Story image

Security News GLOOMY HALF-YEAR REPORT CARD

01 Oct 10

It’s been another rough year on the security front, with malicious web links, Microsoft Office applications and PDF readers being especially targeted by purveyors of malware. The mid-year trend and risk report from IBM‘s X-Force security team says the number of new malicious Web links discovered in the first half of 2009 increased by 508% in comparison to the first half of 2008.


“Malicious websites continue to flourish, but so are other techniques of enticing users to click on malicious links,” the report says. “In addition to spam and phishing, cyber criminals are finding ways to have legitimate (or seemingly legitimate) Web sites host links to their malware.” Microsoft Office is widely used by ordinary consumers as well as in the business sector, and fixes for vulnerabilities in the various applications are issued in Microsoft’s monthly ‘Patch Tuesday’ updates. PDF readers, like Adobe Reader, are also popular with many users.


PDF stands for Portable Document Format, which allows larger documents to be exchanged online without taking up too much time and bandwidth. Adobe Reader is a free download, letting you read documents that are often attached to websites in this format. The problem is, writers of malware have discovered vulnerabilities in software like Adobe Reader which they can exploit. They do this by writing hidden code into documents, then saving them in PDF format. You may be enticed to download such a document through an email or a posting on a social network. Once you use Adobe Reader to open the document, your computer can be infected. Adobe is alert to these sorts of attacks, and issues fixes for them as soon as they’re detected. However, you need to be sure you have the latest version of Adobe Reader on your computer to keep safe. Adobe often issues alerts to users of its products, but if you’re not sure, just visit Adobe.com.


Spammers, the report says, are increasingly using trusted domain URLs in spam messages. Trusted domains are often used as a decoy in spam (to fool end-users and spam filters) and are sometimes abused by spammers when they put their spam messages in areas of trusted websites that allow anonymous postings. Beware of unexpected emails from seemingly legitimate sources.


Cyber criminals have also taken to ‘spoofing’ legitimate websites, and going to them can cause you plenty of grief, as they contain malware that can download if you visit them. What’s more, they can be hard to tell apart from the real thing. The best way to protect yourself is to check the URL in the address bar at the top of your browser, even if you’re going to a site you visit regularly. If the address line looks wrong, get out of there – fast.

New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.