As first reported by The Next Web, a member of Reddit discovered a malicious WhatsApp link is being shared across social media and between WhatsApp users.
Users who visit the bad link are promised the ability to install a version of the WhatsApp app in different colors. Instead, those who follow the instructions end up installing adware on their computer.
If you're not paying much attention, the link looks completely legit: шһатѕарр.com
However, after looking closer you can see the characters seem off. As TNW pointed out, the bad link contains characters from the Cyrillic alphabet.
This technique has been used to trick users of services like PayPal in the past.
Whatever you do, do not install this extension.Jason Cipriani/CNET
Although, unlike the PayPal site, the red flags begin waving the moment you visit the bad WhatsApp page. To start, visitors are instantly redirected to a completely different website.
The first thing you're asked to do when visiting the site is to share it to your social media accounts or directly to friends as a form of verification, then you're instructed to install a Google Chrome extension on your computer. That extension is where things go bad, as it's reportedly adware.
In short, double-check the URLs you visit. Take a quick glance at the address bar after opening the bad link and you won't see any reference to WhatsApp. The same goes for clicking links in emails, even when the sender seems legitimate.
Perhaps more importantly, don't install random apps or extensions without first verifying the true source. (source:cnet.com)
As if ransomware like WannaCry wasn't enough to keep you up at night, there's another password breach to worry about.
Well, sort of -- security research center MacKeeper reported today that a massive database of stolen passwords has surfaced online. And while this database is composed largely of passwords from a variety of sources, many of them years old, its newfound accessibility -- and conglomeration into a single collection -- is cause for concern.
It's also cause for action. Although "online safety" feels increasingly like an oxymoron these days, there are still steps you can take to protect yourself when breaches like this occur.
Improve your passwords
The most secure password in the world is useless if a hacker steals it, but it becomes much less useful if it's not the same password you use for every single log-in.
In other words, it's essential that you employ a different password everywhere you conduct online affairs. And the only effective way to do that is with a password manager, which can generate and manage unique, robust passwords for all your sites and services.
Dashlane can automatically change your passwords, a huge time-saver and a great way to get ahead of security breaches.Screenshot by Rick Broida/CNET
Of course, even password managers aren't infallible, as LastPass users discovered last month. That's why you should change passwords regularly -- a potentially daunting task unless your password manager can perform it automatically. Dashlane and LastPass are among the handful that offer this handy feature.
Find out if you're compromised
The aforementioned database contains some 560 million passwords. Want to know if yours are in there somewhere? Head to Have I Been Pwned, which checks to see if your email address appears in any database that's been compromised.
The aptly named "Have I Been Pwned?" lets you know if your email address appears in a compromised database.Screenshot by Rick Broida/CNET
If it does, don't panic: Remember that many of the sources in that database are years old. For example, one of my email addresses was indeed "pwned," but it was in the Dropbox breach of 2012 -- and I've long since changed my password there.
Of course, it certainly wouldn't hurt to change the password on any site(s) detected here. (Pro tip: Click Notify me when I get pwned so you can be informed if and when your email appears in the next breach.)
Enable two-step verification
Short of a fingerprint reader, two-step verification (aka two-step authorization) may be the single best way to protect online accounts. Most commonly, the second of the two steps (the first being entering your password) involves entering a code delivered on-demand to your phone. Even if a hacker has your password, he doesn't have your phone, and therefore shouldn't be able to bypass that second step.
Of course, this requires you to have your phone close at hand and able to receive text messages (or, if you use an authorization app instead, data connectivity). It's also an extra hassle.
Remember AOL? Perhaps you had an account at one time, but haven't touched it in months or even years. If it's still active, and a hacker manages to break in, that still puts you at considerable risk. You might have all kinds of personal information stored there, to say nothing of photos and other media that should be kept private.
Thus, take some time to delete old, unused accounts. This is another way a password manager comes in handy: When it first imports all your passwords, you can see a full list of every account you have. Then it's a matter of working your way through them and determining which ones you want to deactivate.
Alas, you'll have to manually visit each site in turn and figure out how to actually delete your account. For help, turn to JustDelete.me, which provides direct links to the cancellation pages of hundreds of services.
Common sense only goes so far and you need to make sure that best practices around security don't go in one ear and out the other. Here's your attack plan.
When it comes to cybersecurity, software company AutoClerk makes sure that its 25 employees know they are on the front lines of something akin to a life-and-death battle.
