REvil is the latest ransomware to hit the world. Leo says that the exploit uses the Cassea remote management supply chain to infect thousands of MSP computers. REvil disables your AVS and deploys a fake Windows Defender app to infect and encrypt computers. So far, it's hit several grocery and convenience stores, forcing them to shut down. If stores are using Cassea, then they are advised to go offline and shut down their remote access.
Western Digital's My Book Live Network Attached Storage has been hacked due to an exploit discovered in 2018 and was never patched. Hackers can run a program of their own making taking advantage of it. A hacker has searched for numerous My Book Lives and executed a script to erase them, leaving many without the backups they were relying on. Western Digital's solution is to have users unplug their MBL from the Internet while they research the hack. Will WD issue a fix?
Western Digital's My Book Live hard drives were compromised this week using a remote code exploit that had been left unfixed since 2018. Leo says it's important that devices get updated for security reasons regularly, and when it goes out of service, to think about replacing it. Leo also says it's important to adopt a 3-2-1 backup strategy. Three copies, on two different kinds of medium, and one off-site. Just in case.
Known as a "cross-site WebKit vulnerability," a critical security flaw in the iPhone IOS 14.4.2 or iOS 12.4.2 could cause a hacker to get into accounts on websites through it. Apple is patching the flaw and iOS users should update once available.
Richard put Facebook Messenger onto his wife's Kindle tablet. Since then, he's had nothing but trouble with his network. He didn't get it from the Kindle store, so he's worried he's been hacked. Leo says that Richard probably was since he googled and clicked on the first link he found. Leo says that's why its important to go to the official source like the Kindle app store. If bad guys can steer you to a website, they can infect you. But it may not be the Kindle that's been infected. It could be the router or modem. But Leo says it's not likely.
A zero-day bug prompted a text message to Leo that caused his iPhone to crash. It's officially known as a "remote zero click." Apple is aware of the issue and is working out a fix for the next update to iOS 13. It was discovered by a security company in San Francisco this week, along with two other zero-day exploits. Leo advises updating to the latest iOS as soon as it comes out.
There's a huge security flaw in WINRAR, that will enable hackers to take over your computer. So Leo advises that if you use WINRAR to zip/unzip your files, that you should update to the latest beta version. But you have to go to the WINRAR site and manually download the update. There is no automatic update.
Irwin is concerned that the Spectre bug fix will slow down his computer. Leo says it's possible, but it's unlikely to have a noticeable impact on a modern machine. Experts say the bug fix will greatly affect slower, older machines. A newer machine will get the least performance hit. He should just make sure to update his AVS and all of his drivers.
VMware or really heavy applications are where the performance hit will most likely be affected.
Travis is having trouble getting the Windows update that will fix the Meltdown/Spectre exploit. Leo says he should make sure to update his antivirus first, because the fix will break the AVS and crash the machine, forcing a reinstall of the OS. He may also need to do a BIOS update. In fact, the entire machine may need to be updated to prevent the Windows OS update from breaking the machine.
2018 brought about the news that every processor built in the last ten years have a flaw in them that could give hackers access to sensitive data. Initially believed to affect just Intel processors, the latest is that this affects every single processor made, regardless of platform.
The flaws utilizes a technique called "processor speculation," which enables the processor to speculate what the user will do next in order to accelerate performance. But the feature also gives hackers access to sensitive L2 cache data like passwords. It's especially true for networks.
