10 Computer Threats You Didn't Know About

[American_Jihad]

10 Computer Threats You Didn't Know About

17 January 2012 | 08:57 AM ET | Geoph Essex, SecurityNewsDaily Contributor

Fake Tech-Support Calls

You might get an unsolicited phone call from a tech-support representative claiming to be from Microsoft or another big-name IT corporation. But the caller won't be who he claims to be. After warning you that "suspicious activity" has been detected on your computer, he'll offer to help — once you give him the personal information he requires to get his job done.

That job isn't fixing your computer. In fact, he's really just after your personal information.

If you receive a call like this, hang up, call the company the bogus technician claimed to be from, and report the incident to a legitimate representative. If there really is a problem, they'll be able to tell you; if not, you just thwarted a data thief.

---

DNS Redirection

Internet service providers (ISPs) such as Time Warner Cable and Optimum Online claim they're trying to help with DNS redirection, but the reality seems to come down to money. Domain Name System (DNS) redirection overrides your browser's normal behavior when you can't reach a webpage. Instead of displaying the normal 404 "File Not Found" error, the ISP sends you to a page of the ISP's choosing — usually a page full of paid advertising and links.

Innocent though that practice may be, computer viruses can do the same thing, redirecting your browser to a hostile page the first time you misspell a domain. With ISPs, you can opt out of their DNS redirection (you'll find links below all the ads); with viruses, stay on your toes. Make sure you know what your browser's default 404 page looks like, and take action if you see anything different.

---

MORE:
10 Computer Threats You Didn't Know About | SecurityNewsDaily.com

 

[waltky]

Yea I got one o' dem fake tech support calls...

... told `em I had a problem when I made a typo...

... a hand come out from behind my monitor an' smacked me upside the head...

... an' asked `em if dey could help me out with it...

... dey hung up an' ain't called me back.

 

[waltky]

Uncle Ferd says it's pro'bly dem Chinese, Bulgarians, an' Nigerians...

Computer viruses and malware 'rampant' in medical tech, experts warn
17 October 2012 - Experts say it can be difficult to upgrade old software on medical devices due to regulatory restrictions

High-risk medical technology has been found to be infected by computer viruses and malware, health and security experts have said. They fear that the virus infections could become so severe that a patient may end up getting harmed. Out-dated computer systems which were not able to be changed were to blame for the vulnerabilities, the experts said. One US hospital is said to be deleting viruses from up to two machines a week.

The warnings were given as part of a panel discussion in Washington DC, as reported by Technology Review from the Massachusetts Institute of Technology. Mark Olsen, chief information security officer at Beth Israel Deaconess Medical Center in Boston, said the hospital had 664 pieces of medical equipment running on old versions of Windows. This means the equipment is affected by weaknesses which later releases of Windows have since fixed.

Kevin Fu, a leading expert in medical technology, explained that the machines were not updated because of fears that doing so would mean they were in breach of regulations put in place by the US Food and Drug Administration (FDA). The FDA approve the use of technology by testing safety rather than security - meaning any potential exposure to cyberthreats is not considered.

Raised eyebrows

 

[Mr. H.]

Why isn't spilled beer on that list?

 

[waltky]

Granny says dey tryin' to attack our power grid...

US plants hit by USB stick malware attack
16 January 2013 - US authorities did not specify which plants had been hit - and to what extent

Two power plants in the US were affected by malware attacks in 2012, a security authority has said. In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. The ICS-CERT said it expected a rise in the number of similar attacks. Malware can typically used by cyber-attackers to gain remote access to systems, or to steal data.

In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. "The employee routinely used this USB drive for backing up control systems configurations within the control environment." And at a separate facility, more malware was found. "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. "Unknown to the technician, the USB-drive was infected with crimeware. "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks."

Physical effects

The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. "Such practices will mitigate many issues that could lead to extended system downtime," it said. "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure.

Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. Journalist David E Sanger wrote that the US had acted with the co-operation of Israel.

BBC News - US plants hit by USB stick malware attack

 

[Bleipriester]

This site warns you of Facebook but runs Facebook´s Tracking Bugs as well...

 

[Mr. H.]

According to Campbellll there are 11.

 

[waltky]

Heads-up on passwords...

Russian Hackers Collect 1.2 Billion Passwords In A Mega Breach
*8-05-2014 - The New York Times has reported the largest known collection of stolen Internet credentials by a Russian crime ring.

These hackers reportedly amassed 1.2 billion username and password combinations, and more than 500 million email addresses from 420,000 websites through botnets (computers that have been infected with and controlled by a computer virus). The sites ranged from small sites to larger household names. Many of the targeted sites are still vulnerable.

2014: The Year Of The Mega, MEGA Breach?

In Symantec’s 2014 Internet Security Threat Report, researchers declared 2013 as “The Year of The Mega Breach”, and recent breaches this year indicate that the situation isn’t getting better. These numbers are surprising, not only because the collection was the largest yet discovered, but also because of the scope of the impact on Internet users. Roughly 39% (2.76B) of the world’s population of 7.1 billion uses the Internet. The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users. That’s a lot of data.

Given the magnitude of this latest discovery, it is clear that the need for companies to do more to protect your data has become more urgent than ever.

One of the weakest links in protecting your data is the user name and password that you use to identify yourself to websites. Often simply called credentials, in the wrong hands they can be used in fraudulent activity and identity theft, or sold for quick cash on the underground market. You can help keep your credentials safe and by doing so, minimize the risk that your sensitive information will be compromised.

So, what can you do to keep your online credentials safe?