Categories
Google Security Web Browsers

Hackers hijacked computers to mine for cryptocurrency

Ars Technica reports that some YouTube ads were secretly running cryptocurrency mining scripts that consumed up to 80% of CPU resources.  PCMag.com states that Google blocked the ads shortly thereafter because these ads violated their terms of service.

The Seattle Times also reported on cases where computers on an employer’s network were running unauthorized software in order to mine for cryptocurrency – a process currently labeled “cryptojacking” by cybersecurity experts.

eWeek also noted that Docker containers may be vulnerable to cryptocurrency mining attacks.

Categories
Apple Linux PowerShell Windows

Microsoft PowerShell Core 6.0 runs on multiple platforms

On January 10th 2018, Microsoft announced the release of a new product: PowerShell Core 6.0. PowerShell Core is open-source, built on top of .NET Core (CoreCLR) and runs on Windows, macOS, and Linux.

More information is available here.

Categories
Security Wi-Fi

Wi-Fi Alliance announces new WPA3 wireless security protocol

The tech industry group Wi-Fi Alliance announced the upcoming release of the WPA3 wireless security protocol on January 8th 2018.   WPA3 is the future replacement of the WPA2 protocol which was shown to be vulnerable to the Krack attack security flaw in 2017.

Categories
Amazon.com Android Apple Azure Cloud Google iOS iPhone Linux MySQL Operating Systems Oracle Security Smartphones SQL Server Web Browsers Windows

Meltdown and Spectre security flaws forces tech companies to release updates

Two recently detected security flaws currently named “Meltdown” and “Spectre” are causing Apple, Microsoft, Google, Intel, and others to release security updates to fix any potential problem.  The flaws potentially affect all recent computers, smartphones, and tablets that use a CPU performance feature called speculative execution.  There is no evidence that the flaws have been exploited at this time.  The general recommendation is to download updates for all devices.

Current Apple products may have the security flaws with the exception of the Apple Watch.  Apple is continuing to work on updates and released a statement at https://support.apple.com/en-us/HT208394.

Microsoft issued guidance for Windows users, SQL Server, Windows Server, and has updated most of its Azure infrastructure and will continue to do so.  Security update KB4056890 also updates Internet Explorer and Edge browsers.   Microsoft also issued update KB4056892 for various Windows versions but notes that some AMD processor machines to stop working after installing it.

Google recommended that Chrome users should turn on site isolation.  Google also responded with these blog posts:
https://support.google.com/faqs/answer/7622138
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Mozilla is working on updates and a fix is available in Firefox 57.0.4 version.

Amazon has updated its servers already and will continue to do so.

Intel released a statement as well and is releasing updates.  It also reported some systems rebooted more frequently after the updatesAMD also released a statement on their CPUs and speculative execution.

Oracle issued updates for MySQL, Java, PeopleSoft and other products that it maintains.

The CERT Vulnerability Notes Database has logged this issue as Vulnerability Note VU#584653.

eWeek reported that Linux 4.15 was released with Meltdown and Spectre patches and that further patches would be made for this issue.

More information can be found at https://spectreattack.com.

Categories
Apps and Utilities Microsoft Office

Microsoft Whiteboard App

Microsoft announced the release of Microsoft Whiteboard – Preview version for Windows 10.  This app allows multiple users to sign into their Microsoft accounts and remotely update a virtual whiteboard to collaborate visually.  This app is free to use for any one user with a Windows 10 device.  For multiple users, at least one participant must be logged into an Office 365 personal, work, or school account.  More details are at products.office.com/en-us/microsoft-whiteboard/digital-whiteboard-app and the FAQ page.

Update: Microsoft Whiteboard app is now generally available for Windows 10 devices at the Microsoft Store, and there is now an iOS version for iPhone and iPad.

Categories
Training

Take Microsoft certification exams remotely with Online Proctored Exam Delivery

Microsoft allows users to take its certification exams remotely as well as at Pearson VUE testing centers by using Online Proctored (OP) Exam Delivery.  The user’s computer will have to meet certain system requirements and the user will be monitored remotely by an exam proctor via webcam and microphone.

More information is available at https://www.microsoft.com/en-us/learning/online-proctored-exams.aspx.

Categories
Android Security Smartphones

Smartphones can detect some Bluetooth credit card skimmers

Credit Card skimmers can be found at gas station pumps, ATMs or video rental boxes.  Most current skimmers target the magnetic strip instead of newer chip technology credit and debit cards.  The PIN may also be stolen, so it is safer to use a debit card as a credit card without entering the PIN.

ZDNet reports that the Bluetooth skimmers usually broadcast under the name “HC-05” with password “1234”, or appear with a name consisting of a long string of numbers.  To search for potential skimmers, open Settings on your cellphone, enable Bluetooth, and scan for devices.

Skimmer Scanner is an Android app that detects card skimmers and is available at the Google Play Store or at GitHub.