Teams of software experts have discovered a bug in both Intel and AMD processors that can allow malicious code access to confidential information.  Some patches are currently available, but not all aspects are fixable at the moment.  This issue is serious and effects Microsoft Windows, Apple MacOS and Linux as well as as mobile devices Apple iOS and Google ChromeBooks.  Basically anything with an Intel or AMD effected CPU. Keep up to date on your patches, Retire old Out of Service Operating systems.  Yes people are still using XP, 2003, etc. It’s time for them to go away finally.  No patches will come out for older OS making them just huge targets. Keep your OS and AV up to date or just ask us about RMM and WebRoot. Read more in the links below. https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/  

CCleaner a widely used utility was hacked opening a backdoor and allowing Malware to be attached to some seemingly legitimate versions of the software. As a precaution to our clients (Those under our IDMax protection) we set a global removal of any older versions. There are updated versions that are not susceptible and the 64Bit versions are not effected by this specific issue.   If you would like more info read below: Forbes – Hackers Hid Backdoor Avast Blog Response / Update  

Massive DDoS attack today.  Were you effected?  If you used Netflix, Twitter, getHub, Amazon, Spotify, Reddit, Tumbler, PlayStation Network or many others chances are you might have noticed. Just what is a DDoS attack you may ask.  It stands for Distributed Denial of Service (DDoS) and is generally a technique for denying service to a resource by overwhelming it with requests.  Imagine you have a phone (you know you do) and you’re waiting for a call from someone.  But they can’t get through because you are getting dozens of calls.  Chances are much harder for the one you want to get though.   It’s sort of like that, but in this case imagine thousands or even millions of requests all at the same time. But how do they get the thousands or millions of requests you might ask?  There are computers connected to the internet that are infected with Malware.  Many don’t even realize it.  Could be yours is one.  This Malware can sit dormant on a machine unnoticed until it receives the instruction to reach out to a site on the internet and just do something simple, like load a page, or download a file or even just lookup a domain name.  These individual requests are nothing unusual and happen all the time.  It’s when they are coordinated by an attacker that the trouble begins.  Imagine one drop of water.  This is easy enough if you are in Syracuse (where I am) as its rained all day.  So one drop, no problem, a quick storm?  Inconvenient maybe.  But a downpour that lasts hours and you have flooded basements, closed streets, etc.  You get the picture. So what can you do?  For starters, use a good antivirus like WebRoot.  If you don’t have one ask us.  Don’t think that just because you have Linux or a Mac that you are immune.  You’re not.  Every system should have a reliable AV program on it and scanned regularly.  AV (AntiVirus) is not enough though.  You NEED to do your updates.  Not just Windows either, Programs like Adobe, Silverlight, Java, etc.  ALL have vulnerabilities that can be used on your computer when you are just innocently surfing the web.  YES, Macs too.  Less likely but it does happen.  So, avoid questionable links, sites and downloading ANY program without knowing its from a trusted source.  Not sure?  Use a tool like URL/IP Lookup tool here.  If it’s suspicious, skip it. It is believed that many of the bots in the current attacks are IoT devices (Internet of Things) and could be anything from a DVR, to a router or even a security camera, etc.  Many of these are considered low risk and are seldom updated by users. You can read more about todays DDoS attacks below: Network World: Extensive DDoS attack.. PCGamer.com: Massive DDoS attack.. BreakingNews.com:  DDoS Attacks Oct, 21st

More Ransomeware, People DO NOT TRUST ATTACHMENTS!  If someone sends you a doc it should not need to use a macro.  Do NOT enable these.  Optionally request they send them in PDF format, etc. ALWAYS use a good AntiVirus program like WebRoot (which you can obtain from Intelligent Designs) to protect your system from Viruses.  Nothing can protect a system from the user though.  Read more about this on NetworkWorld or click the link below.

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including healthcare organizations, researchers from Carbon Black warn.

Source: New ransomware abuses Windows PowerShell, Word document macros | Network World

Have a wireless keyboard or mouse?  You might be susceptible to the “MouseJack” attack.  This is generally only possible while you are away and your device is unlocked.  But you never leave your device unlocked…  Right?  😉  

Countless wireless mice and keyboards are subject to “MouseJacking” including products from Amazon, Dell, Gigabyte, HP, Lenovo, Logitech and Microsoft.

Source: Countless computers vulnerable to MouseJack attack through wireless mice and keyboards | Network World

Android Phone users lookout for MMS videos.  They could contain malware.  Read more below on Engadget. Source: Android flaw lets attackers into your phone through MMS videos

Remember that Cool “Free” app you downloaded for your Android phone?  You might end up paying for it, either in money, time,  privacy or all of the above.  The article below outlines one of the reasons I recommend iPhones over Android.  They are (IMO) much less susceptible to malware because (short of JailBreaking your phone) all of the software must go though Apple’s testing and the (Apple) App store.  iOS also has sandboxing and restricts the access applications have to your phone.  Ex.  If the application needs access to your Photos, GPS, Contacts, etc. it has to ask when installed.  If you say “no” it doesn’t get that access.  If your flashlight wants to access your microphone or GPS there is something really fishy about that.  “Just say no”.  Read more from PC Mag below. – Randy

This week, Malwarebytes points us towards a nasty flashlight app that tries to take over your phone

Source: Mobile Threat Monday: Please Stop Installing Android Flashlight Apps | PCMag.com

They are at it again.  Not that they ever stop.  Here’s the latest in Malware.  If it catches you looking, it tries to destroy your system.

This terrifying malware destroys your PC if detected | PCWorld.

Another Ransomware attack…  This is just one reason backups are so important.  Updates, Safe Surfing,Good AntiVirus/Malware, and NEVER opening unexpected attachments EVEN from known senders.  Read more below on NetworkWorld.

Crypto-ransomware attack encrypts New Jersey school district network.

You can compromise your computer by plugging an unknown USB stick to your computer.  If it’s not yours DON’T use it!   Read below.

Now Anyone Can Get the Malware That Exploits USBs Fundamental Flaw.