There have been a rise in malicious updates in the past few months. It has  gotten so out of hand that the FBI has published warnings to not update your computers or any unsigned software updates on any untrusted network. Basically the little pop-ups that you get that claims there is a newer version of the software you are using, even the Windows updates, are not safe to do until you get home or to a network that you can trust.

This has been made possible by recently popular tool called evilgrade created by infobytesec. They have released this with over 60 modules that can that can be used to update different software. Some the software vulnerable to this attack are: Teamviewer, CCleaner, Java, Apple update, WinAmp, Virtualbox, VMWare, Skype and many more in their README. 

There are a few ways to mitigate your risk. First turn off automatic updates, this will prevent any malicious updates from installing without prompting you first. Second, if you have to update on an untrusted network you can check to see if the update is signed, not all companies do this which make the attack very effective. If the update is not signed or you cannot find the signature you can go to the manufactures website and see what the latest version is. If you version is behind the latest you can update or download the lasted software from the vendor and install it to become up-to-date. Lastly, only install updates on a trusted network like your home.

Adobe’s various software offerings have been targets for hackers for a long time. Once again hackers have found exploits within the ever popular Flash platform. Hackers have just found a new exploit within Flash that allows hackers to take control of the user’s PC without their permission.

The report given by Adobe on the issue says that this exploit if caused by users click on a link within an email sent to them that once clicked downloads and installs the malware.

Adobe outlined six versions that they know the exploit works on and is encouraging those users to update to the newest version to prevent hackers from gaining access to their PC through this exploit. While Adobe does offer tools to help you determine what version of Flash you are running, if you are not sure you would be best to go to their website and download the most current version at the link below.

If you want to download the current version of Flash click here.

If you would like to read more click here.

A new study out is showing that you are far more likely to get a virus emailed to you in the morning hours than any other time of day. Many users around the world login to their computers first thing in the morning and review any emails they may have missed during the evening as well as those just coming in. 

According to a study by “Trustware” the time frame from 8 AM EST to 9 AM EST is the most likely time to come across an infection in your email.  According to Trustware, the amount of viruses being sent to users also begins to rise in August and peaks in September. 

The study also finds that Franchises are also one of the more likely targets due to the fact that if they are able to break into one location it is likely that multiple locations use similar IT configurations.

If you’re interested in reading more about the study click here.

That’s right, scammers are out in full force to steal anyones credit card information they can get their hands on. The sad thing is most times, including this attempt, consumers freely but unknowingly give the information to them with little to no hesitation.

Hitting just after Christmas is over is an email scam that is targeting new Apple product owners. The email is designed to look as if it is a legitimate email with carefully written grammar and official looking links to an even more official looking website.

Unsuspecting users are directed to the fake website and instructed to login to their account and update their billing information. Logging into the users account immediately sends the user to a account update page that asks the user for the normal billing information and pretty much gives the scammers full access to use your credit cards how they like.

As we’ve said many times, you have to be very, very careful with your personal information. Generally, due to scams like this, it is a good idea to go directly to their website and login to your account to do updates rather than following any links contained within emails. Links in email can easily hide malicious websites which can harm you simply by browsing to them.

If you are unsure if they really need your information, look up the customer support number on the legitimate website and give them a call. If you speak to customer service more than likely they can clear up any confusion as well. Better safe than sorry always.

If you are interested in reading more about this scan or seeing some of the scammers emails/websites click the link here.

New reports from McAfee show hackers making their next targets the computers that run inside of newer cars.  Hackers are trying to take over vehicles, stealing personal information, tracking people’s whereabouts, and even manipulating your cars sensory units including air bags, cruise control, door locks, and even power seats in some vehicles.  At this year’s Black Hat security conference in Las Vegas, for instance, security consultants with iSEC Partners demonstrated their ability to remotely lock and unlock a car, as well as start it, by communicating with the car’s computer system using only text messages.

I wonder who the first company to manufacture cars with built in anti-virus' is going to be?

The United States Federal Bureau of Investigation has been working with the authorities in eleven other countries to take down scareware scammers.  The effort dubbed ‘Operation Trident Tribunal’ has seized more than 40 computers being used to host Web pages and fake scans designed to scare people into believing they needed to purchase bogus security software to clean their systems. 

“Today’s operation targets cyber crime rings that stole millions of dollars from unsuspecting computer users,” said the FBI Criminal Division’s Assistant Attorney General Lanny A. Breuer, in a statement. “These criminal enterprises infected the computers of innocent victims with malicious scareware, and then duped them into purchasing fake anti-virus software. Cyber crime is profitable, and can prey upon American consumers and companies from nearly any corner of the globe. We will continue to be aggressive and innovative in our approach to combating this international threat.”

More than $72 million have been collected by these scareware scam artists from its victims of innocent Computer users.  You should avoid putting in any personal information into any program or website that asks you for sensitive data if you are unsure of the form you are filling out.  It is likely you may be the next victim of this type of cyber-crime.  If you suspect your Computers have been infected with a fake Anti-Virus program it is best to shut off the machine and have the Computer inspected by a PC technician or a friend or family member who have experience in removing Computer Virus.

The Playstation Network (or PSN for short) was hacked and possibly 77million of Sony’s Playstation, and Qriocirty customers’ data have been obtained by the hackers.  Included in the list of data that may have been obtained includes the username, password, email address, house addresses, and any other data you may have linked with your account.  That being said, there is a chance your credit card information has been stolen as well.  There are no reports of fraudulent charges (yet) but that doesn’t mean the hackers could be holding the information to be used in the future.   It is best to keep an eye out for any unknown charges on your credit card statements and if you see something strange, report it right away.

According to the antivirus company “Cyber Defender”, there is a new tactic that Malware creators are beginning to use to get your money. The new method involves you using your phone and using the SMS service to text a number to the malware creator which in turn pays them. Also, like most other malware, paying them does not remove the malware from your computer.

Cyber Defender has said this new malware has taken the form of many reputable antivirus protection companies. They have seen installers that appear to be from Norton, McAfee, and Avast just to name a few. So if you are confronted with this new attack do NOT send them a SMS, you’ll just be wasting your money.

Supposedly if you just click cancel when the installer comes up it will cancel the “installation” and will not continue to prompt you to buy it like most other fake antiviruses. If you have this happen to you I would still highly recommend bringing your computer in and having us check for a virus/malware, especially if you do nay purchase or online banking on your machine…you can never be too safe.