As the Yahoo spam filtering did not catch this new incident circulating, this new attack was discovered in my inbox this morning.
However IE 10 shows the malicious URL when hovering link
The social engineering behind these attacks is to create anxiety for the user
If they do not carefully check, they can disclose their user credentials for email or other personal information to unauthorized users.
----- Forwarded Message -----
From: Yahoo!(c) Mail Inc <spoofed-email-address>
To: Harry Waldron
Sent: Thursday, May 23, 2013 7:03 PM
Subject: **********Validate Your Account**********?
Yahoo has discovered series of illegal attempts on your Account from a bad IP Location and will shut down your account as it has been flagged as a spam account. We are hereby suspending you account as it has been used for fraudulent purposes.. Click Here <Non-Yahoo-URL-malicious-site>
to restore your account. Thank you for being a loyal Yahoo! Mail user.Regards,Yahoo! Account Services
Microsoft Security Essentials is basic and impacts performance less than many products. Recent product testing rates other AV product performances against the MSE performance base line
QUOTE: However, you use your computer every day, and the last thing you want is protection that slows down everyday tasks. AV-Comparatives researchers have once again put a collection of popular products to the test, identifying which will let you sail along unhindered and which will put a drag on performance.
The report doesn't specifically include Microsoft Security Essentials among the products tested. Rather, the researchers took the case of a Windows 7 installation with MSE active as a baseline for comparison. They found that about a third of the products tested impacted performance less than MSE alone, so replacing the default antivirus with one of these would actually speed up your computer!
Antivirus protection needs to get working as early as possible in the boot process, preferably before any malware processes start. On the other hand, engaging full antivirus protection can slow the boot process. Some products resort to putting off full protection in order to minimize impact on boot time. According to the report, some load their services "very late (even minutes later)," so boot-time testing isn't necessarily relevant.
The report doesn't include boot-time testing, but AV-Comparatives researchers did perform a spot check to see which products actually load their protection as early as possible. They found that all except AVG, Bitdefender, eScan, Kingsoft, Microsoft, and Sophos delayed full protection to some degree. The others permitted the test malware to launch, and whacked it later on after completing their own initialization. I definitely favor completely preventing malware attack to allowing the attack and then trying to undo the damage.
This article shares the latest developments in monitoring employee activites for security purposes. It also shares challenges of personal device activity (BYOD) in corporate setting
QUOTE: The idea of a totalitarian government monitoring your every move is probably still the stuff of fiction, but that doesn't mean your boss doesn't have a pretty good idea of your workday habits. Experts say an abundance of fast-developing new technology is making it cheaper and easier for employers to read your e-mails, check out what you’ve been looking at on the Internet, track where you go with a company car or cell phone and find out when and where you were at work.
Of course, employers have good reason to want to know whether employees are stealing corporate secrets, sending out harassing e-mails or just goofing off on the job. But experts say many companies are still trying to figure out a balance between monitoring wrongdoing and just plain snooping.
Employers generally have the right to monitor employee e-mails and other online activity that happens at work, or even on a company cell phone or corporate network, said Lothar Determann, a partner at Baker & McKenzie LLP in Palo Alto, Calif., and author of “Determann’s Field Guide to International Data Privacy Law Compliance.” But they can only do so if they make clear to their employees that workers should have no expectation of privacy.
This "pop quiz" can be taken quickly and shares realistic examples for many of the latest attack scenarios. While I got almost all items right, I did miss a couple of questions by not reading question thoroughly or not choosing the best answer
MS13-038 for Internet Explorer is rated as "PATCH NOW" for an exploit circulating in the wild. All corporate and home users should apply these updates promptly. Windows, IE, Office, and other products are updated to fix 11 vulnerabilities.
Corporate and home users should avoid suspicious PDF documents as well as ensuring they use the latest version of PDF software. For example, Adobe Reader XI (11.0.02) now offers sandbox security controls, protected mode processing, and other security controls not found in earlier versions.
QUOTE: Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is associated with ongoing APT campaigns.
Our research indicates that attackers engaged in APT campaigns may have adapted the exploit made infamous by the MiniDuke campaign and have incorporated it into their arsenal. At the same time, we have found that other APT campaigns seem to have developed their own methods to exploit the same vulnerability. The increase in malicious PDF’s exploiting CVE-2013-0640 may indicate the start of shift in APT attacker behavior away from using malicious Word documents that exploit the now quite old CVE-2012-0158.
