Keep your browser extensions updated!

It is important to keep all software you use up to date. There are updates for a reason – most likely some of the code used was found to be vulnerable to attacks.

This past week, a popular extension was hijacked. The developer of the Web Developer for Chrome extension had his own account hijacked. The hijackers phished his Google account, then modified the code in his account and pushed it out to users. The version of Web Developer for Chrome that was pushed out is 0.4.9. You need to make sure you have the updated version 0.5 installed NOW!

The version the hijackers uploaded can force ads on pages, capture passwords, or other unreported problems. Consider changing passwords to pages visited during the time of the compromise. The date was August 2. The developer himself admits he fell for a phishing attack that started this. This effected over one million users.

The developer details the events in his blog. The bottom line is anyone can click on a bad link and it is important to have two-factor verification in place.

Why it’s important to keep doing your updates

The Jody Victor crew ran across an article that is truly disturbing.

A flaw in Microsoft Office given the ID CVE-2017-0199 has quite a history. This vulnerability allowed remote attackers to use Microsoft products to execute arbitrary code and take over computers. Ryan Hanson found the flaw last year. He spent some time to see if it could be made more deadly before contacting Microsoft in October 2016. Microsoft did not patch this right away. If they told people of a change in Word settings that would fix the flaw, then word would be out that there was a flaw with more ramifications.

They decided to release a fix in a later update. However, they sat on it and took their time. They started working on a solution in January but attacks had already begun. Through links in email, computers were infected with software that allowed eavesdropping. McAfee saw some attacks on April 6 of this year and blogged about it April 7. April 9, a program was for sale underground for hackers to exploit the flaw. On Tuesday, April 11, the flaw was finally patched in an update.

They don’t know how many computers were hacked or how much money was stolen before this exploit was patched. If you don’t automatically patch your PC, please do so now!

Source:
http://www.reuters.com/article/us-microsoft-cyber-idUSKBN17S32G

Gmail and Google Calendar App Updates for iOS

Google just revamped the Gmail app for iOS devices today. Why use Gmail app for your Gmail on iOS instead of the native email app? In our opinion, it just works better with Gmail.

Now with its new look, it’s even better. There are quick links to Reply and Forward on the bottom that make it easier to respond. They are calling this the biggest overhaul in four years. This new look makes it more like the Gmail app on Android.

Here are some of the new features:
Undo Send: just like you can on desktop, you can stop the mail mistakes before that mail get sent.
Search Faster: they have sped up instant results and can correct spelling mistakes.
Swipe to archive or delete: In settings, you can choose to have swiped emails either delete or archive into ‘all mail’.

Google has also updated Google Calendar for iOS.
Month view and week in landscape view so you can see your schedule in a glance.
Spotlight search support for Apple’s Spotlight Search.
Alternate calendars – you can add Lunar, Islamic, Hindu calendars alongside your current calendar.

Source:
https://blog.google/products/gmail/gmail-and-google-calendar-get-a-whole-lot-better-on-ios/

Victor crew

Windows 10 Upgrade is getting more aggressive

As time goes on and we approach July 29, 2016, it appears that Windows is getting more aggressive to get people to upgrade to 10. It is free up until that date on the device you have it on. On some systems, they have even started the download process to make it easier and faster for when you do upgrade.

If you have automatic upgrades enabled, you might find your machine already updated – and you didn’t even initiate it. If you aren’t ready for the upgrade, make sure to disable automatic updates and do them manually. Even doing them manually you will have to look at your list of updates and uncheck the Windows 10 upgrade to get the regular security updates for your version.

Here is some more information:

Upgrade Now or Upgrade Tonight: How Microsoft Has Aggressively Pushed Windows 10 to Everyone


http://windows.microsoft.com/en-us/windows-10/upgrade-to-windows-10-faq