Our News

Search Our Site

1796938649

Some scammers call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Other scammers send pop-up messages that warn about computer problems. They say they’ve detected viruses or other malware on your computer. They claim to be “tech support” and will ask you to give them remote access to your computer. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.

If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money.

1796938649

The information is an early Christmas gift for any social engineer. Crowdsourced query site Quora is asking the question of “what happened?” in the wake of a massive data breach that impacts up to 100 million of its users.

The hack exposed user names, email addresses, hashed passwords, direct message content and imported data from any networks that users linked to their accounts, like Facebook or Twitter. It also gave the information thieves access to a veritable treasure trove of social engineering and profiling fodder, such as questions, answers, answer requests, comments, up votes and down votes.

The site’s administrators discovered the hack on Friday, though no information as to how it occurred is yet available. Quora CEO Adam D’Angelo noted in a posting Monday evening that the site is “still investigating the precise causes,” but he said the breach has been contained.

wordpress

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.

Another day, another critical WordPress plugin vulnerability. The popular AMP for WP plugin, which helps WordPress sites load faster on mobile browsers, has a privilege-escalation flaw that allows WordPress site users of any level to make administrative changes to a website.

The plugin, which has over 100,000 active installs according to its webpage, adds support for Google’s mobile site acceleration tool, dubbed Google Accelerated Mobile Pages (AMP). Researchers at WebARX Security discovered that the plugin didn’t include a check to verify the account permissions of the currently logged in user. In turn, that lack of permission verification opens up admin API access to anyone with a login for a site.

Android patchesGoogle’s December Android Security Bulletin tackles 53 unique flaws.

Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.

The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number of 11 critical bugs – six of which are RCE flaws tied to the operating system’s Media Framework and System components.

chrome compressor 1 1The browser comes with a new set of protections to block pop-ups that could lead to ‘abusive experiences.’

Google officially lifted the curtain on Chrome 71 for Windows, Mac and Linux on Tuesday. The latest browser version touts new security features and a slew of fixes.

Overall, Google issued 43 patches with the security update for Chrome 71. The newest version, 71.0.3578.80, included an array of high severity bug fixes as well. The browser version also claims to block out “abusive experiences” with an update to the existing Chrome ad blocker feature.

Remote Support