Call us Today

Holidays

Reclaim your Weekend

article is now live

Kaspersky unveils free AV software, new USB standard doubles transfer rate A daily dose of today's top tech news, in brief. You need to hear this. Kaspersky Labs unveils free software in show of good faith Security software manufacturer Kaspersky Lab will offer free antivirus software globally, seemingly in response to accusations the company colluded with the Russian government. Kaspersky Free is already available in the Unites States, Canada, and several Asian countries, and will launch globally in coming months. Concerns surrounding Kaspersky's involvement with Russian spy agencies prompted U.S. intelligence agencies to ban the use of all Kaspersky software, as well as prohibiting the use of Kaspersky software by any organization that wishes to connect to intelligence networks. The software will offer the "bare essentials," according to a blog post by CEO and founder Eugene Kaspersky, which includes email and web antivirus protection. The company says the software has been in development for 18 months, and pilot versions have been tested in Russia, Ukraine, China, and Scandinavian countries. USB 3.2 specification announced, doubling data rates over existing cables The increasingly popular USB C is now used across a range of electronics, including recent adoption by laptop makers including Apple, Microsoft, and Lenovo. The USB 3.0 Promoter Group has announced these devices are about to get a boost, with USB 3.2 increasing transfer rates from 10Gbps to 20Gbps over existing cables between two USB 3.2 devices. "USB 3.2 hasn't yet been finalized, but the specification is said to be 'in a final draft review phase', and is expected to be formally released in time for the USB Developer Days North America event in September," Neowin writes. Brad Saunders, chairman of the USB 3.0 Promoter Group, said that when it "introduced USB Type-C to the market, we intended to assure that USB Type-C cables and connectors certified for SuperSpeed USB or SuperSpeed USB 10 Gbps would, as produced, support higher performance USB as newer generations of USB 3.0 were developed." It will likely be years before products designed around USB 3.2 come to market. Researchers hack car washes to attack vehicles and passengers A group of researchers have found security flaws in internet-connected drive-through car washes, which would allow hackers to remotely control the system, possibly physically attacking the vehicles and their occupants. Vehicles can be trapped inside the chamber as the facilities' doors can also be remotely accessed, and vehicles can be struck by these doors when entering or leaving the wash chamber. "We believe this to be the first exploit of a connected device that causes the device to physically attack someone," Billy Rios of Whitescope security told Motherboard. Rios' team conducted the research with Jonathan Butts of QUD secure solutions. Their research mainly focuses on the PDQ LaserWash as it is a popular and fully automated system that can run without the need of assistants. The system runs on Windows CE and has a built in web server, which is also the primary access point for attackers. Though the system requires an username and password to operate, the researchers said the password was easily guessed. They also found a vulnerability allowing them to bypass the authentication process altogether. "All systems — especially internet-connected ones — must be configured with security in mind," a PDQ representative told Motherboard. "This includes ensuring that the systems are behind a network firewall, and ensuring that all default passwords have been changed." But there's more going on in the world than that. Op-ed: How Microsoft became the surprise innovator In an op-ed for the New York Times, Farhad Manjoo argues that Microsoft has become the "surprise innovator" in PCs, largely driven by Apple's apparent lack of commitment to its PC users. Though Microsoft struggled with failed hardware launch after failed hardware launch over the past few years, the Surface Pro lineup kickstarted a run of highly successful product releases that have users taking the company's hardware a bit more seriously. "In the last two years, while Apple has focused mainly on mobile devices, Microsoft has put out a series of computers that reimagine the future of PCs in thrilling ways," Manjoo writes, highlighting Apple's apparent stagnation on PC releases, with an all but forgotten Mac Pro, MacBook, a polarizing MacBook Pro, and an iPad Pro that just doesn't cut it as a laptop replacement like the Surface Pro does. Along with Microsoft's Surface Laptop release as well as its Surface Desktop announced last year, it appears Microsoft's PC department took the que to step in and deliver exciting products where Apple was not. "I think Microsoft has recognized over the last couple years that maybe the creative community isn't as locked into the Mac as many people think it is," Jan Dawson, an independent technology analyst told Manjoo. "There's this window of opportunity for Surface to get in there." Manjoo clarifies he doesn't believe Apple's hardware empire will be toppled anytime soon, but concludes that "anyone who cares about the future of the PC should be thrilled that Apple now faces a serious and creative competitor." And you can't not know this. Possible ancient Martian hot springs might be a future landing site An ancient Martian hot spring may have been discovered just south of Mars' equator, a discovery with the potential to change where NASA's Mars 2020 rover lands to begin its search for signs of life. The spot, called Margaritifer Terra, is a heavily fractured location with surface scarring from what appears to be magma or melting rock from asteroid impacts. But new analysis of high-resolution images of the spot suggest there are mineral deposits along the fractures, pointing to a history of hot springs bubbling through the surface. "That kind of hydrothermal environment is favorable to life on Earth, and may have been so on Mars, too," says study coauthor Rebecca Thomas of University of Colorado at Boulder. Thomas says that this habitat also can also product sulfur or silica-rich mineral deposits, which are good at preserving evidence of life. Though many have expressed excitement about the new revelations, the possible discovery's impact on NASA's decision making has its critics. J.R. Skok, a researcher at the SETI Institute in Mountain View, California, says he doesn't "think this will have a large implication on the Mars 2020 plans. Those finalist sites have been selected above many amazing sites over the past several years." Skok does, however, feel the discovery is an exciting and important discovery to display "how interesting, diverse, and potentially habitable ancient Mars was." The location for the Mars 2020 landing site will be announced in fall 2018.

