Author - 3i Expert

Iconic Software Adobe Shockwave Unavailable After April

It’s the end of an era.  Way back in 1995, a company called Macromedia released the iconic Shockwave player, which quickly became a mainstay on Windows-based machines.

A decade later, Adobe purchased Macromedia, taking ownership of the Shockwave player and the company’s other  products (like Flash), both of which continued under the Adobe brand.

Time has not been kind to the technology.  Not only has the company struggled to keep them secure, but the web itself has moved on.  While Flash and Shockwave were once instrumental to cutting edge web development, today’s developers have migrated to WebGL and HTML5, leaving these products with a withering market share.

Although there’s not much current demand for the products, there are a surprising number of legacy websites that still rely on the aging tech.  That’s why Adobe’s recent end of life announcement for Shockwave is sending ripples of panic through the internet.

Adobe has begun sending out emails to their customers bearing the subject line “Adobe Shockwave Product Announcement” in a bid to give webmasters whose sites are built around the tech time to shift gears. The Shockwave Player will officially be retired as of April 8th, 2019, about a year before another iconic Adobe product called Flash Player is slated to retire.

According to the official announcement, business owners with existing Shockwave Enterprise licenses will continue to receive product support until the end of their current contract.  There will be no renewals.

All that to say, the clock is ticking.  If redesigning your company’s website to migrate away from Shockwave and Flash is something you’ve had on the backburner for a while, it’s time to move it to the front of the queue.  Be sure your IT and web development staff are aware, and plan accordingly.  The end is nigh.

Used with permission from Article Aggregator


Faster USB Standard Is Coming But There Are Complications

If you have a need for speed, you’ll be thrilled to know that USB 3.2 is on its way. It offers incredible transfer speeds up to 20GB per second, but there’s a catch that could throw a wrench into the works, or at least make things more complicated. At the most recent Mobile World Congress, it was announced that the new USB 3.2 specification will encompass both USB 3.0 and USB 3.1, which creates three different tiers of speed.

The three speeds include:

  • USB 3.2 Gen 1 will bear the moniker ‘SuperSpeed USB’ and will have transfer speeds of up to 5Gbps
  • USB 3.2 Gen two will be called ‘SuperSpeed USB 10Gbps, and as its name indicates, will offer transfer speeds that are twice that of the Gen 1 product
  • USB Gen 2×2 will be marketed as ‘SuperSpeed USB 20Gbps, with the promised 20Gbps transfer speeds

Of particular interest is the SuperSpeed USB 20Gbps product, marketed as 2×2.  It’s able to provide its impressive transfer rate because it utilizes “two lanes” of 10Gbps data transfer, but only when utilizing Type-C cables.  Fortunately, although Type-C cables got off to a bit of a rocky start, those issues are now a thing of the past. USB-IF is encouraging device manufacturers to copy their SuperSpeed nomenclature in an attempt to minimize end-user confusion.

Despite it being a bit more complicated than is necessary, this is very good news.  Transfer speeds have long been something of a bottleneck, and the new tech (USB 3.2 SuperSpeed Gen 2×2) is a welcome addition to the ecosystem.  Look for it to start being available later this year.

For the time being, there’s nothing to be done, except perhaps to make sure you’ve got a little extra money in the budget to spring for the new tech when it becomes available.


Used with permission from Article Aggregator


Bots Are Attacking Retail Sites On A Large Scale

If you own a retail business, an attack known as “credential stuffing” is the latest online threat to be concerned about.  If you’re not sure what that is, read on and prepare to be dismayed. According to the 2019 State of the Internet, Retail Attacks, and TPI Traffic Report published by Akamai, there has been an surge in large scale botnet attacks against businesses, with retail outlets being the hardest hit.

In fact, according to the report, between May and December of 2018, there were approximately 28 billion credential stuffing attempts made.  One of the web’s largest retail sites suffered over 115 million bot-driven login attempts in a single day.

