With the release of their newest operating system just days away, now is not the most convenient time for Microsoft to be facing and dealing with security bugs. However, two thirds of all 1.5 billion PCs operated by Windows across the globe were recently left vulnerable due to a security flaw found in nearly every version of Windows, including Windows 10 Insider Preview.
The flaw (MS15-078) lies within the Windows Adobe Type Manager Library and can be exploited by cybercriminals to hijack PCs and/or infect them with malware. Users can be attacked when they visit untrusted websites that contain malicious embedded OpenType fonts. Microsoft explains more about the threat in a security bulletin advisory:
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
The flaw has been classified as critical, which is Microsoft’s highest measured level of threat. Anyone running Windows Vista, Windows 7, Windows 8 and 8.1, Server 2008, Server 2012 and Windows RT are affected by the flaw. Microsoft’s online Security TechCenter includes a full list of affected software and additional vulnerability information.
The Avast Threat Report provides an overview of global threat activity.
Avast malware researchers and Avast customers work 24/7 to protect each other.
Avast protects 230 million people worldwide in more than 186 different countries — we are present in more countries than McDonalds and protect more people than any other antivirus security provider. We stream 250 micro updates a day that protect our users from attacks. This is made possible by the 230 million devices we protect that simultaneously act as de facto sensors. These sensors provide us with information about suspicious files to help detect and neutralize threats as soon as they appear. Once we identify a suspicious file on a single device, it is reported back to the Avast servers and all Avast users around the world are immediately protected. This is called our Community IQ – it not only lets us better protect our users but also gives us valuable insights into the current security landscape.
Over time, we’ve noticed the presence of some fairly heated user debates disputing the necessity of security or antivirus apps for Android devices. This could have been sparked by our recent post which argues that you can’t always rely on the security of Google Play or because of the myth that antivirus companies create viruses to sell more software.
Certain security gurus claim that if users stick to downloading and purchasing apps using only the Google Play Store, nothing bad will happen to their devices. However, we found that this line of thinking is not 100% correct, as was demonstrated through the discovery of a rogue Dubsmash app or in the infamous case of apps on Google Play posing as games and infecting millions of users with adware. Despite these findings, there are some users who still feel that they’re safe whenever using Google Play. This feeling of false security could have negative consequences; for example, when your data or financial information is stolen or when you have to resort to resetting your device in order to cleanse it of malware.
So, we know we can’t rely on the Google Play Store all the time, but are third-party stores more secure? Of course not. In this case, how is it still possible that it’s not a problem to use third-party stores? First of all, it’s necessary to point out that there are certain legitimate and clean third-party stores, such as Amazon and FDroid. At the same time, there are tons of shady stores and even more black market .apk files promising to deliver you the latest features of a cracked app.
VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:
- allows Hola users to use each others’ bandwidth
- sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
- and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.
If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.
We rely on our apps. Everyday we use our favorite ones to check news, the weather for our next trip, and communicate with our loved ones. Some apps, especially the system ones, are continuously in use, even if they are not the foremost app on your screen. The keyboard is one of them.
Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. If you have a Samsung S6, S5, and even a S4 running the stock operating system, you’re at risk. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected with an open or public Wi-Fi, your phone is at risk of a very common and dangerous Man-in-the-middle attack. Your connection will be compromised and all the Internet traffic could be eavesdropped upon. That includes the passwords you’re typing in the very same keyboard, your financial information, everything.
To insure your security, you need to use a VPN when on Wi-Fi, since that’s when most updates are scheduled to occur. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Our product, Avast SecureLine VPN, creates an encrypted tunnel for the inbound and outbound data of your Internet connection, blocking any possibility of a Man-in-the-middle attack.
But the story does not end here. If you use SwiftKey on an unsecured Wi-Fi, the attacker could also download malware into your phone or tablet. That’s a job for Avast Mobile Security & Antivirus (AMS). Some users think that we don’t need a security product for our phones. They also think that security companies exaggerate the need for a security app just to sell their products. AMS not only scans the installation process of apps but also checks the Internet sites you’re visiting and malicious behavior of any file in your device. You can install Avast Mobile Security & Antivirus on your Android device for free from the Google Play store.
NOTE: At the writing of this post, a patch for the vulnerability was provided to mobile network operators by Samsung. SwiftKey wrote on their blog, “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.”
Did you know that Californians are obsessed with Selfie Sticks from Amazon.com? Or that people in Maine buy lots of coconut oil?
Thanks to Jumpshot, a marketing analytics company, you can find this information – as well as more useful information – by using the tools available at Jumpshot.com.
What may be most interesting to you is that Jumpshot is using Avast data to drive these unique insights. We provide Jumpshot with anonymized and aggregated data that we collect from scanning the 150 billion URLs our users visit each month. Using Jumpshot’s patent-pending algorithm, all of the personally identifiable information is removed from the data before it leaves Avast servers. Nothing can be used to identify or target individuals. Avast COO Ondřej Vlček explains the data stripping algorithm in an Avast forum topic.
Data security, of course, is very important to us. We go to great lengths to keep our users safe, and have never shared any data that can be used to identify them. We never have and never will.