"If they're not aware of cybersecurity before we hire them, we'll make them aware," said Charlotte Gibb, co-owner of the Walnut Creek, California developer that supplies software to the hotel and hospitality industry. "Our customers are often targets of cyberattacks and so we have to be very alert as to how this might affect our customers. We take cybersecurity very seriously."
She should. Cybercriminals are taking special aim at small businesses. About 18 percent of phishing campaigns targeted small businesses in 2011; the number has since soared to more than 43 percent of the total with phishing now the main vehicle for delivering ransomware and malware attacks.
The threats aren't confined to phishing emails. Most security breaches stem from careless employee decisions. Cybercriminals will try to infiltrate an organization by using social engineering tactics to gain employee trust. Or they might just leave around infected USB flash drives, hoping someone picks one up and plugs it into their computer. One newly popular ploy is the business email compromise in which scammers target employees who have access to company finances to fool them into sending wire transfers to fake bank accounts.
All can wreak havoc. About 60 percent of small businesses are unable to maintain their business more than six months after suffering a cyberattack, according to the US National Cyber Security Alliance.
Beating back the threat hinges on convincing employees to put in practice what they're taught about cybersecurity. Even then, there are still no guarantees employees will do the right thing.
"Unless you're willing to make your workplace uncomfortable and hang over someone's shoulder, you don't really know," Gibb said. "You basically have to trust your employees. At some point, you need to have a level of trust with the people who you've hired because you're entrusting them with your customers and your critical information."
Making the message stick
It's a popular -- and accurate -- cliche in the security industry that employees constitute a company's first line of defense against malicious or criminal activity. And that's why it's essential to keep preaching the gospel until best practices around cybersecurity become second nature to your people.
Education is the key to teach employees a shared sense of responsibility for the data that they work with. Any campaign should become part of an ongoing process. While some small businesses may feel they lack the resources, there are ways to direct an effective cybersecurity education campaign without breaking the bank.
● Don't opt for scare tactics. The goal is to build a culture of cyber awareness, so treat security awareness like a marketing campaign with the intent to persuade.
● Start small with a few videos or infographics to kick things off. Include posters, contests and other reminders to drive home an easy-to-understand message: security is everyone's personal responsibility.
● Don't waste time sending out long memos that will only get ignored. Keep it fun, keep it short. You're trying to educate employees about best practices, not forcing them eat their spinach. When everyone can have a good laugh, they can also learn at the same time.
USB thumb drive: carrot or stick?Getty Images/iStockphoto
● Promote the theme with quarterly follow-up campaigns that stress cybersecurity awareness. Follow up the training by testing how well the lesson was learned. Send out occasional phony phishing emails to check how many employees still fail to recognize the threat.
Changing employee behavior may sound like a daunting task. But even if you can't eliminate all cyberattacks against the organization, you can still foster conditions that help reduce the threat. If employees walk away from the program with a more serious appreciation of basic cybersecurity, that's already progress in spades.
Carrots and sticks
"A security breach would destroy our reputation and could bankrupt the company," says David Cox, the CEO of LiquidVPN, a VPN supplier in Cheyenne, Wyoming.
It's a sobering scenario and it's why he deploys a constant mix of carrots and sticks to keep his staff "on its toes." For instance, Cox periodically drops a keystroke injection device disguised as a USB thumb drive in a hallway, bathroom or lobby. "If someone plugs it into one of our workstations, I get a report that contains their user account and device ID," he said.
He also contracts a third-party service that specializes in fake phishing and malware attacks. If someone fails a test or gets hit by a real attack, they get pulled aside and interviewed to figure out why it succeeded.
"We try to demonstrate what could happen if they do not take cybersecurity seriously and I reward employees that are proactive," according to Cox.
At the same time, if an employee does something exceptional or somehow demonstrates a high level of situational awareness, they get rewarded with tickets to a game, dinner for two or an Amazon gift certificate.
But in the end, the stakes are too high to let poor cybersecurity performance continue indefinitely.
"We give employees adequate training and if they are not able to demonstrate the kind of situational awareness our industry requires I would have no choice but to let them go," he said. "That hasn't yet happened. And I sincerely hope it does not." (source: cnet.com)
Updated June 8, 2017: The Surface Laptop starts shipping June 15, but we've updated this piece with the pushed-out ship date for the highest-end SKU. Meanwhile, we've posted spec comparisons to the Surface Book, Surface Pro 4, and popular thin-and-lights Dell XPS 13, HP Spectre x360, and MacBook Air, so you can decide whether to preorder the Surface Laptop or keep shopping.