A spokesman for Akamai had this to say about the report:

“The insidious AIO (all-in-one) bots hackers deploy which are multi-function tools that enable quick purchases by leveraging credential stuffing and a number of evasion techniques, allowing a single AIO bot to have the ability to target more than 120 retailers at once.

A successful AIO campaign may go completely undetected by a retailer, which might see the online sales and record-setting transactions as proof its product is in demand.  They’ll have little to no indication that its inventory clearing was automated and used to fuel a secondary market or scrape information from its customers.”

In most cases, the damage caused by credential stuffing attacks is limited.  Customers whose accounts are compromised may find that they lose points or perks, and that unauthorized charges are made on their accounts. In some cases, a credential stuffing attack could lead to an attacker gaining a foothold inside your corporate network.  Also, large and pervasive attacks could strain web resources and have (on more than one occasion) crashed a web server.

Even in cases where your business isn’t directly impacted, an attack on your customers’ accounts is still an attack on you.  Unfortunately, with so many stolen credentials available on the Dark Web, it’s a notoriously difficult problem to come to grips with.  The best thing you can do is remain vigilant and maintain excellent communications with the customers you serve.

Used with permission from Article Aggregator


Progressive Web App Office Software Coming To Windows 10

Microsoft has recently announced a new addition, coming soon to the Microsoft Store.  A free Office progressive web app (PWA), which is slated to replace the My Office app that comes pre-installed on Windows devices. The new app is functionally similar to the Office App you’re currently using, but it brings some exciting new features into play that users and IT managers alike will love.

In addition to being a central window giving you a birds’ eye view of your recent documents, contacts, and various Office files (Word, Excel, PowerPoint, Outlook), it also serves as a bridge between working offline and working online with Windows 10.

Users will be able to access Office apps installed locally on their devices, as well as web apps. They will also have a view into locally stored files as well as files stored on the cloud, which in the Microsoft ecosystem, generally means SharePoint and OneDrive.

In addition to that, because it’s a Progressive Web App, it can work offline as well and be pinned to the taskbar, just as you can do with a native Windows App.  The only catch is that you’ll need to be running the 1803 version of Windows 10 (or later versions) to make use of the new capabilities.

Although individual users will no doubt find a lot to be excited about, the company’s own statements make it clear that they’ve designed it with IT managers specifically in mind. That is, given that it will allow managers to customize the Office app with company branding and allow users to access a variety of third-party apps through the lens of the Office app.

In tandem with this announcement, Aaron Gustafson (from the Microsoft Edge browser development team) also announced that the next version of Edge will be built around Chromium and will allow users to install PWA’s from the browser itself. That build brings Edge back to par with both Google Chrome and Mozilla’s Firefox.

These are all excellent moves, and we can’t wait to start playing with the new app.  Kudos to Microsoft.

Used with permission from Article Aggregator


Google Security Device Had A Microphone Nobody Knew About

Google has found itself in hot water for something they claim to be an honest mistake and oversight. Owners of the company’s popular Nest Guard (the centerpiece to their Nest Secure home alarm system) have recently discovered a microphone hidden in the guts of the device.  The microphone wasn’t mentioned in the product’s specification sheet, which has creeped out consumer groups around the country and the world.

Google claims that their intention from the beginning was to incorporate Google Assistant functionality into the design. This of course would necessitate the presence of a microphone, making their failure to mention it nothing more than an oversight. Unfortunately, consumer groups don’t seem to be finding that explanation convincing, which explains the push back the company is suddenly getting.

To be fair, Google Assistant functionality would be a superb addition to Nest Secure, but people should be aware of what precisely they’re getting when they open their wallets and buy a new product.  Especially given the fact that there have been a number of high-profile instances where data captured by microphones embedded in a variety of consumer products has already been mishandled and misused.

It ultimately doesn’t matter how many people would or wouldn’t have made the purchase had they known about the presence of the microphone.  The central issue is that they purchased a product without realizing it could be used to record them.

