New research shows rise in “deceptive downloads”

According to the latest cybersecurity report from Microsoft, “deceptive downloads” were the top threat for 95 percent of the 110 countries surveyed.

What are deceptive downloads?

Deceptive downloads are legitimate downloadable programs (usually free) such as software, games, or music that cybercriminals bundle with malicious items.

For example, you might receive a file in email or through social networking, but when you try to open it you see a message that says you don’t have the right software to open it. You do a search online and come across a free software download that claims it can help you open the file. You download that software, but you unknowingly might also be downloading malicious software (also known as “malware”) with it. This malware might have the ability to access personal information on your computer or use your computer for cybercrime.

It could be months or even years before you notice your system has malware.

How can I avoid deceptive downloads?

  • Think before you click.
  • Only download software from websites you trust. For more information, see How do I know if I can trust a website?
  • Turn on automatic updating so that you’re always using the latest, most secure versions of the software installed on your computer.
  • Make sure you’re using antivirus software and keeping it up to date.
  • Use newer software whenever possible.

What should I do if I think I’ve been a victim of a deceptive download?

Do a scan with your antivirus software. If your computer is running Windows 8 or Windows 8.1, you can use the built-in Windows Defender to check for and to help you get rid of a virus or other malware.

If your computer is running Windows 7 or Windows Vista, do the following:

  • Run the Microsoft Safety Scanner. The scanner works with the antivirus software that you already have on your computer, regardless of whether the software is from Microsoft.
  • Run a full scan of your computer using your AntiVirus software.
  • Some malicious software can be difficult to remove. If your antivirus software detects malware but can’t remove it, the give us a call.

If you would like any help or advice on Solutions including AntiVirus, Web Content Filtering and Automated Patch Management then give us a call (www.millersolutions.co.uk)

EU court backs ‘right to be forgotten’ in Google case

A top EU court has ruled Google must amend some search results at the request of ordinary people in a test of the so-called “right to be forgotten”.

The European Union Court of Justice said links to “irrelevant” and outdated data should be erased on request.

The case was brought by a Spanish man who complained that an auction notice of his repossessed home on Google’s search results infringed his privacy.

 

See More

OpenSSL Heartbleed internet security breach

In light of recent press coverage regarding the Heartbleed (OpenSSL) internet security breach (see recent BBC news coverage) we would like to inform users that this does not affect Microsoft IIS which you currently use for Microsoft Exchange Outlook Web Access, we can also confirm that any Web Hosting with ourselves is also unaffected.

You may also be receiving an email from either Thawte or GeoTrust, please do not worry about this email as we can confirm that you are not affected by using any services provided by Miller Solutions,

Please note if you use another supplier for a Web Site or Application you will need to check with them to confirm if that is affected.

Microsoft admits zero-day bug in IE8, pledges patch

On Friday, Microsoft published a security advisory that acknowledged the bug. In the advisory, the company also said that other versions of Internet Explorer, including the newer IE9 and IE10, are not affected, and that the firm is working on an update to patch the problem. No timetable for a fix was provided. The next scheduled security update from Microsoft will ship Tuesday, May 14.

 

Microsoft confirmed that all versions of IE8, including copies running on XP, Vista and Windows 7, are at risk.

 

Meanwhile, Microsoft urged users of Vista and Windows 7 to upgrade from IE8 to IE9 and IE10, respectively. People running Windows XP — the apparent target of the watering hole attacks — have no such option, as neither IE9 or IE10 run on the 12-year-old operating system. The newest versions of Chrome and Firefox, however, do support Windows XP.

 

Customers can also deploy the Enhanced Mitigation Experience Toolkit (EMET), to lock down IE8, making exploits more difficult for hackers. EMET 3.0 or the beta of EMET 4.0 can be downloaded from Microsoft’s website.

While it’s possible that Microsoft will craft a patch for the vulnerability in time to include it in the scheduled May 14 updates, it’s more likely the company will issue a fix outside of that schedule, as it did in January. Then, Microsoft took 16 days from issuing an advisory to patching IE. If it followed the same timetable with the newest flaw, it would ship a fix after this month’s Patch Tuesday.