Several protective practices are shared as follows:
QUOTE: Several Twitter accounts belonging to the United Kingdom's Guardian were hit by the Syrian Electronic Army over the weekend, and last week, Associated Press, CBS News, and BBC were also hacked. SEA threatened to keep up its attacks because Twitter keeps suspending its account. Several of the recommendations fall under basic Security 101 and are tips anyone should follow, for both their personal accounts as well as shared ones.
Twitter encouraged users to change passwords and select strong passwords and be on the lookout for suspicious communications or that may be a part of a spear phishing campaign. All organizations, not just media, should be aware of potential phishing attacks. "These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts," the memo said.
Since Twitter uses email for password resets and official communications, users need to keep their email accounts secure, first by selecting strong (and different!) passwords. If two-factor authentication is available on the email account, it should be enabled, Twitter suggested. Users should never send passwords via email, even internally, Twitter warned. That way, attackers can't find the password of the account through someone else's archived messages.
Initially, saw this as a POC against simulation software and certainly a wakeup call to promote safety. However, Hugo's comments are worth noting below ... He noted software exploits and vulnerabilities, that with the right delivery system that could be potentially manipulated. While there are limitations on what can be accomplished, there are many mitigating controls that make this impractical currently. Still industrial automation and especially remote control systems must be as secure as possible.
QUOTE: After reading some of the news related to my talk at HITB 2013, I am writing this post with the goal of clarifying some misunderstandings, probably due to the lack of time I had during the talk, because I omitted details or other reason. Some of the most common wrong statements I have seen are related to:
- The Android application: No, the Android application I developed cannot attack an airplane by itself. This application is just a user interface that send commands to the base station and receives feedback. Without the base station, and all the other hardware shown on the slides, the application is by itself useless.
- The flight simulator: I did not found the vulnerabilities in the flight simulator; I found all the vulnerabilities on real software and hardware of on-board aircraft systems.
- ACARS exploitation: No, I did not attack ACARS, neither ADS-B. I just used those protocols to send and receive information to/from the aircrafts. Exploits and payloads are delivered using those protocols but I don't attack them. That would be like saying that an exploit attacks TCP just because it is delivered via the network.
- Real airplanes: No, none of my tools or code can be used directly against real aircrafts. I did and kept it this way on purpose, but the vulnerabilities I found apply to real aircraft systems and code.
- Old hardware: For my research I targeted both old FMS models (dating back from the 70s) as well as some of the newest ones (two or three years old).
- Exploitability: I understand the skeptical community saying "this is not possible because ACARS does not offer commands for doing X or Y". Once again, I only used ACARS as a communication channel and my research targeted the FMS. So, have you ever heard of memory corruption? Also, when I mentioned "No rootkit" I was referring to the fact that hiding is currently not necessary so it was not implemented, not that the post-exploitation did not include hooking.
A counter-response is noted in this thread, which documents some key safety controls that make the scenario shared very difficult to achieve (and these type comments, led to the points above)
Intego security notes benefits of outbound protection where malware attempts to connect to the Internet from an infected computer. By definition, all firewalls offer in-bound protection, and there are additional benefits in detecting and preventing malware from phoning home
QUOTE: The other day, we mentioned that the OS X application firewall provides only inbound protection. I imagine there are some of you who are wondering what exactly that entails, and more specifically, how that differs from what’s in Intego’s products. Well, guess no more! Here’s a handy explanation about the difference between incoming and outgoing firewall protection.
As you may imagine, inbound protection protects you from threats that originate outside of your Mac and try to get in. There are many types of automated or direct attacks that this type of protection is useful to combat, and this is the type of protection that OS X’s application firewall provides.
But arguably the more important component, from an anti-malware perspective, is outbound protection. Outbound protection alerts you to attempts to connect out from your machine. There are a lot of legitimate processes on your machine that do need to connect out (such as to get email, surf the web, get or update settings, etc.) but if there is unknown malware on your machine, you want to be able to prevent it from connecting out to send data or to alert its controller.
