New capabilities uncoveredInitially thought to be a fairly standard botnet, which would use infected gear to wage cyber attacks on other targets, Cisco’s Talos Intelligence Group has since uncovered new capabilities in the malware– ones which could put owners of infected routers at greater risk.
In particular, a module called ‘ssler’ seems specifically designed to compromise internet traffic being sent to and from an infected router. The module uses a ‘man in the middle’ style attack that attempts to downgrade secure HTTPS web traffic so that data is sent over HTTP as unencrypted plaintext, which makes sensitive information such as logins and passwords much easier to intercept and capture.
Cisco has not revealed a total number for how many additional devices it now believes could be infected, but has said that despite earlier warnings that users should reboot at-threat devices, the malware still persists in the wild and that the threat "continues to grow”.
Cisco provided an updated list of devices that could be affected, so if you own one of the below, you’re strongly advised to reboot it:
Looks like the new windows 10 april 2018 update is having some issues with certain users. After the upgrade some are reporting that once they log in all they have is a black screen with only the recycle bin and taskbar showing. Also the start button does not function nor does task manager. The other issue is after updating some get to a screen that asks you to choose a keyboard layout and then gets stuck from there.
The update issues seems to be affecting users that have Avast and McAfee antivirus software on their systems prior to updating. If you have these two antivirus systems we encourage you to uninstall the software - upgrade windows to the newest version and then reinstall the software after the update.
If your system has crashed do not panic, just call us and we can save your files and get your system back up and going.
Last Friday, the FBI issued a report recommending that everyone roboot their routers. . The reason? "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."
A newly discovered threat called VPNfilter has infected over half a million routers and network devices, according to researchers from Cisco's Talos Intelligence Group.
VPNFilter is "able to render small office and home office routers inoperable," the FBI stated. "The malware can potentially also collect information passing through the router."
Unfortunately, there's no easy way to tell if your router has been compromised by VPNFilter. The FBI notes only that "the malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer."
Those manufacturers are as follows: Linksys, Mikrotik, Netgear, QNAP and TP-Link. However, Cisco's report states that only a small number of models — just over a dozen in total — from those manufacturers are known to have been affected by the malware, and they're mostly older ones:
Linksys: E1200, E2500, WRVS4400N
Mikrotik: 1016, 1036, 1072
Netgear: DGN2200, R6400, R7000, R8000, WNR1000, WNR2000
QNAP: TS251, S439 Pro, other QNAP NAS devices running QTS software
So will a reboot work? Short answer is "it can't hurt" but really it won't fix the issue if your router is in fact infected. According to the FBI's PSA regarding VPNFilter, the reboot recommendation is not intended to remove the malware, but rather to "temporarily disrupt (it) and aid the potential identification of infected devices."
So how can you fix this issue and make sure you are safe. The best way to fix this issue if you have an older router is to do a complete reset of the router itself. Usually this can be done by pressing the small reset button on the router and holding it in for a few seconds. Of course once you do this then you have to setup your network and password again and then reconnect all your WiFi devices in your home and office.
The second thing you should always do is make sure your router has the latest firmware and is up to date. We can help you with this and can make sure your router is safe and up to date. Just give us a call and we can remote in to help.
Microsoft has blocked a number of security updates for some AMD based PCs after discovering that installing updates to combat the Spectre and Meltdown bugs left some devices unable to boot.
Microsoft said it will temporarily stop sending the nine systems updates out to some PCs running particular AMD processors.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates," the company said.
"After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time:
Microsoft said it is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices "as soon as possible", but said for AMD device-specific information users should contact AMD.
Yesterday ZDNet reported that Microsoft's Windows patch for the Meltdown and Spectre attack methods was causing problems for users with AMD Athlon CPUs, according to a number of complaints on Microsoft's community forum. One poster said after installing the update the PC only displayed the Windows logo and otherwise failed to boot. The update was delivered through Windows Update to a "quite pre-historic" computer, specifically running on the AMD Athlon X2 6000+, which was released a decade ago. Others who report the same issue are also using older AMD chips.
The Spectre and Meltdown flaws are critical vulnerabilities found in many Intel chips which could allow an attacker steal data from the memory of running apps, such as data from password managers, browsers, emails, and photos and documents. Since they were discovered the tech industry has been scrambling the fix them, and this problem is just one of the unexpected consequences.
AMD chips aren't vulnerable to the Meltdown attack, but operating system updates could address one of the Spectre attacks it was vulnerable to.