These days, privacy concerns are increasingly on everyone’s mind and with good reason.  Every day, what remains of our privacy seems increasingly under attack.  Innocent oversight or not, this was an unnecessary invasion of that privacy, and advocacy groups are justified in calling the company out for it.

If you don’t yet own a Nest Secure, but have been considering buying one, be aware.  There’s a microphone embedded in it.

Used with permission from Article Aggregator


New Malware Is Coming Through Messaging Apps

As if your stressed IT staff didn’t have enough to deal with, there’s a new threat to be on the lookout for.

Researchers at the antivirus company Avast have discovered a new strain of malware that can spread by way of Skype and Facebook Messenger spam messages. The malware, called “Rietspoof” is described as a multi-stage malware strain.

It was first discovered back in August of last year, and until recently, didn’t raise any eyebrows because it was seldom used. That has now changed.  There’s been a notable uptick in the number of instances of Rietspoof detected on the web.

As malware goes, Rietspoof by itself isn’t all that threatening.  Its goal is merely to infect as many devices as possible, serving as a bridge between an infected device and a command and control server that allows other strains of malware to be systematically injected onto infected systems.

Rietspoof accomplishes this goal by placing a shortcut (LNK file) in the Windows Startup Folder. This is one of the critical folders that Avast and other major antivirus programs monitor rigorously. However, Rietspoof has managed to slip through the cracks, bypassing security checks because it is signed with legitimate certificates.

The malware’s infection cycle consists of four discrete steps. Three of them are dedicated to establishing a Rietspoof beachhead on a target system, and the fourth is reserved for the downloading of more intrusive and destructive malware strains.

According to the research team that discovered it, since they first began tracking the malware, it has undergone a number of incremental changes. That lead them to the conclusion that Rietspoof is a work in progress and currently undergoing testing and further development.

Although it may have limited functionality now, that could very easily change as the hackers behind the code continue to modify it.  Be sure your IT staff is aware, and stay vigilant!


Used with permission from Article Aggregator


Malware Stealing Usernames And Passwords At Alarming Rates

Much discussion has been had about the fact that hackers are becoming increasingly sophisticated, and their methods ever-increasing in their complexity.  While that’s certainly true, more complex isn’t always better.

Take, for example, the malware called Separ, which is a credential-siphoning bit of code, first detected in late 2017.

Separ has benefitted from ongoing development by the hackers controlling it, but what sets it apart from other malware strains is that it’s almost deceptively simple, and that simplicity is a big part of its success.

The program is surprisingly good at evading detection, thanks to clever use of a combination of short scripts and legitimate executable files that are commonly used for completely benign purposes. This allows them to blend in and be utterly overlooked by most detection routines.

The most recent iteration of the software is embedded in a PDF.  When an unsuspecting user clicks to open the file, Separ runs a chain of other apps and file types commonly used by System Admins.  The initial double click runs a simple Visual Basic Script (VBS), which in turn, executes a batch script.

The batch script sets up several directories and copies files to them. Then it launches a second batch script, which opens a decoy image to high command windows, lowers firewall protections, and saves the changes to an ‘ipconfig’ file.

Then, it gets down to its real work, again, relying on completely legitimate executables to collect passwords and move them to the hackers’ command and control server.

According to Guy Propper, (the team lead of Deep Instinct’s Threat Intelligence group):

“Although the attack mechanism used by this malware is very simple, and no attempt has been made by the attacker to evade analysis, the growth in the number of victims claimed by this malware shows that simple attacks can be very effective. The use of scripts and legitimate binaries, in a ‘living off the land’ scenario, means the attacker successfully evades detection, despite the simplicity of the attack.”

Be sure your IT staff aware.  It’s not always the most complex forms of malware that can get you.

Used with permission from Article Aggregator


Apple Developers Will Make Apps Usable On All Devices

Apple recently announced an important strategic change in direction that’s great news for developers.  In their next SDK release, developers will be able to build a single app that will work on every iPhone, iPad, and Mac the company makes.

The benefits to developers are obvious, with the biggest being a general reduction of development time.

