Tag: Technology News

Windows Media Player May Be Replaced By Microsoft App

A Reddit user named “Noam_ha” recently posted a screenshot displaying a popup message when users open the venerable Windows Media Player (WMP), asking users if they would instead like to open the video file with the company’s more modern Movies and TV app.

The popup message touts the Movie and TV app’s advantages, which includes better battery life if running on a phone or laptop, better compatibility with more modern video formats, a mini-view, and support for 360-degree video on Augmented Reality devices.

There are several interesting things to note here:

First, while the new popup message clearly signals Microsoft’s preferences, the reality is that in many ways, the Movie and TV app is a poor substitute for WMP.  It only has modest functionality and has a downright awful interface. Even worse, many features found in WMP (like streaming video from online repositories, queuing, and variable play speeds), are simply not present in the new app.

Second, this appears to be a recent shift inside the company, because WMP comes pre-installed on Windows 10.

On the other hand, WMP hasn’t received a significant update since the Movie and TV app was first released with the launch of Windows 7.  In that respect, at least, the writing has been on the wall for some time now.

This marks the second beloved app that Microsoft has decided to kill in recent months.  Recall that just last year, the company announced the end of Microsoft Paint, a kludgy, barely functional graphics program that was nonetheless, strangely beloved by users.  It was retired and replaced with “Paint 3D,” and now, all indications are that Windows Media Player is headed for a similar fate.

That wouldn’t necessarily be a bad thing, but given the condition of  the new Movies and TV app, the decision probably isn’t going to win Microsoft any friends.

Vega Stealer Malware Goes After Your Saved Credentials

There’s a new security threat to be worried about, and security professionals are warning that it could be very bad indeed.  The new malware is known as the “Vega Stealer,” and is currently being used in a relatively simplistic phishing campaign designed to harvest financial data that has been saved in both Google Chrome and Firefox browsers.  Unfortunately, based on an analysis of the code, it could be a much more serious threat.

Vega Stealer isn’t 100 percent original work, but rather, is a variant of another nasty bit of malware known as “August Stealer.”  Built on the .NET framework, it’s designed to ferret out and steal cryptocurrency wallets, passwords, cookies, saved credit cards, and more.

If your computer is infected, and you’re using Firefox, Vega Stealer will specifically target the files “key3.db” and “key4.db,” along with “cookies.sqlite” and “logins.json,” which store a variety of keys and passwords.

In addition to that though, it can also take screen captures of your PC and scan for, and steal any file with the following extensions:

  • .pdf
  • .xlsx
  • .xrft
  • .docx
  • .doc

Of course, it would be a trivial matter for the owners of the malware to expand this list even further.

As mentioned, the current campaign isn’t terribly sophisticated, relying on emails bearing titles like “Online Store Developer Required.”  The emails being sent contain a poisoned file called “brief.doc” which contains macros designed to install the malware.

If the recipient clicks on the word doc, it will install a file named “ljoyoxu.pkzip” in that user’s “Music” directory, and then automatically executes the file so it can begin harvesting.

Researchers from Proofpoint, who found the malware strain had this to say:

“The document macro utilized in this campaign is a commodity macro that we believe is for sale and used by multiple actors, including the threat actor spreading Emotet banking Trojan.  However, the URL pattern from which the macro retrieves the payload are the same as those used by an actor we are tracking who distributes the Ursnif banking Trojan, which often downloads secondary payloads such as Nymaim, Gootkit, or IcedID.  As a result, we attribute this campaign to the same actor with medium confidence.”

Be on your guard.

Apple Releases Major iPhone and iOS Device Update 11.3

There’s a lot to talk about in Apple’s latest update to iOS.  Version 11.3 boasts some significant changes and is well worth getting.  We’ll go over the highlights below.

Battery management is the biggest and most significant change.  Last year, the company found itself in hot water when they began quietly throttling older phones and slowing down their performance because older phones have batteries that begin to degrade.  In the absence of throttling, it’s entirely possible that a user’s phone will simply shut down when it attempts to run a process that requires more power than the aging battery can provide.

Despite the company’s good intentions, their decision to throttle older phones met with serious backlash from their normally adoring customer base, and the company has changed their approach in 11.3.  Now, throttling is optional and under user control if you have an iPhone 6, 6S/6S Plus, 7, or 7 Plus SE. However, all users, regardless of model now have access to a new battery health screen so they can keep tabs on the condition of their battery and make good decisions about if and when to replace.

Another significant change is the addition of a new Health Records section, which allows users to get easy access to their medical records if their doctor also utilizes the app.

On the business side, the 11.3 update comes with Business Chat, which allows select businesses to communicate with customers directly in the iMessage app, rather than via social media or email.  While there aren’t a lot of companies taking advantage of this feature yet, you can bet that in coming weeks, you’ll see a slew of big names signing up to take advantage of the service.

There is a raft of other, smaller features in 11.3, but even if there weren’t, the “Big Three” mentioned here would make the update well worth getting.  Kudos to Apple!

Biometric Authentication Seeing Wide Adoption In Businesses

According to a new report published by Spiceworks, nearly 90 percent of businesses will use some type of biometric technology for authentication by the year 2020.  In fact, some 62 percent of companies already use biometrics in some form, with another 24 percent stating their intention to do so within the next two years.

The particulars break down like this:

  • 57 percent of companies using biometric authentication use fingerprint scanners
  • 14 percent use facial recognition
  • Five percent make use of hand geometry recognition
  • Three percent use iris scanners
  • Two percent use voice recognition
  • Two percent use palm-vein recognition

There are only a handful of companies that provide biometric solutions. Of those, Apple dominates the space, providing 34 percent of fingerprint scanning solutions and 14 percent of facial recognition solutions.

The rest of the market breaks out as follows:

  • Lenovo Fingerprint Manager is used by 13 percent of companies that utilize biometrics
  • Samsung fingerprint readers are used by 13 percent
  • Microsoft’s Windows Hello (face login) is used by 13 percent
  • Android’s Face Unlock is used by seven percent

As widespread as biometric adoption has been, only 10 percent of CIOs felt that biometric solutions were secure enough to be the sole means of authentication.  IT security professionals have reached largely the same conclusion, with just 23 percent of them thinking that biometrics could replace traditional text-based passwords within the next two years.

The two biggest hurdles they see are the relative lack of transparency provided by biometric solutions providers about flaws and vulnerabilities discovered in their systems, and the lack of transparency around the biometric data collected by vendors.

Peter Tsai, a senior technology analyst at Spiceworks had this to say about the report: “Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo.  Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”

Chili’s Is The Latest To Suffer A Credit Card Breach

Brinker International (the parent company of the Chili’s restaurant chain) formally announced that on May 11, they discovered malware on an undisclosed number of their point of sales terminals.  Details are sketchy at this point, because the investigation is still ongoing, but the company had the following to say about the incident:

“If you used your payment card at a Chili’s restaurant between March and April 2018, it does not mean you were affected by this incident.  However, out of an abundance of caution, we recommend that you remain vigilant and consider taking one or more steps to avoid identity theft, obtain additional information, and protect your personal information.”

Among other things, the company is recommending that all customers who have dined at a Chili’s restaurant during the period when the malware was active should contact one of the national credit reporting agencies and set up a fraud alert or a security freeze.  You should, of course, also closely monitor the payment card you used, to be sure that you recognize all of the charges hitting that particular payment card.

At this point, it is unknown exactly how many Chili’s locations were impacted, nor exactly how many customer records were compromised. It could be weeks, or even months before we have those details, so the company’s recommendation is a good one.

So far, Brinker’s handling of the aftermath of the issue has been exemplary, and based on that, we have every reason to expect that they’ll continue to handle well to its conclusion.  The problem  is that we keep seeing successful breaches like this because the hackers are changing their tactics more quickly than company IT resources can adapt and respond to.  Until and unless that changes, we’ll be treated to more reports like this.

21 Percent Of Internet Traffic Riddled With Bad Bots

How much of your website’s traffic is driven by bots?  The answer may surprise you.  Overall, bots account for nearly half of all web traffic. The “good” bots account for 20.4 percent, and “bad” bots account for 21.8 percent.

Hackers, scammers and fraudsters commonly use bad bots to scrape content, test stolen account credentials, issue spam, conduct digital ad fraud by generating bogus clicks, conduct brute force attacks, and mine data from competitors.

Distil Networks keeps tabs on bad bot activities in their annual “Bad Bot Report”. This year’s analysis reveals that gambling websites and commercial airline companies suffer a disproportionate percentage of bad bot attacks, with 53.1 percent of gambling traffic coming from bad bots, and 43.9 percent of airline traffic coming from bad bots.

83.2 percent of bad bot attacks are initiated via Chrome, FireFox, Internet Explorer, and Safari web browsers.  10.4 percent come from mobile browsers, with Android, Opera, and Safari Mobile being the most commonly used.

82.7 percent of bad bot traffic originates in data centers, which is up from 60.1 percent in 2016, indicating that hackers are coming to increasingly centralize and scale their efforts.

Tiffany Olson Jones, the CEO of Distil Networks had this to say about the recently published report:

“This year, bots took over public conversation as the FBI continues its investigation into Russia’s involvement in the 2016 US presidential election and new legislation made way for stricter regulations.  Yet as awareness grows, bot traffic and sophistication continue to escalate at an alarming rate.  Despite bad bot awareness being at an all-time high, this year’s Bad Bot Report illustrates that no industry is immune to automated threats and constant vigilance is required in order to thwart attacks of this kind.”

While the total number of bad bot attacks continues to increase, the landscape is shifting.  For the first time since the Bad Bot report has been published, Russia topped the list as the most blocked country, with 20.7 percent of companies issuing country-specific IP block requests, while China, which topped last year’s list, fell to sixth place, with 8.3 percent.

This is a problem that’s not going to go away.  Continued vigilance is a must.

SSD Drive Makers Adding Features To Reduce Duplicate Data

Big changes are in the works in the SSD-based storage ecosystem. It includes three different vendors all making similar announcements regarding designs to help companies that rely on SSD-based storage systems to reduce duplication and control data creep.

It’s not hard to see why they’re scrambling.  Although the price of SSD-based storage systems are coming down, it’s a slow process.  Currently, a gigabyte’s worth of SSD storage costs about forty cents, versus about five cents per gigabyte of HDD storage.  Less data duplication means less data to store, making the SSD drives utilizing the new technology more efficient.

Here’s a quick overview of the solutions offered by the three major vendors in this space:

  • Hitachi – Hitachi is working to upgrade all-flash F-Series and its hybrid flash/hard disk G-Series of drives, as well as its SVOS operating system. The improvements to the operating system include new AI-based container and operations support and introduced a new feature in the form of the “Hitachi Infrastructure Analytics Advisor.” This provides real-time analysis of your data center optimization across all storage devices, networks, servers and virtual machines in a bit to more efficiently predict data center needs and optimize/troubleshoot data storage.
  • HPE – The company has upgraded their “Nimble” storage line, which includes an array of all-flash products, a hybrid disk-flash product line and a secondary flash line. The big change here is that the company’s products now support inline, variable block size deduplication.  The company claims this change makes their products “the most efficient hybrid arrays in the industry by a wide margin.”
  • IBM – IBM has issued an upgrade to its Storwize arrays, the first in more than two years. The update improves cloud integration, overall disk performance and an array of enhanced deduplication tools, claiming as much as a 5:1 data reduction while retaining 100 percent data availability (provided you’re using IBM HyperSwap).

How big an impact these changes will have remains to be seen, but kudos to all three companies for taking decisive steps to bolster the performance of their storage devices.

Beware Fake Craigslist Email Could Contain Ransomware

If you post ads on Craigslist for short term employment, be aware that there’s a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users.

By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist’s “Gigs” section for short term employment.  The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are resumes.

If the recipient enters the password to unlock the document, they’ll then be presented with a screen that asks them to enable the content in the document.  Unfortunately, this is the step that dooms the user. The file isn’t a resume at all, but merely a delivery vehicle.

As soon as the content is enabled, the ransomware will be installed, the user’s files will be encrypted, and then will “helpfully” post a message explaining that the files have been encrypted, and explaining that to get access to them again, they’ll have to pay a $400 fee, which rises to $800 if the user waits longer than seven days to request the decryption key.

Unfortunately, there’s no known way to decrypt Sigma-encrypted files other than paying the ransom.

This is a new twist on a very old game. Even worse, it’s enjoying a relatively high success rate because people who post ads for short term employment on Craigslist expect to get responses from people they don’t know. They expect that those people will be sending resumes for review.

The “tell” is that when a potential employee sends you a resume, it’s almost certainly not going to be password protected.  In this case, your best bet would be to reply to the sending and ask them to send you a non-protected resume if they’re genuinely interested in the job.

Energy Companies Under Attack From Malware

The energy sector is in danger, and almost nobody is talking about it.  This, according to a newly published report by Kaspersky Labs.

At issue are ICS (Industrial Control System) computers.  Hackers are increasingly targeting them, having recently been given a robust set of tools to do so.

Recall that in 2010, Kaspersky Labs uncovered the first instances of a malicious computer worm known as “Stuxnet.”  This worm was a beast.  Nothing like it had ever been seen before, and all indications were that it had been created at the behest of a nation-state with deep pockets.

Its purpose was to invade PLC’s (Programmable Logic Controllers) which are essentially primitive computers used by almost every modern industry.  In many ways, these rudimentary computers are what makes modern society possible.  Worse, they have almost no protections in place, because until Stuxnet, no one even considered the possibility that they would be the target of an attack.

The problem is that the damage caused by attacking these controllers isn’t limited to the digital realm.

In Iran, Stuxnet was used to cause significant damage to that country’s fledgling nuclear program by causing dozens of their centrifuges to explode.

Since the code has now been in the wild for many years, variants of the worm have been developed.  The fear has been that the newer, more robust variants could be used to target critical infrastructure around the world.

That now appears to be happening.  According to the Kaspersky Labs report, nearly 40 percent of all analyzed ICS’s in the energy sector have been attacked at least once by malware.

So far, those attacks haven’t caused any significant damage in the physical world, but this is a simple numbers game.  Sooner or later, it’s going to happen, and with tragic consequences.

Attacks on Health Organizations Increasing At Alarming Rate

It used to be the case that credit card companies and retail outlets were the primary targets of hackers around the world.  Make no mistake, they still get attacked with regularity, but the hackers have found a new and even more lucrative target:  Health Organizations.

According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017.  It gets worse.  Those breaches exposed PHI and PII of more than five million individuals.

The reason for the shift away from credit card data to medical records comes down to profits.  PHI and PII can often be sold on the Dark Web for ten times the amount that credit card information will bring.  The hackers are simply obeying the laws of economics and going where the money is.

Brian Wells, the Director of Healthcare Strategy at Merlin International had this to say about the report:

“In an increasingly connected, digitally centric world, hackers have more opportunities and incentive than ever to target healthcare data, and the problem will only increase in scope over time.

Healthcare organizations must get even more serious about cyber security to protect themselves and their patients from losing access or control of the proprietary and personal information and systems the industry depends on to provide essential care.”

Worst of all, a shocking percentage of medical/healthcare companies don’t seem to be serious about cyber security at all.  Although the average cost of a medical data breach is approximately four million dollars, a staggering 49 percent of companies in the industry don’t have an incident response plan of any kind.  There’s no process in place to properly respond to an attack, or to mitigate the fallout if a breach occurs.  These companies are sitting ducks.