How to update to Windows 11

You will need a good internet connection and a bank 8GB USB drive or larger. If you are upgrading a laptop, make sure it is plugged in and not running on battery only.

Download Windows 11 and select Create Windows 11 Installation Media

Plug your blank USB into your computer and then click on the Windows 11 installer and select create a USB installer. This will take a while, just follow the instruction, they are self-explanatory.

In the shop, we perform a full tuneup and a full backup prior to updating to Windows 11 but since you probably will not have the equipment for that you need to at least uninstall old programs you no longer use and optimize your hard drives, and backup your computer.

Now to perform your Windows 11 update, after creating your backup, reboot your computer and plug in your Windows 11 installer USB. Click on the setup.exe like the image below.

Now just follow the USB installer directions and your Windows 10 computer will be updated to Windows 11.

The post Windows 11 Update, how to upgrade your computer appeared first on A1 Computer Repair.

Audacity, the well-known open-source audio-editing software, has been called spyware in a report, with privacy policy changes revealing the tool is collecting data on its users and sharing it with other firms, as well as sending the data to Russia.

Audacity was acquired by Muse Group in May, a company that also controls Ultimate Guitar, MuseScore, and Tonebridge. Since the purchase of Audacity, changes have been discovered in online support documents indicating that it is being used to perform data collection on its users.

Read More

The post Audacity 3.0 called spyware over data collection changes appeared first on A1 Computer Repair.

This latest warning comes just as as Google announced an “App Defense Alliance” to “ensure the safety of the Play Store.” The seven apps, discovered by the threat research team at Wandera, do not contain ad fraud malware themselves. Instead they are dropper apps—they download malware “payload” apps and install them onto target devices. This leaves the user with both the dropper app and the payload app installed. Both need to be identified and deleted. The dropper apps bypass store security to bring in threats from outside the ecosystem.

These dropper apps pull the malware payloads from Github, and Wandera VP Michael Covington told me the team was escalating details about the apps “because the backdoor introduced via the dropper code is a significant risk for anyone using these apps—given the obfuscation techniques in use, we have not yet ruled out other apps that may be using similar techniques to introduce unsanctioned code.”

Continue Reading

The post Bad Android Apps Removed From Play Store, Uninstall Now appeared first on A1 Computer Repair.

The security software vendor said names, email addresses, ticket support numbers, and in some cases phone numbers, of around one per cent of Trend’s 12 million customers, were copied from an internal database by the worker and sold off to an outside scammer.

Payment card details are not believed to have been accessed, nor were any details from government or enterprise customer accounts, we’re told.

Trend said it caught wind the scheme back in August, when customers began to report receiving suspicious calls by people claiming to be Trend Micro support staff. After learning that the scammers seemed to know detailed information about the clients and their accounts, Trend started probing.

“We immediately started investigating the situation and found that this was the result of a malicious insider threat,” Team Trend said in announcing the leak. “The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent.

Continue Reading

The post Trend Micro insider sold 120,000 records to scammers appeared first on A1 Computer Repair.

Updating your software makes you more expensive to hack.

No software is perfect. Programmers make mistakes, best practices get updated, and security problems are discovered over time.

Sometimes, security researchers will discover security bugs and not report them to the developer. This kind of bug is called a “zero day” or “0-day,” because the company that could fix it does not know about it and has had “zero days” to address it. These kinds of bugs can be hard to find and expensive to purchase, and are sometimes used in targeted malware or phishing attacks on very high-value targets. Most people do not have to worry about these kinds of bugs.

More often, it will be amateur or professional security researchers, academics, or employees at the company itself who discover such problems, and report them back to the developers to get fixed. When that’s the case, the company can release updates (also known as “patches”) to correct the problem. If you update your software as soon as that pesky “Update!” notification pops up, you are staying current with the best available protections.

Read More

The post Updating your software makes you more secure appeared first on A1 Computer Repair.

Romana Leyva, 35, of Las Vegas, Nevada, and Ariful Haque, 33, of Bellerose, New York, were each charged this week with one count of wire fraud and conspiracy to commit wire fraud. Each count carries a maximum of 20 years in the clink.

According to prosecutors in southern New York, Leyva and Haque masterminded a classic tech-support scam that warned netizens their computers were infected with malware that didn’t actually exist and would need a costly, and yet entirely unnecessary, repair.

We all know this type of scam: phony “system alert” pop-up ads in web browsers that try to scare punters into believing their machine is riddled with spyware, along with a phone number to call for “tech support” or a repair service that costs an arm and a leg – and doesn’t actually do anything useful.