There will be no need to make three different variants of an app to cover the entire Apple ecosystem.  It will also mean more potential customers if a development group has been focused on only one segment of that ecosystem.

The change will also give Apple a powerful advantage in that eventually, the company will be able to merge the Mac App Store and the App Store for iOS. That will reduce their digital footprint and make managing their vast holdings easier. In addition to that, it will streamline the approval process, allowing developers to submit a single binary for all Apple devices.

According to a statement recently published by the company, the new development kit could be pushed out by as early as June, which is generating a tremendous amount of excitement in the Apple development community.

Obviously, consumers will see a big win here as well.  Once the changes are complete and the two app stores are merged, there will be a single official hub where Apple users can get all their favorite Apps. They won’t even have to worry about cross-device compatibility, which will improve the overall user experience.

The bottom line is that it will make things easier for developers, make managing the process easier for Apple, simplify things, and improve the user experience for the legions of end users in Apple’s ecosystem. Kudos to the company for making the move.  Exciting changes are ahead!

Used with permission from Article Aggregator


Another Point Of Sale Data Breach Hits Retailers

Another week, another data breach. This time, the target of the breach was North Country Business Products (NCBP), a company that makes point of sale (POS) terminals for businesses.

Although NCBP was the target, they weren’t the ultimate victims of the breach. Hackers infiltrated NCBP’s network and installed malware onto the company’s POS terminals.

These were then sold to businesses around the country. In all, according to the latest information published by NCBP about the incident, a total of 139 business locations received these poisoned POS terminals. This allowed hackers to gain control of any payment information processed through those terminals.

In all, NCBP POS systems are installed in more than 6500 locations nationwide, meaning the scope and scale of this breach was approximately 2 percent of the company’s installed terminal base.

So far, North Country’s handling of the incident has been admirable. The breach occurred on January 3rd, 2019. The company discovered it on January 30th, but noted that the attackers ceased all activity on January 24th when they began detecting investigators probing for their presence.

NCBP has informed law enforcement, enlisted the aid of a third-party forensic investigator, and have published a list of all infected POS terminals on their website. All of the invested terminals are bars, coffee shops, or restaurants, with an even mix of standalone businesses and franchises.

The investigation into the matter is still ongoing. As yet, NCBP and the agencies assisting them have not determined exactly what the impact is or has been for each of the affected businesses.

All that to say, if you own an NCBP POS device, be sure to head to the company’s website to find out if your business is on the list of impacted customers. If so, you may have already been contacted by the company.

Used with permission from Article Aggregator


Safari On Mac Now Vulnerable To Browser History Theft

There’s a new macOS security flaw you and your staff need to be aware of.  It was discovered by Jeff Johnson, the developer of the Underpass app for both Mac and iOS, and the StopTheMaddness Safari browser extension.

Fortunately, the new flaw is not one that can be exploited remotely.  Users would have to be tricked into installing a malicious app via social engineering or other tricks.

On the other hand, the flaw is critical and impacts all known macOS Mojave versions.

Mr. Johnson had this to say about the matter:

“On Mojave, certain folders have restricted access that is forbidden by default.  For example, ~/Library/Safari.  In the Terminal app, you can’t even list the contents of the folder.  However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user.  There are no permission dialogs.  It Just Works.  In this way, a malware app could secretly violate a user’s privacy by examining their web browser history.”

Johnson reached out to Apple privately and shared the full details of the flaw, but refused to provide more details than the above to the general public, saying that since the issue has yet to be patched, he does not want to put macOS users at risk.

Although Apple has formally acknowledged his report, the company has to this point provided no information on some things. This includes what level of importance they’re giving a fix for the issue, and what their time frame might be in terms of issuing a fix.

It’s a serious issue, no doubt, but there’s a lack of public details about it. The fact that it can’t be executed remotely suggests it’s not as big a threat as it could be.  Even so, be mindful of it until Apple issues a fix.

Used with permission from Article Aggregator