For those of us who are self-employed and/or work from home, our houses are sacred spaces on both personal and professional levels. Although often overlooked, our routers hold the key to our productivity, as they provide the powerful and consistent network connection that we depend on in order to get our work done. Unfortunately, we often take these little guys for granted, and because of this, routers have become the weakest security point in many home and small business networks these days.
“Unsecured routers create an easy entry point for hackers to attack millions of American home networks,” said Vince Steckler, chief executive officer of Avast. “If a router is not properly secured, cybercriminals can easily gain access to an individual’s personal information, including financial information, user names and passwords, photos, and browsing history.”
Most of us can agree that we don’t want our personal data falling into other people’s hands. This may seem like an obvious concept, but with the amount of data we regularly share online, it’s not such an uncommon occurrence that our information is wrongfully passed onto others. In this clever video published by Facebook Security, we learn how to nip scams in the bud and prevent others from tricking us into sharing personal information.
We love our fans and followers on Twitter because they frequently alert us to great resources. It happened today when we received a tweet from @LoveNerds4Ever letting us know that Avast Antivirus was mentioned on a Sacramento (California) News10 video segment. Thanks, Shawna!
— Shawna M. Bell (@LoveNerds4Ever) May 14, 2015
The guest on this video segment is Ryan Eldridge, co-founder of Nerds on Call, a computer repair Business in Sacramento. He spoke to reporter Keba Arnold about technology mistakes that people typically make. These simple, but oh, so important points, are ones that we continually try to make, and Ryan puts it all together in one good video.
The security recommendations that Ryan makes:
- Run updates on your computer and mobile phone. Program updates and security patches are very important to keep your device up to date and running optimally.
- Download apps and programs from places you know and trust. On your mobile phone this would be the Google Play Store or Amazon App Store. For your computer, he says it’s a little bit harder, but suggest that you visit download.com, CNET’s well-known download site where you can read user reviews and see the reputation of the app before you download.
- Ryan reminds computer users that when they get a new device antivirus software may be pre-installed, but it is a trial for a limited time. After it expires, you need to get protected with a quality antivirus product. Ryan recommends Avast Free Antivirus for your computer, your Mac, and your mobile phone.
- Ms. Arnold confesses that she has one email address that acts as a catch-all for everything. Ryan says this is a no-no because if a hacker breaks into that email address, then he has access to everything. Ryan suggests that you have separate email addresses for friends and family, work, one for shopping, and one for banking.
- Passwords, admittedly are a pain in the you-know-what. Ryan suggests using an algorithm, or a kind of personal code, to construct your own passwords. For example, you can use a line from your favorite song, say Somewhere Over the Rainbow. Use the first letter of each word, use letters from the website name, and end with a series of numbers. Each password will be unique and known only to you.
And Ryan, we have a tip for you! Small businesses like yours need security protection too, and consumer antivirus like Avast Free Antivirus, doesn’t do the trick when you need to manage multiple devices, platforms, and people in remote locations. Adding to our collection of free products is the new Avast for Business. Avast for Business is free to use for as long as you want and for an unlimited number of admins and devices.
The Avast bi weekly wrap-up is a quick summary of what was on the Avast blog for the last two weeks.
Most everyone knows their PC needs antivirus protection, but they don’t think about their smartphone. These days smartphones are just about as powerful and have as much or more personal information as our desktop PC at home. We answer the question do Android devices really need protection?
The answer is a resounding YES. The Avast Virus Lab gives us an example from a trusted download source, Google Play: A porn clicker app slipped into Google Play imitating the popular Dubsmash app. If we cannot completely rely on trusted app stores to weed out nasty apps, then it’s time to add an extra layer of security.
Once you decide that you do want to protect your Android device, you can be confident in Avast Mobile Security, Avast’s free security app available on Google Play. A survey by AV -Comparatives said that Avast was the #1 choice for mobile security in the entire world. No need to wait any longer to protect your smartphone or tablet.
One of the challenges with using a smartphone for so many activities, is that the battery gives out before we do. Our new free app Avast Battery Saver raises the bar with new Wi-Fi based smart profiles that can increase battery life by an average of 7 hours.
Avast Battery Saver has only been available for a month or so but already 200,000 customers have downloaded it from the Google Play Store. For Earth Day we highlighted battery saver users for their positive impact on the environment. Who knew that Avast Battery Saver would be so green? A cool infographic shows just how much they saved - not only from their own battery - but in energy costs too. Now Earth Day can be everyday!
Small and medium-sized businesses (SMBs) run the risk of data breaches just like there Enterprise cousins. Luke Walling, the General Manager of Avast for Business, explains that the biggest threat to SMBs is not actually hackers sitting somewhere far away. The biggest threat to your SMB could be sitting in your office!
Speaking of Avast for Business, our new disruptive free security offering for SMBs has 75,000 new customers in just 2 months. If you have a start-up, a small business, if you work in a school or non-profit organization, then it’s time to stop paying for security protection.
Our researchers are constantly surprised by the creativity of malware authors. Recently, they found a new way cybercrooks trick people in giving up their banking information. It’s a crafty combination of spam email, social engineering, and a macro code embedded in an innocent looking Word document.
Most people have security protection on their computers. That’s great when there are things like the banking malware we wrote about. With all that great protection why is it that they don’t trust the warnings? The Avast Virus Lab explored why some people would rather be right than believe a malware warning.