In yet another alarming security nightmare for managed IT service providers in Sydney, a recent blog in the Chromium revealed how Windows 10 users may be at risk of having all their usernames and passwords hacked. Here is everything you need to know about this security risk.
IT service providers already have their hands full with the level of due diligence and professionalism expected from them. Phishing scams and other malicious content are rampant in the Internet; in fact, it seems that there is a new scam every few days. For this reason, most experts in the managed IT industry urge users never to install content from an unknown publisher.
Unfortunately, this time-tested advice seems to be insufficient in combatting cyberattacks. As it turns out, users of Windows 10 are vulnerable to having their data easily harvested by cyber criminals. Users running on operating systems from the Windows 10 Anniversary Update or Version 1607 can see that the company has recently added a feature called Content Delivery Manager. This feature installs “suggested apps” without the user’s knowing or permission. Among these apps is Keeper, a renowned password manager app.
The catch, according to Google Project Zero researcher Tavis Ormandy, is that the third-party password manager has vulnerabilities that can lead to “complete compromise of Keeper security, allowing any website to steal any password.” He tweeted, “I don’t want to hear about how even a password manager with a trivial remote root that shares all your passwords with every website is better than nothing.”
After receiving Ormandy’s report, Keeper fixed the bug by removing the vulnerability and releasing an update shortly thereafter.
This means that those who use the Keeper password manager should update their versions to reduce this vulnerability.
What does this mean for casual users?
If you are using Windows 10 but have not enabled Keeper to manage your passwords, then you should be in the clear. However, this is another lesson in cybersecurity that you should be mindful of where you store your information. Since the problem stemmed from the Windows 10 update that automatically installed the software, then it goes to follow that you still have to be vigilant even when you’re updating from reputable publishers.
Should you want to improve your level of cyber protection, then look no further than IntelliTeK for your complete cyber security needs. IntelliTeK provides comprehensive services to ensure that you will no longer have to worry about attacks such as this.
About IntelliTeK Pty Ltd
IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditations from the world’s leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007.
IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at firstname.lastname@example.org, fill out the web form, or have a Live Chat with us below.