Archive for the ‘Security Threat Alert’ Category
There have been a number of articles in the tech press lately about vulnerabilities with smartphone passcodes. Phones using both Android and iOS systems have been plagued by hacks that allow unauthorized users to get around the passcode lockscreen. Apple recently released an update to their operating system intended to address this problem. A similar issue was also discovered in Galaxy Note 2 phones.
When things like this hit the press it’s often difficult for most users to understand whether they should be concerned or not. Lifehacker has a good article that discusses what these vulnerabilities allow unauthorized users to do, how passcodes work, and how best to secure your phone. If you’re concerned with the security of your smartphone, it’s definitely worth the read:
If you still need help understanding and using your smartphone, Geek Squad can help.
Update: Since publishing this article last week, Java 7u13 has been released, with important fixes included. We’ll post a follow-up article once the blacklisting has been removed.
For the second time since the beginning of 2013, Apple has blocked the latest release of the Java plug-in, effectively preventing it from being loaded into machines running OS X — as it did once before, in January of this year.
While it’s not immediately clear why Apple blocked this release of the Java 7 web plug-in, it’s likely that they are responding to reports that began over the weekend that this new release had some security issues and was allowing unsigned computer code to run on machine running the new plug-in.
Apple isn’t the only group with concerns about this latest release of Java. In a Vulnerability Note updated January 24, the US Department of Homeland Security recommends “(u)nless it is absolutely necessary to run Java in web browsers, disable it… even after updating to 7u11 (the latest release).”
Since users of OS X were victimized by the Flashback Trojan malware in 2011, Apple has been slowly moving away from integrating Java into its operating systems. Later versions of the software rely less and less on Java, even going so far as to disable the plug-in in the 2012 version of OS X Lion.
If you think you might be a victim of a computer virus or malware, we have Agents standing by 24/7 at 1-800 Geek Squad, or chat with an Agent online here.
Security experts have issued several warnings about security holes in recent versions of the Java software from Oracle. Java is used in web browsers across operating systems like Microsoft Windows and Mac OS X, and is primarily used by websites to display dynamic content on your browser and some downloadable applications.
According to an alert issued by the US Department of Homeland Security, Java 7 (Update 10 and earlier) have a vulnerability in its code that can allow a hacker to run malicious software on a Java-enabled computer if that PC accesses a hacked website, or downloads malicious programs.
Oracle has released an update for the program (Java 7 Update 11) that is available as a free download at http://www.java.com.
Some security experts are still concerned about the vulnerability of Java, as this is not the first time hackers have used security holes in the code to exploit systems. Their recommendation? Disable Java on your computer, which can be done a) through the Control Panel, or b) by uninstalling the Java software from your computer.
Whether you remove Java completely comes down to the basic question of “security v. functionality” all computers face. Removing programs that have security vulnerabilities may help reduce vulnerabilities on your computer, but at the cost of losing some features and functionality of websites and downloaded programs on your machine.
Regardless, Geek Squad recommends practicing safe browsing habits whenever you are on the Internet, as well protecting your computer by keeping the Operating System updated and having updated antivirus software, as well as keeping your important files (documents, photos, etc) backed up on a routine basis.
If you need assistance in making sure that your computer is up-to-date and protected, connect to our Geek Squad Tech Support team online, stop by a Geek Squad Precinct in a Best Buy store near you, or call 1-800 GEEK SQUAD today.
Agent Derek has helped remove techno-stress from the lives of his Geek Squad clients since 2005. When not providing remote help as an Online Support Agent, he likes to take to the road on a vintage motorcycle for adventures through Ohio country highways.
Case in point: free voucher/giftcard scams. While browsing Facebook recently, an old friend of mine posted about a “Free $400 voucher” on his Wall. Time’s a factor, hurry now, as supplies are limited. (Sound familiar?)
