 US officials and Microsoft executives say older versions of the programs may be vulnerable to malware. In the advisory, NSA officials said a flaw known as "BlueKeep" exists in past editions of Microsoft Windows. Last week Microsoft warned that "some older versions of Windows" could be vulnerable to cyber-attacks. "All customers on affected operating systems [Windows 7 and earlier] should update as soon as possible," said Microsoft. US officials said the "BlueKeep" flaw could leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments. They said ransomware can often be installed quickly, holding files hostage and demanding payment from individuals. The vulnerability in the older versions of Microsoft Windows wrote the International Computer Science Institute's Nicholas Weaver, means that bad actors could "gain complete control of the remote system". Updating systems, as the Microsoft executives explained, helps to protect computer users from these kinds of cyber-attacks. Recently a ransomware attack on the city of Baltimore disrupted municipal services, knocking city workers offline and making it harder for people to pay their traffic tickets and water bills. The New York Times has reported that the NSA knew about the system flaw, EternalBlue, but kept it secret for years. EternalBlue has been implicated in a range of cyber-attacks over the past three years, including the WannaCry assault that disrupted the UK's NHS. A senior NSA adviser, Rob Joyce, tweeted on his own account that some computer users could face a "significant risk" because of the vulnerabilities in the older versions of Microsoft Windows, but that they would be protected by updates. Read more of this warning on OUR FORUM.  The U.S. Justice Department has jurisdiction for a potential probe of Apple Inc as part of a broader review of whether technology giants are using their size to act in an anti-competitive manner, two sources told Reuters. The Justice Department’s Antitrust Division and the Federal Trade Commission (FTC) met in recent weeks and agreed to give the Justice Department the jurisdiction to undertake potential antitrust probes of Apple and Google, owned by Alphabet Inc, the sources said. The FTC was given jurisdiction to look at Amazon.com Inc and Facebook Inc, the sources said. The sources did not say what the government’s potential concern might be regarding Apple. Streaming music leader Spotify Technology SA and others have criticized the iPhone maker’s practices, describing the company as anti-competitive in a complaint to the European Union’s antitrust regulators. Central to Spotify’s complaint is a 30% fee Apple charges content-based service providers to use Apple’s in-app purchase system. Apple did not immediately respond to a request for comment. The company has defended its practices in the past, saying it only collects a commission if a good or service is sold through an app. “Our users trust Apple - and that trust is critical to how we operate a fair, competitive store for developer app distribution,” it has said previously. Stay abreast of these developments by visiting OUR FORUM on a regular basis.  A new phishing campaign is underway that pretends to be a list undelivered email being held for you on your Outlook Web Mail service. Users are then prompted to decide what they wish to do with each mail, with the respective links leading to a fake login form. Recently, we have seen quite a few interesting spam campaigns such as account cancellation notices and alerts about unusual volumes of file deletions. This campaign is just as interesting as it uses the subject line of "Notifications | undelivered emails to your inbox" and pretends to be a list of email being held on the server for you. This phishing email then prompts you to decide whether you want to delete all of the emails, deny them, allow them to be delivered, or to whitelist them for the future. Regardless of the link you click on, you will be brought to a fake "Outlook Web App" landing page that asks you to enter your login credentials. Once you enter your credentials, the page will save them so that they can be retrieved by the scammer at a later date. Thankfully, unlike recent phishing landing pages hosted on Excel Online or Microsoft Azure, this phishing scam utilizes a landing page hosted on a hacked site. This makes it easier to detect as suspicious as the URL will not be the correct one for your email server. As always, when receiving emails that lead to login forms, make sure to examine the URL where the form resides before entering your login credentials. If there is any doubt, always ask your system administrators. We have the text of the mail posted on OUR FORUM. |
Latest Articles
|