• Category Archives Computer News
  • News about computer and IT technology services

  • FBI Bust Computer Hackers Spying and Stealing your information while online

    Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.

    On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.

    The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.

    The FBI and prosecutors in the Manhattan U.S. attorney’s office announced the results of that probe on Monday: More than 90 arrests worldwide.

    The malware sells for as little as $40. It can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.

    Related: Beware, your computer may be watching you

    Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.

    Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.

    Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.

    The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

    “The charges unsealed today should put cyber criminals around the world on notice,” said Leo Taddeo, chief of the FBI’s cybercrime investigations in New York. “If you think you can hide behind your computer screen — think again. ”

    hackersOfficials say Blackshades was used to illegally access the computers of 700,000 victims around the world, as shown in this FBI heatmap.

    700,000 victims around the world: Inside the FBI special operations center, six large computer monitors displayed key parts of the probe. Agents kept an eye on one screen showing a popular website where Blackshades was sold. The site was taken down by the FBI.

    Another monitor showed a heatmap of the world displaying the locations of the 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. Splotches of green on the map indicated concentrations of infected computers in highly populated parts of the U.S., Europe, Asia and Australia.

    The FBI said that in just a few years Blackshades has become one of the world’s most popular remote-administration tools, or RATs, used for cybercrime.

    Taddeo said the unprecedented coordination with so many police agencies came about because of concern about the fast growth of cybercrime businesses.

    “These cyber criminals have paid employees, they have feedback from customers — other cyber criminals — to continually update and improve their product,” Taddeo said recently. While he spoke, agents took calls from counterparts working the case in more than 40 U.S. cities.

    Blackshades had grown rapidly because it was marketed as off-the-shelf, easy to use software, much like legitimate consumer tax-preparation software.

    “It’s very sophisticated software in that it is not very easy to detect,” Taddeo said. “It can be installed by somebody with very little skills.”

     

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • Internet Explorer Security Update Released today around 5:00pm

    Microsoft announced today that have issued an out-of-band security update to fix the Internet Explorer vulnerability discussed in Microsoft Security Advisory 2963983. This vulnerability is actively being used in targeted attacks and allows remote code execution on the affected computers. Today’s KB2964358 update will patch this vulnerability so that users of Internet Explorer are no longer affected. In a surprise move and a testament to the danger posed by this vulnerability, Microsoft released a patch for Windows XP users even though it is no longer officially supported.

    This KB2964358 security update is currently available via Windows Update and all users, whether you use Internet Explorer or not, are encouraged to install it. To install the update, please open Windows Update and click on the Check for Updates option. Once Windows Update has finished checking, you should see a new update titled Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB2964358). Please select that update and install it immediately.
    If you do not see the update installed, check to see if it is installed by clicking on the View Update History option.

    Microsoft has also announced that malware is being distributed via email that is claiming to be this update. If you receive an email that is supposedly from Microsoft and that contains an executable please do not run it. Microsoft will never distribute security updates via email.

    Please Visit our computer services page if feel you become  infected


  • 4chan Hacked, Attacker Mainly Targeted Moderator Accounts

    Complete Computer Repair Latest News and Virus Threats Fort Lauderdale
    Complete Computer Repair News

     

    A few hours ago, Christopher Poole, aka “moot,” the founder of 4chan, revealed that the popular image-based bulletin board was hacked.

    The attack took place last week. The hacker leveraged a software vulnerability to gain access to administrative functions and data from a 4chan database. The attacker apparently wanted to expose the posting habits of a specific user he didn’t like.

    “After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database,” moot noted.

    “Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.”

    The hacker accessed the Pass credentials of three 4chan Pass users. The impacted individuals have been notified and offered refunds and lifetime Passes.

    moot highlights the fact that 4chan doesn’t process any payment information, so the attacker couldn’t have gained access to financial data. Payment information is processed by Stripe.

    As far as the vulnerability leveraged by the hacker is concerned, it has been patched shortly after 4chan became aware of it. Software and systems are being reviewed to prevent future breaches.

    In a 4chan post published last week (removed since), a user revealed that the attacker was an Australian individual who wanted to expose “multiple abuses of power and violations of proper mod stewardship.” The attacker allegedly gained access to the details of over 12,000 sold Passes. He’s said to have had access to 4chan’s systems for a week.