This is a scam, folks. If something sounds too good to be true, it probably is. This con has been around for a few years now, with only the amount, the company and a few minor details changing to lure the unsuspecting in. It plays on your credulity, and your desire to take advantage of a killer deal during the biggest shopping period of the year. (After all, who couldn’t use a few hundred dollars more during the holiday season?)
What do you have to lose? Well, you could give thieves enough personal information to steal your identity or end up with viruses installed on your computer.
Most of the time if it strikes you as illegitimate, it probably is. On occasion, you might just come across an incredible deal. Here are a few tips to help you verify the offer:
Make sure to check out this article over at Blogher to help you avoid being the victim of a scammers during your holiday season. As always, when you need help, head over to geeksquad.com for updated tech tips & tricks, and to receive help from one of our agents online.
Agent Ron G. has been battling the forces of unruly technology run amok since 2001, prior to Geek Squad’s acquisition of Best Buy. When not busy creating video & technical training content for Geek Squad Agents in the field, Agent Ron enjoys home brewing, international travel, and learning how to cook new cuisines.
Think this is a new way for the FBI to deal with computer crime? Think again – you’ve just been a victim of a particularly nasty new virus – Reveton.
Like a biological virus, computer viruses are constantly evolving to take advantage of unsuspecting hosts. In this case, you are dealing with a form of virus called “ransomware”, because it holds the victim’s computer hostage until a ransom is paid to a mysterious third party.
Reveton disables the computer and displays a bogus-but-somewhat-intimidating message on its screen claiming that the computer’s owner has violated federal law. The malware locks the system until the owner pays the “fine” using a specific pre-paid money card service. For added spookiness, some variants of this virus will use your webcam to take a photo of you to include in its faked warning window. (Yikes!)
Most law enforcement agencies in the United States do not issue fines and disable computers without due process – meaning you have a legal means to defend yourself. Plus, we are pretty confident the FBI would never take payments from only one specific brand of money card (even if it is widely available at your local convenience store).
Geek Squad has the following recommendations for anyone who believes they may have a computer infected with this Reveton virus:
To help prevent your computer from becoming a victim of a virus infection like this, always remember to keep your antivirus protection current and up to date. Feel free to use our free virus and spyware scanning tools in the Self Help area of our website.
To help protect your important data (such as photos, documents, or music), create and follow a consistent backup plan, using an external hard drive or online backup service. We have tips on backing up your data (link to http://www.geeksquad.com/do-it-yourself/tech-tip/tips-for-backing-up-your-data.aspx), creating good passwords (http://www.geeksquad.com/do-it-yourself/tech-tip/keys-to-a-secure-password.aspx) and protecting your computer against spyware (http://www.geeksquad.com/do-it-yourself/tech-tip/how-to-protect-against-spyware.aspx) in the Tech Tools area of our site.
As always, Geek Squad Agents are ready to help you with any questions you have about your technology. Visit our web site (www.geeksquad.com) or give us a call at 1-800-433-5778.
Agent Derek has been removing techno-stress from the lives of his Geek Squad clients since 2005. When not providing remote help as an Online Support Agent, he likes to take to the road on a vintage motorcycle for adventures through Ohio country highways.
On Monday, July 9th, thousands of internet users could find themselves without internet when the FBI finally shuts down the DNS-Changer malware.
For months, a group of cyber criminals have been infecting hundreds of thousands of computers with “DNS-Changer,” which redirects your internet traffic to “fake” versions of websites. Thankfully, this ring of criminals was taken down in an FBI sting operation called “Operation Ghost Click,” and since then, the FBI has been redirecting infected computers through special government servers to keep them online.
But on Monday, all that changes when the FBI pulls the plug. If you’re infected with DNS-Changer, you could lose your internet access. The good news is that the Geek Squad is here to help you out. To find out if your PC may have been infected by the DNS changer malware, try one of the following:
Agent William G. has been an Agent with Geek Squad since 2004. If he’s not working on computers remotely, or contributing to the Geek Squad Intelligence Blog, he can be seen skateboarding the sidewalks in the city of Atlanta.
