- Security Center
- English ▾
Yesterday the US Computer Emergency Readiness Team (US-CERT) issued a warning regarding ransomware. Their goal was to provide the public with information on ransomware, “specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.” The warning comes after a number of hospitals have had their computer networks infected with ransomware.
This week an article on CNBC’s Big Crunch blog attempted to promote password security but ended up compromising user passwords. Entitled “Apple and the Construction of Secure Passwords," the article offered users an opportunity to test their passwords for complexity. Users were encouraged to create passwords using a combination of upper- and lower-case letters, numbers, and symbols to make them harder to crack.
A number of smartphone apps can monitor the device’s microphone to detect audio signals embedded in TV advertising. The US Federal Trade Commission has sent warning letters to a dozen app developers who have included such software in existing apps. Known as SilverPush, the software is capable of eavesdropping on television audio and identifying the content.
A large number of popular websites are serving users malicious advertising which attempts to infect them with ransomware. The websites themselves are not serving malicious advertising, referred to as malvertising, instead several high profile advertising networks affiliated with the sites are the source. The websites affected include MSN.com, NYTimes.com, BBC.com, AOL.com, NFL.com, and The WeatherNetwork.com among others. Combined these sites receive over 2 billion visits a month.
Users who misspell the address of a popular website are being targeted by adware. The particular typo identified in this adware campaign involves typing “.om” instead of “.com” at the end of the URL. Typically, such a typo would take users to an error page. However, the “.om” domain is available to register and malicious actors are taking advantage of such small mistakes.
Last Tuesday Microsoft released several security updates, including a patch for Internet Explorer which fixes critical security issues. Security Bulletin MS16-023 resolves a number of reported vulnerabilities in the popular internet browser. According to Microsoft, one of these vulnerabilities could allow an attacker to remotely execute malicious code on a victim’s computer.