Watch Out For HawkEye

hawkeyeWe haven’t seen macro viruses for a while, but they are back. HawkEye a new variant of the resurgent use of unpatched vulnerabilities in Microsoft Word and other office documents.   Using macros, written in Visual Basic, attackers are using Word document attachments to run code on victim computers.

Last week we wrote about the Locky ransomware exploit that encrypts your data ...

Continue Reading →
0

Why The Government Can’t Be Trusted with Back Doors

backdoorHow would you feel if, in order to gain access to a known terrorist’s house, the government passed a law that required every lock manufacturer to create a master key that would unlock every locked door anywhere?  What if the police promised that they would only use the key on the one house?  What if they promised to keep the key safe and secure so it could never get into the hands ...

Continue Reading →
0

Perils From The Edge – Insecure Routers

juniper-networksAt the end of December last year Juniper Networks discovered that some malicious actors had added code to the firmware and software that run their routers, creating a back door that would allow attackers to access the router remotely, assume administrator privileges, and view and decrypt VPN traffic running through the routers.  As the story unfolded, it turns out that Juniper was using a random number generator from NIST, and that the Continue Reading →

0

Can Your Hospital Be Hacked?

RxQuick answer:  Yes it can!  A recent article in Bloomberg goes deeply into this subject, and reveals the experiences of a white hat hacker named Billy Rios.  Billy and many others in the profession had been hired by the Mayo Clinic in Rochester Minnesota in 2013 to try to hack all the medical devices in the hospital that were connected to the network.  These ...

Continue Reading →
0

Junkin’ Jack Flash

flash-logoAdobe’s Flash program has been a security nightmare. A favorite among malware writers for ages, Flash is useful for doing things like creating fake security pop-up alerts and conning computer users into buying security programs that don’t work and carry malicious content.  And it seems that there is another “zero-day” vulnerability discovered every three days.

Do we really need Flash?  No we don’t.  iPhones and iPads ...

Continue Reading →
0

Word and Excel Macro Viruses Are Back

macro-virusUsing BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products.  Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.

The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to US ...

Continue Reading →
0

AppGuard – Computer Security That Works

AppGuardI am often asked by frustrated clients “Why doesn’t traditional anti-virus and Internet security software products work?”  The unfortunate answer I have to give them is “It’s your fault.”  The more diplomatic answer I really use is that the security software cannot prevent something that is explicitly allowed by the computer user.  And the computer user is easily tricked into opening a file ...

Continue Reading →
0

WordPress Site Owners – Update Now

WordPresslogoJust a quick note to my WordPress pals – the latest update, WordPress 4.2.3, has an import fix for a cross site scripting (XSS) vulnerability that leaves your site vulnerable to attack.  According to Sophos:

“The flaw allows WordPress users who have Contributor or Author roles to add javascript to a site (something normally reserved for Editors and Administrators) using specially crafted shortcodes.

Attackers ...

Continue Reading →
0

Linux Needs Security Too

linux-logoIf you are running a Linux server or Linux desktop in your environment, you need to consider the following security strategies.  Linux users suffer in some cases from the popular delusions of invulnerability that Apple users are prone to, and for some of the same reasons.  Such as, most malware only runs on Windows so why should I care?  Or, Linus is such a small target with less than 2% of ...

Continue Reading →
0

Venom Virtual Machine Bug – Not To Worry

venomWe usually limit our discussion in this blog to cybersecurity articles that would be of interest to average users, and this is not really one of those topics.  But because the exploit is getting some press, and the exploit name, “venom,” is attention grabbing, we thought we would discuss it here.

The Venom exploit only matters to those of us who are using virtual machines.  A virtual machine is created using virtualization ...

Continue Reading →
0
Page 3 of 3 123