If you haven’t updated your Windows this week, do it NOW!
One of the security
bulletins released by Microsoft on Tuesday fixes a privilege escalation
vulnerability which, according to researchers, can be exploited by malicious
actors to bypass all the security measures in Windows by modifying a single
bit. The vulnerability (CVE-2015-0057),
rated “important,” is caused by the improper handling of objects in memory.
According to Microsoft, an attacker who manages to access a targeted system can
gain elevated privileges and read arbitrary amounts of kernel memory, which
would allow them to install software, view and change data, and create new
accounts with full administrative rights.
Microsoft also just
released nine update bundles to plug at least 55 distinct security vulnerabilities
in its Windows operating system and other software. Three of the patches fix
bugs in Windows that Microsoft considers “critical”.
New Malware opens a
backdoor on your computer - BKDR_VAWTRAK.DOKR
This new malware is
either dropped by other malware or downloaded from the Internet. It is loaded onto an affected system via
malicious macro code. With its backdoor capabilities, users affected by this
malware may find the security of their systems compromised.
It executes commands
from a remote malicious user, effectively compromising the affected system. It also modifies the Internet Explorer Zone
Settings and then deletes the initially executed copy of itself.
The primary threat
this malware presents is data theft and potential participation in coordinated
attacks directed by an external command and control server.
Here are tips from Trend Micro about properly removing data from your old computer
Here are tips from Trend Micro about properly removing data from your old computer
Many people don’t
think about the risks that come with disposing of old computers and related
gadgets. In truth, any device that can store data—old laptops, flash drives,
data discs, smartphones, digital audio players, and the like—regardless if
they’re still functioning properly, is a liable cause of information theft.
If you’re really
concerned about your data privacy, you can do one of three things:
1.
Wipe your data.
Instead of just deleting your old data, wiping makes sure that your old data is
replaced. You can do this by using a trusted data wiping software that will
overwrite all sectors of your laptop or PC.
2.
Degauss your drive.
The process of degaussing involves magnetizing your machine’s hard drive,
rendering it useless. After this process, no one will be able to access or
store any data on it any longer.
3.
Wreck your drive,
physically. This could be fun, but also a bit dangerous. When using power tools
or the good old boot to destroy your device, make sure to wear protective gear.
And once it’s all in pieces, make sure to throw it out properly. Check out
electronics recycling or disposal centers who might find use for your junk.
Of course, these
options are limited to data on PCs and laptops.
It’s a different matter altogether when it comes to data stored on
mobile devices or even in the cloud. The
Trend Micro e-guide, “How To Erase Data Securely” has more information on how
you can permanently be rid of your digital garbage on all devices and
platforms.
Never
underestimate what you throw away. Remember that one man’s trash can always be
another one’s treasure.
Valentine’s Day spike in Socially Engineered Spam is in full swing
It’s time for
everyone to be on their guard for the new flood of Valentine’s Day spam that’s
already flooding mailboxes.
Early volume leaders feature links to Russian dating sites among others. There’s nothing particularly new about the content, it’s just the time of year when spam like this begin to peak. Remind your co-workers to be on their guard for new attempts to trick them into clicking on something they shouldn’t.
Early volume leaders feature links to Russian dating sites among others. There’s nothing particularly new about the content, it’s just the time of year when spam like this begin to peak. Remind your co-workers to be on their guard for new attempts to trick them into clicking on something they shouldn’t.
Be on the lookout!
Fake Amazon.com e-mails
- Fake #Amazon support mail asks potential victims for address info and payment
details.
Scareware pop-ups –
There’s a new flurry of scammers pushing fake AdwCleaner in active scareware
campaigns.
 |
| Scareware Sample |
Oh, and just one more thing!
Here’s a great
article about protecting your on-line privacy from Jérôme Segura at Malwarebytes:https://blog.malwarebytes.org/online-security/2015/02/10-tips-to-maintain-an-online-presence-in-a-privacy-hostile-world/
We hope that you find this information useful. If you don’t want to receive these alerts any more, just Reply to this e-mail with the word UNSUBSCRIBE in the subject.
Thanks,
Jeff
Security, Data Protection and Network Management are our
specialties
Delivering Innovative IT Solutions for over 26 years
Delivering Innovative IT Solutions for over 26 years
No comments:
Post a Comment