March 2012 - Posts
http://isc.sans.org/diary/Fake+tech+reps+calling/12874
QUOTE: Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys. ISC reader Fred received such a call earlier today. The caller claimed to be from the "Tech department of Windows" and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed "You indeed have the deadly errors" .. and proceeded to ask Fred to connect to a malicious site and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.
PC Magazine shares a potential sizeable cost for every participating business
QUOTE: It's still a mystery how many MasterCard and Visa customers will be affected by the recent breach at a credit card payment processor. Regardless of the actual size of the breach, businesses are the ones who will be held liable. If the original estimate from Brian Krebs, the security expert behind Krebs on Security, stands, a single retailer could potentially be on the hook for a whopping $1.6 million, according to a data breach assessment generated by CO3 Systems. CO3 Systems helps businesses assess data breach incidents and develop incident response plans to navigate the maze of compliance and regulatory requirements through its data loss management platform. Sources told Krebs the breach was "massive" and may involve more than 10 million records.
http://www.securelist.com/en/analysis/204792208/Stuxnet_Duqu_The_Evolution_of_Drivers
QUOTE: Duqu is a sophisticated Trojan which seems to have been written by the same people who created the infamous Stuxnet worm. Its main purpose is to act as a backdoor into the system and facilitate the theft of private information.
Kapersky has an excellent FAQ related to this Botnet
FAQ: Disabling the new Hlux/Kelihos Botnet
http://www.securelist.com/en/blog/208193438/FAQ_Disabling_the_new_Hlux_Kelihos_Botnet
QUOTE: Kelihos is Microsoft's name for what Kaspersky calls Hlux. Hlux is a peer-to-peer botnet with an architecture similar to the one used for the Waledac botnet. It consists of layers of different kinds of nodes: controllers, routers and workers
This excellent article from ESET Security documents issues for both the employee and employer.
Facebook logins toxic for employers, violate security and privacy principles
http://blog.eset.com/2012/03/24/facebook-logins-toxic-for-employers-violate-security-principles-as-well-as-privacy
QUOTE: Attention CEOs and HR Managers: Facebook login credentials belonging to current or prospective employees are not something that any employer should request, use, or posses. Why? Apart from the violation of security and privacy principles? The risks far outweigh any benefit you imagine you could gain by logging into a social media account that does not belong to you, even if you have persuaded the account owner to give their consent. The practice of asking current or future employees for their Facebook credentials is not only a serious risk for employers, it is one of the most unpleasant HR stories that I've encountered ...
Up to 10 million credit cards may have exposed earlier this year:
VISA and MasterCard warn of massive security breach (up to 10 Million credit cards)
http://www.marketwatch.com/story/mastercard-visa-warn-of-security-breach-report-2012-03-30
http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/
QUOTE: VISA and MasterCard are alerting banks across the country about a recent major breach at a U.S.-based credit card processor. Sources in the financial sector are calling the breach “massive,” and say it may involve more than 10 million compromised card numbers. In separate non-public alerts sent late last week, VISA and MasterCard began warning banks about specific cards that may have been compromised. The card associations stated that the breached credit card processor was compromised between Jan. 21, 2012 and Feb. 25, 2012.
F-Secure documents a continued concerted effort by Microsoft and other vendors to eradicate this sophisticated botnet
Microsoft's Digital Crimes Unit Targets ZeuS Botnet
http://www.f-secure.com/weblog/archives/00002337.html
QUOTE:
This link documents to navigate to key functions using new Metro interface:
Common Management Tasks and Navigation in Windows Server "8" Beta
http://technet.microsoft.com/en-us/library/hh831491.aspx
QUOTE: Options are available for installing Windows Server “8” Beta with a minimal user interface well-suited to remote management. For more information, see Windows Server Installation Options. In this topic:
Open the Start screen
Shut down or restart the computer
Lock the computer or sign out
Close a Metro style app
Access Settings for the current screen
Access Control Panel
Access Administrative Tools
Create shortcuts
Open the Run dialog box
Run a program as administrator or as another user
Open Server Manager
Start Windows PowerShell
Open Remote Desktop Connection
Open Command Prompt
Open Microsoft Management Console (MMC) and snap-ins
Keyboard shortcuts
Use keyboard shortcuts in a Remote Desktop session
Use keyboard shortcuts in Hyper-V virtual machines
Windows 8 Server Beta - home support page
http://technet.microsoft.com/en-us/library/hh801901.aspx
This informative article in Microsoft's Technet Security Blog shares future challenges:
Trustworthy Computing Next: Building Trust in a Connected World
http://blogs.technet.com/b/microsoft_blog/archive/2012/02/28/trustworthy-computing-next-building-trust-in-a-connected-world.aspx
QUOTE: From the beginning, Trustworthy Computing’s mission was billed as a long-term journey. As Microsoft marked the 10-year milestone of TwC last month, we also looked forward and recognized that evolving IT models and societal changes have made the relentless pursuit of TwC more important than ever. Today at the RSA Conference 2012, I’m providing my vision for Trustworthy Computing Next within a keynote and sharing a new white paper.