“In at least some instances, the pop-up threatened victims that, if they restarted or shut down their computer, it could cause serious damage to the system’ including ‘complete data loss’,” the prosecution wrote in its court [PDF] paperwork.

Continue Reading at The Register

The post Don’t fall for fake virus infection alerts appeared first on A1 Computer Repair.

If you replace the battery in the newest iPhones, a message indicating you need to service your battery appears in Settings  Battery, next to Battery Health. The “Service” message is normally an indication that the battery is degraded and needs to be replaced. The message still shows up when you put in a brand new battery, however. Here’s the bigger problem: our lab tests confirmed that even when you swap in a genuine Apple battery, the phone will still display the “Service” message.

It’s not a bug; it’s a feature Apple wants. Unless an Apple Genius or an Apple Authorized Service Provider authenticates a battery to the phone, that phone will never show its battery health and always report a vague, ominous problem.

Continue Reading at iFixIt

The post Apple Is Discouraging Repair by Locking iPhones appeared first on A1 Computer Repair.

According to the report, the ads promote applications called “Browser Defense” and “Broxu.” What’s scary is that the actual graphic used in these ads contain malicious code buried within the parameters of their alpha channel, which is used to define the transparency of each pixel in images. By way of explanation, an alpha channel is what makes the background color of an image transparent so that the focused object can reside as an overlay against any backdrop image or color.

Adding the malicious script to an image’s alpha channel is only a minor modification. The resulting image has a slightly different tone than the original, but if web surfers have no idea what the originating image looks like, then they have no clue the altered, malicious version is on their screen. The sample provided by the ESET researchers is barely indistinguishable from the “clean” original.

Once the advertisement is displayed on the visitor’s screen, the embedded code uses the CVE-2016-0162 vulnerability in Internet Explorer to scan the target PC to see if it’s running on a malware analyst’s machine. If the coast is clear, it will then load a landing page that includes a Flash file built for exploiting three vulnerabilities in Flash Player: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117.

“Upon successful exploitation, the executed shell code collects information on installed security products and performs — [in a manner] as paranoid as the cybercriminals behind this attack — yet another check to verify that it is not being monitored,” the antivirus firm reports. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image.”

When the encrypted payload is downloaded to the target PC, it is then decrypted and launched through regsvr32.exe or rundll32.exe in Microsoft Windows. The payloads detected thus far have included various trojan downloaders, banking trojans, backdoors, spyware, and “file stealers.”

The attack is based on the Stegano exploit kit, which uses steganography to hide malware out in plain sight. The term is typically used when hiding messages or information within public text and data. However, in this case, the method throws a malicious script within the alpha channel information of an image. The kit was first used in 2014 to target Dutch customers, and moved on to residents in the Czech Republic. New attacks are targeting web surfers in Australia, Britain, Canada, Italy, and Spain.

ESET senior malware researcher Robert Lipovsky pointed out in an interview that web surfers aren’t required to do anything to trigger the malicious script: all they have to do is visit a website displaying the infected ad. The payloads aren’t random either: attackers choose what to download to the target PCs.

Lipovsky added that the firm didn’t release a list of websites affected by the malicious ads because the information didn’t add any value to the warning. Even more, the firm didn’t want to inflict reputational harm to the websites given that they had no clue or control over displaying the ads. Naturally, web surfers can stay safe by keeping their browser, Flash Player, and security software updated regularly.

http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/

The post Millions Exposed To Ads That Use Infected Images appeared first on A1 Computer Repair.

The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of the devices to install backdoors and intercept traffic.

D-Link has been contacted for comment.

It takes only one command to exploit the flaw, according to Senrio researchers who published a proof-of-concept that changed administrator passwords.

“… the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera,” the researchers say.

“While the thought of strangers watching your sleeping baby is disturbing, the implications for enterprise and infrastructure environments are downright scary.”

Almost 140,000 of the devices are located in the US, with 23,442 in Canada, and 20,982 in Sweden.

Founder Stephen Ridley told Security Week attacking the 120-odd D-Link device models requires to exploit tweaking to suit different firmware.

“An attacker would practically account for this difference in versions [and] devices by fingerprinting a device, and then changing the exploit payload based on the target,” Ridley says.

http://www.theregister.co.uk/2016/07/08/414949_dlink_cameras_iot_devices_can_be_hijacked_over_the_net/

The post 414,949 D-Link cameras, IoT devices can be hijacked appeared first on A1 Computer Repair.

This is for two reasons.

First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and is subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it.

You can find information on how to uninstall Apple QuickTime for Windows from the Apple website here:https://support.apple.com/HT205771

Continue for Full Article

The post Uninstall QuickTime for Windows Today appeared first on A1 Computer Repair.