Latest News and Threats
The latest threats and how to protect against them. Contact Helpdesk for assistance in removal if needed.
Linux Kernel Vulnerability
This vulnerability affects Android versions KitKat and higher, and any computer based operating system using Linux Kernel 3.8 and higher. Both 32-bit and 64-bit operating sytems are susceptible to a zero-day vulnerability that can allow an attacker to gain full control; root, on any of the affected devices. For more information: Click Here
20,000 repackaged Android apps like Facebook, Snapchat and Twitter have been found to be infected by trojan based malware. These infected apps have been found in third-party app stores and are downloaded outside of the Google Play store. It is advisable not to download applications from a third-party app store due to the high possibility of a legitimate application being repackaged with malware. For more information: Click Here
15 Million T-Mobile customer data records have been stolen from a third party company that T-Mobile uses to process credit checks. Experian; a credit checking company, was recently breached and had T-Mobile user data stolen. This breach affects anyone requiring a credit check for service or device financing with T-Mobile from September 1, 2013 through September 16, 2015. Information stolen includes: Name, Address, Birthdate, Social Security Number and Driver's License or Passport Number. Anyone concerned with the Experian data breach can sign up for 2 years of FREE credit monitoring and identity services. For more information: Click Here
Yahoo's website was recently found to distribute malware associated with the Angler Exploit Kit to millions of users through an automated ad network which was delivering malware embedded ads. Yahoo is not the only website to fall victim to Malvertising, others such as AOL and Google's DoubleClick ad network have also been known to distribute malware through Malvertising. It is recommended that an ad-removal browser extension be installed in your web browser to help prevent ad network redirect attacks. For more information: Click Here
Android MMS Exploit
Android 2.2 (Froyo) - Android 5.1.1_r5 (Lollipop) are affected. This remote code execution vulnerability is associated with the Android Media Playback service (Stagefright), which uses native C++ objects lacking memory bounds checking during media parsing. These buffer overflows allow for remote code execution when an attacker sends an MMS message. Upon receipt of the MMS message the exploits may be executed due to the MMS notification system automatically running the Android Media Playback service (Stagefright) to parse the media request embedded in the MMS message. This means that the recipient of the message doesn't even have to open or read the message for the vulnerability to execute. For more information: Click Here
Firefox Blocks Flash Temporarily
Mozilla has blocked Flash Player version 184.108.40.206 and below on Windows. However, the latest version of Flash Player 220.127.116.11 is not being blocked by Mozilla Firefox. Essentially, due to recent security vulnerabilities known as zero-days found in older versions of Flash Player, Mozilla is forcing all users of Firefox to upgrade to the latest version of Flash Player to help protect against the latest security vulnerabilities: Click Here
Apple 0-Day Rootkit
Apple devices such as MacBook Pro, MacBook Retina, and MacBook Air, running the latest EFI firmware update are susceptible to a Zero Day Rootkit that can render the device completely compromised and owned. This attack may be carried out remotely and implemented via the Safari browser. In other words, if you have an old Apple computer you might want to think about getting a new one because Apple does not update security vulnerabilities in old Apple devices. In other words, some of the latest Apple machines are not affected by the Whacker 0-Day Vulnerability: Click Here
Linux Ghost Vulnerability
A vulnerability in the Gnu C Library has been discovered. The Exim mail transfer client is a major software package that uses the Gnu C Library and is one of the most threatened applications at this time. A Ghost attack has to first convince an application on the user's system to perform a DNS lookup of the hostname provided by the attacker. If successful, a buffer overflow may result and this may allow for remote code execution. For more information: Click Here
Linux/Unix GNU (Bash) Shell Vulnerable to Remote Code Execution
A recent vulnerability in the Bourne-Again Shell GNU (Bash) may allow for remote code execution. This particular vulnerability is based on the GNU (Bash) shell which does not necessarily have to be the main scripting method used on the machine to exploit this vulnerability. This vulnerability is classified as "High" and it is recommended that all Linux/Unix based operating systems be patched to fix this issue. For more information: Click Here
Cisco IOS/IOS XE
Cisco has publicly disclosed a long list of vulnerabilities associated with Cisco devices running IOS 15.4(3)SN1 and earlier versions. In addition Cisco IOS XE Software 3.13S.0 and earlier versions are also susceptible to multiple vulnerabilities. Any Cisco related devices running vulnerable software should be patched immediately: Click Here
Ransomware is a type of malware that stops you from using your computer until you pay a certain amount of money (the ransom). There are two types of ransomware.
Lockscreen ransomware - Which uses a full-screen image or webpage to stop you from accessing anything on your computer.
Encryption ransomware - Which locks your files with a password, stopping you from opening them. For more information: Click Here
Zero Access Trojan
Zero Access is a family of rootkits and backdoors. It uses a rootkit technique to hide from security software while allowing remote attackers to control infected computers. Zero Access is commonly used to redirect a user's web traffic. For more information: Click Here