The Surface Laptop stole the show at Microsoft’s May 2 event. The focus may have been on education, Windows 10 S, and affordable laptops for classroom use, but the oohs and ahhs went to the Surface Laptop for its beautiful display and Alcantara-clad keyboard, not to mention its light weight and long battery life. College kids are the Surface Laptop’s purported target user, but a lot of regular folks are intrigued by this new addition to Microsoft’s premium Surface family—and, frankly, many students won’t be able to afford it anyway.
Interested? You’ve come to the right place. Here’s everything you need to know about the Surface Laptop. We have the pricing and release date, answers to your most burning questions, our video coverage, and all the specs. Click a link to the left to jump to a specific section, or just start reading.
You can preorder the Surface Laptop now. Units will begin shipping June 15, but note that the highest-end SKU will ship a few weeks later.
Pricing starts at $999, and quickly goes up from there. We’ve summarized the pricing per configuration below along with scheduled ship date. Detailed specs follow:
Note: Those prices don’t include a Surface Pen, let alone the Surface Dial.
Microsoft
Frequently asked questions
The Surface Laptop’s debut hand-in-hand with Windows 10 S has created a lot of confusion. Here are some answers, and we’ll keep posting more as we learn more.
What is the Surface Laptop?
The Surface Laptop is a thin, light, high-design laptop that Microsoft unveiled May 2 as part of a larger event about education. Distinguishing features include a gorgeous display, a laser-cut keyboard tray made of Alcantara fabric, and a claimed battery life of up to 14 hours. At the same event, the company introduced the secure, manageable Windows 10 S operating system, which will come preinstalled on the Surface Laptop as well as a lower-cost flock of laptops intended for K-12 classroom use.
What are PCWorld's first impressions?
PCWorld's Mark Hachman was among the first to try the Surface Laptop at the May 2 event. A seasoned user of both the Surface Pro and Surface Book, he saw the family resemblance in the Surface Laptop's dazzling display and Alcantara fabric-clad keyboard. This is, indeed, a laptop that could turn the heads of MacBook Air faithful. What's less clear is how the Surface Laptop's thin-and-light compromises will play out: the new Kaby Lake CPU and big battery vs. the skimpy RAM in entry-level models, not to mention the scant port connectivity.
Who’s it for?
Microsoft is aiming the Surface Laptop at style-conscious, MacBook-Air-loving college students, though many non-student users are clearly intrigued by it.
How does it relate to the Surface Book and Surface Pro 4?
The Surface Laptop’s clamshell design adds another form factor to Microsoft’s premium line of Surface products, all of which boast beautiful displays and unique features.
The Surface Book is the most expensive of the family: a premium 2-in-1 laptop with a striking Dynamic Fulcrum Hinge. The keyboard base is stuffed with extra battery and, in some configurations, a discrete GPU. We've compared the Surface Laptop vs. the Surface Book based on the specs we have, and we'll update you with more information after we've reviewed the new arrival.
The Surface Pro 4 is a 2-in-1 that leans more toward a tablet, with a kickstand and the option of a lightweight keyboard. Given the Surface Laptop’s pricing, the Surface Pro 4 is now the lowest-cost product in the family. We've compared the Surface Laptop vs. the Surface Pro 4 based on the specs we have, and we'll update you with more information after we've reviewed the new addition to the family.
How does it relate to other high-end thin-and-light laptops?
Meanwhile, more than a few laptops from other vendors vie for the title of best thin-and-light. We've compared the Surface Laptop spec-by-spec with the Dell XPS 13, HP Spectre x360, and MacBook Air, and it's a close race.
Microsoft
How much does the Surface Laptop cost?
The base model starts at $999, and the most expensive model costs $2,199.
Why is it so expensive?
Looking at the Surface product line’s history, Microsoft has focused on high-end “halo” hardware that can inspire other hardware vendors to make similar products (that probably won’t be quite as expensive). This is a way for Microsoft to lead hardware innovation without being overly competitive with other vendors.
When does it ship?
The Surface Laptop will ship June 15. You can preorder now.
Does it come with Windows 10 S?
Yes, Windows 10 S is the installed operating system regardless of where you buy it.
What if I don’t want Windows 10 S?
All Windows 10 S products, including the Surface Laptop, will be upgradable to Windows 10 Pro. For students and some other users, that upgrade will be free, with some deadlines and conditions. It'll cost you $49 otherwise, so read the fine print and Mark Hachman's detailed explanation.
