Defend yourself against World Cup scams

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

The 2014 World Cup tournament kicks off today in Brazil. Soccer (or football anywhere outside of the United States) is the most popular sport in the world, and billions of people will be following the matches closely. While you’re busy figuring out how to stream games to your work PC while appearing to be busy with an Excel spreadsheet, you should be aware that World Cup will also be a feeding frenzy of malware and phishing attacks.

This shouldn’t come as a surprise. Capitalizing on major news and current events is a common technique for cyber criminals. Millions of people sitting on the edge of their seats, waiting for any tidbits of information related to the World Cup tournament, are simply too big and too easy of a target to pass up.

Guillaume Lovet, senior manager of the FortiGuard Labs’ Threat Response Team, shared his thoughts with me about the top four scams you should be on the lookout for as the World Cup gets underway.

Read more »

0

Vigilance is the only cure for comment spam

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

One of the best ways to demonstrate expertise and establish a positive reputation for your business or your employer is by sharing information through posts on a website. And one of the best ways to engage customers is to allow comments on those posts and to respond to them. If you’re not careful, though, spammers will derail your comments and possibly drive potential customers away.

new report from Imperva reveals that 80 percent of the comment spam originates from less than one-third of the spammers, and a mere 17 percent of comment spammers actually account for a majority of the comment spam traffic. Imperva also found that nearly 60 percent of comment spammers are active for long periods of time.

Wikipedia defines comment spam as "a broad category of spam bot postings, which abuse Web-based forms to post unsolicited advertisements as comments on forums, blogs, wikis and online guest books.”

Read more »

8

Microsoft pushes out massive security update for Internet Explorer

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical security bulletins—the cumulative update for Internet Explorer—is huge.

In all, the seven security bulletins address a total of 66 specific vulnerabilities. The Cumulative Security Update for Internet Explorer (MS14-035) accounts for 59 of them—a record for a single Microsoft security bulletin.

Microsoft issued fixes for flaws in remote desktop, Lync Server, XML Core Services, Word, the TCP protocol, and the Microsoft Graphics Component that affect a range of products and services including versions of Windows and Office. The impact of a successful exploit ranges from denial of service, to information disclosure, to remote code execution, but the “star” of the show is Internet Explorer.

Read more »

3

Hey, Apple! Don’t forget about the Windows users

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

This week at WWDC, Apple’s annual developer conference, Apple showed off some of the new features and capabilities coming soon in iOS 8 and Mac OS X Yosemite. The level of integration between the mobile and desktop operating systems looks impressive, but maybe Apple should be focusing on how to provide that level of integration for Windows users with iOS devices.

Apple revealed some very cool capabilities that blur the line between the mobile device and the desktop. Mac OS X has already been able to send and receive messages in Apple’s proprietary iMessage service, but Yosemite will be also be able to interact with SMS text messages sent to the user’s iPhone. The new version of Mac OS X will also be able to view Caller ID information for incoming calls on the iPhone, and make and receive calls directly from the PC.

Those are great features.  But that Mac users are a relatively small market that misses most iOS users. Mac OS X has gained some market share in recent years, but it still hovers well below 10 percent. iOS, on the other hand, has been a dominant force in mobile devices since the launch of the original iPhone. The result is that most iOS users don’t actually use Mac OS X—in fact a recent report from Business Insider suggests that seven out of ten Windows users also have an Apple device.

Read more »

95

KnowBe4 backs its training with a crypto-ransom guarantee

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

Ransomware attacks like CryptoLocker have been plaguing users for a while now. The recent shutdown of the Gameover Zeus botnet has led to a dramatic decline in these types of attacks, but you can expect that cybercriminals will regroup and launch new ones soon enough. But KnowBe4, a company that offers security awareness training, is so confident it can teach users to protect themselves, it's offering to pay the ransom if a customer falls victim to a ransomware scheme.

Ransomware attacks like CryptoLocker compromise a PC by encrypting all of its data (and possibly all data on connected external or network drives as well) and holding it ransom. The attackers demand payment—often in the form of Bitcoin which is more difficult to trace—in exchange for providing the key necessary decryption key.

The FBI estimates that more than 200,000 users have been affected by ransomware, including CryptoLocker, CryptoDefense, and CryptoBit—accounting for somewhere in the neighborhood of $30 million worth of ransom payments in the last quarter of 2013 alone.

Read more »

0

How to protect yourself against Gameover Zeus and other botnets

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

The U.S. Department of Justice announced today that the Gameover Zeus (GOZ) botnet has been taken down in an effort dubbed “Operation Tovar.” The action was the result of a multinational effort between government agencies, law enforcement, and private companies to shut down the massive botnet responsible for more than $100 million in losses for victims. The cooperation necessary to take down the botnet is impressive, but there will be more, and it’s important for individuals to understand how to avoid falling victim to these threats.

CrowdStrike is one of the private companies that was heavily involved in Operation Tovar, and it worked with the United Kingdom’s National Crime Agency, the FBI, Europol, global law enforcement, and other players in the private sector. Adam Meyers, VP of intelligence at CrowdStrike, described the results of Operation Tovar. “Over 500,000 infected machines were effectively disconnected from criminal control,” he said. “The actors behind GOZ and Cryptolocker, which were both impacted by the recent actions, have done significant damage against unsuspecting victims.”

The U.S. Department of Justice announced that “Operation Tovar” has taken down the Gameover Zeus botnet. 

Read more »

5

Latest eBay flaw is a rookie mistake for a website

Tony Bradley , PCWorld Follow me on Google+

Tony is principal analyst with the Bradley Strategy Group, providing analysis and insight on tech trends. He is a prolific writer on a range of technology topics, has authored a number of books, and is a frequent speaker at industry events.
More by

When it rains it pours for eBay. Less than a week after the popular website revealed it was the victim of a massive data breach and directed users to change their passwords, researchers have discovered that it is vulnerable to serious flaws that could allow an attacker to access user accounts. Individuals need to know how to guard against falling victim to these security issues, and other businesses need to learn from eBay’s mistakes and do a better job of protecting resources on the Web.

The flaw in question is a cross-site scripting (XSS) vulnerability discovered by a 19-year-old college student in the United Kingdom. An XSS flaw can allow an attacker to inject malicious code into an otherwise legitimate website. The attacker can intercept a user’s session cookie enabling them to gain access to the user’s account and interact with the site as that user.

ebay vulnerability Jordan Lee Jones

A U.K. based security researcher showed how eBay is vulnerable to a cross-site scripting attack that could potentially be used to hijack user accounts.

Read more »

7