While there was some initial misreporting, Commercial airlines contain special hardware and software that would prevent a situation as described in article. With that said, everyone must constantly plan security appropriately in airlines, power plants, automobiles, or other things which could be potentially manipulated from the outside
QUOTE: Aviation officials have taken a skeptical view of claims that it's possible to hijack a commercial aircraft using a smartphone, with both the US Federal Aviation Administration (FAA) and the European Aviation Safety Administration (EASA) issuing statements to the effect that it simply couldn't happen. On Wednesday, Spanish security researcher Hugo Teso gave a presentation at the Hack in the Box conference in Amsterdam in which he claimed he had developed an Android app that could allow him take control of an airplane by feeding misinformation into its in-flight communications systems.
"The FAA is aware that a German information technology consultant has alleged he has detected a security issue with the Honeywell NZ-2000 Flight Management System (FMS) using only a desktop computer," the agency wrote, making something of a muddle of the facts. The statement went on to explain that although Teso may have been able to exploit aviation software running on a simulator, as he described in his presentation, the same approach wouldn't work on software running on certified flight hardware.
Lookout Mobile security warns of a major new Android malware family called "Bad News" that uses highly advanced techniques to spread and manipulate infected smartphones
QUOTE: Lookout has discovered BadNews, a new malware family, in 32 apps across four different developer accounts in Google Play. According to Google Play statistics, the combined affected applications have been downloaded between 2,000,000 – 9,000,000 times. We notified Google and they promptly removed all apps and suspended the associated developer accounts pending further investigation. All Lookout users are protected against this threat.
BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network. Because it’s challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices at a later date in order to pass the app scrutiny.
Badnews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps. During our investigation we caught BadNews pushing AlphaSMS, well known premium rate SMS fraud malware, to infected devices.
BadNews is a significant development in the evolution of mobile malware because it has achieved very wide distribution by using a server to delay its behavior. If an app has not yet engaged in malicious behavior, a typical app vetting process would of course conclude that it was safe because the malicious behavior has not yet occurred.
Facecrooks security notes a newer version of this hoax was found to be circulating
QUOTE: The same rumors and hoaxes tend to circulate on Facebook time and again. There’s the classic viral message claiming that Facebook is going to begin charging users to access the site, and another popular rumor asserting that if you merely re-post a viral message, you can prevent Facebook from accessing your data. Another old rumor that apparently still has some legs asserts that Facebook will shut down imminently.
Of course, this hoax is patently absurd; Facebook is a publicly traded company whose stocks goes for almost 27 dollars a share. It’s one of the biggest tech companies in the world; to announce that it’s going to be shut down because the CEO is stressed out is completely ridiculous, but, for whatever reason, people believe it. It’s important to treat everything you read with a healthy dose of skepticism, particularly on the Internet. Facebook isn’t going away anytime soon, and apparently neither are the hoaxes that spread on it.
Google has made some beneficial recent changes as noted below:
QUOTE: Google has made a number of changes to its Android Play Store ecosystem recently. Part of the reason is that Mountain View has been copping lots of flak for the prevalence of malware in unofficial application markets, often in pirated apps. That's a trifle unfair, since one of the attractions of Android over Apple's iOS is that it's actually possible to shop "off-market" if you wish. Sure, there's a greater risk of shooting yourself in the foot if you do, but you're not forced to live dangerously, and even if you do go outside the Play Store, a little caution goes a long way towards keeping you safe. More realistically, however, Google has been criticized for the appearance of malicious apps in its own Play Store.
An interesting article describing risks in using personally owned mobile phones for business use
QUOTE: If you use your personal smartphone or tablet to read work email, your company may have to seize the device some day, and you may not get it back for months. Employees armed with a battery of smartphones and other gadgets they own are casually connecting to work email and other employer servers. It's a less-than-ideal security arrangement that technology pros call BYOD — bring your own device. Now, lawyers are warning there's an unforeseen consequence of BYOD. If a company is involved in litigation — civil or criminal — personal cellphones that were used for work email or other company activity are liable to be confiscated and examined for evidence during discovery or investigation.
The convenience is hard to ignore, as is the personal touch — workers love picking their own phones — but of course, cost savings is the real driving force. Increasingly, companies are requiring workers to supply their own gadgets at their own cost, the way a restaurant might require waiters to purchase their own uniforms. Even if companies reimburse those employees, there can be a big hidden cost for workers — the possibility of losing their phone for days or months while their company combs through it for data relevant to legal action.
