1. Google Is Bringing Back Chrome’s Close Other Tabs Option

    Email

    Not long ago, Google decided to remove the “Close Other Tabs” option from the right click context menu of their browser.

    While its removal didn’t exactly cause an uproar among Chrome’s massive user base, the move was greeted with confusion and resignation.

    It was after all a good, handy feature.

    If you’ve been missing it, then you’ll be pleased to know that as of the release of Chrome 78, the feature is being returned. Google didn’t explain why they decided to remove the feature in the first place, and they’ve offered no explanation as to why they suddenly decided to reinstate it. If you’re a power user in the habit of keeping dozens,or more tabs open, it’s good news indeed.

    Unfortunately, three other menu options were removed at the same time that “Close Other Tabs” was removed: “New Tab”, “Reopen Closed Tab”, and “Bookmark All Tabs”. Sadly, there’s no evidence that either of these are coming back.

    Granted, these things can be accomplished via other means. However, having them on the shortcut menu made their operation fast, simple and convenient. Even though the other three apparently aren’t coming back, we’re thrilled to hear that at least one of them will.

    Even without the rest, Google’s recent tweaks and changes to Chrome have all been exceptional. They should especially be proud of their password checkup extension and their eventual plans to roll that functionality into the browser itself. It’s easy to see why Chrome is still the browser of choice for a solid majority of users.

    Say what you want about giant tech companies, but Google has a demonstrated track record to enhancing user experience and increasing the digital safety of everyone who uses their products. Kudos to them for bringing a well-liked feature back.

    Used with permission from Article Aggregator


  2. Non-Updated Android Phones Vulnerable To NFC Beaming Hacks

    Email

    Has it been more than a month since you upgraded your Android OS?

    If so, you should make upgrading a priority.

    Just over a month ago, Google patched a critical flaw in the Android OS that allowed hackers to “beam” malware to any unpatched devices via a process called ‘NFC Beaming’.

    It relies on a service called Android Beam that allows an Android device to send videos, apps, images, or other files to a nearby device using Near-Field Communication (NFC) radio waves as an alternative to Bluetooth or WiFi. It’s a great technology and a handy capability but sadly, its implementation was flawed.

    Fortunately, the flaw was unearthed by an independent security researcher who alerted Google to the problem. Even worse, when files are sent in this manner, the user would not get a prompt warning them that an app was attempting to be installed from an “unknown source.”

    If there’s a silver lining in all of this, it is the fact that NFC connections are only initiated when two devices are sitting close to each other. By ‘close’ we mean really close. The range is limited to 4 centimeters (about an inch and a half). This limits the attack vector’s utility quite sharply.

    Even so, it’s something to be aware of, especially if you travel frequently. It’s well worth grabbing Google’s latest update for Android Oreo if you haven’t already done so. The alternative to this course of action is to go into your Android settings and disable Android Beam and NFC if it’s a feature you seldom use anyway.

    Kudos to the sharp-eyed researcher who caught the bug, and to Google, who responded swiftly and issued a fix for the issue.

    Used with permission from Article Aggregator


  3. Popular Web Domain Registrar Hit With Data Breach

    Email

    Do you have web domains registered with Web.com, Network Solutions or Register.com?

    If so, at least some of your data may have been compromised.

    Web.com recently reported that they and their two subsidiaries named above were breached by an unknown third party.

    The breach occurred in late August 2019 and the company discovered evidence of the intrusion on October 16th, 2019. They opted not to disclose the details until now.

    At present, the company is working with third-party forensic investigators and law enforcement. Investigators do not yet have a clear idea of precisely how many customer records were compromised, though the language used to describe the scope and scale of the breach is “limited.”

    Based on what investigators know so far, the data that was compromised included:

    Email addresses
    Phone numbers
    Physical Addresses
    Customer Names
    Information about the services that have been offered to customers
    The company stresses that no password or credit card information was compromised.

    As to next steps, the company is in the process of contacting all impacted customers. As a precaution, if you do business with any of the three companies mentioned at the start, you should probably change your password right away. Also, be sure you’re not using the same password at Web.com, Network Solutions or Register.com that you’re using anywhere else on the web.

    With so many high-profile incidents like these in the headlines, such advice shouldn’t have to be given. Yet, the latest surveys show that a shocking percentage of users still rely on the same password to give them access to multiple web properties, which is a recipe for disaster. If you haven’t broken that habit yet, it’s well past time to do so.

    Used with permission from Article Aggregator


  4. Racoon Stealer Malware Is New One To Watch For

    Email

    There is a new form of malware that you and your staff need to be aware of. That’s because it’s gaining in popularity among cyber criminals around the world. Known as ‘Racoon Stealer,’ it is noteworthy not for its complexity but rather, for its extreme ease of use. Worse, the malware’s designers have been marketing it aggressively both inside and out of the Dark Web, which is driving rampant adoption rates.

