New malware and security threats show up every week; our job to bring you the news in order to stay one step ahead of these malicious threats.
Here are the most dangerous malware threats you need to know about in order to protect your PC and devices from infection:
1. WinRAR Bug is New and Dangerous Malware
WinRAR is a popular program that extracts compressed files. It’s been around for years, and all this time it’s had a hidden vulnerability. Attackers can engineer compressed files so that they extract malware directly to the Windows operating system without warning. A host of malware is taking advantage of this newly-revealed vulnerability, so if you own WinRAR, you should patch it right away. NOTE: WinRAR does not patch automatically – you have to manually update your software to be safe.
2. Fake Asus Updates Weaponized with Viruses
Computer manufacturer Asus recently revealed that its update software was breached at the source. This means that one of the latest critical security updates for the machines – pushed by the company itself – secretly contained malware. This malware was distributed to over 1 million people, but appears to have been hunting for just 600 specific targets. If you believe that your computer has been affected by the malware – known as ShadowHammer – you can check your device on the Asus website.
3. IoT Attacks Hit 32.7 Million
IoT devices are gaining in popularity, but their controls are easy to abuse. Many have no built-in firewalls and contain no ability to change default usernames and passwords. This has led to a 217.5% increase in attacks against IoT devices since 2017. In general, these attacks are designed to create swarms of remote controlled ‘bots’ that can implement targeted DDoS attacks that bring down portions of the internet. If you own or are planning to own an IoT device, please make sure it’s secure!
4. New Android Malware Can Drain Your Bank Account
A new kind of banking malware was discovered in the wild on Android devices this week. Known as Gustuff, this malware can automatically break into banking and cryptocurrency apps installed on your phone and steal funds. Crucially, this application spreads by texting the contacts in a victim’s phone – don’t click on the links in unusual text messages! If you think you might be infected, check out our list of Android Antivirus Apps.
5. NVIDIA Patches its Graphics Management Software
If you own a gaming computer, you most likely own an NVIDIA graphics card as well. The management software that controls these graphics cards and recently discovered to be vulnerable to a bug that would allow users to arbitrarily execute code within a victim’s computer. While no exploit has yet appeared for this vulnerability, it’s important to patch your graphics card drivers as soon as possible – just in case.
6. SMBs Are Easy Targets for Ransomware
A new survey from the firm known as BBR shows that 70% of ransomware attacks are targeted towards small and medium businesses. These companies make useful targets because they often don’t have enough time or money to secure their computers, and so they’re much more likely to pay a ransom. If you work at a small business or manage their information technology, it’s time to watch out.
7. Facebook Stored Passwords in Plain Text
Not malware, but definitely sketchy. Due to an internal error, Facebook stored hundreds of millions of passwords – for both Facebook and Instagram users – in plain text. In other words, if an attack had ever breached that part of Facebook, they would have been able to start stealing accounts right away. Similarly, any malicious actor inside Facebook itself would have had free reign. If your password was stored in this way, you’ll be notified by the company – and you should probably change your password regardless.
8. New Vulnerability Exposed in TP-Link Smart Home Routers
If you happen to own a TP-Link SR20 Router, you might consider replacing it. That’s because developers at Google recently announced that this brand of router is affected by a vulnerability that lets attackers take control of the router if they join the same network. Google revealed this vulnerability to the public because they disclosed the issue to the manufacturer privately over 90 days ago – with no response, and no apparent plans to issue a fix. In other words, it looks like TP-Link is going to let this router stay broken.
9. Office Depot Faked Malware Scan Results
If you’re had your computer checked out at Office Depot recently, you could be in for a payday. The company recently agreed to pay $35 million USD for engaging in deceptive practices. It worked like this: customers would bring their computers in to Office Depot for a virus scan, but their scanning software would always show that the computer was infected – whether it was or not. Office Depot workers would then try to upsell their customers on a $300 consumer protection plan.
10. Industrial Systems Contain Critical Vulnerabilities
This is the kind of news that may not affect your personal computer – but might one day affect your power, water, and sewage. A new survey shows that 20% of industrial control systems – the computers that basically control the operation of your utilities – are vulnerable to malware. The report shows that the vulnerabilities are especially severe, potentially allowing attackers to control the machines remotely, and that utilities either could not fix them or had not yet detected them.
That’s all for this week! If the stories above make you upset, try not to worry too hard. Instead, check out our list of Top 10 Antivirus Programs for your home computer, and read our blog for additional tips on how to preserve the safety of your computer. Good luck out there!