New Attack Method Delivers Malware Via Mouse Hover

Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.

Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.

Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.

“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.

“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover

Advertisements

What to do after installing Ubuntu 16.04 Xenial Xerus

I never use anything but LTS if and when I put Ubuntu on my machines so I will not cover 15.10 or 16.10. These are some of the things to do right after installing Ubuntu on your computer.

Important:
This is not an exhaustive list nor is it the only things to do. If you have anything to add, please leave a comment below.

Most of these steps will be terminal based so start up a terminal. Press the super key (the Key Formerly Known as the Windows Key) to bring up the Unity dash. Then, type in terminal and choose the icon for the terminal program.

Continue reading What to do after installing Ubuntu 16.04 Xenial Xerus

Apple iOS Apps

So I’ve been writing articles for a while and I never really spent time to put together something that lists apps for Apple devices. So here’s my first run in no particular order.

Lookout – Backup, Security and Missing Device

by: Lookout, Inc.
Don’t lose your iPhone or iPad again! Lookout is the best way to protect your precious iOS device from data loss, theft and other threats that put your personal information at risk.
Download from App Store

Norton Mobile Security – Lost Phone Finder

by: Symantec
Norton Mobile Security delivers powerful, effective protection for your iPhone and iPad against theft and loss. Remotely locate your phone from any place with an Internet connection or set off an alarm on your lost device.
Download from App Store

Free VPN – Onavo Protect

by: Onavo, Inc.
Onavo Protect helps keep you and your data safe when you browse and share information on the web. This powerful app helps keep you safe from malicious, phishing and unsecure mobile websites. It also helps secure your details when you login to websites or enter personal information such as bank accounts.
Download from App Store

Workflow: Powerful Automation Made Simple

by: DeskConnect, Inc.
Workflow is your personal automation tool, enabling you to drag and drop any combination of actions to create powerful workflows for your iPhone, iPad, and Apple Watch.
Download from App Store

Inbox by Gmail – the inbox that works for you

by: Google, Inc.
Inbox by Gmail requires an invite. Email inbox@google.com to request one. Your email inbox should help you live and work better, but instead it often buries the important stuff and creates more stress than it relieves. Inbox, built by the Gmail team
Download from App Store

Hours Time Tracking

by: Tapity, Inc.
Free for a limited time, celebrating the Apple Watch version. Hours is the time tracker you will use.
Download from App Store

RunKeeper – GPS Running, Walk, Cycling, Workout and Weight Tracker

by: FitnessKeeper, Inc.
Track your run pace, measure workout distance, chart weight loss, crush training goals and more with LifeHacker’s Best Running App! RunKeeper is the simplest way to improve fitness, whether you’re just deciding to get off the couch for a 5k, biking every day, or deep into marathon training.
Download from App Store

Calorie Counter & Diet Tracker by MyFitnessPal

by: MyFitnessPal.com
Lose weight with MyFitnessPal, the fastest and easiest-to-use calorie counter for iOS. With the largest food database by far (over 5,000,000 foods) and amazingly fast and easy food and exercise entry, we’ll help you take those extra pounds off!
Download from App Store

Minecraft – Pocket Edition

by: Mojang
Play the biggest update to Minecraft: Pocket Edition so far! It’s the overhaul of a generation. Download it now and see for yourself! Minecraft is a game about placing blocks and going on adventures.
Download from App Store

Quick Scan Pro – Barcode Scanner. Deal Finder. Money Saver.

by: iHandy Inc.
Quick Scan Pro – Find the lowest price for any product! Ever want to shop wiser? Quick Scan will be your best shopping companion. Just a fingertip away, low prices and product details from 1000+ online shops and local retailers en route to you anytime, anywhere.
Download from App Store

Map My Walk+ – GPS Walking and Step Tracking Pedometer for Calories and Weight Loss

by: MapMyFitness
Start walking with the MapMyWalk+ community. Record GPS-based activities to view detailed stats; connect with 400+ devices to import and analyze all your data in one place; log over 600 different activity types.
Download from App Store