Could this help protect you

Ask how you can benefit from this

office for mac

Crunchy not Smooth

to many companies just want grunts - even those with investor in people awards on their walls

— Peter Craine (@CrainePeter) July 26, 2017

article is now live

Flash support will end in 2020, tech CEOs to testify on net neutrality A daily dose of today's top tech news, in brief. You need to hear this. Adobe announces an end to Flash, says support will end in 2020 Adobe today announced it will lay to rest its groundbreaking, but often derided Flash software at the end of 2020. Flash has been considered by many to be obsolete for years, bogging down systems and posing major security risks, especially to Windows users. The software was also declared by former Apple CEO Steve Jobs in 2010. Well before Adobe made this announcement, several major tech companies have been making moves to phase Flash Player out of browsers, including Google Chrome, which began phasing Flash out in favor of HTML-5 last year. In Adobe's announcement, the company said that "open standards like HTML5, WebGL, and WebAssembly have matured over the past several years," negating the necessity for Flash. Microsoft has also committed to phasing out Flash support by 2020. Congress invites major tech CEOs to testify at net neutrality hearing Congress has invited the CEOs of several major tech companies to testify before Congress to provide context and insight as the government works to define clear rules on internet regulation. Invitees include CEOs from Facebook, Alphabet, Netflix, and Amazon, who are all staunch supporters of net neutrality, as well as executives from Comcast and AT&T that have both lobbied to change existing the Title II classification for internet providers. House Energy and Commerce Committee Chairman Greg Walden, who announced the hearing titled "Ground Rules for the Internet Ecosystem," said that he believes Congress is "closer than ever to achieving a lasting resolution. The time has come to get everyone to the table and figure this out." The hearing will take place on September 7. But there's more going on in the world than that. Canadian courts ask Google to change global search results In one of several major settlements leveled against Google by foreign governments, Canada's Supreme Court ruled that Google must take down search results for pirated content, not just in Canada, but worldwide. Though it is not generally possible to fight a ruling following a Canadian Supreme Court ruling, Google plans to take the case to court in the US, arguing the ruling infringes on Google's freedom of speech rights. "We're taking this court action to defend the legal principle that one country shouldn't be able to decide what information people in other countries can access online," says David Price, senior product counsel at Google. The case closely resembles a law passed last month in Germany mandating that media companies that operated in the country had to remove hate speech and illegal content within 24 hours to avoid fines of up to $57 million. Austrian courts also ruled that Facebook must take down hate speech targeting the nation's Green Party leader.  The EU is also hitting Google on multiple legal fronts, including a record setting $2.7 billion fine for what it calls unfair marketing practices, as well as the "right to be forgotten" that would extend well beyond EU borders. Google, and other companies, face difficult decisions in whether to comply with these rulings, and it remains to be seen whether Google's attempt in the U.S. court system will succeed. And you can't not know this. Automated, all electric cargo ship to hit the Baltic Sea in 2018 Think self-driving cars are cool? How about self-driving, electric cargo ships? In what seems like a dream come true for environmentalists and Tesla fanatics everywhere, two Norwegian companies are teaming up to develop a short range, electric, autonomous coastal container ship. The ship, named the Yara Birkeland, will hit the seas in 2018. At the beginning, the ship will be crewed, but will transition to largely autonomous operation by 2020. The ship will be responsible for short journeys down a fjord on Norway's Baltic Sea Coast, "feeding" cargo from factories to a larger port. Though the development of autonomous long distance cargo ships remains a long way off, even the short distances the Yara Birkeland will be traveling will save 40,000 diesel truck trips every year.

