June 2012 - Posts
Windows 8 will provide further security improvements and a preliminary list is noted below:
How Windows 8 Beefs Up Security
http://www.securitynewsdaily.com/2008-windows-8-security.html
QUOTE: Windows 8 promises to be much more secure than Windows 7 — so much so that some users might not like it. Chris Valasek, a researcher with the San Francisco security firm Coverity, has been playing with the developer preview version of Windows 8 since last fall. He told the British tech blog the Register that while the internal structure is not too different from that of Windows 7, there are a few new features that will nonetheless beef up Windows 8's security considerably.
App store - New Windows 8 Apps will be contained by a much more restrictive security sandbox
Internet Explorer 10 -- Locking down the browser with improved Flash & Java protection and other safeguards
Secure Boot -- It means that all installed operating systems, whether on a hard drive or on an optical drive, will be checked for digital certificates of authenticity before they're allowed to start the machine.
Windows Defender -- Windows 8 will have a Microsoft first — a built-in anti-virus software installation
In about 10 days, the FBI will carry out another stage of malware cleanup as noted below
DSNChanger Malware - FBI will take infected PCs offline on 07/09/2012
http://www.securitynewsdaily.com/2030-dnschanger-deadline.html
DNS-CHANGER MALWARE test site
(if you see RED your PC may be infected ... GREEN indicates no infection is present)
http://dns-ok.us/
QUOTE: In 10 days, there's a chance you will not be able to access the Internet on your personal computer. No email, no Facebook, no Google, no Twitter — nothing. This potentially dire situation is due to the nasty DNSChanger Trojan, and the fateful date of July 9, on which the FBI is set to take all computers still infected with the malware offline for good.
Launched by Estonian cybercriminals, the DNSChanger malware infected Windows PCs, Macs and routers across the world and enabled the crooks to hijack victims' Web traffic and reroute it to rigged sites. After the FBI, in "Operation Ghost Click," busted the criminals last November, the FBI set up surrogate servers to keep the computers infected with the Trojan temporarily online so users could clean them.
But on July 9, those surrogate servers are coming down. In his Krebs on Security blog, researcher Brian Krebs cites a statistic from the DNSChanger Working Group, which estimates that more than 300,000 computers are still infected with the malware.
NMAP is an excellent network vulnerabilty assessment tool and a new version is now available:
http://nmap.org/download.html
QUOTE: Nmap 6.01 source code and binary packages for Linux, Windows, and Mac are available at:
Here are the changes in 6.01:
o [Zenmap] Fixed a hang that would occur on Mac OS X 10.7. A symptom of the hang was this message in the system console:
o [Zenmap] Fixed a crash that happened when activating the host filter.
o Fixed an error that occurred when scanning certain addresses like 192.168.0.0 on Windows XP:
o Fixed a bug that caused Nmap to fail to find any network interface when at least one of them is in the monitor mode. o Fixed the greppable output of hosts that time-out
o [Zenmap] Updated the version of Python used to build the Windows release from 2.7.1 to 2.7.3 to remove a false-positive security alarm flagged by tools such as Secunia PSI.
As with any beta version, please be careful and technical skills should be in place to uninstall or troubleshoot potential issues. During first few days of testing, no issues have been discovered and it installed cleanly.
Microsoft Security Essentials - New Pre-Release version
http://www.microsoft.com/en-us/download/details.aspx?id=29942
QUOTE: As a Microsoft Security Essentials Prerelease user, you will have the opportunity to explore and test new builds of Microsoft Security Essentials before they are publically available and provide feedback to Microsoft. Your feedback helps Microsoft to make its software and services the best that they can be. As a Microsoft Security Essentials Prerelease user, Microsoft Security Essentials updates will automatically be installed on your computer through Microsoft Updates.
Below is a "how to reset link" for Internet Explorer that includes a special FixIT tool from Microsoft. Occasionally this environment might become damaged and this allows a reset back to initial default settings.
Internet Explorer Settings - How to reset this for your PC
http://support.microsoft.com/kb/923737
Below is a "how to reset link" for Windows Update that includes a special FixIT tool from Microsoft. Occasionally this environment might become damaged and this allows a reset back to initial default settings.