    This isn’t the first time 4chan is targeted by hackers. Back in June 2012, hackers of UGNazi redirected the site’s visitors to their Twitter account.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • AOL hit by massive data breach, Urges users to change their passwords

    Complete Computer Repair Latest Computer News Fort Lauderdale

    AOL hit by massive data breach

    The personal details of AOL’s millions of customers has been leaked in an attack on the company’s systems, resulting in thousands of accounts being hijacked to send spam.
    Internet pioneer AOL has warned of a major breach that has affected a significant number of users, leaking email and postal addresses, contact information and password details to attackers unknown.

    AOL launched in 1983 as the Control Video Corporation and produced a short-lived modem-based gaming download service for the Atari 2600 dubbed GameLine. The precursor to Valve’s Steam and similar digital distribution systems, GameLine was not a financial success; the company had better luck with the Link series of online portals for the Commodore 64, Apple II and Macintosh, and IBM compatibles. In 1989, America Online was born as a walled-garden internet service which included chat, email and several games – including the first-ever web-based interactive fiction series and the first automated play-by-email game.

    While internet-savvy consumers soon dropped AOL’s walled-garden system for more open services from generic internet service providers, the company still boasts a considerable client base. Despite an ongoing slide in customers, the company boasts a near three-million user count in the US alone – and it’s these customers who have been exposed in a serious security breach.

    ‘We have determined that there was unauthorised access to information regarding a significant number of user accounts,’ the company admitted late last night, following an investigation into spam messages sent from registered AOL accounts. ‘This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information. We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly two per cent of our email accounts.’

    The company has not confirmed the nature of the ‘encryption’ used to store the passwords – which should, by industry best practice, be a salted one-way hash function, rather than reversible encryption – but does claim that it has ‘no indication’ that said encryption was broken; this despite the attackers gaining full access to the accounts from which spam is issuing, an indication that they have indeed been able to retrieve at least some passwords from the corpus.

    Users affected by the breach – and, at this point, it looks to cover anyone with an AOL email address, active or otherwise – is advised to reset their password and change their security questions; if the same password is used anywhere else, that should be changed too.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • New Zero Day Vulnerability Found In Internet Explorer All versions


    A new zero-day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.

    The vulnerability, which could allow remote code execution, is being used in “limited, targeted attacks,” according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.

    The attack leverages a previously unknown “use after free” vulnerability — data corruption that occurs after memory has been released — and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

    The vulnerability is currently being exploited by a group of hackers targeting financial and defense organization in the US, FireEye told CNET.

    “The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past,” FireEye said. “They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

    FireEye said the flaw was significant because it affects more than a quarter of the total browser market.

    “Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market,” FireEye said in its advisory.

    An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

    “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft said. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

    Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere



  • Samsung Galaxy S5 Fingerprint Scanner Easy Hack

    Samsung Galaxy S5 Fingerprint Scanner Hacked

    Samsung Galaxy S5 Fingerprint feature promises an extra layer of security for your smartphone, which also lets you make payments through PayPal. But does it really secure?

    Just three days after the launch of the Galaxy S5, Security researchers have successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S last year.

    FOOLING FINGERPRINT SENSOR
    SRLabs researchers recently uploaded a YouTube video, demonstrated how they were able to bypass the fingerprint authentication mechanism to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger.

    The S5 fingerprint scanner allows multiple incorrect attempts without requiring a password, so an attacker could potentially keep trying multiple spoofed fingerprints until the correct match.
    https://www.youtube.com/watch?feature=player_embedded&v=sfhLZZWBn5Q
    PAYPAL USERS AT RISK
    Samsung Galaxy S5 users can also transfer money to other PayPal users just by swiping their finger on the sensor, but this hack now allows hackers to access your PayPal account and linked bank accounts without ever having to enter a password.

    In addition, If you restart your Apple’s iPhone 5S, it requires you to enter a passcode, before you can use your fingerprint as a way to unlock the phone, but Samsung has no such security method in place at this time.

    No doubt, one need to have physical access of your device in order to exploit this flaw, so if your phone is stolen, a thief can access anything on your device.