Book an Appointment today

cyber news

CyberheistNews Vol 7 #29   |   July 24th., 2017 CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years  Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years. The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch. Organized Eastern European cybercrime is more and more taking the "time is money" approach, in this case billions, says Steve Martino, Cisco's chief information security officer. "What we are looking at is the continual commercialization of cyberattacks," Martino says, pointing out that is a major theme in the report. Ransomware takes time to develop and extensively test before any net Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers. Schooling Users on CEO Fraud and Ransomware Cisco's Martino says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected, Martino says. Regular software patching also is crucial. When spam laden malware hits or ransomware attacks similar to WannaCry surfaces, the impact can be minimized. "People focus on new technology, but forget about patching and maintaining the infrastructure," Martino observed. And a balanced defensive and offensive posture, with not just firewalls and antivirus but also including measures to hunt down possible attacks through data collection and analysis, he adds. Spyware Makes a Comeback Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques. Fileless malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult. Additionally, attackers are also making use of anonymized and decentralized infrastructures, such as Tor proxy services, to hide command and control activities. Meanwhile, three families of spyware ran rampant, with Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker affecting more than 20% of the 300 companies in the sample for the report. Ironically, many organizations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Franc Artes, Cisco's Security Business Group architect. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams. 'Destruction of Service' Attack Threat The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomized by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. These types of attacks, Cisco says, have the strength to eliminate organizations' data backups and leave them unable to recover. Cost of Downtime Not Calculated The one thing that was not taken into account related to ransomware was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.  New Type of WhatsApp Phishing Attack Heads-up. There is a new social engineering attack currently being tested in Europe, and that means we will see it in America in the near future. The bad guys are using malicious WhatsApp ads, which offer a 250 dollar coupon for a well-known retailer, in exchange for a short survey. The invite looks like it comes from a friend on WhatsApp. A similar strain installs a malware on the phone, which looks like a software update, but steals all the contacts, phone numbers and email addresses - and if they can find any, passwords and banking credentials. There are different ways to monetize all this phishing data, and it looks like the bad guys have got that down too, from selling the stolen credentials to using the malware to go viral to all the contacts on the phone. The large retailers have reported hundreds of these attacks to Europe's federal Cyber Crime Unit. Warn your users to not click on dodgy WhatsApp special coupon offers.  43% of C-Suite Execs Name Cybersecurity as No. 1 Operational Challenge A global survey over 400 C-suite execs by the management consulting firm A.T. Kearney showed that cybersecurity (43 percent) is the top operational challenge they faced. Also, a whopping 85 percent of C-suite executives agree that cyberattacks will become more frequent and more costly. Here are five survey take-aways. Posted at the KnowBe4 Blog: https://blog.knowbe4.com/43-of-c-suite-execs-name-cybersecurity-as-no.-1-operational-challenge Live Webinar: Top 5 Strategies to Prevent Ransomware It's been a "Ransomware Horror Show". If you've been in the IT trenches over the past year, you've probably noticed that announcements of new ransomware strains are accelerating and there is no end in sight. Join us for this 30-minute live webinar "Top 5 Strategies to Prevent Ransomware", on Tuesday, July 25th at 2:00 pm EDT. Erich Kron, CISSP, Security Awareness Advocate at KnowBe4 will look at scary features of new ransomware strains and give you 5 strategies you can implement now to help you prevent ransomware. Erich will cover:  The new scary Ransomware trends out in the wild How to eliminate or reduce damage from ransomware How to fortify your last line of defense—your end users Date/Time: Tuesday, July 25, 2017, at 2:00 pm EDT. Register Now:  https://attendee.gotowebinar.com/register/2525090409700004353 Black Hat USA 2017: Know Before You Go 1) DarkReading has a very handy article written by Black Hat Staff, with important event information, including badge pick-up hours, scheduling updates, special programs, and more. Make sure to follow @BlackHatEvents on Twitter and tweet using the hashtags #BHUSA and #BlackHat to join the conversation and stay up-to-date. Download the