If you have an AMD PC and are stuck in an unbootable state after updating, please call us immediatly and we will help you fix the issue as soon as possible
If you've got an HP notebook or mobile workstation computer, you'll want to check out the latest battery recall from the company. Lithium-ion batteries for affected HP laptops were shipped between December 2015 and December 2017. There have been eight reports of the battery packs overheating, melting or charring, three of which include reports of $4,500 in property damage and one report of a first degree burn to a hand.
You'll want to go to www.HP.com/go/batteryprogram2018 to see if your model is one of the ones named in the recall. If so, you can enable a battery safety mode and get instructions on how to get your battery replaced by an authorized technician, since these batteries are not able to be replaced by consumers. According to the recall notice, affected models include HP ProBooks (64x G2 and G3 series, 65x G2 and G3 series), HPx360 310 G2, HP Envy m6, HP Pavilion x360, HP 11, HP ZBook (17 G3, 17 G4, and Studio G3) Mobile Workstations. In addition, batteries sold as replacement or accessories for the HP XBook Studio G4 mobile workstation are also named.
Update: HP has released a statement about the issue. The quality and safety of all HP products is our top priority. We recently learned that batteries provided by one of our suppliers for certain notebook computers and mobile workstations present a potential safety concern. We are taking immediate action to address this issue including a voluntary recall and replacement of the batteries. This action pertains to 0.1 percent of the HP systems sold globally over the past two years. Customers can visit HP's site to learn if their battery should be replaced. Impacted customers will have their batteries replaced free of charge and may continue safely using their device by placing the battery in Safety Mode and connecting to an external power source.
Amazon, Google and now Apple... as the list of digital giants hit by the "Spectre" and "Meltdown" computer security flaws grows longer, the race is on to limit the damage.
"All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time," Apple -- whose devices are usually regarded as secure -- said in a post on an online support page on Thursday.
Amost all microprocessors produced over the past 10 years by Intel, AMD and ARM are affected. No PC or mobile device can function without the miniature components that are effectively nerve centres for executing computer programmes and apps.
And that is what distinguishes them from previous security alerts that have tended to involve software rather than hardware.
In theory, Spectre and Meltdown could enable a user to "access kernel level memory access, exposing critical information that would be stored there, like system passwords," said Chris Morales, head of security analytics at Vectra.
Luke Wagner, a software engineer at Mozilla, wrote on a security blog that it was "possible to use similar techniques from web content to read private information".
Effectively, all electronic devices manufactured all around the world in recent years contain potentially vulnerable chips.
The biggest names in the sector, including Amazon, Google, Microsoft and Mozilla, are now rushing out updates and patches to eliminate the flaw.
US giant Intel, as well as its rivals AMD and ARM, have started installing updates.
In a statement on Thurday, Intel said it and its partners "have made significant progress in deploying updates" to mitigate any threats.
"Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years," an Intel statement said.
"In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services."
Apple, for its part, advised only getting apps from its online App Store which vets programmes for safety, and said it has already released some "mitigations" to protect against the exploit and planned to release a defensive update for Safari on macOS and iOS in the coming days.
Difficult to exploit?
But some experts believe that the only real "fix" in some cases would be replacing the chip itself, which would be a huge issue for the computing industry.
That said, the experts concede that hacking the chips would require a very high level of technical expertise and the risks were therefore limited.
The US Computer Emergency Readiness Team (CERT) said that it was "not aware of any active exploitation at this time."
In Germany, the BSI Federal Office for Information Security, similarly found no evidence of any "active exploitation" of the flaw, but still sector players to protect themselves "as quickly as possible."
In addition to the security flaw, Intel found itself in hot water Friday over the announcement that its chief executive had sold some of his shares in the company.
According to the specialist magazine Solutions Numeriques, Intel was aware of the existence of the security flaw in its chips at the end of November. But in the fourth quarter of last year, CEO Brian Krzanich sold nearly 900,000 shares, halving his stake in the company, according to Bloomberg.
A company spokesman told Bloomberg that the sale had nothing to do with the issue of the security flaw, insisting that Krzanich had exercised options according to a pre-set timetable agreed long before.
Windows 10 Creators Update To Launch On April 11th
Microsoft has confirmed in a blog post that the Windows 10 Creators Update (known as 1703) will arrive on April 11. Microsoft will likely roll out the Creators Update gradually over a few months. The timeline in which your PC will receive the update depends on the device type. Windows Insider users have been testing the Creators Update over the last few months, which has helped Microsoft work some of the potential kinks.
What Is New In The Creators Update?
The Creators Update has a few new major features included in the upgrade. There is a new Paint 3D app, which makes it much easier to create 3D objects. The Creators Update also has built-in game broadcasting for Windows 10 and the Xbox One via Beam. Soon Acer, ASUS , Dell, HP and Lenovo will ship Windows Mixed Reality-enabled headsets with the Creators Update. In the Creators Update, the Microsoft Edge browser will have advanced tab management and support for e-books in the Windows Store.
There are also a few subtle features Microsoft is adding in the Creators Update that is inspired by user feedback. The Creators Update will have a “night light” feature, which reduces the blue light emitted by the screen to help you sleep better. The update will have a mini view that allows you to keep a small window on top of what you are doing so that you can watch shows or hold Skype conversations while you work on Office documents. The Creators Update has a “screen time limits” feature so parents can manage how much time kids are spending playing games. And there will be a new “remote lock” feature that automatically locks your PC or tablet when you step away from it by pairing with your smartphone.
There will be additional options for managing Windows updates. For example, users will be able to schedule when to install an update. And “active hours” can be set for when a reboot should not take place.
The Creators Update will be a free upgrade for devices that are running on Windows 10 already. And Microsoft will also sell Windows 10 Home, Pro, Enterprise and Education versions of the Creators Update for PCs and tablets.
In the Windows Creators Update announcement, Microsoft also revealed an expansion of availability for the Surface Book with Performance base, the Surface Studio and the Surface Dial. “
Here is a nice article for anyone that is worried about the bill that was signed in on monday this week.
The quick answer is that incongnito or private browsing will not work, so you have about three choices. 1.) Opt out with your internet service provider, try a vpn system, and always use sides that start with https - these are secure. You can also try different browsers and don't use google for searches. For more information please feel free to contact us.
Over the past few weeks we have had several customers call about internet issues. Many thought it was thier ISP or router but it was confirmed to be an windows 10 update that has caused this issue.
The problems connecting to the Internet or Wi-Fi started late last week. Microsoft acknowledged the problems in a discussion forum on Dec. 8, which indicated that "some customers are experiencing difficulty connecting to the Internet." Microsoft's advice, in a Dec. 9 support article, was for users to reboot, but not shutdown their PCs. Users also were directed to look for other possible problem sources, such as a cable modem issues or Internet service provider connection problems.
Today, Microsoft indicated that patch KB3206632, which was released today and included in this month's security bulletin release, is designed to fix the problem. This patch replaces update KB3201845, which reportedly was blamed for the Internet connection problems, although InfoWorld author Woody Leonhard observed that those problems happened two days before the release of KB3201845.
The Internet connection issue only affected devices running "Windows 10 1607 (RS1)," according to Nathan Mercer, a Microsoft technical evangelist, in a Patchmanagement.org list-serve post. But, so far, that's just about all the information Microsoft has provided on the issue.
Microsoft's KB3206632 bulletin isn't too descriptive, although it does indicate a December fix for "a service crash in CDPSVC that in some situations could lead to the machine not being able to acquire an IP address." A description of the problem by The Register had suggested that a Microsoft software update had somehow broken the Dynamic Host Configuration Protocol used to issue IP addresses.
Possibly, then, Microsoft has fixed a problem that it never fully described. Description seems to be a past practice abandoned with the new agile Windows 10 software delivery approach.
Microsoft today also released 12 security bulletins in its December patch, with six "Critical" flaws being addressed. The top items on the Microsoft's "exploitability index" this month include a scripting engine memory corruption vulnerability, a browser memory corruption vulnerability and an Office security feature bypass flaw, among others, as described in the December bulletin.
If you still have this issue - please call us and we can fix it very quickly. Also to prevent this problem please do your updates for windows 10 by pressing Windows logo key + I and then going to "update and security"
The ransomware itself is called "CriticalUpdate01.exe," the file it extracts is called "WindowsUpdate.exe," and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.
"Unfortunately, there is no way to currently decrypt the Fantom Ransomware," While you're waiting for Windows Update to finish and the machine to restart, Fantom is happily at work encrypting all the files it can find bearing any of about 600 different suffixes, including those commonly used for music, video, photo and office files. Encrypted files get the additional suffix ".fantom."
When the encryption process is finished, Fantom pops up a ransom note instructing the user to email a Russian email address. No specific ransom amount is mentioned, but presumably the response from the online criminals will include one. Victims have a week to pay up or the files will be erased, the note says in pretty poor English.
To prevent infection by any kind of ransomware, don't click on any links in email messages you don't expect and install and run robust, continually updating antivirus software.