There are three major forces of change. First, with a proliferation of devices, services, and sensors, people are excited about the potential of the cloud and big data. ... Second, as our dependency on IT has grown, governments have become increasingly active in Internet affairs. ... Finally, the threat landscape continues to evolve. Opportunistic threats have been supplemented by attacks that are more persistent and determined.
In this new world, each and every machine, application, data or person may be helpful or harmful, innocuous or dangerous. The Web we live in today is no longer about bilateral relationships; we are connected in new ways where an individual and an organization may have no direct relationship at all, even as they share data or take on IT dependencies. With lack of transparency into these relationships, dependencies, and data flows, it can be hard to make intelligent trust decisions.
Users should update to the latest release of Adobe Flash as prompted
Adobe Flash Player - Security release for March 2012
http://www.adobe.com/support/security/bulletins/apsb12-07.html
http://www.msnbc.msn.com/id/46894760/ns/technology_and_science-security/
QUOTE: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228.
The key features of Windows 8 and IE 10 are highlighted in this special blog post by the Windows development team
Windows 8 Consumer Preview - Introduction of new version
http://windowsteamblog.com/windows/b/windowsexperience/archive/2012/02/29/introducing-windows-8-consumer-preview.aspx
QUOTE: Over the next few weeks, I’ll be publishing a series of posts here on the Windows Experience Blog about what you can expect to see in Windows 8, tips for navigating the new operating system, and all the great new ways to have fun and get things done in this preview of a brand new Windows.
Microsoft Windows Blog - Home Page
http://windowsteamblog.com/windows/b/windowsexperience/
CIO Magazine shares an early evaluation of Internet Explorer 10:
Internet Explorer 10 - early evaluation of Consumer Preview version
http://blogs.cio.com/browsers/16903/ie10-not-much-see-without-touch
QUOTE: If you like those big colorful tiles that distinguish the Windows 8 start page, you're gonna love IE10. If you don't, IE10 won't mean much to you. I've been checking out an early version of Microsoft's next browser, and like the operating system it will come with, it's designed to work on touch screens, where you'll swipe and touch, as well as more conventional desktop screens where you'll point and click. The available version of IE10 is pretty early; Microsoft calls it a platform preview, and frankly much of it looks like IE9. It isn't fair to expect it to function smoothly, but what we can see, along with a blog post about the browser by the Windows engineering team, tells us quite a bit.
CIO Magazine referenced several recent evaluations of Windows 8 Consumer preview as noted below
http://blogs.cio.com/operating-systems/16874/windows-8-consumer-preview-love-hate-and-everything-between
QUOTE: So as expected, Windows 8 Consumer Preview is divisive. With that said, here's a rundown of reactions to the Windows 8 Consumer Preview from IDG sites as well as around the Web, divided into "dig it", "hate it", "kinda confused by it", and "It's pretty good for a beta."