    Racoon Stealer was first spotted in the wild in April of 2019. It’s a Trojan virus that’s relatively simple in its construction, but quite adept at collecting password information and sending it back to whomever launched it.

    The Senior Director of Threat Hunting at Cybereason, Assaf Dahan, had this to say about the emerging threat:

    “Raccoon, like other information stealers, poses significant risks to individuals and organizations alike. Any malware that is designed to steal passwords and personal information from browsers and mail clients could potentially inflict great damage to its victims.

    The stolen data is being sold to the highest bidder in the underground community and can be used in many ways–from identity theft, financial theft or even as an entry vector to penetrate an organization and in order to carry out a larger attack.”

    In addition to the general hype created by the marketing campaign, the group behind Raccoon provides its criminal user base with more tools. These include an easy-to-use backend, hosting, and dedicated ’round the clock support, all for $200 a month. The data that this little piece of code can obtain can easily generate high amounts of income for the hacker. That makes it a fantastic investment for the criminal underground, which explains the malware’s explosive growth and spread.

    In any case, be sure your IT staff is aware, and be on your guard. It looks like Raccoon is here to stay.

    Used with permission from Article Aggregator


  5. Fake Voicemail Messages Tricking People Into Opening Malicious Content

    Email

    Office 365 has been the target of an increasing number of ongoing phishing scams.

    The latest scam involves using fake voicemail messages to convince targets that they need to log in to hear the full recording.

    Researchers at McAfee Labs had this to say about the matter:

    “Over the past few weeks McAfee Labs has been observing a new phishing campaign using a fake voicemail message to lure victims into entering their Office 365 email credentials. At first, we believed that only one phishing kit was being used to harvest the user’s credentials. However, during our investigation, we found three different malicious kits and evidence of several high-profile companies being targeted.”

    Recipients will receive an email message informing them that they missed a call. A partial recording is available andembedded in the email, but the recipient gets little more than hello, so there’s no real indication of what the message might be about.

    Then, if the recipient clicks the link provided to “log in and hear the message” they will, of course, be sent to a page that looks like an Office 365 login screen. All they’re really doing at that point is handing their credentials over to whomever sent the message.

    As we said at the start, Office 365 has become an increasingly popular target. There’s another scam making the rounds that tries to get a user’s login credentials by making it seem as though the message was sent by the recipient’s employer’s HR department and talks about an upcoming raise.

    Both are powerful approaches that have been yielding better results than usual for the scammers. Be sure your IT staff and all of your employees are aware of and on their guard against these scams.

    Used with permission from Article Aggregator


  6. Windows Bug Found To Cause Slow Startup

    Email

    Microsoft recently published an important new support document relating to several Windows versions.

    The document reads, in part, as follows:

    “After you configure a Windows-based computer to use large amounts of memory, including persistent memory, the computer takes longer than expected to start up. Additionally, increased CPU usage occurs for a short time after startup. Increased CPU usage occurs when an application frees and reallocates large ranges of memory in rapid succession.”

    This newly discovered bug has been acknowledged as being present in the following versions of Windows:

    Windows Server IoT 2019 Standard
    Windows Server IoT 2019 Datacenter
    Windows Server 2019 Standard
    Windows Server 2019 Datacenter
    Windows Server 2016 Standard
    Windows Server 2016 Datacenter
    Windows 10 Pro For Workstation
    If this issue had primarily impacted the PCs of your employees, it would be problematic but wouldn’t necessarily bring your operation to a grinding halt. Although let’s face it, nobody likes dealing with a slow computer. Take a second look at the list above. This is a problem that overwhelmingly impacts the server side of things, and significant slowdowns there can have serious repercussions to every aspect of your business.

    Unfortunately, there has been no word yet from Microsoft about when the issue will be resolved. You can bet that they’ll be interested in keeping their Enterprise customers happy, so this one is almost certainly to be given top priority.

    We do know that the company is aware of it and working on a fix. In a related vein, the company also recently announced that future versions will include additional optimizations in the startup path of the OS. Although we would prefer having a predictable timeframe for the fix of this issue, we are pleased to hear about the additional startup optimizations. Stay tuned for additional developments.

    Used with permission from Article Aggregator


  7. Hackers Are Imitating Government Agencies To Spread Malware

    Email

    Researchers at Proofpoint have found evidence of a new threat actor who has been sending out convincing looking emails.

    They are claiming to come from several government agencies.

    These include the Italian Revenue Agency, the German Federal Ministry of Finance, and the United States Postal Service.

    This is all part of a malicious campaign designed to infect targeted recipients with a variety of malware.