    Hack once again showed that unlocking a device with Fingerprint is convenient, but not secure that the passcode security.


  • Microsoft Going through your emails!!

    Outlook.png
    MS Outlook Ad

    What Microsoft Says

    Microsoft Corporation once advertised, “We don’t go through your email to sell ads.” What Microsoft does instead is go through your email for everything else.

    Microsoft is establishing a way for major Internet Service Providers to get away with accessing and using actual communications of customers while couching everything under “protection.” The violation goes way beyond the collection and storage of data while not even violating Microsoft’s own Privacy Policy or Terms of Service.

    Since Microsoft and all the other big ISPs are now allowed by the Electronic Communications Privacy Act to read and disclose its customers communications (email, blogs, texts, chat), the law itself protects Microsoft and all ISPs and gives them a way out since they stand on the premise that the data belongs to them, so there is no expectation of privacy. Where does that leave you, the consumer, and what does it mean for journalists?

    Recently Microsoft, without a court order, accessed the private emails and chat communications between one of its customers who was blogging with an ex MS employee. The employee did break the law,but Microsoft sidestepped legal process to gather the evidence on its own and then turn it over to authorities who proceeded to arrest the individual.

    The current Administration has repeatedly assured us that the ISPs are innocently collecting and simply storing data in the name of national security’ in order to keep us all safe from terrorism. Not true since there is a little backdoor which allows Microsoft (because it can) to go in and search and read and use details of communications of its customers. In this case, Microsoft did just that by accessing the Hotmail account (which is now Outlook and owned by MS) of a customer because they wanted to use the information they found to go after an ex-employee.

    It appears that ISPs get to invade customer communications because it is in THEIR best interest since the ECPA law was recently interpreted and changed to allow ISPs to get away with whatever they want to. What happened to due process? It is apparent that the bottom line is all that matters for the ISP.

    In this particular case, Microsoft did not go to a judge or get a court order; and despite the public being assured that ISPs will not misuse the data they are ‘collecting and storing’, remember, they dont have to any more. Microsoft considers this information to belong to them in the first place.

    After Microsoft came under fire for the incident, John Frank, Microsoft General Counsel, issued a statement that included magnificent double speak to convince us all that MS is only protecting their customers and justifying the action by saying his company “took extraordinary actions based on the specific circumstances” to “protect our customers and the security and integrity of our products.”

    Oh yes, the action Microsoft took was indeed extraordinary.

    Frank went on to justify the legal reasoning guiding Microsoft’s actions and explained how Microsoft adhered to its own terms of service as it was determined by its own investigation. Frank said that courts do not “issue orders authorizing someone to search themselves, since obviously no such order is needed,” basing his argument on Microsoft owns the data so they just don’t need a court order to go get whatever they want or target whomever they choose.

    Frank added that Microsoft will not search customer email (and other communications) unless it would justify a court order if one were available. The fact is that if Microsoft does not follow legal procedures in the first place or attempt to get a court order, then of course there wont be one ‘available’ so he establishes the way out of following any due process.

    Frank also made sure to tell us how Microsoft has had our backs and even has their very own internal process set up that is designed to protect customers from Microsoft deciding to grab emails and using the specific information. Part of the plan apparently involves an internal legal staff that operates independently from another internal department to jointly determine if a court order would otherwise be issued by a judge before they can go in (internally) and grab all your actual communications. Lots of ‘internal’ machinations go into the very internal determination. They even announced they will now follow extra steps and submit their evidence (noteevidence they already have collected) to an outside attorney to review.

    One can safely assume Microsoft is paying this outside attorney as a consultant with a CDA in place, so of course this outside attorney is really an inside attorney on the side of MS, and this statement is simply double speak to make Microsoft look good. “Oh, we are hiring an outside attorney who used to be a former judge even! And he will help us determine if it’s okay for us to use emails and chat conversations of our customers before we decide to go use it.”

    With the loss of Net Neutrality and the recent changes in the law that favor their bottom line, the ISPs like Microsoft, Google, Yahoo, can pretty much do what they want now and charge what they want. This is only the beginning of the double speak but there are still people who can see through. And, it’s not half way in and half way out, its never halfway when only the consumer is losing.

