Hackers hijacked computers to mine for cryptocurrency

Ars Technica reports that some YouTube ads were secretly running cryptocurrency mining scripts that consumed up to 80% of CPU resources.  PCMag.com states that Google blocked the ads shortly thereafter because these ads violated their terms of service.

The Seattle Times also reported on cases where computers on an employer’s network were running unauthorized software in order to mine for cryptocurrency – a process currently labeled “cryptojacking” by cybersecurity experts.

eWeek also noted that Docker containers may be vulnerable to cryptocurrency mining attacks.

Meltdown and Spectre security flaws forces tech companies to release updates

Two recently detected security flaws currently named “Meltdown” and “Spectre” are causing Apple, Microsoft, Google, Intel, and others to release security updates to fix any potential problem.  The flaws potentially affect all recent computers, smartphones, and tablets that use a CPU performance feature called speculative execution.  There is no evidence that the flaws have been exploited at this time.  The general recommendation is to download updates for all devices.

Current Apple products may have the security flaws with the exception of the Apple Watch.  Apple is continuing to work on updates and released a statement at https://support.apple.com/en-us/HT208394.

Microsoft issued guidance for Windows users, SQL Server, Windows Server, and has updated most of its Azure infrastructure and will continue to do so.  Security update KB4056890 also updates Internet Explorer and Edge browsers.   Microsoft also issued update KB4056892 for various Windows versions but notes that some AMD processor machines to stop working after installing it.

Google recommended that Chrome users should turn on site isolation.  Google also responded with these blog posts:

Mozilla is working on updates and a fix is available in Firefox 57.0.4 version.

Amazon has updated its servers already and will continue to do so.

Intel released a statement as well and is releasing updates.  It also reported some systems rebooted more frequently after the updatesAMD also released a statement on their CPUs and speculative execution.

Oracle issued updates for MySQL, Java, PeopleSoft and other products that it maintains.

The CERT Vulnerability Notes Database has logged this issue as Vulnerability Note VU#584653.

eWeek reported that Linux 4.15 was released with Meltdown and Spectre patches and that further patches would be made for this issue.

More information can be found at https://spectreattack.com.

Microsoft Whiteboard App

Microsoft announced the release of Microsoft Whiteboard – Preview version for Windows 10.  This app allows multiple users to sign into their Microsoft accounts and remotely update a virtual whiteboard to collaborate visually.  This app is free to use for any one user with a Windows 10 device.  For multiple users, at least one participant must be logged into an Office 365 personal, work, or school account.  More details are at products.office.com/en-us/microsoft-whiteboard/digital-whiteboard-app and the FAQ page.

Update: Microsoft Whiteboard app is now generally available for Windows 10 devices at the Microsoft Store, and there is now an iOS version for iPhone and iPad.

Take Microsoft certification exams remotely with Online Proctored Exam Delivery

Microsoft allows users to take its certification exams remotely as well as at Pearson VUE testing centers by using Online Proctored (OP) Exam Delivery.  The user’s computer will have to meet certain system requirements and the user will be monitored remotely by an exam proctor via webcam and microphone.

More information is available at https://www.microsoft.com/en-us/learning/online-proctored-exams.aspx.

Smartphones can detect some Bluetooth credit card skimmers

Credit Card skimmers can be found at gas station pumps, ATMs or video rental boxes.  Most current skimmers target the magnetic strip instead of newer chip technology credit and debit cards.  The PIN may also be stolen, so it is safer to use a debit card as a credit card without entering the PIN.

ZDNet reports that the Bluetooth skimmers usually broadcast under the name “HC-05” with password “1234”, or appear with a name consisting of a long string of numbers.  To search for potential skimmers, open Settings on your cellphone, enable Bluetooth, and scan for devices.

Skimmer Scanner is an Android app that detects card skimmers and is available at the Google Play Store or at GitHub.