How to Reset Windows Update
http://support.microsoft.com/kb/910339
While this POC attack and research paper are complex and highly mathematical in nature, further developments should be closely watched.
RSA SecurID 800 Tokens - New attack could reveal keys in about 15 minutes
http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/
QUOTE: Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails. The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA's SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies.
The latest research comes after RSA warned last year that the effectiveness of the SecurID system its customers use to secure corporate and governmental networks was compromised after hackers broke into RSA networks and stole confidential information concerning the two-factor authentication product. Not long after that, military contractor Lockheed Martin revealed a breach it said was aided by the theft of that confidential RSA data.
The Security News Daily shares some valuable tips to be careful with sites you connect to, as well as performing e-commerce activity while on the road. Sites that you connect to may not be well secured and you should avoid banking, internet purchases, and even email if you are not sure of the overall safety of the site hosting internet services.
How to Keep Your Wi-Fi Safe While Traveling
http://www.securitynewsdaily.com/2009-wi-fi-safe-traveling.html
QUOTE: But before you get too relaxed, beware. Lurking on that public Wi-Fi network you’re using might be identity thieves and account hackers who are waiting to pounce on your information. “If you are logged in and it’s not secure, pretty much everything that travels over the air is vulnerable,” said Chris DePuy, vice president at the Dell’Oro Group, a market research firm in Redwood City, Calif.
Security News Daily – How to secure Wireless home network
http://www.securitynewsdaily.com/how-to-secure-home-wireless-network-0816/
Facecrooks security shares an interesting workflow diagram and key procedures when security or content abuse is reported.
Facebook - How internal teams respond to reported incidents
http://facecrooks.com/Internet-Safety-Privacy/what-happens-when-you-click-report-on-facebook.html
QUOTE: Facebook Safety has posted a note and an infographic that details the internal teams, guidelines and workflows that are involved in the Facebook reporting process. (the image is rather large, so you might have to download it and view it in an editor to view it properly). Facebook has hundreds of moderators based in four centers that evaluate content based on established community standards. The following four distinct teams act and respond accordingly:
1. Safety Team – Violence and Harmful Behavior
2. Hate and Harassment Team – Hate Speech
3. Abusive Content Team – Scams, Spam and Explicit Content
4. Access Team – Hacked and Imposter Accounts
The Safety Team will contact law enforcement authorities when credible threats of violence are present.
An interesting analysis on the design of these scams, intended to reach just a small number of individuals who might be more easily persuaded to fall for these attacks.
Nigerian email scams are designed to be obvious
http://www.securitynewsdaily.com/2002-nigerian-emails-scam-dumb.html
QUOTE: Here's a modern-day question: Why are Nigerian con-man emails so obvious? Because that makes sure only stupid people will respond to them, says Microsoft security analyst Cormac Herley in a newly released research paper. "Far-fetched tales of West African riches strike most as comical," Herley writes in the introduction to his paper. "Our analysis suggests that is an advantage to the attacker, not a disadvantage." But even if 99 percent of the thousands of people who receive the email ignore it, that still leaves quite a lot of sad suckers who are taken in by the tale. And, reasons Herley, if those people are dumb enough to believe such a silly story, or ignorant enough to have not heard a decade's worth of Nigerian email jokes, then they're quite likely to fall for the old-fashioned "advance fee" con that the email sets up.
A good security awareness article regarding the need to secure profile information and be careful with information that is posted.
Facebook - Employers may review unprotected profiles
http://www.securitynewsdaily.com/2001-personal-secrets-facebook.html
QUOTE: Whether you're looking for a job, or already have one, there's one thing you can be sure of: It's not only your Facebook "friends" who are looking at your social media profile Those doing the hiring freely admit they search potential job candidates' Facebook profiles. If you think your current co-workers, employees or boss aren't stopping in for an undetected peek at your profile every so often, you're deluding yourself. "So what?" you think. "There's nothing on my Facebook profile that I'm ashamed of." Are you sure? You might be surprised how much of what's on your Facebook page is inappropriate for work.
