Satellite Communications Not Very Secure

Satellite communications, a critical part of many everyday functions, are not as secure as we might think they are. These communications are critical for organizing mass transit, military communications, emergency services, and more.
The attacks that could compromise a single satellite are very simple, some as simple as sending an SMS. And once one is compromised, a whole network could be brought down.

Apparently, recent research indicates that satellite firmware often has hardcoded credentials, backdoors, and weak protocols. While an attacker would have to have some knowledge of the firmware to accurately exploit it, gaining access would not be a problem for them.

< a href="http://www.darkreading.com/vulnerabilities---threats/satellite-communications-wide-open-to-hackers/d/d-id/1204539?" target="new"> Satellite Communications Wide Open To Hackers- Dark Reading by Information Week

Microsoft No Longer Supporting Windows 8.1

Microsoft will be ceasing support to Windows 8.1 in May ,2014. This means that the software giant will no longer distributing security updates to 8.1 users. Microsoft plans to continue supporting Windows 8 and Windows 8.1 Update.

What does this mean for users? It means that if you currently have Windows 8.1 installed, you must get the 8.1 Update installed as well by May 2014. This will ensure that there is no gap in your security coverage. If you only have Windows 8, Microsoft assures us that they will continue 8 security updates.

Microsoft confirms it’s dropping Windows 8.1 support- InfoWeek

Chrome Bug Allows Websites Unauthorized Use of Microphone

Recently a bug has been discovered in Google’s web browser, Chrome, that can allow websites to listen on a user through their computers microphone. While the defect cannot directly record audio, it can record a transcript of anything it hears using Chrome’s speech-to-text function. This bug has a potential to reach many people, as Chrome is used by more than half of web users.

The bug was originally reported to Google by Israel-based developer, Guy Aharonovsky, who discovered it while working with the speech recognition aspects of Chrome. Google, while have acknowledged the defect, has currently designated it as “low-severity”, which means there will be no immediate fix for the issue.

In the mean time, it does not seem that anyone is using this bug for malicious reasons yet.

Google Chrome Bug Could Allow Websites To Snoop On Conversations- International Business Times

Heartbleed Vulnerability in OpenSSL

A major flaw has been found in the OpenSSL library, compromising a large number of websites that use OpenSSL to encrypt web data. Almost one-third of major websites use OpenSSL to encrypt user information (like credit card numbers and sensitive information) that is being passed to their servers. Unfortunately, this vulnerability allows someone to potentially capture important information about the server, making it possible to infiltrate it. Once infiltrated, an attack can pose as the server and intercept any data sent over the SSL connection.
Open SSL has released a patch on Monday to correct the issues. Current users of OpenSSL should either upgrade to OpenSSL 1.0.1g or disable the heartbeat function of the library. The vulnerability has existed for two years, and attack are completely silent and unnoticeable. Experts are also recommending that users of OpenSSL replace their security certificates and keys.
Emergency SSL/TSL Patch Underway- Dark Reading by Information Week

Malware Targeting Job Search Sites

The malware known as “Gameover” is currently targeting employment websites. This trojan is used to redirect users to a fake login page for Monster.com where it collects the targeted victims data. They do this be injecting a fake login button on Monster.com on infected computers. Other than the fake login button, the Monster page looks completely normal. Not only does the trojan collect login data, but it also asks the user to select and answer a security question.

Gameover had previously targeted CareerBuilder.com, but the Monster development is a new one.

Regular users of employment sites are recommended to pay attention to their login pages and make sure nothing seems out of the ordinary or different before logging in.

Gameover Malware Targets Accounts on Employee Websites- ITWorld.com