Ransomware is a malicious attack that puts a lock on a user's PC, where they cannot easily proceed without paying the charge or removing the malware. A new fake version appears to come from FBI and even has capability to activate a user's webcam. Infected users should never pay this fee and they should seek removal tools to delete these malicious agents.
QUOTE: Computer users around the globe are being hit by a new kind of virus that freezes their computer and accuses them of committing heinous crimes. The threats sound real enough that victims are coughing up $200 to pay a "fine," and virus writer gangs are netting millions, security firms say. In each case, the accusation appears on a pop-up screen while the virus simultaneously disables the computer. The message often shows the user's IP address and city, and sometimes, recent websites visited by the victim. The most alarming version activates the victim’s webcam, takes his or her picture, and displays it on the warning.
"They are saying, 'we know who you are, where you are, and what you were doing,'" said John Harrison, a security researcher with Symantec. "They attempt to scare the heck out of you." The victim is then offered an option: pay a fine within 72 hours, and the charges will be dropped, while the computer will be restored.
The ISC is capturing social engineering attacks and have close to 200 incidents documented
QUOTE: We are trying to better understand how common "Fake Tech Support" calls are, and what they are trying to achieve. If you received a call that claims to provide tech support, or another service, only to extract information from you or to trick you into installing malware on your system, please use the form below to report any details.
SUMMARY OF DATA CAPTURED
Facecrooks security warns of a new APPLICATION SCAM which is circulating inviting users to change their Facebook settings to support 8 different colors. Members who invoke this scam will send it to all contacts and may compromise their personal information
QUOTE: Anytime the URL starts off with apps.facebook.com/app_name_here, you should know that Facebook didn’t develop the app. Scammers often try to trick users by promoting apps promising Facebook features, upgrades, etc. If an unsuspecting user installs the application, this will allow them to spam their scam messages to all of your friends. Do you really want to let an unknown (scam) developer have this much access to your Facebook information? These scams are known to use multiple Facebook apps to spread virally across Facebook. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.
As noted below, PC Magazine recently noted key anti-virus tools in recent article:
* Best Cleanup -- the free Malwarebytes utility excels at cleanup
* Best Installation Experience -- Malwarebytes, Webroot, and Bitdefender are among those that took a five-star rating
* Best Free Antivirus -- Malwarebytes is free, but it's cleanup-only. For ongoing protection, so you won't have to come clean up again next week, consider AVG.
* Best Ongoing Protection -- Norton excels at blocking access to malicious and fraudulent websites. AVG and Webroot were among those that detected almost every threat
As noted in the security awareness post by Facecrooks security, Facebook users should always be careful of what they post on social networking sites
QUOTE: At this point in the history of social media, virtually everyone understands that what they say or do online can come back to haunt them. A shocking statistic was revealed this week by The American Academy of Matrimonial Lawyers. They found that 81 percent of their members had used evidence from Facebook and other social networking sites. The use of Facebook evidence in divorce hearings goes beyond just proving infidelity, though there’s plenty of that. According to a study by the Pew Internet and American Life Project, about one in five adult Facebook users use the site for flirting. Lawyers also peruse the site to provide evidence of anger issues, drug problems, or items that could prove useful to their case.
While it may be a sign of the times that everyone from the police to divorce attorneys is mining Facebook for evidence, there are simple steps every user can take to protect their information. Total Divorce, the group that illustrated the link between Facebook and divorce proceedings, recommends keeping your distance from Facebook if you’re going through a divorce. Don’t post all over Facebook about how bad your ex is, and try to keep your circle of friends separate as well. That angry message you dash off at 3 a.m. might just end up biting you in court.
Numerous users were impacted by this cyber attack and should change their accounts to use strong passwords immediately
QUOTE: LivingSocial, the second-largest daily deal company behind Groupon Inc, said on Friday that it was hit by a cyber attack that may have affected more than 50 million customers. The company said the attack on its computer systems resulted in unauthorized access to customer data including names, email addresses, date of birth for some users, and "encrypted" passwords.
LivingSocial stressed that customer credit card and merchants' financial and banking information were not affected or accessed. The company also does not store passwords in plain text. "We are actively working with law enforcement to investigate this issue," the company, part-owned by Amazon.com Inc, wrote in an email to employees.
More Posts Next page »