DUBLIN — Cyber threats are coming thick and fast these days. Just as the world is reeling from the WhatsApp security flaw that reportedly exposed users to Israeli surveillance software, Microsoft has announced a patched computer bug could pose a serious security risk. The growing threat of hacking – from the loss of data like credit card numbers or bank information to the risk of cyber-attacks like ransomware – is making the online world a much more dangerous place for us regular folks. News like this is a good reminder to us all to implement good online security. Update all your internet-connected devices (including your fridge or your doorbell) regularly to make sure they’re well-protected. Use strong passwords and two-step authentication wherever possible. Exercise extreme caution when opening emails or downloading content from unfamiliar sources. Monitor your accounts for unusual activity. Back up all your data on a secure, external drive. And, I guess, hope for the best – today’s sophisticated cyber-criminals don’t need you to make a mistake to get you. – Felicity Duncan
Microsoft Warns of a Monster Computer Bug, In a Week of Them
By Robert McMillan
(The Wall Street Journal) Microsoft Corp. took the unusual step of warning that a computer bug it has now patched could be used by a cyber weapon similar to the WannaCry worm, which spread across the globe two years ago.
___STEADY_PAYWALL___
The bug is one of several high-profile computer-security issues to emerge this week, though the impact isn’t yet clear.
Microsoft said that it hasn’t seen anyone take advantage of the flaw, which affects older versions of its Windows operating system, but that it believes it is “highly likely” the flaw will wind up being exploited by malicious software, now that it has been publicly disclosed.
Any “future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe,” Microsoft said Tuesday in a blog post.
The flaw affects Windows 7 and Windows Server 2008. It also affects Windows 2003 and Windows XP – older versions of Windows that Microsoft doesn’t typically patch. But, in a sign of the severity of the bug, Microsoft released XP and Windows 2003 patches as well.
“This is certainly one to take seriously,” said Chris Coulter, vice president of technology with BlackBerry Ltd.’s Cylance security group.
Users of Windows 10 and Windows 8 aren’t affected by the flaw, Microsoft said.
WannaCry spread quickly, and infected more than 200,000 systems world-wide with ransomware – software that rendered computer systems unusable and demanded a digital ransom. It affected systems at England’s National Health Service, FedEx Corp. and Nissan Motor Co.
The 2017 worm could have been more devastating, but it was stopped when a security researcher activated a “kill switch” feature that prevented the worm from spreading.
Microsoft’s bug came a day after Facebook Inc.patched its WhatsApp encrypted-messaging application following the company’s disclosure it had been used in a novel form of attack: Hackers had found a way to install spyware on mobile phones by using a bug in the voice-calling feature of WhatsApp.
That flaw was particularly interesting because WhatsApp is often used by security-conscious people looking to take advantage of its end-to-end encryption capability, which prevents others from snooping on messages as they are sent, Mr. Coulter said. “Myself and millions of others inadvertently put all that at risk by blindly trusting the app,” he said.
On Tuesday, Intel disclosed issues in its microprocessors that could allow hackers to gain unauthorised access to data stored in a computer’s memory. The new bugs are similar to last year’s Spectre and Meltdown flaws, but are hard to exploit and unlikely to cause the kind of widespread havoc of a computer worm, security researchers said.
Write to Robert McMillan at [email protected]
