Hackers take Advantage of Login Credentials Purchased on the Dark Web to Compromise over 500,000 Zoom Video Accounts

With the Zoom video chat app becoming more widely used during the current pandemic, security researchers have discovered a database of more than 500,000 compromised accounts.  Because many people tend to reuse the same password to access multiple accounts, hackers have begun using account information purchased on the dark web to successfully attack the Zoom app.

Those who are familiar with security concerns with the Zoom app may already be avoiding its use, but the majority of users are not aware of these issues and continue to use the platform.

If you wish to continue using the Zoom app, please ensure you change your login password to one that has never been used before.  If you are unsure whether your newly chosen password has ever been published as part of a data breach, you can test it at the website Have I Been Pawned. 

Simply enter your password (nothing else, so there’s no way to tie it to you specifically) and you will be instantly informed whether hackers already use that password in their attack attempts.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.

The post Zoom Video Chat Vulnerable to Reused Password Attack appeared first on Biz X magazine.

Newly Discovered COVID-19 Phishing Email Targets Cogeco Customers

A few minutes ago, I received an email claiming to be from Cogeco with a subject beginning “We have detected some unusual activity on your account” and referencing the COVID-19 situation. 

This is a typical phishing email and normally, I would not issue a warning.  However, due to this being a fresh attack, the login link inside the email had not yet been reported to the authorities.  I have taken this step, so hopefully, it will be blocked relatively soon. If you click the link, you will be taken to a page that looks very much like a legitimate Cogeco webmail login page. 

In the address bar, you will see a URL similar to: https: //cogeco.ca.caeqiri.com/some-random-stuff-here.cogeco.ca.webmail-login/webmail-login/ which, at first glance, might look legitimate to the casual observer.

Please be aware that Cogeco will never send you an email that doesn’t address you by name and that contains a login request.  

Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.

The post COVID-19 Phishing Email Targets Cogeco Customers appeared first on Biz X magazine.

Vulnerability in WhatsApp Being Exploited to Gain access into Phones and Computers

A critical vulnerability in WhatsApp is causing havoc.  Hackers have discovered that some older versions of the popular WhatsApp messaging application are vulnerable to being exploited, thereby allowing malicious files to be inserted into the computers or phones running the application. 

This can result in the spread of malware, remote execution of code and theft of personal data. To ensure you are not victimized, you must update your WhatsApp application to the most recent version, and ensure your browser applications are also up-to-date.  Currently, the Safari browser is still vulnerable; although the latest versions of Firefox and Chrome are immune to these potential attacks.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.

The post Critical Vulnerability in WhatsApp Allows Access by Hackers appeared first on Biz X magazine.

Lasers Able to Hack Voice Activated Devices

In what might be the weirdest hack I’ve ever heard of, researchers at the University of Michigan and Japan’s University of Electro-Communications have discovered that the miniaturized speech circuitry that powers a majority of voice-activated systems can be hacked using lasers!

You may know that microphones work by detecting sound vibrations on miniature diaphrams and then converting those vibrations into electronically coded signals which are then transmitted to a destination and finally decoded back into sounds.

I can’t imagine why someone thought a light beam might be able to cause vibrations inside a microphone, but it turns out it is possible.  Now, researchers have been able to create beams of focused light of varying intensity which have the ability to mimic the effects that sounds have on the microphone.

This potentially allows hackers to silently send commands to voice assistant devices made by companies such as Google, Amazon, Apple and Facebook, and get them to respond to commands as if it were a human were speaking them.  As long as the hacker has line-of-sight access to the voice assistant device, it can be commandeered.  In some cases, researchers were able to successfully hack certain devices from distances of over 300 feet and this process can even work through windows.

In my opinion I would recommend that if you are using a voice assistant device in a secure environment, you should limit its ability to control sensitive equipment, and keep it far away from windows.  In addition, if you own a device that can be customized to your own voice, this might be a good time to reprogram it and teach it to ignore anyone else but you.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.  

The post Lasers Able to Hack Voice Activated Devices appeared first on Biz X magazine.

Microsoft’s Windows 10 updates are reasonably stable, if you can get them to install. Version 1905 is not yet recommended.

I hear from many people whose computers get stuck during the Windows 10 upgrade process.  With Microsoft updating Windows 10 every six months, this can become troublesome. 

Microsoft has begun to force Windows 10 users with version 1803 to update to version 1905.

Unfortunately, I don’t believe version 1905 is stable enough to use. 

Until the newest version receives a clean bill of health, I strongly recommend you stop the Windows 10 update to version 1905. The best way to stop the automatic update from version 1803 is to manually update to version 1809.  When version 1809 was first released, it was also not very stable; however, after more than six months, it is much better. 

Sadly, version 1809 is no longer available from Microsoft’s download page. If you’re willing to give version 1905 a try but want to have a better chance of success with your upgrade, download Microsoft’s Media Creation Tool using the “Download Tool Now” link on Microsoft’s website.  This will allow you to perform the update from a USB stick, rather than using the internet to perform a live update. 

Updating from a USB stick is a far more reliable method of updating.

If you are currently using Windows 10 version 1803 and prefer to update to version 1809, you will need to find someone who has an earlier version of the Microsoft Media Creation Tool.  If your usual support resource does not have this available, you can make an appointment with me, and I’ll use my version 1809 Media Creation Tool to update your system.

Jack Eisenberg is the owner of Safe and Secure Computing and regularly contributes computer security related articles.

The post Microsoft Forcing Windows 10 to Update to Version 1905 appeared first on Biz X magazine.