official Black Hat USA mobile app to customize your event schedule http://www.darkreading.com/black-hat/black-hat-usa-2017---know-before-you-go/d/d-id/1329420 2) While you are there, stop by KnowBe4's Booth #1848 for Kevin Mitnick's Book Signing. Meet the 'World's Most Famous Hacker' and get a signed copy of his new book: Wednesday, July 26, 5-7pm at KnowBe4's Booth 1848 while they last. 3) What to expect at Black Hat: Security hype and reality. Look for machine learning, automation, orchestration, integration and threat intelligence to dominate the Black Hat security conference: http://www.csoonline.com/article/3209972/security/anticipating-black-hat-hype-and-reality.html#tk.twt_cso Warm Regards, Stu Sjouwerman Founder and CEO KnowBe4, Inc. Quotes of the Week "One way to get the most out of life is to look upon it as an adventure." - William Feather "The very basic core of a man's living spirit is his passion for adventure." - Christopher McCandless    Thanks for reading CyberheistNews But if you want to unsubscribe, you can do that right here You can read CyberheistNews online at our Blog https://blog.knowbe4.com/cyberheistnews-vol-7-29-ceo-fraud-attacks-were-far-more-lucrative-than-ransomware-over-the-past-3-years Security News Evil Corp Hires Criminal Hackers for Highly Targeted Ransomware Infections The Register just wrote about the difference between your run-of-the-mill spray-and-pray ransomware infections, and highly targeted manual deployment attacks like the SamSam or Samas attacks that have hit hospitals recently, locking all machines and demand exorbitant ransoms. The attacks are targeted against banking and infrastructure firms worldwide. Criminal hackers penetrating the network usually start with a spear phishing attack, and then laterally move through the network to get the lay of the land and then locking all machines at the same time with a shock-and-awe effect. More, and 10 things to do about it at the KnowBe4 Blog: https://blog.knowbe4.com/evil-corp-hires-criminal-hackers-for-highly-targeted-ransomware-infections Data Breaches Are up 29 Percent Over Last Year Data breaches are running 29 percent above last year, according to a report released by the Identity Theft Resource Center and CyberScout. Hacking was the leading cause of data breaches nationwide, more than 790 so far this year. More than 12 million records have been exposed, although two-thirds of data breach notifications or public notices did not report the number of records compromised. "Only 33 percent of data breaches reported this year have made the number of records exposed publicly available," said Karen A. Barney, director of research and publications at Identity Theft Resource Center, an increase of 13 percent over 2016 mid-year numbers. More than half of all beaches this year have occurred in business, followed by health care and medical. Breaches in the medical and health-care industry are most likely to include the number of records involved. More than 80 percent of breaches in 2017 that were reported to Health & Human Services included the number of records. Read about the new report at the San Diego Union Tribune: http://www.sandiegouniontribune.com/news/data-watch/sd-me-g-data-breaches-20170619-story.html Ransomware Attack on KQED TV, Radio Station Wiped out Pre-Recorded Segments KQED, a TV and radio station in San Francisco, is an example that shows how badly any organization can suffer when ransomware hits their network. KQED has been trying to recover from the damages of a massive ransomware attack for more than a month. The San Francisco Chronicle reported that the station received a massive ransomware attack on June 15. The attack was so severe that it has been "bombed back to 20 years ago, technology-wise" as per the analysis of one KQED's senior editor Queena Kim. During the attack, the station's computer systems' hard drives got locked, station's internal email server went offline and pre-recorded segments were totally wiped out. For over 12 hours the online broadcast of the station remained offline, and official Wi-Fi connection also went offline for many days. More at the KnowBe4 blog: https://blog.knowbe4.com/ransomware-attack-on-kqed-tv-radio-station-wiped-out-pre-recorded-segments What It's Like When Pro Phishers Assail Your Inbox Lily Hay Newman wrote in WIRED: "ON A TYPICAL morning I have about 30 new emails in my personal inbox, and 40 in my work account. You know how it is. I archive what I don't want, scan part of a newsletter, click through to a coworker's Google Doc, and click "track my package" more often than I'd like to admit. It's all pretty standard stuff. These days, though, I face my inboxes with grim determination. Because for about five weeks this spring I was under attack by a team of hackers from the company PhishMe whose goal was to ... phish me. I had given company CTO Aaron Higbee my personal and professional email addresses, and full permission to trick me into clicking on a malicious link, downloading a nasty attachment, or visiting a bogus site where my personal information could be compromised. If you think that might instill a certain depth of paranoia, you're absolutely