Published January 07, 2013
**ATTENTION**: If you are a current New River Computing client covered under our RMM Service Plan, you need not worry about this vulnerability. We have automatically deployed the fix to your computers.
Recently, there has been an Internet Explorer (zero-day) remote code execution vulnerability found being exploited in the wild which affects IE 8, as well as IE 6 & 7. Current exploitation is limited but it’s almost certain that a reliable exploit will soon find its way into at least one (if not all) of the many popular exploit kits being used by online criminals.
Microsoft Security Advisory (2794220 )
IE 9 & 10 are not vulnerable, so Windows 7 and 8 users are safe. However, users of the old (and almost obsolete) operating system Windows XP, need to take action since IE 9 & 10 are not supported. If you’re still using XP, it would be wise to install an additional browser such as Mozilla Firefox or Google Chrome. But, if that isn’t an option, Microsoft has a Fix it tool available.
For more details, head on over to Microsoft’s Security Research & Defense blog: Microsoft “Fix it” available for Internet Explorer 6, 7, and 8 . Hopefully this vulnerability will be patched tomorrow (January 8th) during Microsoft’s regularly scheduled update cycle.
Published January 07, 2013
Rogue security software, also known as fake antivirus software or “scareware”, has been one of the most popular methods used by online criminals in recent years to fool computer users into installing malware and/or divulge confidential information. Rogue AV software typically mimics the general look and feel of legitimate security software programs. Once installed on a person’s machine, it will claim to detect a large number of nonexistent threats while advising users to pay for the “full version” of the software to remove the threats.
Some versions unlawfully use looks, colors, trademarks and icons of well-known AV software companies (Symantec, AVG, Microsoft Security Essentials, Kaspersky and McAfee are just a few examples) to help sucker users into downloading, installing, and ultimately “purchasing” the bogus software. Part of the reason that rogue security programs continue to be successful is that they are very convincing. Microsoft reports that over 4,173,491 United States users were infected with some variant of Rogue AV during the 1st and 2nd quarter of 2012.
Do you think you could tell the difference between a real security program and a rogue security program if it popped up on your computer screen? If you are up for it, take the Microsoft Malware Protection Center’s “Real Vs. Rogue” challenge by clicking here.
Microsoft also has a fantastic series of Security, privacy, and online safety how-to videos that that are perfect for educating computer users on common threats found on the Internet today.
Thanks to Tim Rains for originally sharing this information on the Microsoft TechNet blog.
Published December 18, 2012
Over 1 million customers are at risk of identity theft after online-criminals broke into servers belonging to Nationwide and Allied insurance companies. Victims include current policyholders and those who sought insurance quotes.
The breach took place Oct. 3 and was discovered the same day. Nationwide immediately contacted authorities, but waited to inform their customers directly. “Although we are not aware of any misuse of consumers’ information at this time, we have sent letters to notify those individuals whose personal information we believe was compromised, as well as certain additional individuals whose information was or may have been involved, but whom we do not believe had information compromised in the attack,” the company said in a recent statement.
“Personally identifiable information” includes names and Social Security numbers, driver’s license numbers and/or dates of birth. It also may include marital status, gender, occupations and the name and address of an employer. So far, Nationwide maintains the position that no other sensitive data – such as medical information or credit card numbers–have been compromised.
An outside security expert was brought in to analyze the data breach and determine who needed to be notified their personal information had been compromised. The Washington Postand other news outlets say the number of notifications is at 1.1 million.
The company is offering a years’ worth of free credit monitoring and up to $1 million in ID theft protection for victims.
Current/former customers and anyone else who has recently requested an insurance quote from either of the two insurers should carefully check bank and credit card statements for any unusual activity. As a former Nationwide customer (until recently), I know I will be keeping a lookout.
Published December 17, 2012
Here’s a great info-graphic from the security researchers at F-Secure that explains how cyber-criminals steal money from bank accounts.
The original post can be found here.
Published December 02, 2012
Researchers at the independent anti-virus testing firm AV-TEST released their latest batch of tests in which they report Microsoft Security Essentials was only able to detect 64% of zero-day threats when running in Windows 7.
Due to the pitifully low score, MSE failed to receive the AV-TEST Institute’s seal of approval, a certification granted to products that meet 11 of 18 assessment criteria. Those criteria consider the effectiveness of software at detecting and blocking threats, repairing infected systems and overall usability including “average slowing down of the computer when the software is used on a daily basis, false positives during a system scan and the display of false warnings or the blocking of certain actions during the installation and during the use of known good software.”
During the month of October, AV-TEST rated Security Essentials versions 4.0 and 4.1 at just 1.5 out of 6 in terms of its PC protection, thanks largely to the 64% zero-day detection rate that’s well below the industry average of 89%. MSE is the only product of 24 for Windows 7 that has not received the AV-TEST certification. Six other AV products also did not receive the certification for Windows Vistaor for Windows XP. Anti-virus software for Windows 8 has yet to be tested and Microsoft is absent from AV-TEST’s list of vendors thanks to the new OS’ integrated protection software.
FYI, Microsoft Security Essentials has lost AV-TEST’s seal before, with its test failing to meet the lab’s standards. The AV-TEST Institute conducts tests on a bi-monthly basis and usually finds that Microsoft Security Essentials consistently struggles to perform well in its malware detection and blocking tests.
Final thoughts:
Free antivirus software usually provides only a bare minimum level of protection.
If you currently use MSE (or another free product) and are having trouble keeping your machines clean, it might be time to invest in a more robust and complete anti-virus software solution.