Dig It
Windows 8 Metro UI: A Bold New Face for Windows (PCWorld)
I've Been A Mac User For 11 Years And This Is The First Time I'm Excited To Use A PC (Business Insider)
A Huge Radical Rethinking of Windows (New York Times)
Hate It
Windows 8 May Drive Me to Linux (ExtremeTech)
Windows 8 Consumer Preview: 'Windows Frankenstein' (Infoworld)
Windows 8's Metro UI: 7 Things You May Just Hate (PCWorld)
Kinda Confused By It
Windows 8: Attention Consumers, Do NOT Download It Yet (CIO.com)
Windows 8: No Touch, No Fun (Networkworld)
Windows 8: Something Old, Something Awkward (Infoworld)
It's Pretty Good, for a Beta
Windows 8 Consumer Preview: A First Look at Microsoft's New Operating System (ABC News)
Windows 8 Consumer Preview First Impressions: Still More for Tablets than Traditional PCs (Computerworld)
Windows 8 Consumer Preview: A Call for Common Sense (Supersite for Windows)
The Microsoft March 2012 Security patches should be promptly applied to ensure corporate or home protection. Exploit development is in process and malware authors will likely attempt to further improve malicious code that can be used in future attacks. Below are some recent developments:
Exploit For Ms12-020 RDP Bug Moves to Metasploit
http://threatpost.com/en_us/blogs/exploit-ms12-020-rdp-bug-moves-metasploit-032012
QUOTE: As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available.
F-Secure documents new RDPKill sample exploit
http://www.f-secure.com/weblog/archives/00002338.html
QUOTE: S
MS12-020 in particular is an important security patch to ensure the Remote Desktop Protocol (RDP) is protected as exploits are being developed in the wild. All corporate and home users should get all PCs and servers updated expediently to ensure protection.
Microsoft Security Updates - March 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-mar
MS12-020 - Critical to Patch due to Exploit development in the wild
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
The ISC provides an excellent analysis and rates this update as "Patch Now":
Microsoft Security Updates - March 2012 (Patch Now)
http://isc.sans.edu/diary.html?storyid=12775
ISC declares a rare YELLOW ALERT status due to exploit development
http://isc.sans.edu/diary.html?storyid=12805
http://isc.sans.edu/diary.html?storyid=12808
The Ariva security blog documents an extension by FBI to take down machines infected with the DSNChanger malware. Previously this was set to March 8th and was extended to July 9th as over 1/2 million computers are still infected.
More time to clean up the DNSChanger malware
http://techblog.avira.com/2012/03/08/more-time-to-clean-up-the-dnschanger-malware/en/
QUOTE: We wrote about the DNSChanger malware and about the Avira tool which detects if your computer’s DNS settings were altered and restores the defaults in case they were changed by the malware. The FBI initially announced that the servers which were replacing the malicious ones will be shut down on March 8, 2012. This is today… but the DNS servers still function. According to the FBI, there are close to 500.000 computers which still use the DNS settings set up by the malware. Because of this, it was decided to prolong the deadline until July 9th. So, this gives the affected users another four months time to clean up their computers. In order to detect if your computer is infected and to clean it, use the Avira Antivirus products and the DNSChanger repair tool to restore the DNS settings to normal.
The Facecrooks security site does an excellent job of identify evolving social network scams:
Wow I cant Believe I Got My PROFILE & PHOTOS Stalkers – Facebook Scam
http://facecrooks.com/Scam-Watch/wow-i-cant-believe-i-got-my-profile-photos-stalkers-facebook-scam.html
Scam Type: Rogue Application, Survey Scam
Trending: March 2012
Why it’s a Scam: Clicking the wall post link takes you to the following Facebook application. Clicking “Allow” will give the permissions shown above to the scammer. The application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. Do you really want to let an unknown developer have this much access to your Facebook information? This particular application is called “Pr0file stalker”, but scams like this are known to use multiple Facebook apps.
Safety Tips: Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.
The IRS is actively warning individuals to exercise caution in email and other activities during the tax reporting season:
IRS - Tax season alerts for 2012
http://www.irs.gov/newsroom/article/0,,id=214917,00.html
http://www.irs.gov/newsroom/article/0,,id=98269,00.html
http://www.irs.gov/businesses/small/article/0,,id=106788,00.html
QUOTE: Phishing and Other Schemes Using the IRS Name -- The IRS periodically alerts taxpayers to schemes that fraudulently use the IRS name, logo or Web site clone to to gain access to consumers’ financial information in order to steal their identity and assets. The scams may take place through e-mail, fax or phone. When they take place via e-mail, they are called “phishing” scams.The following is a list of known schemes:
Additional Informative IRS links
More Posts
Next page »