right. Every email from my doctor could be fake. Every shared album of vacation photos, a trap. I knew that they were coming for me. I just didn't know when or how." Excellent article. Do I wish it would have been KnowBe4 instead? Sure. But the message is just as valid for any of the three leading companies in this space, whether PhishMe, KnowBe4 or Wombat. This is something you *have* to do, because your users are your last line of defense: https://www.wired.com/story/phishing-attempts-email-inbox/ Putin's Hackers Now Under Attack—From Microsoft Techcrunch observed: "The Daily Beast details how, in 2016, Microsoft's legal team sued Fancy Bear (also known by many other aliases) for reserving domain names that violated Microsoft trademarks. Apparently, in the course of claiming generic domains for its operations, Fancy Bear often selected domains that riff off of Microsoft products and services, inadvertently opening the door to the lawsuit. While you can't exactly drag an amorphous, faceless hacking group into court, the lawsuit served one key purpose: it hijacked some of Fancy Bear's servers. In the last year, Microsoft has taken over at least 70 different Fancy Bear domains, many of which served as "command-and-control" points so the hackers could communicate with the malware they installed on targeted computers. When a domain flips over into Microsoft's hands, the company can use it to observe and map Fancy Bear's server network, which communicates with the Microsoft domains. The result is that the company can indirectly disrupt and observe aspects of a suspected foreign intelligence operation — a pretty clever trick for a tech company to pull off in its spare time:" http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network How Weak Are Your User's Passwords? Are your user's passwords…P@ssw0rd? Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4's complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats. WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. This tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more. Here's how Weak Password Test works:  Reports on the accounts that are affected Tests against 10 types of weak password related threats Does not show/report on the actual passwords of accounts Just download the install and run it Results in a few minutes! This will take you 5 minutes and may give you some insights you never expected! https://info.knowbe4.com/weak-password-test-chn Interesting News Items This Week  Dow Jones Leaks Personal Info of 2.2 Million Customers: https://www.infosecurity-magazine.com/news/dow-jones-leaks-personal-info/ How do SMEs fight off cyber-attacks?: http://www.itsecurityguru.org/2017/07/18/smes-fight-off-cyber-attacks/ Here is a really good one … bad news for students however Newcastle University Stung by Sophisticated Phishing Site: https://www.infosecurity-magazine.com/news/newcastle-uni-stung-by/ Every organization is only one click away from a potential compromise: https://www.helpnetsecurity.com/2017/07/21/insider-attack-damage/ Where are the fixes to the botched Outlook security patches?: http://www.computerworld.com/article/3209710/microsoft-windows/where-are-the-fixes-to-the-botched-outlook-security-patches.html Cyberheist 'Fave' Links This Week's Links We Like, Tips, Hints and Fun Stuff This is the best video ever. 14 seconds on Twitter. You will watch this twice, guaranteed: https://twitter.com/lad/status/888146633267007488?s=09 Here is something new: Your Automated Security Awareness Program Builder (ASAP). This is the ASAP video: https://vimeo.com/226490343 And this is the link to register and get your custom awareness program immediately: https://info.knowbe4.com/asap-chn Ransomware - Anatomy of an Attack. Good video by Cisco https://www.youtube.com/watch?v=4gR562GW7TI Blind magician Richard Turner successfully fools Penn & Teller with his unbelievable card tricks: http://www.flixxy.com/blind-card-mechanic-fools-penn-and-teller.htm?utm_source=4 Why do you text and drive? This one starts out funny, but then... Great PSA!: https://m.youtube.com/watch?v=lRYv_2JRCT0&feature=youtu.be British entrepreneur invents, builds and files patent for Iron Man-like flight suit. I want one!: https://www.youtube.com/watch?v=iZ05iAuIAlc World's Fastest Money Counter: http://www.flixxy.com/worlds-fastest-money-counter.htm?utm_source=4 Magician and card thrower Rick Smith shows off his incredible card throwing tricks with the guys from Dude Perfect: http://www.flixxy.com/amazing-card-throwing-tricks.htm?utm_source=7 Old NASA computers and space probe data tapes found in dead engineer's basement: http://boingboing.net/2017/07/21/old-nasa-computers-and-space-p.html Watch two Teslas totally smoke a sport bike and try not to smirk. Full disclosure, I drive a Tesla Model S P85D: :-D http://bgr.com/2017/07/21/tesla-vs-motorbike-drag-race-humiliation/ When Top Gear Tried it's Best to Stop Tesla and Elon Musk: https://www.youtube.com/watch?v=QErBQWUQyEI&feature=youtu.be Technical Backgrounder Here's How Electric Cars Produce Instant Maximum Torque: http://www.popularmechanics.com/cars/hybrid-electric/a27394/how-electric-cars-produce-instant-torque/