Jorge Arzac/IDG
First impressions
PCWorld’s Mark Hachman posted his first impressions of the Surface Laptop when it debuted May 2. Leaked images had suggested a laptop would be announced along with Windows 10 S, but no one expected it to be a high-end flagship such as the Surface Laptop clearly is. This is a device meant to compete with the MacBook Air and thin-and-light Windows machines.
The Surface Laptop hits a lot of high notes. There's the gorgeous 13.5-inch, 2256x1504 display, for starters, plus Core i5 and Core 17 CPUs and SSD storage. Then there's the keyboard, with a nice 1.5mm travel and a tray made of laser-cut Alcantara fabric from Italy. What really pricked up our ears was the claimed 14 hours of battery life.
Sure, something this thin and light isn't going to satisfy everyone. The Surface Laptop's ports are startlingly sparse, with a single USB 3.0 Type A and no USB-C in sight. Integrated graphics will limit its gaming prowess.
The lingering question is: What's a beautiful laptop like this doing with a constrained operating system like Windows 10 S? We foresee many buyers will squirm out of its Windows-Store-only clutches and upgrade to Windows 10 Pro. And we'll dig deeper into the Surface Laptop's performance, features, battery life and more when we do our full review.
Our video coverage
We posted video from Microsoft’s May 2 event, which you can view here.
HARDWARE & ACCESSORIES
Microsoft Surface Laptop hands-on (2:26)
HARDWARE & ACCESSORIES
Windows 10 S hands-on
For all the Surface Laptop specs, keep reading.
Specs and features
Microsoft emphasizes performance in the Surface Laptop design, and you can see that in the CPU and memory choices, as well as the battery life. In the quest for thin and light, however, we lost a few things, including physical port selection. We also don’t yet have specific part numbers or types for the key CPU, memory, and storage specs, but we’ll add them if we get them.
CPU
All CPUs are from Intel’s 7th-generation Kaby Lake family:
Intel Core i5
Intel Core i7
Memory
Your memory amount vary with your CPU choice, as follows:
4GB: Core i5
8GB: Core i5 or Core i7
16GB: Core i5 or Core i7
Storage
Your SSD size will vary with your memory size, as follows:
128GB with 4GB of RAM
256GB with 8GB of RAM
512GB with 16GB of RAM
Graphics
The graphics is tied to the CPU.
Core i5: Intel HD 620
Core i7: Intel Iris Plus Graphics 640
Microsoft
The Surface Laptop has a high-resolution, 3:2 aspect-ratio display and a keyboard with Alcantara fabric cover.
Display
Corning Gorilla Glass
13.5-inch (diagonal) PixelSense Display
Resolution: 2256x1504 pixels, 3.4 million pixels, 201 ppi
3:2 aspect ratio
Surface Pen-enabled (sold separately)
10-point multi-touch
Keyboard
1.5mm travel
Alcantara fabric surface laser-cut around the keys. According to Microsoft, you shouldn’t see any light leakage around the fabric.
Jorge Arzac/IDG
The Surface Laptop keyboard features keys with a generous 1.5mm of travel, and a tray made of Alcantara fabric laser-cut to fit snugly, with no light leakage.
Software
Windows 10 S
Free upgrade to Windows 10 Pro until Dec 31, 2017
Office 365 Personal one-year subscription is included
Ports and connectivity
One of the first complaints about the Surface Laptop is its lack of physical connectivity: no USB-C, no storage card slot, and the list goes on. Here’s what it does have:
USB 3.0 Type A
mini DisplayPort
3.5mm headphone jack
SurfaceConnect for charging
Wi-Fi: 802.11ac, IEEE 802.11 a/b/g/n compatible
Bluetooth 4.0 LE
Jorge Arzac/IDG
The Laptop seems to recline a bit further than the Surface Book. But note the stingy allotment of ports.
Audio/visual
Windows Hello face sign-in camera
720p HD front-facing camera
Stereo microphones
The speakers (Microsoft calls them “omnisonic”) nest underneath the Alcantara keyboard tray, and the fabric itself is part of the sound system.
Battery life
Microsoft has touted the long battery life on the Surface Laptop. The company claims up to 14.5 hours of video playback. We’ll be sure to test this.
Exterior dimensions
12.13 x 8.79 x 0.57 inches
Weight
2.76 pounds
Chassis
Aluminum
Jorge Arzac/IDG
The Surface Laptop comes in four colors: Burgundy, Platinum, Cobalt Blue, and Graphite Gold.
