manually trigger Chrome to update, go to the 3 bar icon on your Chrome browser in the upper right hand corner.  Click and pull down the menu. Click on “About Google Chrome”.  It should immediately begin checking for updates.   If you wish to check to make sure the update is installed, type the following in the location bar of your Chrome browser:   chrome://plugins/    and check to see that the version numbers of the Flash player match to the update.

Relevant URL(s):
<https://www.adobe.com/support/security/bulletins/apsb13-05.html>

February 16, 2013 Melanie , , No comments
MelanieSECURITY UPDATE: Adobe Updates for Flash Player – Multiple Vulnerabilities
read more

Android Users: Malware Issue and Security Update Notice for Wireless Carriers

Android Users: Malware Issue and Security Update Notice for Wireless Carriers

Android-hackedAndroid Users: Malware Issue

There’s a  new type of malware that can infect your computer when you connect your smartphone or tablet to your computer and then install a backdoor on your computer.

The suspected malware are Clean and DroidCleaner found in Google Play android market. These two are actually the same application.  They are just released under two different names.

These applications are apparently disguised as a tool to clean memory for the Android operating system, but after installing and running it, it displays a list of all running  processes and then restarts the device. Later, in the background, the app downloads three files:

  • autorun.inf,
  • folder.ico,
  • and svchosts.exe onto your phone.

Advice:

Currently, Google’s malware detection only targets about 15% of attacks.  Android 4.2  allows a user to access malware protection under ‘Quick settings’.  To access, ‘Quick settings’ can be accessed by swiping down from the top of the screen with two fingers, rather than the one-finger swipe used to access notifications. You can also use the settings button that located at the top of the notification drop-down menu.  You can access a malware scanner for the platform that screens “sideloaded” apps — meaning software not downloaded from Google Play — for any mischievous code.  As noted above, though, both of these apps mentioned above are found on the Google Play market.  So Buyer Beware!

android-logoAndroid Security Update Notice for Wireless Carriers

Android users may have noticed that they are not getting their regular security update notifications as they should leaving them and those they connect with open to exploit and risk.   The following explains why:

Activist Chris Soghoian, who has  targeted zero-day brokers in the past with his work, has focused his attention on wireless carriers and their reluctance to provide regular device updates for Android mobile devices.

Read more

Advice:

Make sure you check this link frequently, about once every 2 days.   Bottom line:  Google Android does not have the protection against malware that it should.  Keeping  up to date with security warnings is your best defense.

February 16, 2013 Melanie , , No comments
MelanieAndroid Users: Malware Issue and Security Update Notice for Wireless Carriers
read more

Ransomware Locks Computers, Demands Payment

There’s been a nasty virus that’s come into to town and the FBI wants you to be aware of it.

The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011.

What’s so bad about this new virus?

Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.

I came across news of it today through one of my organizations, ChurchIT Roundatable (which seems to verify that is is indeed spreading according to FBI’s partner site IC3’s Donna Gregory) ,  from a member posting that one of his clients now had a compromised laptop as a result.  Nice, right.  So I decided to do some investigation of my own.

If you search Google for “FBI virus“, you’ll get the FBI site right up there at the top.  In fact, the quotes above come from them.  Later on the page, there are a various tech forum posts and a YouTube describing how you can remove this virus. MacAfee is one of the leaders – which makes me wonder just how good a security system they produce.  But it seems this one can get through MSSE, too.  And if you are interested in the nuts and bolts of how this works,  here’s as good as explanation as to how that can happen with malware.  The botton line: If you don’t keep up with all your security updates, there’s going to be an exploitable hole somewhere in some layer no matter how good a system you have.  Nothing is 100%!  So to recap: this thing is bad because 1) it can get through even if you have a security system running and 2) Its spreading – you can pick it up off

But Hey! What About Google Chrome’s Phishing and Malware Protection feature?

There are some things you can do to protect yourself.  First off, make sure the security features are turned on in your browser.

If you are running IE8 or IE 9, follow these steps:

  1. Make sure you have your SmartScreenFilter turned on.
  2. IE8 users will find this, under the Safety menu, IE9 users will fine it under Tools menu.

If you are surfing with Google Chrome follow these steps:

  1. Open Google Chrome
  2. Click on the Wrench icon located on top right corner of the browser.
  3. Select Settings from the drop-down list.
  4. Click on Under the Hood from the left panel.
  5. Mark the Enable phishing and malware protection under Privacy settings.

If you are running FireFox follow these steps:

  1. Open FireFox
  2. Click on Tools >> Options>> Security
  3. Make sure the following are checked:
    • Warn me when sites try to install add-ons
    • Block reported attack sites
    • Block reported web forgeries

So what can you do if you are infected?

The IC3 or The Internet  Crime Complaint Center recommends the following:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.
  • If you want to attempt removal yourself, see the links above but be aware there may be a cost involved or that you may not know for sure that you are completely clean.

Source: FBI – New Internet Scam

September 18, 2012 Melanie , No comments
MelanieRansomware Locks Computers, Demands Payment
read more