Here are just a few of the things you're revealing about yourself that you might not have considered.
1. Your age. Even if you didn't use your real age when you signed up for Facebook, it's pretty easy to figure out.
2. Your political beliefs. Anyone with a little common sense knows that talking politics at work is a bad idea, but anyone checking out your Facebook page could probably pretty easily figure out where you stand.
3. Your personal life. What's the point of putting on a power suit for work if everyone in your office can see photos of you in your pajamas on Christmas morning on your Facebook page?
4. Your childhood. those photos your mom keeps posting of you as a kid in the bathtub are cute, too. While they're not exactly blackmail material, there's little doubt they'll help undermine your efforts to command much respect around the office.
5. Your religious beliefs. What you believe is no one else's business. But that doesn't mean they won't hold it against you.
6. Your work alliances. Even if you think you're good at playing office politics, odds are your Facebook page tells the real truth about who you like and who you don't.
Trend Micro shares an awareness of the need to have unique and strong passwords to help mitigate on-going website attacks.
Password Attacks - Several websites comprised during June 2012
http://blog.trendmicro.com/password-insecurity-revisited/
QUOTE: The month of June is turning into a very bad month for password security. Last week three major sites – Linkedin, eHarmony, and last.fm – all suffered from major leaks that put millions of user passwords online. Earlier this week, it was revealed that the game League of Legends has also suffered its own flaw which put customer data – including passwords – out into the open. What have we learned about password security from these incidents? That people are still using woefully insecure passwords. Too many people are still using frightfully short passwords like 1234, or words that are too short/guessable (examples would be job or linkedin).
On June 6, 1977, I started as a Sr. Programmer/Analyst for Atlantic Mutual Insurance Companies. I became a Project Manager in 1979 and worked in a number of job roles, including our initial implementation of IBM PCs in 1981 (management of project, training new users, etc). I started with Microsoft DOS 1.1 and have been using PCs on a daily basis since then. I currently work for another company in supporting an automated Commercial Lines policywriting system. However, I continue to work in the same building that I started my early career in the industry (as the other company purchased the data center). I am greatful for the opportunities to learn and put these skills to work over time in providing for my family. All professionals need continuing education and that has been beneficial in a professional that is constantly changing.
Fake Android Security App is Mobile Zeus Malware in Disguise
http://securitywatch.pcmag.com/none/299291-fake-android-security-app-is-mobile-zeus-malware-in-disguise
QUOTE: A new variant of the Zeus banking malware is masquerading as a security app in order to lure users trying to protect their Android devices from…malware. The fake security app, called the Android Security Suite Premium, is actually the latest Zeus malware, Denis Maslennikov, a Kaspersky Lab researcher, wrote on SecureList on Monday. Once Android Security Suite Premium is installed on the mobile device, it displays a blue shield icon on the menu and a fake "activation code" when executed, according to the blog post. The app first appeared in early June, and there are at least six different versions.
The malicious app can intercept incoming text messages and forward them to remote command-and-control servers. Depending on the user, the messages could include sensitive data, such as password reset links or even one-time passwords. Any of the six C&C servers could send instructions to the app to uninstall itself, collect and transmit system information, and installing other malicious applications
Sophos has published the top five malware attacks circulating for the Android smartphone
Android - Top five malware attacks detected in the wild
http://nakedsecurity.sophos.com/2012/06/14/top-five-android-malware/
QUOTE: The release of a brand new version of Sophos's free anti-virus for Android (it actually does much more than just anti-virus, hence our marketroids call it Sophos Mobile Security) makes this an opportune time to update users on the Android malware landscape. SophosLabs has examined the stats produced by installations of Sophos Mobile Security, which is now being used on Android smartphones and tablets in 118 different countries around the world - and it's making for interesting reading about which malware is being most frequently encountered on the platform.
These malicious apps can send and read SMS messages, potentially costing you money. In fact, it can even scan your incoming SMS messages and automatically remove warnings that you are being charged a fee for using premium rate services it has signed you up for.
