Articles for August 2016

Ransomware’s rise and the vulnerabilities of the Internet of Things are top of mind with cybersecurity professionals.

Source: Intel: Ransomware Could Lock Your Brakes … At 75 MPH; Security Issues Evolve

Oops…

Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot — and it may not be possible to fully resolve the leak.

The design flaw in the Windows operating system can be used to unlock Windows devices, including smartphones and tablets, which are otherwise protected by Secure Boot in order to run operating systems other than Windows on locked down systems.

This, in turn, allows someone with admin rights or an attacker with physical access to a machine not only to bypass Secure Boot and run any operating system they wish, such as Linux or Android, but also permits the installation and execution of bootkit and rootkits at the deepest level of the device, security researchers MY123 and Slipstream revealed in a blog post on Tuesday.

Source: Microsoft Secure Boot key debacle causes security panic | ZDNet

Problems with last week’s Anniversary Update keep piling up, and solutions remain elusive

Source: Windows 10 Anniversary Update woes continue | InfoWorld

Okay… I’m late by a couple of days…

Source: On This Day 25-years Ago, The World’s First Website Went Online

Source: Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

In spite of the official end of the free Windows 10 update offer on July 29, it seems any valid Windows 7/8.x retail product key still installs Windows 10 for now.

Source: Windows 10 free upgrade is still available using Windows 7 and 8 product keys | ZDNet

Chip and PIN ATMs are supposed to be more secure than older models, but Rapid7 researchers have demonstrated that this may not be the case.

Source: This ATM hack could allow thieves to make off with thousands | ZDNet

This article talks about 50 extensions to “supercharge” Google Chrome.  I wouldn’t install 50… but there are a few that I recommend.  They are:

• AdBlock Plus v.1.12.1
• Disconnect v.5.18.23
• EverSync v.10.2.2
• GetThemAll Video Downloader v.17.1.0
• Ghostery v.5.4.11
• Hotspot Shield Free VPN Proxy v.1.7.0
• HTTPS Everywhere v.2016.7.19
• LastPass v.4.1.25
• Privacy Badger v.2016.5.24
• ScriptBlock v.1.3
• Secure Shell v.0.8.34
• Speed Dial v.18.2.1
• The Great Suspender v.6.21

Anyway, here is the article…

Simple hacks to make the Google Chrome browser better, faster, and more RAM efficient, as well as helping to make you more productive.

Source: Transform Google Chrome into the ultimate browsing tool | ZDNet

At Wordfence we track attacks across all our customer sites, both free and paid to learn more about attacker tactics, techniques and procedures (TTP’s). Mining this data helps us improve Wordfence Firewall, Wordfence’s Scan and our other features and to do a better job of keeping you safe. We use a large distributed cluster to mine […]

Source: Profile of a Russian Attack IP – Wordfence

A security researcher has devised a tool capable of compromising hotel room keys, giving attackers entry — and can also tamper with point-of-sale (PoS) systems to boot.

Rapid7 security researcher Weston Hacker revealed the tool at Black Hat USA, which can be made with off-the-shelf components and cost only $6 to build.

As reported by Forbes, the device can read and duplicate hotel keys, but if a cyberattacker is really keen on disrupting a hotel chain, the $6 tool can also be used to “brute force” attack every guest room in the building — by guessing the keys to each room

Source: This tiny $6 gadget lets you break into hotel rooms | ZDNet