OmniFocus 2 for iPhone

by: The Omni Group
OmniFocus for iPhone brings task management to your fingertips. Keep track of tasks by project, place, person, or date. With OmniFocus for iPhone, you’ll always have your important information at hand, whether it’s a shopping list, agenda items to discuss at work, things to do at home.
Download from App Store

OmniFocus 2

by: The Omni Group
Now a Universal iOS App with Apple Watch Support! OmniFocus for iOS brings the in-depth task management features of a desktop app to your fingertips. With flexible viewing options, location awareness, and on-the-fly task entry from just about anywhere.
Download from App Store

Mail+ for Outlook

by: iKonic Apps LLC
Securely access Outlook Email and Calendar – #1 Outlook/Exchange Email App – Top 5 business apps, peaked at 55 overall. Keep your work and personal email accounts separate.

Duolingo – Learn Languages for Free

by: Duolingo
Duolingo is Apple’s 2013 App of the Year! Learn Spanish, French, German, Portuguese, Italian, Irish, Dutch, Danish, Swedish, and English. Totally fun. Totally free.

Learn Spanish – Brainscape

by: Brainscape
Did you know that you may be wasting a huge portion of your time learning Spanish due to inefficient learning methods? Let me tell you how you can learn FASTER. It’s all about a new technique called Intelligent Cumulative Exposure.
Download from App Store

How to Cook Everything

by: Culinate, Inc.
This first-of-its-kind app of the bestselling cookbook—How to Cook Everything® from New York Times columnist Mark Bittman—has 2,000 recipes, 400 how-to illustrations, and a host of features that appeal to cooks on the go.
Download from App Store

That’s it for now. I will be adding more lists over time.

Heartbleed is back and it’s looking for enterprise wireless networks

A researcher has uncovered new ways to exploit the Heartbleed OpenSSL vulnerability, potentially exposing enterprise wireless networks, and the devices that connect to them, to a new wave of Heartbleed attacks.

Originally exposed in April, Heartbleed is a critical vulnerability in the OpenSSL encryption library that could expose up to 64 KB of memory on a vulnerable client or server if exploited, including keys used for X.509 certificates, authentication credentials and other communication protected by the open source encryption project.

The Heartbleed flaw was the result of a missing bounds check in the handling of the TLS heartbeat extension, and was thought to be exploitable only over TCP connections and after the TLS handshake. However, Luis Grangeia, a researcher with Portugal-based infosec consulting firm Sysvalue, found new ways to exploit the OpenSSL vulnerability.

In a May 30 blog post, Grangeia provided details on the new proof-of-concept, dubbed Cupid, which exposes TLS connections over the Extensible Authentication Protocol (EAP), and that allows for the deployment of authentication mechanisms like smart cards and one-time passwords over wireless networks. Grangeia explained that the EAP mechanisms potentially affected by Cupid include those that use TLS, namely EAP-PEAP, EAP-TLS and EAP-TTLS. Continue reading Heartbleed is back and it’s looking for enterprise wireless networks

Active 0day attack hijacking IE users threatens a quarter of browser market

If you are still using Windows and live your online life using any version of Internet Explorer you will want to keep up with this. My suggestion? Start using an alternate browser like Firefox or Chrome.

No patch available yet for critical bug affecting all supported versions of IE.

Attackers are actively exploiting a previously unknown vulnerability in all supported versions of Internet Explorer that allows them to surreptitiously hijack vulnerable computers, Microsoft warned Sunday.

The zero-day code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It’s also the first severe vulnerability to target affect Windows XP users since Microsoft withdrew support for that aging OS earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft’s freely available toolkit that greatly extends the security of Windows systems. Continue reading Active 0day attack hijacking IE users threatens a quarter of browser market

URGENT: Update your Flash Player

Adobe has released an emergency update for Flash Player on Windows, Mac and Linux. Current versions have a vulnerability that could potentially allow an attacker to remotely take control of the affected system. According to Adobe, an exploit for the vulnerability (CVE-2014-0497) exists in the wild.

