NYC Geeks - New York City's Computer Repair and IT Service Experts!

Good Evening

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Learn About Us

Technology News

Flaw in billions of Wi-Fi devices left communications open to eavesdropping:
Cypress and Broadcom chip bug bit iPhones, Macs, Android devices, Echoes, and more.
Amazon made a bigger camera-spying store—so we tried to steal its fruit:
It's like other Amazon Go stores, only bigger. But it's a meaningful difference.
Firefox turns encrypted DNS on by default to thwart snooping ISPs:
US-based Firefox users get encrypted DNS lookups today or within a few weeks.
Petnet goes offline for a week, can’t answer customers at all:
Failing to work is one problem; failing to communicate with customers is another.
California man arrested on charges his DDoSes took down candidate’s website:
Feds say defendant used Amazon servers to wage DDoS attacks that cost the rival campaign.
A weed dealer’s $59M lesson: Don’t hide Bitcoin keys with a fishing rod:
The man reportedly "regarded [the loss] as punishment for his own stupidity."
The strange, unexplained journey of ToTok in Google Play fuels user suspicions:
In a reversal, Google now warns app can spy on texts, recordings, photos, and other data.
Former congressman confirms he offered to broker pardon for Assange:
Rohrabacher offered Assange a pardon if he implicated Seth Rich in DNC email leak.
As satellite TV tanks, Dish says merger with DirectTV is “inevitable”:
Dish Chairman Ergen says merger is likely because of threat from streaming TV.
A US gas pipeline operator was infected by malware—your questions answered:
The infection has generated no shortage of questions and opinions. Here's what we know.
Ars Technicast special edition, part 2: Spotting bad actors inside a company:
Our limited-edition podcast series continues as we focus on dangerous insiders.
Anatomy of a dumb spear-phish: Hitting librarians up for Zelle, CashApp cash:
Librarians smell something phishy in scam that scraped emails from association website.
Why fixing security vulnerabilities in medical devices, IoT is so hard:
Op-ed: It's not so easy to just patch or upgrade medical devices, IU Health's CISO explains.
US natural gas operator shuts down for 2 days after being infected by ransomware:
Infection spread to site's OT network that monitors and controls physical processes.
Hackers exploit critical vulnerability found in ~100,000 WordPress sites:
Flaw in ThemeGrill plugin lets attackers wipe sites clean and possibly take them over.
Signal is finally bringing its secure messaging to the masses:
Encryption app puts $50 million infusion from WhatsApp cofounder to go mainstream.
US government goes all in to expose new malware used by North Korean hackers:
Malicious wares are used in attacks to steal money and conduct other illegal activities.
500 Chrome extensions secretly uploaded private data from millions of users:
Extensions were part of a long-running ad-fraud and malvertising network.
Pwns for sale: Scythe prepares a marketplace for sharing simulated hacks:
Looks to make "adversarial vulnerability management" a thing, let red teams share their work.
Amazon wins court injunction on controversial JEDI contract:
Amazon's suit argues it lost the deal because Trump personally hates Jeff Bezos.

Security Alerts

New CWE List of Common Security Weaknesses:
Original release date: February 26, 2020
MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information.

The Cybersecurity and Infrastructure Security Agency (CISA) sponsors MITRE’s CWE program, which is a community-based initiative. CISA welcomes new partners to the CWE program. Visit https://cwe.mitre.org to learn how to get involved.

This product is provided subject to this Notification and this Privacy & Use policy.
OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability:
Original release date: February 25, 2020
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to apply the necessary update. For OpenBSD implementations, binary patches are available through syspatch; see OpenSMTPD’s Message 04888 for further instruction. For other systems, the update is available at OpenSMTPD’s GitHub release page.

This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome:
Original release date: February 25, 2020
Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome:
Original release date: February 21, 2020
Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although Google published an entry on these updates on Tuesday, February 18, the associated Common Vulnerabilities and Exposures numbers and descriptions appeared on the entry today, Friday, February 21.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates:
Original release date: February 20, 2020
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
- Smart Software Manager On-Prem Static Credential Vulnerability cisco-sa-on-prem-static-cred-sL8rDs8
- Unified Contact Center Express Privilege Escalation Vulnerability cisco-sa-uccx-privesc-Zd7bvwyf
- Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability cisco-sa-20200219-ucs-boot-bypass
- Email Security Appliance and Content Security Management Appliance Denial-of-Service Vulnerability cisco-sa-20200219-esa-sma-dos
- Email Security Appliance Denial-of-Service Vulnerability cisco-sa-20200219-esa-dos
- Data Center Network Manager Privilege Escalation Vulnerability cisco-sa-20200219-dcnm-priv-esc
- Data Center Network Manager Cross-Site Request Forgery Vulnerability cisco-sa-20200219-dcnm-csrf
This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for After Effects and Media Encoder:
Original release date: February 20, 2020
Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for vRealize Operations for Horizon Adapter:
Original release date: February 19, 2020
VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.
Be Cautious of Romance Scams:
Original release date: February 14, 2020
This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their confidence, and convince them to transfer funds. When online dating, use caution and never send gifts or money to someone you have not met in person.

CISA encourages online daters to review the Federal Trade Commission’s alert It’s not true love if they ask for money and watch the FTC video Online Romance Imposter Scams. For more information review CISA’s Tip on Staying Safe on Social Networking Sites. If you believe you have been a victim of a romance scam, file a report with:
- The online dating site,
- The Federal Trade Commission, and
- The Federal Bureau of Investigation's Internet Crime Complaint Center.
This product is provided subject to this Notification and this Privacy & Use policy.
North Korean Malicious Cyber Activity:
Original release date: February 14, 2020
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
- HOPLIGHT (update)
- BISTROMATH
- SLICKSHOES
- HOTCROISSANT
- ARTFULPIE
- BUFFETLINE
- CROWDEDFLOUNDER
CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.
New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools:
Original release date: February 12, 2020 | Last revised: February 13, 2020
The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12 Schools and School Districts. The factsheet provides guidance to educators, administrators, parents, and law enforcement officials on various online threats to students, including cyberbullying, ransomware, and online predation.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to read Cyber Safety Considerations for K-12 Schools and School Districts and to visit SchoolSafety.gov to learn more about all the resources available. Refer to CISA’s Tips on Keeping Children Safe Online and Dealing with Cyberbullies for additional best practices.

This product is provided subject to this Notification and this Privacy & Use policy.
:
:
:
:
:
:
:
:
:
:

brightness_2 Good Evening

Request Support live_help

Learn About Us info

Technology News view_quilt

Security Alerts https

Good Evening

Request Support

Learn About Us

Technology News

Security Alerts