by Carceron | Feb 15, 2022 | Techminutes
If you have Google Drive, there’s good news. The company has recently announced that soon they’ll be rolling out a new feature to help alert users to the presence of suspicious documents. Google Drive users will soon start seeing banners alerting them to possible dangers This will serve as an additional layer of defense that will hopefully keep people from clicking on links embedded in malicious files, which may guide victims to poisoned sites. The company first announced the new feature back in October during the Google Cloud Next 2021 user conference. The company explained the functioning of the new feature as follows: “If a user opens a potentially suspicious or dangerous file in Google Drive, we will display a warning banner to help protect them and their organization from malware, phishing, and ransomware. Google will automatically evaluate any files that are shared with you from outside of your organization for phishing or malware. If detected, Google will block your access to the file in order to protect you.” As to the message, Google kept it simple. If you open a suspect file, you’ll see a bold yellow banner across the top of your screen with a message reading: “This file looks suspicious. It might be used to steal your personal information.” This is the latest in a series of moves the company plans to make to help protect its user base and prevent Google Drive abuse. Last year the company added phishing and malware protections in their Enterprise environments that automatically tagged all suspicious files and only left them visible to their owners and Admins. It’s a small...
by Carceron | Feb 14, 2022 | Techminutes
Hackers have recently hit upon a new money-making scheme. Some groups have started breaking into Instagram accounts belonging to people with high numbers of followers. They are then holding those accounts hostage until the owner agrees to pay the ransom. In some cases, the hackers are charging as much as $40,000 USD to return an account back to its user. They’re gaining control of the accounts initially via some clever social engineering. The attack begins when the hackers contact the Instagram user claiming copyright infringement. The email they send contains a link that takes the victim to a website the hackers control. The user is prompted to enter their Instagram account information (username and password) which of course is harvested by the hackers. Once they have that they log in and immediately change the victim’s password. They then modify the account profile so that it includes the phrase: ”this Instagram account is held to be sold back to its owner,” followed by a contact link. Clicking the contact link opens a WhatsApp chat session where the hackers make the ransom demands and wait. If the victim doesn’t initiate contact via the profile link, the hackers will start sending text messages to the phone number associated with the account. Either way, the negotiation process begins Security researchers who have begun investigating the scam have concluded that at least one of the threat actors involved is based in Turkey. At this point, there is no reliable information about how many Instagram attacks have been compromised in this manner. There also isn’t any information about how much money the hackers have made...
by Carceron | Feb 13, 2022 | Techminutes
Google partner Zimperium zLabs has recently discovered a sophisticated scam targeting more than 100 million Android users. The scam has been in operation right under Google’s nose for nearly two years. The scam has now been shut down by Google but while it was in operation, it spanned some 470 Android apps on the Play Store. It was quietly subscribing users who installed the infected apps to a premium service that charged $15 USD per month through Direct Carrier Billing (DCB). The decision to leverage DCB is both brilliant and terrifying. It’s a legitimate mobile payment option that allows people to pay for digital content from the Play Store either via their pre-paid balance or post-paid with a bill. Oftentimes, a user would be subscribed to a premium service for months before they noticed. While that was happening, the scammers behind the attack (dubbed Dark Herring by the group that discovered it) were raking in profits from some 106 million Android users spread over more than 70 different countries. Each of the hundreds of different apps that were infected with the malware had a different identifier. That means the scammers were able to track (with some granularity) which apps were bringing them in the most illicit profits. One thing that this attack really underscored is how hard it is to stop something like this that has a global footprint. Consumer protection laws vary wildly from one country to the next. So while users in some countries may have legal recourse, users in most other countries have no protection at all. They’re simply out the money. In any case kudos...
by Carceron | Feb 11, 2022 | Techminutes
There’s good news for Apple users. The company has been busy and has recently released security updates that address two Zero-Day vulnerabilities. These are security flaws that could be exploited by hackers to cause no end of trouble to anybody running macOS or iOS. The first Zero-Day addressed is being tracked as CVE-2022-22587 and is a nasty memory corruption bug that impacts macOS Monterey, iPadOS and iOS. The second issue the company focused on was a Zero-Day bug in Safari’s WebKit and it impacted users running iPadOS and iOS. Tracked as CVE-2022-22594 this allowed websites to track your browsing activity and user identities in real time. If you’re running an OS version earlier than 15.3 you are vulnerable to both exploits. Note that Apple has found evidence that they are actively being exploited in the wild. To protect yourself you’ll want to update to 15.3 as soon as possible. These two represent the first Zero-Day bugs that Apple has tackled in 2022 which makes them significant. It’s also proof positive that the company isn’t sitting back and resting on its laurels. They’re actively taking the fight to the hackers and addressing security flaws head on and at a rapid clip. It’s very good to see but last year Apple seemed to be chasing an unending stream of Zero-Day flaws. Here’s hoping that this year will see relatively fewer of them. Even if that proves not to be the case, Apple has and continues to demonstrate how seriously they take the security of their user base. Whatever happens one thing we can say with certainty is that 2022 is bound...
by Carceron | Feb 11, 2022 | Techminutes
One of the most persistently frustrating aspects of our highly interconnected world is that we seem to exist in at least three different distinct ecosystems. Apple users live in the Apple ecosystem which encompasses both its mobile products and its PCs. Windows users live in the Windows ecosystem which encompasses both laptops and desktops but leaves mobile devices out in the cold. Of course, Android users live in their own ecosystem which is mobile-centric. By design there’s almost no overlap between these spheres and that’s a pity. Microsoft thinks so, too. As part of their ongoing Windows 11 development they’re rolling out a feature that will allow users to run Android apps in a virtualized environment on their PCs. This is huge news and a first tentative step that begins to bridge the divide between the various ecosystems. Imaging installing a fun game on your Android based phone and then being able to pick up where you left off when you’re sitting at your Windows PC. Or imagine downloading some type of productivity app on your Android phone and leveraging your PC to get even more out of it. Both of those are now possible with the latest release of Windows 11. If you’re an early adopter of Windows 11 you probably already know what the most recent build contains. If you aren’t aware, in addition to the Android app functionality the latest build also sports a new look for Notepad, Media Player, and a raft of taskbar and other improvements. Even better is that the company is reporting that Windows 11 adoption rates are even higher than the...
(770) 424-3393
Atlanta, GA 