Just when you thought it might be safe online, news is breaking of a new vulnerability discovered earlier this week. Of particular concern is that this new vulnerability seems to be more prevalent on home computers that corporate systems. An outbreak targeting home users could be significantly more damaging that recent outbreaks, which hit over 300,000 computers in more than 150 countries!
In other words, take note of the risk!
Just today, I became aware of a business where multiple users in the accounting department opened an email attachment that appeared to come from their Xerox scanner. The email arrived from an address that did not exist within the company and the subject said “Scanned Image from a Xerox WorkCentre,” which the recipients took to be legitimate. The problem is, they did not take the time to inspect the sending address. Worse, more than one person opened the attached zip file, then the PDF file that was within the zip file and then clicked a link to enable content within the PDF file. How could they have gone through all these steps and not realized they were infecting themselves? This actually happens!
The current vulnerability was announced by the US Department of Homeland Security earlier this week. It involves a flaw in Samba, which is a freely distributed networking protocol that facilitates file sharing between computers running Linux, MacOS, Unix and Windows. Any home user that shares files on their home network may be at risk.
As I have repeatedly advised in this blog, DO NOT open email attachments unless you can assure yourself that you are 100% sure the attachment is safe, the sender legitimate and that you are expecting to receive such an email. Anything less and you are putting yourself at unnecessary risk and will likely find yourself infected.