We've all been guilty of it. You're cramming to hit a deadline, and you dismiss that tiny notification in the corner of your screen reminding you to install a new software update. But if there's anything to be learned from the global ransomware attack that's plagued computers in 150 countries, it's that these updates are as crucial as ever. "This whole disaster could have been prevented if people had patched their system," says Jerome Segura, a security researcher for software firm Malwarebytes. Software updates are critical for keeping your computer safe because they often include fixes for bugs that hackers could otherwise exploit in order to remotely access your system without your knowledge.
The risk of being infected by ransomware can be reduced significantly by taking the usual computer security steps, such as ensuring patches and updates are installed as they are released by software firms. According to the National Cyber Security Centre, an arm of intelligence agency GCHQ, the hackers will exploit vulnerabilities in operating systems, web browsers, plug-in and application that have often been known about for some time. "Software providers will have made patches available to mitigate them. Deploying these patches, or otherwise mitigating the vulnerabilities, is the most effective way of preventing systems being compromised," the NCSC's website says. "However, as well as patching the devices used for web browsing and email, it's important to patch the systems they are connected to, since some ransomware is known to move around systems, encrypting files as it goes."
The FBI is currently investigating a "malicious software attack" that interrupted the Weather Channel's non-stop 24-hour-a-day coverage. The Weather Channel suddenly went dark for more than an hour on Thursday during its live morning broadcast. Speaking to the Wall Street Journal, an FBI spokesperson said the outage was the result of a ransomware attack. "We experienced issues with this morning's live broadcast following a malicious software attack on the network," the Weather Channel said in a statement. "We were able to restore live programming quickly through backup mechanisms. Federal law enforcement is actively investigating the issue. We apologize for any inconvenience to viewers as we work to resolve the matter."
There's a new social engineering attack has you in its sights. Its goal: to trick you into installing malicious software by convincing you that your Chrome installation is missing a vital component. Cybercriminals often use social engineering attacks to trick users into installing bogus updates for things like the Adobe Flash plug-in, Java, and video codecs. In this particular case, it's a font that you're supposed to believe you need to patch. The attack spawns an alert when you visit a compromised web page.