    The incident should raise major red flags among bloggers and journalists who use Microsoft and other ISP services to communicate and do research, particularly when it comes to protection of sources.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • PayPal “Unauthorized Credit Card Payment” Phish

    A fake PayPal email, addressed “Dear PayPal”, with an attachment to fill in? What could possibly go wrong?

    Fake mail

    The email reads as follows:

    Dear PayPal user,

    We recently received a report of unauthorized credit card payment attempt associated with this account. To protect you against any further unauthorised payment attempts, we’ve limited access to your PayPal account.
    Please take a minute to review the details below and what steps you need to take to remove the limits.

    ———————————–
    Details of disputed transaction
    ———————————–
    Case ID Number: PP-001-546-712-049
    ———————————–
    What to do next
    ———————————–

    Please download the form attached to this email and open it in a web browser.
    Once opened, you will be provided with steps to restore your account access.
    We appreciate your understanding as we work to ensure your account safety.

    ———————————–
    Due dates
    ———————————–
    Please get back to us as soon as possible.
    ———————————–
    Other details
    ———————————–
    There are no other details for this transaction at this time.

    Yours sincerely,
    PayPal

    Just like the spam from mid-February, this one comes with a zipped attachment:

    Case ID Number PP-001-546-712-049

    with a .html file inside called…well, you can probably guess what it’s called:

    Case ID Number PP-001-546-712-049.html

    html attachment

    The form asks for:

    Email address, full name, PayPal password, DOB, billing address / town, county, postcode, home phone, credit / debit card number, expiry date, security code and sort code.

     

    Of course, you shouldn’t fill this in or hit the “Send” button – just delete the attachment and send the mail to the spam folder.

    Complete Online Computer news and Repair

    WWW.CCREPAIRSERVICES.COM


  • Microsoft announces vulnerability when viewing RTF documents in Word

    Microsoft yesterday announced a new vulnerability in Word where specially crafted RTF files could cause your computer to execute commands without your permission. Microsoft Security Advisory (2953095) explains how attackers are currently using this vulnerability to execute commands on computers that open these types of RTF documents. This vulnerability also exists in Outlook if it is configured to use Word as its email viewer.

    The advisory states:

    Quote

    Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

    At this point there is no patch available, but Microsoft has released a Fixit that can be used to disable the opening of RTF content in Word. This fixit should be used by all users of Word until an official patch is released.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Linux Worm targets Internet-enabled Home appliances to mine Cryptocurrencies

    Could a perfectly innocent looking device like router, TV set-top box or security cameras can mine Bitcoins? YES! Hackers will not going to spare the Smart Internet-enabled devices.

     

    A Linux worm named Linux.Darlloz, earlier used to target Internet of Things (IoT) devices, i.e. Home Routers, Set-top boxes, Security Cameras, printers and Industrial control systems; now have been upgraded to mine Crypto Currencies like Bitcoin.

    Security Researcher at Antivirus firm Symantec spotted the Darlloz Linux worm back in November and they have spotted the latest variant of the worm in mid-January this year.

    Linux.Darlloz worm exploits a PHP vulnerability (CVE-2012-1823) to propagate and is capable to infect devices those run Linux on Intel’s x86 chip architecture and other embedded device architectures such as PPC, MIPS and MIPSEL.

    The latest variant of Linux.Darlloz equipped with an open source crypto currency mining tool called ‘cpuminer’, could be used to mine Mincoins, Dogecoins or Bitcoins.

    Symantec Researchers scanned the entire address space of the Internet and found 31,716 devices infected with Darlloz. “By the end of February 2014, the attacker mined 42,438 Dogecoins (approximately US$46 at the time of writing) and 282 Mincoins (approximately US$150 at the time of writing). These amounts are relatively low for the average cybercrime activity so, we expect the attacker to continue to evolve their threat for increased monetization.” Kaoru Hayashi, senior development manager and threat analyst with Symantec in Japan.

    Major infected countries are China, the U.S., South Korea, Taiwan and India.