“Macs don’t get viruses.” A common thing we hear around the Geek Squad – and a common misconception. One that is playing out at this very moment, as a large portion of Mac users in the United States are at risk of being infected with the Mac Bot-Net infection.
Originally started off as a fake Adobe Flash Player plug-in installer, in recent months this infection has grown to exploit Java vulnerabilities on Mac computers.
How does it happen? By simply visiting a malicious site, users run the risk of their Mac computer being infected by the “Flashback” infection, and unknowingly becoming part of a bot-net network. When accessing a compromised site, the malware will install itself via a Java exploit.
It happens one of two ways. One: It either asks you to enter in an administrator password, and promptly installs the malware code into the Applications folder. Two: if a password isn’t required, the malware simply installs to the user accounts on the machine, where it can be run in a more global manner. Once installed, the infection injects code into web browsers and other applications (such as Skype) to gather passwords and other personal information from those program’s users.
“How can I prevent this from happening?”, you may be asking. Answer: by making sure you regularly install all critical Apple updates on your Mac. Apple released a patch that fixes this issue and removes the vulnerability. As of April 3rd 2012, all you need to do is perform an Apple Software Update to prevent this issue. With this patch Apple has been able to fully addressed any vulnerability and prevent it from spreading.
As always, it is good practice to update all of your software — not only to keep up with changes in functionality of the operating system, but to also help with bug fixes and vulnerabilities such as the one experienced in the above infection. Should you require assistance, Geek Squad Agents are standing by 24/7/365 online, by phone at 1-800-GEEK-SQUAD, or at Geek Squad Precincts in a Best Buy store near you.
-Agent David S.
In recent weeks, we’ve seen an uptick in reports of phone scammers, some claiming to be Microsoft technicians or in a few cases, even claiming to be associated with Geek Squad.
During these phone calls, consumers are told that their computers are out-of-date and need upgrading. The caller then attempts to remote into the consumer’s computer to “fix” the issues. Under the guise of a faux service, the caller asks for a credit card number and attempts to destroy the PC via remote connection before finishing the call.
For years, we’ve advised clients to avoid cyber attacks by following these relatively simple steps:
While these cyber protection rules still apply, scammers are creating new ways to get into your computer and take the information they want – including contacting you by phone instead pursuing you by computer. Here’s updated guidance for helping you identify and avoid these scammers:
Remember, Geek Squad will never reach out to you unsolicited in an attempt to perform service. If you are in doubt about a contact, you can reach an actual Geek Squad Agent directly by calling 1-800-Geek-Squad.
For help with all your technology needs, call 1.800 GEEK SQUAD to set up an onsite consultation, find a location near you at www.geeksquad.com, or visit the Geek Squad Precinct at Best Buy or freestanding locations to speak with an Agent directly. We provide our services wherever and whenever you need them – 24 hours a day, 7 days a week.
You may have seen pcAnywhere, Norton, and Symantec mentioned in the news lately. It appears that a group of hackers had stolen code from Symantec dating back to 2006 and the code in question was used on a couple of the company’s popular software titles.. We’re here to explain what all of this means to you.
Since January 23rd, Symantec has been working with law enforcement agencies to find out exactly what a group of hackers was attempting to do with source code from 2006. The good news for Norton/Symantec users is the code being used by the hackers is older code. Users of older versions of the Symatec software won’t be vulnerable to possible hijacking/malware attempts from hackers.
Currently, only code from Norton Utilities and pcAnywhere have been released, so we’re urging users of these products (pcAnywhere especially) to make sure their software is up to date. pcAnywhere version 12.5 is the most up-to-date version of that product available. Symantec has been working fervently to patch their products so that the old code being leaked doesn’t put any of its users at risk. Because of the constant updates they make to their Norton Antivirus and Internet Security packages, leaks of that 2006 source code won’t be very useful for hackers. So if you’re using Antivirus/Internet Security from Symantec, don’t worry – you’re at very little risk.