Windows and Mac users of versions 12.0.0.43 and earlier should update to version 12.0.0.44. Users of Flash Player 11.2.202.335 and earlier versions for Linux should update to version 11.2.202.336. Adobe has also released a patched version 11.7.700.261 for Windows and Mac.

A Google Chrome update yesterday to version 32.0.1700.107 included the fixed Flash plugin bundled with that product. Microsoft has released an update for Windows 8.0 and 8.1 for the bundled Flash Player plugin in Internet Explorer 10 and 11.

Users may obtain the newest version of Adobe Flash Player from Adobe at get.adobe.com/flashplayer. Do not trust Flash Player installations or patches from any other source.

The vulnerability was reported to Adobe by Alexander Polyakov and Anton Ivanov of Kaspersky Lab.

Internet Explorer 7 and Adobe Lightroom 4 Now Work with Wine 1.7.11

Wine 1.7.11 introduces Uniscribe support in the RichEdit control, support for Slim Reader and Writer locks and condition variables, several D3D command stream goodies, an optional Start Menu implemented in the desktop mode, and improved support for vertical fonts metrics. The new testing release, which should not be used on production machines, also fixes issues with various Windows applications, including Adobe Lightroom 4, Spotify, Foxit Reader 6, .NET Framework 4.0, and Internet Explorer 7.

Complete Story

OSX Mavericks Free Upgrade

For those of you with an Apple Laptop or Desktop, here is a deal you can’t refuse but it’s probably not going to last for long so hurry up…

Load up your App Store and click Updates

Apple is letting you upgrade to their latest OS and it’s free for those currently using Mountain Lion, Lion or Snow Leopard….

The new software includes iBooks, which allows users to sync the books they are reading on their iPhone and iPad with their Mac computer. It also includes Apple’s Maps app, which also will sync with iOS devices to easily transfer addresses from your laptop to your phone. Apple’s Safari Web browser has also been updated with some new features, including a shared links sidebar that surfaces the links your friends have shared on Twitter or LinkedIn. Craig Federighi, Apple’s senior vice president of software engineering, also revealed today that Mavericks will improve battery life, even on current Macs, allowing up to an hour’s worth of extra Web browsing time. Continue reading OSX Mavericks Free Upgrade

Firefox for Organizations – Enterprise Working Group (EWG)

Think Firefox is just for home use? Think again, Mozilla now has a plan to ensure that your company is getting all the benefits from using Firefox but on an Enterprise level.

What is Mozilla Firefox ESR?

Mozilla offers an Extended Support Release (ESR) based on the official release of Firefox for desktop for use by organizations including schools, universities, businesses and others

who need extended support for mass deployments. You can read more about the plan here. Continue reading Firefox for Organizations – Enterprise Working Group (EWG)

Man Busts Out of Google, Rebuilds Top-Secret Query Machine

Every so often, the company releases a research paper describing one of the sweeping software platforms that help drive its online empire, and a few years later, this paper will spawn an open source software project that seeks to share Google’s creation with the rest of the world.

Papers describing the Google File System and Google MapReduce spawned Hadoop, an open source platform that lets you spread data across thousands of dirt-cheap computer servers and then crunch it into something useful. Google BigTable gave rise to an army of “NoSQL” databases that can juggle unusually large amounts of information. Google Pregel delivered multiple “graph” databases that can map the many online relationships between people and things.

Some have complained that the outside world takes far too long in rebuilding these groundbreaking Google creations. And thatincludes Mike Olson, the CEO of Cloudera, a Silicon Valley startup that brought Hadoop to the business world. But this time is different. Continue reading Man Busts Out of Google, Rebuilds Top-Secret Query Machine