Scam of the day – September 15, 2017 – The importance of updating your software

I am constantly preaching about the importance of not using outdated software which is not updated with the latest security patches, such as we saw as the basis for the WannaCry ransomware attack which exploited vulnerabilities in the Windows XP operating system, which Micosoft had long ago stopped supporting with security updates.

It is important to update all of your software with security patches as soon as they become available.  Equifax has recently confirmed that the vulnerability exploited by hackers in its recent massive data breach was in the Apache Struts software used for developing apps.  The specific vulnerability was designated as CVE-2017-5768.  The problem is that this vulnerability was first exploited by hackers against Equifax in May while a security patch was made available as shown here this security update in March.  https://nvd.nist.gov/vuln/detail/CVE-2017-5638

If Equifax had been prompt in its updating of its Apache Struts software, it could have avoided this data breach.

TIPS

The lesson is clear.  Update all of your software programs as soon as security patches are available and whenever possible, make the updating of security patches automatic so you don’t even have to take any specific action yourself to make sure that you are operating the most safe and secure versions of your software.

Scam of the day – August 22, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.

Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new critical updates from the Department of Homeland Security include important patches for Microsoft Edge, adobe acrobate and Internet Explorer.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-226

https://www.us-cert.gov/ncas/bulletins/SB17-233

Scam of the day – June 29, 2017 – Latest security updates from the Department of Homeland Security

As shown by the recent massive WannaCry  and Petya ransomware attacks that took advantage of computer users that had not patched their Windows operating system with available updates, constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-177

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – March 14, 2017 – Email phishing scam

As I have mentioned many times before, email phishing scams start when you receive an email that purports to be sent from your email server informing you that there is some problem with your account which requires you to click on a link in order to remedy the problem.  Many times the email purports to come from your specific provider; sometimes from a provider you do not even use.   Today’s phishing email scam, however, is generic in that it doesn’t even indicate the name of your email server.

Here is a copy of an email that is presently finding its way into many people’s email boxes.  This is a phishing scam.  DO NOT CLICK ON THE LINK.  Clicking on the link will result in either your downloading a keystroke logging malware program that will steal all of the information from your computer such as your Social Security number, credit card numbers and banking information that will then be used to make you a victim of identity theft or when you click on the link you will be prompted to provide personal information that will also be used to make you a victim of identity theft.

“Your mailbox has exceeded the storage limit 1 GB, which is defined by the administrator, you are running at 99.8 gigabytes, you can not send or receive new messages until you re-validate your mailbox.
To renew the mailbox,

Click Here
WARNING! Protect your privacy. Logout when you are done and completely exit your browser.”

Some phishing emails are better than others and this one was not very convincing.  The email address from which it was sent was not from an email provider.  Instead, the address of someone whose email had been hacked and made a part of a botnet of computers used by identity thieves to send out their phishing emails was used  In addition, this email is not directed to you by name.    As with many of these scams that often originate in foreign countries where English is a second language, the grammar is suspect as where in the email commas are used improperly.

TIPS

The most important thing to remember is to never click on links in emails or download attachments unless you are absolutely sure that they are legitimate.  In this particular case, it is easy to see that it is a scam.  Additionally, you should make sure that your anti-malware and anti-virus software are installed and up to date with the latest security updates while remembering that you cannot totally rely on your security software to protect you because it generally takes about thirty days from the discovery of new malware for the security software companies to come up with new patches and updates.

Scam of the day – February 22, 2017 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates for Adobe software including Adobe Flash.

I have been warning you for years about flaws in Adobe Flash that have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  According to security company, Symantec 80% of the newly discovered software vulnerabilities which can be exploited by malware created by cybercriminals involved Adobe Flash.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-051

Some alternative plugins you may wish to consider to replace Adobe Flash include  GNU Gnash, and Silverlight.

Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Scam of the day – February 9, 2017 – Latest software security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes a critical update for WordPress which is the program used by many people to create websites.

TIPS

It is helpful, whenever possible to choose the option to have your computer, smartphone and other devices automatically install security updates when they become available.

Here are the links to the recent security update as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB17-037

Scam of the day – December 6, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security includes critical updates to the Android system used by millions of smartphones.

TIPS

Here are the links to a list of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-340

Scam of the day – November 22, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security include updates for Windows 10, Microsoft Edge, Norton, Symantec and Mozilla Firefox as well as the what seems like a monthly security update to patch newly discovered vulnerabilities in Adobe Flash.

TIPS

Here are the links to  lists of all of the recent security updates as posted by the Department of Homeland Security:

https://www.us-cert.gov/ncas/bulletins/SB16-319

https://www.us-cert.gov/ncas/bulletins/SB16-326

https://www.us-cert.gov/ncas/current-activity/2016/11/18/Symantec-Releases-Security-Updates

https://www.us-cert.gov/ncas/current-activity/2016/11/15/Mozilla-Releases-Security-Updates

Scam of the day – November 5, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.  These new updates from the Department of Homeland Security include critical new updates from Adobe about which I wrote a few days ago as well as important newly released security updates from Apple for its operating system and Google Chrome.  The Adobe patch is related to vulnerabilities recently exploited by Russian hackers.

TIPS

Here are the links to  lists of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-305 and https://www.us-cert.gov/ncas/current-activity/2016/10/31/Apple-Release-Security-Update-iOS and https://www.us-cert.gov/ncas/current-activity/2016/11/02/Google-Releases-Security-Updates-Chrome

Scam of the day – June 29, 2016 – Latest security updates from the Department of Homeland Security

Constant updating of the software we all use with the latest security patches and updates is a critical part of avoiding scams and identity theft threats.  Whenever new security updates and patches are issued, we provide access to these so that you can update your software to provide better security on your computers, smartphones, laptops and other electronic devices.  Updating your software with the latest security patches and updates as soon as possible is important because identity thieves and scammers are always finding and exploiting vulnerabilities in the software that we all use.  Delay in updating your software could lead to disastrous results.  However, it is also important to be sure that you are downloading legitimate patches and updates rather than being tricked by an identity thief or scammer into downloading malware under the guise of downloading a security patch or update.

TIPS

Here is the link to a list of all of the recent security updates as posted by the Department of Homeland Security: https://www.us-cert.gov/ncas/bulletins/SB16-179

Here is a link to recent Apple security updates: https://www.us-cert.gov/ncas/current-activity/2016/06/21/Apple-Releases-Security-Update

Here is a link to a recent update for Mozilla Firefox: https://www.us-cert.gov/ncas/current-activity/2016/06/07/Mozilla-Releases-Security-Updates