How-To Geek

Week in Geek: Microsoft Warns of First Critical Security Flaws in Windows 8 & RT

This week’s edition of WIG is filled with news link coverage on topics such as Mozilla Firefox turns 8 and Android turns 5, Windows (File) Explorer is the app that crashes most on Windows 8, Classic Mode (Session) will be dropped from GNOME 3.8, and more.

Weekly News Links

Security News

  • Microsoft warns of first critical Windows 8, RT security flaws
    Plug everything in and prepare the systems: Patch Tuesday is coming. Microsoft will release six security patches, four of them considered ‘critical’ for Windows 8, and Surface-ready Windows RT operating systems.
  • Adobe, Microsoft sync up patch schedule in overdue move
    Better late than never. Adobe will follow Microsoft’s Patch Tuesday schedule to bring some normalcy to the patching process.
  • Experts Warn of Zero-Day Exploit for Adobe Reader
    Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground.
  • Malware Steals Image Files from Systems
    From the blog post: It appears that information theft has taken a new form: we’ve found a malware that steals image files from all drives of an affected system and then sends them to a remote FTP server.
  • Security issue discovered in TOR client
    In an analysis of the TOR source code, software developer Andrey Karpov found that the anonymisation software uses a function called memset() to delete cache data, which is not supported by all compilers. In some cases, that can cause the TOR client to leave confidential data like passwords in the system memory when it is closed.
  • Beware: Fake airline Instagram accounts promise free flights
    Instagram accounts for American Airlines, Delta Airlines, United Airlines, and JetBlue are promising free flights to people who follow and share them. The only problem is they aren’t real.
  • Malware disguised as an MMS message
    Cyber criminals are currently spreading malware by sending a large number of email messages purporting to be from Vodafone’s MMS gateway. These emails have the subject “You have received a new message” and claim that the recipient has been sent a picture message over MMS from a Vodafone customer.
  • Cybercriminals start spamvertising Xmas themed scams and malware campaigns
    Security researchers from Symantec are warning about a recently intercepted flood of Xmas themed malicious and fraudulent campaigns.
  • If you are still running Android 2.3, watch out for the bad guys!
    Kaspersky’s recent numbers show the Gingerbread release, specifically version 2.3.6, is the most highly targeted Android OS for malware developers, and Trojan SMS leads the way.
  • Researcher advises against use of Sophos antivirus on critical systems
    Antivirus provider Sophos has fixed a variety of dangerous defects in its products that were discovered by a security researcher who is recommending many customers reconsider their decision to rely on the company.
  • Facebook turns off login-by-email feature after links found online
    The social network has temporarily turned off a feature that let people log into their accounts simply by clicking a link in an email, after some emails containing such links were found online.
  • Firefox to make life harder for HTTPS snoopers
    Mozilla has equipped its latest Firefox beta, 17, with a list of domains for which the browser must use HTTPS encryption for all communications. The feature is designed to prevent man-in-the-middle attackers from reading and manipulating plain text data traffic when particularly sensitive pages are accessed. The list complements the Strict Transport Security (HSTS) HTTP header extension that enables servers to force browsers to establish HTTPS connections only.
  • 1.7M mobile apps analyzed: Users tracked and put at risk, and it’s unjustified
    Network security company Juniper Networks investigated 1.7 million mobile apps. It concluded that free apps cost us our privacy, expose us unnecessarily, and most app permissions are unjustified.
  • How hackers scrape RAM to circumvent encryption
    Encryption might protect data while in transit and at rest, but most organisations don’t realise that while data is being processed, it’s still vulnerable, according to Verizon.
  • 5 security issues to watch in Win 8
    Emerging fake antivirus, phishing scams, and signature-based security vulnerabilities are some issues identified on the latest Microsoft operating system.
  • Users take their time over Java and Flash updates
    Of the computers studied by Kaspersky in the third quarter, 35 per cent suffered from a Java vulnerability and 19 per cent from a vulnerability in an Adobe product. Comparing Kaspersky’s quarterly security reports from 2010 to 2012 shows that the Oracle and Adobe update agents are not good enough at getting their users to carry out updates.
  • Mushrooming ransomware now extorts $5 million a year
    Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said.
  • Cyberheists ‘A Helluva Wake-up Call’ to Small Biz
    The $180,000 robbery took the building security and maintenance system installer Primary Systems Inc. by complete surprise. More than two-dozen people helped to steal funds from the company’s coffers in an overnight heist in May 2012, but none of the perpetrators were ever caught on video. Rather, a single virus-laden email that an employee clicked on let the attackers open a digital backdoor, exposing security weaknesses that unfortunately persist between many banks and their corporate customers.
  • The Russian underground economy has democratized cybercrim
    If you want to buy a botnet, it’ll cost you somewhere in the region of $700. If you just want to hire someone else’s for an hour, though, it can cost as little as $2—that’s long enough to take down, say, a call center, if that’s what you were in the mood for. Maybe you’d like to spy on an ex—for $350 you can purchase a trojan that lets you see all their incoming and outgoing texts. Or maybe you’re just in the market for some good, old-fashioned spamming—it’ll only cost you $10 for a million e-mails.
  • This Kinect Patent Is Terrifying, Wants To Charge You For License Violation
    A patent filed by Microsoft last year, but only made public last week, wants to turn your Xbox 360′s Kinect into an instrument via which large companies can monitor your media usage and, if you’re found to be in violation of something, charge you for it.

TinyHacker Links

How-To Geek Weekly Article Recap

Geeky Goodness from the ETC Side

One Year Ago on How-To Geek

How-To Geek Comics Weekly Roundup

How-To Geek Weekly Trivia Roundup

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 11/11/12

Enter Your Email Here to Get Access for Free:

Go check your email!