Tag Archives: Microsoft

Windows Ransomware Attack Underway

Posted on by
Reply

Patch Available for Ransomware Attack

microsoft icon

You are going to want to cry–unless you make sure you are protected

WannaCry Ransomware

Wordfence security software has announced they have confirmed a serious virus called  WannaCrypt0r/WannaCry has affected Windows computers. Reputed to affect computers on shared networks, the virus has been reported in at least 74 countries worldwide.

According to Kaspersky Lab there have been more than 57,000 individual instances reported to date. And that number is growing rapidly.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

This virus is of the type known as ransomware.

Why ransomware? Because it will take over your computer, completely locking it down. You can’t access anything. Then a pop-up screen appears, announcing that you can liberate your device by paying them for a special tool or decryption device.

Is Your Windows Computer Safe from this Ransomware Attack or Infected?

Clearly, if you see the ransom notice on your computer, then you have been compromised.

However, experts don’t yet know how long the virus may be resident on your computer BEFORE it actually takes over and locks up your system.

Have you accessed a public network with your computer? If you took your laptop to a cafe, used it at another place of business, for example, they you may have received the infection.

microsoft building ransomware attack response

The Good News

Microsoft has been aware of this vulnerability and released a fix back on March 14th for Windows. If you have automatic updates enabled, you should be fine.

If you don’t have updates automatically, be sure to check to see that you have the latest release.

Click to read more about Microsoft’s take on ransomware attacks.

There are older versions of Windows, (XP, for example) that are no longer supported by Microsoft. These did not receive the security update–although there are reports that Microsoft is changing that policy and may issue, or may have already issued a patch for these users as well.

This report is courtesy of our friends at Wordfence.com, to read more about this specific attack, please read their May 12, 2017 blog post.

Kaspersky Lab is a  multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom.

Learn more about internet security and keeping your online business safe.

Dump QuickTime Now

Posted on by
Reply

Apple No Longer Supporting QuickTime on Windows, vulnerabilities found

Dump QuickTimeWhile Apple insists the QuickTime plugin will still work, however it has not been properly updated to work well with Windows 8 or Windows 10.

Now is the time to dump QuickTime, at least according to the United States Computer Emergency Readiness Team, an organization within the Department of Homeland Security. US-CERT, as they are otherwise known is tasked with keeping the internet safe.

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

Industry experts and the government are urging us to remove QuickTime from our Windows computers. This reaction is not solely because of Apple’s decision to not support the plugin for Windows. Two critical vulnerabilities have been discovered, that if QuickTime is left on your computer could leave your system open for attack. Since Apple is no longer supporting the plugin, these openings are not going to be patched.

Dump QuickTime vulnerabilities

According to Trend Micro:

…ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.

US-CERT also recommends uninstalling the plugin from your Windows based computers

…using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime

Many Windows users wonder about how they should play videos if they no longer use QuickTime. Fortunately there are many options available to us. You can still use an Apple product, iTunes, to play video and audio files. Your Microsoft computer should also have a built-in media player that will also work. Of course there are other companies who provide players as well if you are interested in a third-party solution.

The lack of support is not new. Companies often phase out support for older products. Microsoft itself no longer supports Windows XP, and is scheduled to stop supporting Vista this year and Windows 7 in 2020. Apple actually began this phase-out in 2013. In January of this year the QuickTime browser plugin for Windows was axed.

QuickTime 7, which is the latest version of the product, was introduced in 2005. It has been replaced on Mac machines since 2009. Those machines use the newer QuickTime X, which according to Trend Micro, doesn’t have the same vulnerabilities. There is no “X” version of QuickTime for Windows.

We find it interesting to note that Apple still has a link on their site allowing users to download the QuickTime plugin for Windows. Apple does not state on their site that the plugin will no longer be supported, nor do they, at the time of this writing, urge users to uninstall the plugin.

Sources: Wall Street Journal, 9 to 5 Mac, The United States Computer Emergency Readiness Team, Trend Micro