Want more information? For any users of Symantec products, please visit: http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims&inid=us_ghp_banner1_anonymous
For users of pcAnywhere, please make sure you’re patches are up to date by visiting: http://www.symantec.com/business/support/index?page=content&id=TECH180472
-Agent William G.
TRENDNet, maker of several IP Cameras, recently discovered a vulnerability in several of their SecurView cameras that allowed for online access in real-time by hackers. Fortunately the company released a quick firmware update to resolve the issue.
Was that just the sound of your jaw dropping? Yes, even digital cameras aren’t safe online. This should serve as a handy wake-up call that — in our Web-connected world — it’s not just your computer and phone that need security updates!
Almost every device that connects to your network, from your TV and DVD player to your security system, run on basic software called “Firmware”. This software controls all functionality of the device – kind of like an operating system, like Windows or MAC OS. In the case of networked devices, it controls how your devices communicate with the network and can allow you to access the device remotely.
As technology changes, this firmware sometimes needs to be updated. Occasionally a security threat is found that makes your device (and the network it is connected to) vulnerable to a hacker attack or manipulation. Manufacturers usually take care of this problem by releasing a free firmware update for your device, and making it available through their websites. It is important to check for these updates on a regular basis to ensure you always have the latest firmware.
If you own a TRENDNet IP Camera, TRENDnet has released the following information on their website on how to update the camera’s firmware, where to obtain the update, and how to get in touch with them if needed:
TRENDnet’s security team understands that video from some TRENDnet IP SecurView cameras may be accessed online in real time. Upon awareness of the issue, TRENDnet initiated immediate actions to quantify the scope of the issue, initiate corrective actions, and publish updated firmware which resolves the issue.
Only select cameras purchased between April of 2010 and the present may be affected and require a firmware update. Eighteen camera models have been identified. A list of the identified products is available on TRENDnet’s homepage: http://www.trendnet.com
How can Consumers Upload new Firmware?
Updating firmware takes a few minutes. New firmware for all of the listed models is available at the following link:http://www.trendnet.com/downloads
How can Consumers Contact TRENDnet?
TRENDnet has created the following dedicated email for all inquires related to this reported issue. Customers with any questions related to this issue such as how to update your camera’s firmware are invited to contact TRENDnet at the following email: firstname.lastname@example.org
For more than 20 years, TRENDnet has built a reputation for offering trusted, security IP camera solutions to consumers worldwide. We have worked hard to create a brand delivering network solutions that people trust. TRENDnet extends its deepest apologies to consumers which may be impacted by this issue.
To find updated drivers for major brands, check out our driver Do-It-Yourself page. For a quick tutorial on how to update firmware, check out our 2 Minute Miracle at http://gslink.us/KcM0E1. For assistance in updating firmware, or additional questions, chat with an Agent at http://www.geeksquad.com, call 1-800-GEEK-SQUAD, or visit a Geek Squad Precinct at Best Buy store near you for a consultation.
-Agent Patrick B.
Agent Patrick B. has been an Agent with the Geek Squad since 2005. When he isn’t overseeing the Geek Squad Intelligence Blog or the Geek Squad’s Social Media presence, he can be found wandering the streets of Minneapolis for a fresh new source of caffeine to fuel his all night gaming sessions.
Agent Agents Android anti-virus Apple CES computer Dancing With the Stars DIY DIY (Do It Yourself) projects do-it-yourself facebook Geek Squad Global Positioning System Google GPS HDTV Holiday Home Theater how-to internet iPhone Laptop laptops malware Microsoft netbooks PC Security skype Smartphone Spyware Tablet Technology tech savvy gifts tips travel twitter Two Minute Miracle Update Video WiFi Windows 7 Windows XP wireless networking