The Day The Internet Let Us Down…Again
On February 28, 2017, one of the largest Cloud Vendors, Amazon Web Services (AWS) experienced service interruptions that affected thirty-three of AWS’s own services including nine services which suffered complete disruption: Athena, EMR, Inspector, Kinesis Firehose, Simple Email Service, S3, WorkMail, Auto Scaling and CloudFormation. The problems originated with the US-East-1 region, hosted in data centers in Northern Virginia. This caused a chain reaction, taking countless cloud-based applications and websites offline.
The company initially said: “We’ve identified the issue as high error rates with S3 in US-EAST-1, which is also impacting applications and services dependent on S3. We are actively working on remediating the issue.”
Amazon reported that it had fixed the initial outage by 1:49pm PST, but performance issues for some services persisted until 6pm.
9 Popular Password Manager Apps Found Leaking Your Secrets
Is anything safe? It's 2017, and the likely answer is NO.
Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place.
Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf.
But what if your Password Managers itself are vulnerable?
Well, it's not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials.
The report, published on Tuesday by a group of security experts from TeamSIK of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android password managers available on Google Play are vulnerable to one or more security vulnerabilities.
Popular Android Password Manager Apps Affected By One Or More Flaws
The team examined LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore's Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords – each of which has between 100,000 and 50 Million installs.
"The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials," TeamSIK said.
In each application, the researchers discovered one or more security vulnerabilities – a total of 26 issues – all of which were reported to the application makers and were fixed before the group's report went public.
Voice Messages from Internet-Connected Toys Stolen, Held for Ransom
Spiral Toys, which sells Internet connected stuffed animals called CloudPets that parents and children can use to send messages to each other, stored customer data in a public-facing database that required no authentication. The information was accessed and millions of messages have been held for ransom.
The problem is that all of these Vendors are rushing Internet connected devices to market with no regard for the security of their devices. This new wave of IoT (Internet of Things) such as dolls, cameras, refrigerators and whatnot are creating huge security risks. Buyer beware.
Nearly Three Years in Prison for Disgruntled Former Employee
Brian P. Johnson has been sentenced to nearly three years in prison for damaging his former employer's computer system. After Johnson was fired from his position as sysadmin at Georgia-Pacific in February 2014, he was still able to access the company's computer system via VPN. Johnson accessed and damaged control and quality control systems. Johnson pleaded guilty to with intentionally damaging protected computers. He was also ordered to pay restitution of USD 1.13 million.
Beware! Don't Fall For "Font Wasn't Found" Google Chrome Malware Scam
Next time when you accidentally or curiously land up on a website with jumbled content prompting you to download a missing font to read the blog by updating the Chrome font pack…
…Just Don't Download and Install It. It's a Trap!
Scammers and hackers are targeting Google Chrome users with this new hacking scam that's incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.
Here's What the Scam is and How it works:
It's a "The 'HoeflerText' font wasn't found" scam.
Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website that had allegedly already been compromised, possibly due to failing to apply timely security updates.
The scam is not a new one to identified by NeoSmart. It has been making rounds since last month.
The hackers are inserting JavaScript into poorly secured, but legitimate websites to modify the text rendering on them, which causes the sites to look all jumbled with mis-encoded text containing symbols and other random characters.
HoeflerText-font-was-not-found-malware
So if Chrome users come across such websites from a search engine result or social media site, the script makes the website unreadable and prompts them to fix the issue by updating their 'Chrome font pack.'
The prompt window says: "The 'HoeflerText' font wasn't found," and you're then asked to update the "Chrome Font Pack." If clicked, it actually installs a malware Trojan on your machine.
The scam can also be used to infect victim’s computer with Spora ransomware -- one of the most well-run ransomware operations, discovered at the start of this year, with active infection channels, advanced crypto, and an advanced ransom payment service.
What makes this scam particularly appealing is that everything about the browser message looks legit, from the type of "missing font" and the dialog window to the Chrome logo and the right shade of blue on the "update" button.
How to identify the Scam?
There are several ways to recognize this scam.
First of all, the dialog window has been hard-coded to show that you are running Chrome version 53 even if you actually aren't, which might be a clue that something is not right.
Secondly, there's an issue with the filenames: Clicking the "Update" button proceeds to download an executable file titled "Chrome Font v7.5.1.exe." But this file is not the one shown in the malicious instruction image, which reads "Chrome_Font.exe."
Even if you fail to identify these clues, you may get a standard warning, saying "this file isn't downloaded often," when you try to download the file.
Funnies
Helpdesk: What kind of computer do you have?
Customer: A white one...
Helpdesk: Good day. How may I help you?
Customer: Hello... I can't print.
Helpdesk: Would you click on start for me and...
Customer: Listen pal; don't start getting technical on me! I'm not Bill Gates!
Customer: I have problems printing in red...
Helpdesk: Do you have a color printer?
Customer: Aaaah... Thank you.
- When you call us to have your computer moved, be sure to leave it buried under half a ton of postcards, baby pictures, stuffed animals, dried flowers, bowling trophies and children's art. We don't have a life, and we find it deeply moving to catch a fleeting glimpse of yours.
- Don't write anything down. We can play back the error messages from here.
- When an IT person says he's coming right over, go for coffee. That way you won't be there when we need your password. It's nothing for us to remember 347 screen saver passwords.
- When you call the help desk, state what you want, not what's keeping you from getting it. We don't need to know that you can't get into your mail because your computer won't power on at all.
- When IT support sends you an email with high importance, delete it at once. We're just testing.
- When the photocopier doesn't work, call computer support. After all, there's electronics in it.
- When an IT person tells you that computer screens don't have cartridges in them, argue. We like good arguments.
- When an IT person tells you that he'll be there shortly, reply in a scathing tone of voice: "how many weeks do you mean by shortly?" That keeps us motivated.
