THE CYBER LANDSCAPE: UNPATCHED MICROSOFT JET VULNERABILITY
GOOGLE+ TERMINATED IN RESPONSE TO LEAKAGE OF USER’S DATA
In response to a publicized security breach, Google is looking to shut down their failed social media site. Google+ was created with the intention of overthrowing Facebook, but instead has left its scanty user base exposed to third-party data intrusions via software bug.
How Data Was Compromised
Destined to be a popular site, Google+ was once an exclusive social media alternative that required an invitation, which made it all the more alluring; how users data was then shared with others is less exclusive. When signing into apps, there was the option to sign in with Google+, similar to signing into an app with Facebook, which then allowed the app to collect and harvest data generated by the user. When a Google+ user logged in with their account, they not only offered up their information, but also their friend’s information.
Who Was Affected
While Google+ never experienced the fame it had predicted, there was still a notable user base. 500,000 users were ultimately affected by this security bug, which revealed their age, jobs, and local information– placing them in danger of fraud. The software bug gave approximately 438 third-party vendors access to users private information from 2015 to March 2018, when the loophole was discovered.
Why Was it Not Made Public
The Google+ data leak was discovered in March– incidentally the same month that Facebook was under fire for the Cambridge Analytica scandal. Looking to avoid Facebook’s fate, Google+ chose not to disclose the data leak– instead choosing to quietly repair the software bug. The difference in data leaks is rather apparent, with Google+ having a much smaller user base in comparison to Facebook.
What You Can Do
Many users made a Google+ account when it was all the rage, but most didn’t use it after initial creation. While you may not be using Google+ anymore, one of your friends might have– leaving you exposed. Checking to see if you have a Google+ account is as simple as checking your gmail or university email, then going into your settings to completely delete the Google+ account. A lot users have an account and they don’t even realize it.
The site is said to shut down in ten months, while leaving a business aspect of Google+ still available.
TECH UPDATE: 10 FEATURES YOU’LL LOVE ABOUT THE WINDOWS TEN UPDATE
The October Windows Ten Update was released earlier this week, with changes that are sure to suit every user. The update will be available via the Windows website, or will begin to sneak onto Windows users screen as a reminder within the next week.
Kicking off this update are these ten new features:
Fewer Restarts
One of the most grating features of previous updates were sudden restarts. Dona Sakar, a Windows Insider, has noted these disruptions, “We heard you… We trained a predictive model that can accurately predict when the right time to restart the device is.” This means that getting up to get a cup of coffee won’t mean coming back to a computer in reboot mode.
Battery Usage
What’s draining your battery? Task Manager has a new feature that will allow you to view how much battery each app and program is using, best for identifying that excessive power gobbler.
Bluetooth Battery
Love your new wireless headphones? With the new update Windows users will able to see how much battery each of their bluetooth batteries has left.
Text Slider
Among the updates is one that will benefit those who need larger text. Instead of zooming in on a page and distorting the website layout, this text slider will allow the text itself to appear larger.
Snip and Sketch
Bundling multiple applications into one, the “winkey + shift + s” option will allow for a quick screenshot with the possibility of sketching on the saved image. Sharing and printing the saved clipboard image has gotten easier.
Phone Sync
Texting doesn’t have to stop at your phone. Syncing your phone has never gotten easier, the Windows update allows for you phone to link to your computer.The new “Your Phone” feature allows for messages and photos to be linked to your Windows 10 device. This means there is no need to transfer large files via Dropbox or email.
As for compatibility, this works best with Androids and is quickly expanding for better functionality with Apple products.
Dark Mode
Dark Mode has expanded to other Windows 10 applications: File Explorer. This fan-favorite dark screen theme has expanded to your search for files.
Cloud Clipboard
Those that have multiple Windows 10 devices will find this feature of the update most useful. With the Cloud Clipboard feature, you can easily have the same files available across all devices. The transition of moving from a work computer to home computer has been simplified with the new update.
Search Preview
Looking for a file just got easier. With this new search preview feature, a user can search within the start menu and will be able view previews of the files. Allowing for an effortless search.
HDR Support
With the gamer in mind, this Windows 10 update will allow for more contrast and vivid colors than ever. While HDR support has been difficult in the past, this update is looking to fix that.
The new update will also allow for ray-tracing, a Nvidia feature that will allow for better gameplay.
THE CYBER LANDSCAPE: YOUR HOME WIFI ROUTER
Can my wi-fi router be compromised?
Wi-Fi routers pose an easy target for most hackers. A router’s firmware will pose a risk if left running without an update. Most households will keep their Wi-Fi router running day in and day out, without being checked for the latest patches or bug fixes.
Over time, Wi-Fi routers’ vulnerabilities are amplified. Most firmware is built with open source code, which is a cost-effective way to allow for customization, but is also seen as more susceptible to cyber attacks.
Is this even a serious threat?
Yes. In a study done by the American Consumer Institute (ACI), it was found that in a range of 186 Wi-Fi routers, from a slew of popular providers, 155 were found to be based on open source code. This means that 83% of those routers have a higher probability of being exposed to attacks.
Earlier this year there were thousands of Wi-Fi routers infiltrated by Russian hackers, reported by NBC. Barreling through little protection, a semi-experienced hacker could easily move past password barriers such as: 1234 and other simple passwords. Once they have access to your router, they can sift through private data, spy on web interactions, or even gain access to your financial institutions.
How to protect yourself:
- Update your Router’s firmware
- Search online for vulnerabilities on your device
- Turn off Remote Administration
While the “Remote Admin” tool is helpful for when you need tech help from afar, it leaves a loophole that could be used by hackers.
THERE IS SOMETHING “PHISHY” ABOUT SPEAR PHISHING.
We all know about email phishing, it’s relatively easy to spot. When the prince of Nigeria emails asking for help, we know not respond with our banking info, but when your I.T. provider “emails” with a link to click to login, this might be a little harder to recognize as an attack. Spear phishing is the next worst version of plain old phishing.
Spear phishing is a relatively cheap and effective way to gain access to someone’s personal information or computer system. With a little research and an email address, a hacker can pose as a trusted source. Posing as this official source, hackers can access aia a spoofed login link or an attachment.
This type of phishing has increased by 65% since last year, meaning your inbox may soon receive an email you weren’t expecting. Here are a few examples of what a spear phishing attack may look like:
The Executive
Emails from higher-ups are always more likely to receive special attention, something hackers realize too. An American steel company was targeted with an email from the board of directors, which prompted employees to click a link. This link allowed for hackers to gain access to employee’s email database and all attachments.
Protect yourself from dubious links by double checking with the person who initiated the email. It is unlikely that there will be a login link attached in an email, but always double-check.
The Job Candidate
With team expansions come new hires, but not all job applicants are alike. This “potential” hire will typically send a short intro summary and an attachment of their resume, which is what holds this compromising malware.
Protect yourself from malicious attachments by having an intermediary defense system, like a web portal or file uploader to scan all attachments to verify a word document.
The IT Note
Who hasn’t run into IT troubles? When an email pops up from your provider, it doesn’t signal any red flags, but they link they provide might be anything but helpful.
Protect yourself from these malicious links by remaining vigilant online and refraining from providing personal information online.
Remaining Vigilant Online
There are many ways for a hacker to investigate a user’s personal interests, such as through their social media. With simple research, a personally crafted attack could be sent to an unexpecting inbox. Don’t be the one to fall for the attack:
- Remain very vigilant online
- Double check with the sender
- Have an intermediary defense system
- Avoid links that direct to a login page
- Keep up to date with cyber attacks
WINDOWS HANDWRITING ASSIST: HARMLESS AID OR MASSIVE VULNERABILITY
Those with a touchscreen or stylus capable Windows PC are most likely in love with the smart feature that allows a handwritten scribble to become formatted text. Introduced in Windows 8, the handwriting recognition tool was implemented with the goal of easing a user’s experience.
The handwritten recognition tool has the capability of storing all previous texts in order to better interpret stylus scribbling and suggest corrections. All data is saved, collected and compiled into a file called WaitList.dat.
A Digital Forensics and Incident Response (DFIR) expert, Barnaby Skeggs, was the one to highlight the handwritten recognition tool. In an interview with ZDnet he reviewed complications, “The user doesn’t even have to open the file/email, so long as there is a copy of the file on disk, and the file’s format is supported by the Microsoft Search Indexer service,”.
While this isn’t meant to be a major vulnerability, it ultimately poses a risk. WaitList.dat collects texts from other sources on the device that includes written text, like emails, written documents, passwords, and usernames.
Skeggs went on to elaborate that WaitList.dat could also recover text from deleted documents, “If the source file is deleted, the index remains in WaitList.dat, preserving a text index of the file.”
To a digital forensics expert like Skeggs this provides all the evidence he needs to show a document had once existed– as well as it’s data.
As mentioned before, the purpose of the handwritten recognition tool was to simply aid a user, not hinder them. PC users that are utilizing this tool may need to have extra precautions, but won’t be in danger unless their device is targeted.
If you’re looking to resolve this potential security issue, you can manually go to the following address and delete WaitList.dat. Skeggs listed the typical location of the file: C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat
APPLE USERS ARE LEFT EXPOSED TO A NEW PHISHING ATTACK
This new phishing attack has gained a level of sophistication that will trick even a trained user. An unpatched URL vulnerability allows a hacker to imitate a website address and then acquire information through a fake login portal.
The URL vulnerability was discovered by Rafay Baloch, a security researcher based in Pakistan. Microsoft Edge by Windows and Apple Safari by iOS are the two major browsers affected. While Microsoft has created a patch for the spoof URLs in the previous month– meaning Google Chrome and Mozilla Fox users are in the clear.
Baloch discovered that this vulnerability (CVE-2018-8383) as a result of a race type condition issue: a web browser will allow JavaScript to change the web address in the URL bar while a page is loading.
Here’s how this phishing attack works: hackers are able to load an authentic webpage, allowing for the proper web address to display in the URL bar, and then quickly swap in a more sinister code. Users are then led to what appears to be a legitimate login screen, where usernames and passwords are then captured. This can easily deceive a vigilant user, as the web address doesn’t appear to change drastically.
Any website can be recreated by a hacker with this URL loophole, including Gmail, Facebook, Twitter, and even a large number of banking websites.
Baloch produced a proof-of-concept (PoC) page where he exposed the URL vulnerability on both Microsoft Edge and Safari. Both web pages granted JavaScript access to change the web address in the URL bar while the page was still loading.
Ultimately, it’s best to double-check web addresses, but to also keep an eye on the latest phishing attacks.
To read more about technical details about the phishing attack, read Baloch’s blog.
EXPERIENCE CHICAGO: CUSTOMER REFERRAL PROGRAM
As a thank you for a decade of innovation and success, we’re introducing a referral program that offers you an opportunity to truly Experience Chicago!
As the summer winds to a close, we ask you to help us continue to grow! If you’re happy with the IT services your company utilizes, refer a friend or business connection so we can continue to improve our services.
When you refer a qualifying client to CrossRealms, we will treat you to your choice of one of these exciting, uniquely Chicago experiences:
- Chicago Helicopter Experience Tour
- Chicago Line Architectural Cocktail Cruise
- Chicago Sports Game
- Exotic Car Tour
If you’re proud to call us your IT provider, spread the word! If you know someone in need of IT services, you’re eligible! Click the link below to participate and learn more! http://newtheme.jlizardo.com/experiencechicago/
MEET THE NEWEST MEMBER OF CROSSREALMS’ ENGINEERING TEAM!
Meet Jasen Jackson, the newest addition to CrossRealms’ engineering team! Jasen has a BS in Information and Computer Science: Networking and Security, and over 9 years’ experience working in IT.
“I know that exceptional IT service goes hand in hand with a commitment to excellent customer service and I’m dedicated to both,” Jasen said. “I’m also very excited to be a part of CrossRealms’ growth as it starts its second decade of providing IT services to companies throughout the Chicagoland area.”
Jasen is currently working towards completing his CCNP and CCNA certifications. A married father of three, he has an affinity for dogs, muscle cars, music, camping and philosophy!
We are excited that Jasen is adding his decade-long experience to the CrossRealms’ technical team and are looking forward for you to meet him!
NEW SERVICE OFFERING: SHAREPOINT DEVELOPMENT
Do you want to make the most of Microsoft’s SharePoint platform for your company, but you’re not sure where to start? There are many advantages to using SharePoint! It’s already built into Office 365, it’s flexible and it has a wide variety of features. When designed correctly, it can enhance your users’ efficiency and productivity while also making it easy to share content securely with your customers.
In response to numerous requests, CrossRealms will be launching a new SharePoint development service this fall. We will be able to assist our customers in developing and creating SharePoint sites and solutions tailored to your specific business needs. Contact us for a demo.