---

Catch up on a Sunday with all the Tech News

View my Flipboard Magazine.

Start all over again

Help it won't turn on

Beware of the Scammers

IT Specialist for hire

From buying to troubleshooting to recycling we have you covered

Book your computer in now!

Don't Despair we Repair

Lets fix your computer

article is now live

Some Windows PCs may lose support early, FBI warns of 'smart toys' A daily dose of today's top tech news, in brief. You need to hear this. Some Windows 10 devices could exit 'support lifetime' as soon as 2018 Windows PCs using certain Intel processors could see Windows 10 support end as early as 2018, according to Ars Technica. This is the result of Microsoft's ill-defined "support lifetime" for Windows 10 devices.  The company elected to deviate from its traditional 5+5 policy, where devices would receive feature and security updates for the first five years, and only security updates for an additional five years. This proved to be problematic, as the significant cost of new Windows versions led many users and enterprises to continue using outdated and unsupported machines. Now, users on machines built around Intel's low-cost Clover Trail Atom processors released between 2012 and 2015 are being blocked when attempting to download the Creators Update. When attempting to install, users are met with a message reading "Windows 10 is no longer supported on this PC."  The latest version Clover Trail machines can run exits its support lifetime in early 2018, leaving some users with an exceptionally short support lifetime for their devices. A support note from Acer suggests the lack of support may be temporary, with new drivers on the way, but these drivers have yet to materialize. "Whatever the situation turns out to be for these particular machines, the situation demonstrates some uncertainties introduced with the Windows-as-a-Service model," Ars Technica writes. "The 'supported lifetime' of many devices is not well-defined, and Windows 10 users could find themselves with considerably fewer years of device support than they would have received under the old system." Cisco patches critical WebEx bug for Firefox and Chrome on Windows Cisco has patched a critical remote code execution plug in its plug-in for WebEx video conferencing software on Windows. The flaw can be exploited by leading a user to a compromised webpage controlled by hackers. "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system," Cisco said in a statement released Monday. Patches for Chrome and Firefox were released on July 13 and July 12, respectively, but outdated versions on or before 1.0.12 remain vulnerable. Cisco also said that the bug does not affect WebEx extensions for Microsoft Edge or Internet Explorer, nor its extension for Safari on Mac. The flaw was discovered and reported by researchers at Google's Project Zero earlier this month. FBI issues privacy warning for connected 'smart toys' As toys get smarter, the number of vulnerable sensors, microphones, cameras, and GPS devices in our homes increases as well. The FBI warnsthe new generation of smart toys provides potential companies as well as hackers a wealth of information about the toy's companion, and any adults with that companion. The FBI's memo walks toy-owners through a thorough step-by-step process to follow before connecting toys, including researching the company's cybersecurity stance, privacy policies, storage techniques, and security measures taken. The Children's Online Privacy Protection Act (COPPA) compliance plan was updated last month to protect consumers from invasive devices, but the FBI still recommends taking steps to ensure individual privacy. These guidelines aren't likely to be followed by the majority of toy-purchasers, but the FBI makes clear its hopes that parents will do their due diligence to ensure the privacy of themselves and their children. But there's more going on in the world than that. ISPs now barred from informing users of ongoing investigations Overturning a 2013 ruling that prevented the FBI from forcing ISP compliance without first informing the user of a pending investigation, a federal appeals court ruled Monday that ISPs, financial institutions, and phone carriers are now prohibited from informing users of ongoing FBI investigations. The FBI can now issue a National Security Letter (NSL) to permit an investigation, but aren't required to review the necessity of the letter for three years after it was sent. According to Engadget, this means that a target can not dispute an investigation, as they won't be aware of it until three years after it began. The FBI is required to terminate the investigation upon conclusion of the national security inquiry. An NSL does not require a judges signature, so the new ruling leaves the FBI largely independent in its decision to investigate an individual. An NSL gives the FBI access to a record of all online purchases made by a user, as well as the IP addresses of all other computers the individual has corresponded with. The Electronic Frontier Foundation is now exploring a possible appeal to the latest ruling. The organization successfully challenged the act in 2013, and hopes to maintain transparency from Internet Service Providers regarding government investigations.