• Tag Archives computer repair news
  • E-Payment Alert Notification From Another US Bank – Customer phishing scam

    A slightly unusual phishing scam today

    https://i2.wp.com/myonlinesecurity.co.uk/wp-content/uploads/2016/12/scam_warning1.gif?fit=300%2C300&ssl=1

    The original email is nothing special and has a blank body and a PDF attachment. The PDF has a link to https://kamzink.com/redirect-new-alert-logon/redirect.htm which redirects you to ( or should redirect you to ) https://rattanhospital.co.in/new-usbank-security-update/usbank.com.online.logon/home  However this site only works in Firefox using Noscript when I block scripts from  omtrdc.net. ( which looks like an Adobe Marketing cloud analytics script)  Allowing scripts from that site display a blank page for me in all browsers.  I assume the phishers made a mistake and that script will only work on the genuine website so is  unable to display the page. This shows the error in just copy & pasting an entire website homepage  & just changing a few links on it.  Anyway, anything the phishers do wrong is a step in the right direction to protect users.

    Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

    The original email looks like this It will NEVER be a genuine email from your bank  any other company so don’t ever click the link in the email. If you do it will lead you to a website that looks at first glance like the genuine usbank website but you can clearly see in the address bar, that it is fake. Some versions of this and similar phishes will ask you fill in the html ( webpage) form that comes attached to the email.

    From: US BANK <unitedbankpayment.alert@communication.com>>

    Date: Wed 28/12/2016 08:15

    Subject: E-Payment Alert Notification From Another US Bank Customer

    Attachment: US_Bank_Payment_2_.pdf

    Body content:  Blank / Empty

    Following the link sends you to a site looking identical to the genuine usbank.com website ( with the above provisos)

    All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.


  • Samsung Galaxy S5 Fingerprint Scanner Easy Hack

    Samsung Galaxy S5 Fingerprint Scanner Hacked

    Samsung Galaxy S5 Fingerprint feature promises an extra layer of security for your smartphone, which also lets you make payments through PayPal. But does it really secure?

    Just three days after the launch of the Galaxy S5, Security researchers have successfully managed to hack Galaxy S5 Fingerprint sensor using a similar method that was used to spoof the Touch ID sensor on the iPhone 5S last year.

    FOOLING FINGERPRINT SENSOR
    SRLabs researchers recently uploaded a YouTube video, demonstrated how they were able to bypass the fingerprint authentication mechanism to gain unauthorized access just by using a lifted fingerprint with wood-glue based dummy finger.

    The S5 fingerprint scanner allows multiple incorrect attempts without requiring a password, so an attacker could potentially keep trying multiple spoofed fingerprints until the correct match.
    https://www.youtube.com/watch?feature=player_embedded&v=sfhLZZWBn5Q
    PAYPAL USERS AT RISK
    Samsung Galaxy S5 users can also transfer money to other PayPal users just by swiping their finger on the sensor, but this hack now allows hackers to access your PayPal account and linked bank accounts without ever having to enter a password.

    In addition, If you restart your Apple’s iPhone 5S, it requires you to enter a passcode, before you can use your fingerprint as a way to unlock the phone, but Samsung has no such security method in place at this time.

    No doubt, one need to have physical access of your device in order to exploit this flaw, so if your phone is stolen, a thief can access anything on your device.

    Hack once again showed that unlocking a device with Fingerprint is convenient, but not secure that the passcode security.


  • Microsoft announces vulnerability when viewing RTF documents in Word

    Microsoft yesterday announced a new vulnerability in Word where specially crafted RTF files could cause your computer to execute commands without your permission. Microsoft Security Advisory (2953095) explains how attackers are currently using this vulnerability to execute commands on computers that open these types of RTF documents. This vulnerability also exists in Outlook if it is configured to use Word as its email viewer.

    The advisory states:

    Quote

    Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

    At this point there is no patch available, but Microsoft has released a Fixit that can be used to disable the opening of RTF content in Word. This fixit should be used by all users of Word until an official patch is released.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere


  • Windows 9 to be released in April 2015

    [​IMG]

    If you compare how Windows 8 has been doing until now to how Windows 7 did in its first two years of existence, you will come to the conclusion that it did not do as well.

    Some say it failed as much as Windows Vista did, and while there are certainly similarities between the two operating systems, it is an unfair comparison.

    While Vista and 8 shipped after hugely successful Windows versions, XP and 7 to be precise, the why they failed is different.

    As far as Windows 8 is concerned, it failed because it concentrated too much on the creation of a unified platform, on mobile and touch features, and not enough on the desktop part of the system.

    In addition, decisions to make live for desktop users difficult, by removing the start menu or forcing them to start on the Start Screen interface, added to the frustration of many users.

    And then there is the slowing of the PC market, largely attributed by a shift to mobile and consumption, and by the fact that PC hardware has not seen any evolution in recent time.

    Microsoft did restore some features with Windows 8.1, and the upgrade is seen by many as a baby-step in the right direction.

    What we do know for certain is that a service-pack like upgrade will be released in April 2014 for Windows 8.1. It is not clear if it will introduce any new features or modifications to the operating system.

    The update could however be the last for Windows 8, as Microsoft could release Windows 9 as early as April 2015 according to Paul Thurrott.

    It is a rumor at this point in time, but according to Paul’s unnamed sources, Windows Threshold could indeed be Windows 9.

    Again, this is a rumor and subject to change. It would however make sense to move away from the Windows 8 name as soon as possible due to its performance up to this point. It would also keep the “every second Windows is a good Windows” rule alive, provided that Microsoft is improving the experience for desktop users on Windows 9.

    Two of the previous rumors in regards to Windows Threshold are that it will bring back a full start menu, and that it will allow users to run apps on the desktop in windows.

    According to Paul, Microsoft will deliver three milestone releases prior to the public availability of Windows 9 in April 2015. The company won’t release an early alpha version on this year’s Build conference though as work won’t have started yet on that version.

    Microsoft has a year to deliver Windows 9. Some may say that this is not a long time, and that it is unlikely that Windows 9 will ship with many major changes and feature additions in comparison to Windows 8.

    It is however enough time to further modify the operating system to make it more appealing to desktop users.

    ONLINE COMPUTER REPAIR SERVICES AND NEWS AT

    www.ccrepairservices.com