    Darlloz hack malware

    Crypto Currency typically requires more memory and a powerful CPUs, so the malware could be updated to target other IoT devices in the future, such as home automation devices and wearable technology.A Few weeks back, Cisco has announced a global and industry-wide initiative to bring the Security community and Researchers together to contribute in securing the Internet of Things (IoT) and launched a contest called the “Internet of Things Grand Security Challenge“, offering prizes of up to $300,000 for winners.

    Users are advised to update firmware and apply security patches for all software installed on computers or Internet-enabled devices. Make sure, you are not using default username or password for all devices and block port 23 or 80 from outside if not required.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • HP expected to announce 3D printers in June Durability issues resolved, says Whitman

     Hewlett Packard will outline plans to enter the commercial 3D-printing market in June, saying it has solved a number of technical problems that have hindered broader adoption of the high-tech manufacturing process.

    Chief executive Meg Whitman told shareholders on Tuesday the company will make a “big technology announcement” this month around how it will approach a market that has excited the imagination of investors and consumers alike.

    However critics have accused the sci-fi-like technology of being over-hyped and still too immature for widespread consumer adoption.

    Industry observers have long expected HP,a dominant force in global printer manufacturing, to eventually get into the business. Whitman said HP’s inhouse researchers have resolved limitations involved with the quality of substrates used in theprocess, which affects the durability of finished products.

    “We actually think we’ve solved these problems,” Whitman told an annual shareholders meeting. “The bigger market is going to be in the enterprise space,” manufacturing parts and prototypes in ways that were not possible before.

    “We’re on the case,” she said without elaborating.

    HP executives have estimated that worldwide sales of 3D printers and related software and services will grow to almost $11 billion (AUD$12.2 billion) by 2021 from a mere $2.2 billion in 2012.

    The nascent 3D-printing market is now dominated by a number of smaller players like MakerBot, a unit of Stratasys that is concentrating on selling more affordable devices to consumers.

    Contract manufacturers like Flextronics however already use the technology to help craft prototype parts or devices for corporate clients.

    “HP is currently exploring the many possibilities of 3D printing and the company will play an important role in its development,”

    CTO and HP Labs director Martin Fink said in a February blogpost on HP’s website.

    “The fact is that 3D printing is really still an immature technology, but it has a magical aura. The sci-fi movie idea that you can magically create things on command makes the idea of 3D printing really compelling for people.”

     

    Complete Online Computer news and Repair

    WWW.CCREPAIRSERVICES.COM


  • Ex-Microsoft employee charged with leaking trade secrets

    Allegedly gave pre-release Windows info to a blogger.

    A former employee of Microsoft is facing criminal charges after he allegedly passed trade secrets to a blogger in France, US court documents showed.

    Russian national Alex Kibkalo, a former Microsoft employee in Lebanon and Russia, admitted to Microsoft investigators that he provided confidential company documents and information to the blogger, documents from a Seattle federal court showed.

    The blogger, who was not identified, was known to those in the Microsoft blogging community for posting screenshots of pre-release versions of the Windows operating system. The blogger hid his identity stating falsely that he was from Quebec, according to the documents.

    An internal investigation by Microsoft revealed unauthorised transmissions of proprietary and confidential trade secrets, according to the court documents. An email from Kibkalo was found within the blogger’s Hotmail account, establishing that he shared confidential data.

    “We take protection of our intellectual property very seriously, including cooperating with law-enforcement agencies who are investigating potential criminal actions by our employees or others,” a Microsoft spokesman said in a statement.

    A lawyer representing Kibkalo could not be reached for comment immediately.

    The court documents said during interviews, the blogger admitted to posting information on Twitter and his websites and selling Windows Server activation keys on eBay.

    According to Microsoft’s investigation, in July and August 2012, Kibkalo uploaded proprietary software including pre-release software updates of Windows 8 RT, as well as the Microsoft Activation Server Software Development Kit (SDK) to a computer in Washington and subsequently to his personal Windows Live SkyDrive account.

    Kibkalo, who worked with Microsoft for seven years, received a poor performance review in 2012 and threatened to resign if the review was not amended, the documents showed.

    According to an FBI agent who was part of the investigation, Kibkalo has relocated to Russia and based on a LinkedIn account, he is currently working for another US-based technology company with offices in Moscow and St. Petersburg.

     

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere