Blog
News, Articles, & Tips
Every month, Microsoft releases a large number of fixes and improvements for Windows. The latest August patch includes fixes for 48 vulnerabilities, with more than half listed as critical. If you’re a Windows user and your desktop is due for a software update, here are the essentials you need to know.
Microsoft discovered a flaw that hackers could remotely exploit to take full control over an affected computer. The hacker could then install programs, view, change or delete data, and create new accounts with full user rights. The August security updates address the vulnerability by fixing how your computer's memory interacts with Windows Search objects.
Another critical vulnerability is tied to Windows Hyper-V, a virtualization program. This flaw can be exploited when a server fails to properly verify an authenticated user from a virtual desktop.
For example, cyber criminals could exploit the vulnerability by running a malicious application on a guest operating system and cause the server to malfunction. The latest patch plugs the hole by correcting how Hyper-V validates guest operating system user input.
Microsoft security specialists revealed that the Edge browser is exposed to a remote memory-corruption vulnerability. Hackers can exploit this by luring an unsuspecting user to open a fake website that contains malicious programs. The new security update addresses the issue by modifying how Microsoft Edge handles objects in memory.
These are just a few examples of the critical vulnerabilities addressed in the August updates. In total, Microsoft patched 48 vulnerabilities in six of its main product categories, including Windows, Internet Explorer, Edge, SharePoint, Adobe Flash Player, and SQL Server. If you're interested in all the security updates, check out Microsoft's official Security Update Guide.
As a Windows user, you’re probably used to seeing pop-up messages that implore you to install a new Windows update. Take heed: These patches and updates cost you nothing and can be installed in a matter of minutes. All you need to do is give your consent with a couple of mouse clicks, so there really is no excuse for not updating.
It’s important to update to the latest Windows version to ensure your computer and data are safe from security threats. If you have any questions about Windows updates or need help scheduling them, get in touch with our experts today.
A new, Locky-type ransomware is currently infecting tens of thousands of computers worldwide. It uses the same code from the 2016 version to encrypt users’ files and it looks poised to cause another massive cyber emergency. Here’s everything we know so far.
According to a threat intelligence report, the email-based ransomware attacks started on August 9 and were detected through 62,000 phishing emails in 133 countries in just three days. It also revealed that 11,625 IP addresses were used to carry out the attacks, with the IP range owners consisting mostly of internet service providers and telecom companies.
The malicious email contains an attachment named “E 2017-08-09 (580).vbs” and just one line of text. Like the original Locky authors, attackers responsible for the new variant deploy social engineering tactics to scam recipients into opening the attached .doc, zip, pdf, .jpg or tiff file, which installs the ransomware into their systems.
When an unsuspecting user downloads the file, the macros run a file that provides the encryption Trojan with an entry point into the system. The Trojan then encrypts the infected computer’s files.
Once encryption is completed, the user receives instructions to download the Tor browser so they can access the "dark web" for details on how to pay the ransom. To retrieve their encrypted files, users will be asked to pay from 0.5-1 Bitcoin.
This ransomware variant builds on the strengths of previous Trojans. In fact, the original Locky strain made it easy for cyber criminals to develop a formidable ransomware that could evade existing cyber security solutions. This is why adopting a "deny all" security stance, whereby all files are considered unsafe until proven otherwise, is the best way to avoid infection.
Here are other tips to avoid infection:
Even with a trained staff and the latest protections installed, your IT infrastructure may still have unidentified security holes. Cyber security experts can better evaluate your entire infrastructure and recommend the necessary patches for your business’s specific threats. To secure your systems, get in touch with our experts now.
1233 The Plaza, Box# 189048
Charlotte, NC 28205
☎ 866.807.6624