    The bulletin Proofpoint released on matter reads, in part, as follows:

    “Between October 16 and November 12, 2019, Proofpoint researchers observed the actor sending malicious email messages to organizations in Germany, Italy, and the United States, targeting no particular vertical but with recipients that were heavily weighted towards business and IT services, manufacturing, and healthcare.

    These spoofs are notable for using convincing stolen branding and lookalike domains of European taxation agencies and other public-facing entities such as Internet service providers. Most recently, the actor has attacked US organizations spoofing the United States Postal Service. The increasing sophistication of these lures mirrors improved social engineering and a focus on effectiveness over quantity appearing in many campaigns globally across the email threat landscape.”

    In the US, emails claiming to be from the post office come with an attached Word Document called “USPS_Delivery.doc.” If a recipient clicks on the document to open it, they’ll receive a message that the file has been encrypted for additional security and in order to view it, they’ll be required to “enable content.”

    Naturally, clicking on the “enable content” button does nothing of the sort. Instead, it installs whatever malware the senders have associated with the email in question.

    The identity of the threat actor is not known at this time, but this is a serious issue that you should immediately alert all employees about in order to minimize the risk to your company.

    Used with permission from Article Aggregator


  8. Public Chargers Can Expose Your Device To Hacking And Malware

    Email

    On paper, it seems like a lovely idea to use a public charger.

    Airports, hotels, and other high traffic areas have begun to increasingly offer public USB power charging stations to give people a convenient means of recharging their favorite devices.

    Unfortunately, things are not working out quite according to plan.

    Naturally, hackers around the world have taken note, and regard such easily accessed terminals as juicy targets and low hanging fruit.  According to a security alert published by the Los Angeles District Attorney’s office, many of these stations have been compromised, and using them could expose you to malware.  This type of attack even has its own name:  Juice Jacking.

    In recent years, several proofs-of-concept have been created that demonstrate how these charging stations can be taken over by hackers and used to distribute malware to anyone foolish enough to plug into them.  Of these, the worst of the lot was proudly displayed at the 2013 Black Hat security conference. In that case, it was a malicious charger that could deploy malware on any iOS device.

    Just a handful of years later, in 2016, Samy Kamkar raised the bar with an Arduino-based device he dubbed “KeySweeper.” By all outward appearances, it was just a USB wall charger. However, it wirelessly and passively sniffed, decrypted, logged, and reported back all keystrokes from any Microsoft wireless keyboard in its vicinity.

    While these two were the most prominent examples of the kinds of havoc hackers can cause on this front, there are many others.  To try and get a handle on the problem, the LA District Attorney’s Office issued a security bulletin that recommended the following tips to all travelers:

    • Use AC power outlets only, not USB charging stations
    • Take AC and car chargers with you when traveling because you know and trust them
    • Consider buying a portable charger for emergency use

    Good advice.  If you’re a frequent traveler, these tips are well worth incorporating into your travel preparation plans.

    Used with permission from Article Aggregator


  9. Screen Protectors Circumvent Fingerprint Security On Samsung Devices

    Email

    Do you own a Samsung Galaxy S10?  If so, one of the reasons you bought it may be because of its cutting-edge biometric technology. It utilizes ultrasounds to create a detailed 3D map of your fingerprint and thus, provides a greater level of security.

    Earlier in the year, the company warned its customers against using tempered glass screen protectors with their phones.

    This was due to the fact that those products tended to create a small gap of air when used on the phone that interfered with the creation of a good fingerprint map.

    Now, it seems, a new problem has emerged.  A couple in the UK accidentally discovered that if an inexpensive silicone case was put on the phone, it interfered with the operation of the fingerprint scanner and allowed literally any fingerprint to unlock the phone. The couple did some experimentation on this front and worked with Samsung customer support to reach their conclusion.  Sure enough, when the silicone case was on the phone, the owner’s husband and sister could unlock it with their fingerprints, even though neither of their fingerprints had been registered on the phone.

    For their part, Samsung has reported that they are opening an investigation into the matter. For now, they warn consumers to only use Samsung approved accessories with their Galaxy S10 and S10+ phones. That’s good advice, but here’s the danger:  If a hacker physically steals your phone, they may be able to unlock it and conduct financial transactions from it by doing nothing more than buying a cheap silicone case and slipping it on.

    Needless to say, this is a potentially serious issue.  If you own a Samsung Galaxy S10 or S10+ you can experiment with it for yourself, but be prepared to be dismayed by the results and take care not to let your phone out of your sight until the company can find a way to resolve the issue.

    Used with permission from Article Aggregator


Contact

Coltarus Halo, LLC
710 Buffalo St. Suite 810 B
Corpus Christi, TX 78401
Phone: (361) 444-2564
Email: support@coltarus.com

Social Media

© 2022 Coltarus Halo, LLC All Rights Reserved.