1. Andr/PJApps-C. When Sophos Mobile Security for Android detects an app as Andr/PJApps-C it means that we have identified an app that has been cracked using a publicly available tool. Most commonly these are paid for apps that have been hacked. They are not necessarily always malicious, but are very likely to be illegal.
2. Andr/BBridge-A. Also known as BaseBridge, this malware uses a privilege escalation exploit to elevate its privileges and install additional malicious apps onto your Android device. It uses HTTP to communicate with a central server and leaks potentially identifiable information.
3. Andr/BatteryD-A. This "Battery Doctor" app falsely claims to save battery life on your Android device. But it actually sends potentially identifiable information to a server using HTTP, and aggressively displays adverts.
4. Andr/Generic-S. Sophos Mobile Security generically detects a variety of families of malicious apps as Andr/Generic-S. These range from privilege escalation exploits to aggressive adware such as variants of the Android Plankton malware.
5. Andr/DrSheep-A. Remember Firesheep? The desktop tool that can allow malicious hackers to hijack Twitter, Facebook and Linkedin sessions in a wireless network environment? Andr/DrSheep-A is the Android equivalent of the tool.
Apple will be implementing new security controls for apps as noted in the following link:
Apple iOS6 improves iPhone and iPad application security
http://www.securitynewsdaily.com/1988-apple-ios-6-iphone-ipad-security.html
QUOTE: The next version of Apple's mobile operating system, iOS 6, will request explicit permission before allowing third-party applications to access user information. It's a privacy upgrade that could benefit Apple's hundreds of millions of iPhone and iPad customers. In the new iOS 6, Apple will force apps to get user permission before accessing Contacts, Calendars, Reminders and Photos, MacRumors reported. The enhanced security feature, outlined in the "Data Privacy" section of Apple's iOS 6 Release Notes, was announced at the company's Worldwide Developers
The Microsoft Security Updates for June 2012 contain an important Internet Explorer fix that the ISC rates as "Patch Now". As new exploits are circulating, it is important to ensure users are up-to-date on all security updates
MS12-037 patch protects against New IE based exploits circulating
http://www.msnbc.msn.com/id/47875298/ns/technology_and_science-security/
http://nakedsecurity.sophos.com/2012/06/19/ie-remote-code-execution-vulnerability-being-actively-exploited-in-the-wild/
http://www.securitynewsdaily.com/1954-microsoft-security-bugs.html
QUOTE: A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild. The vulnerability is CVE-2012-1875 (don't expect any detail - this link is just boilerplate stuff), patched in MS12-037. SophosLabs has seen numerous attempts to exploit this vulnerability (Sophos products detect it as Exp/20121875-A). Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet.
F-Secure highlights new removal process used by ZeroAccess malware
ZeroAccess malware - deletes itself using an innovative technique
http://www.f-secure.com/weblog/archives/00002385.html
QUOTE: We normally see malware developing and evolving over the years. One particular malware we've been following is ZeroAccess, which has been continuously improving which we first detected it in late 2010. Case in point: in the latest samples, its self-deletion routine has changed. This is a simple Windows batch file ZeroAccess used to use to remove itself after execution, as a fast and simple way to hide any traces of its presence from the user. Lots of other malware use this batch file self-deletion method. Recently though, it looks like ZeroAccess wants to be a bit more different and make things more complicated for analysts.
Facecrooks Security notes this recent development is a legitimate link where Facebook is sharing basic security tips with it's user community.
Facebook - Simple Security Tips now highlighted for Users
http://facecrooks.com/Internet-Safety-Privacy/facebook-is-rolling-out-security-tips-to-users.html
Facebook - More details on Security settings
https://www.facebook.com/help?page=203917589649396
QUOTE: If you see a link at the top of your Facebook page to ‘simple security tips,’ don’t be surprised or alarmed that it could be a scam. Facebook has created a page with some common sense security tips, very much like the ones we often release. The resource page contains a short video from a member of Facebook’s Security team, and the following top three tips shown below:
1.Know how to spot a scam -- If an offer looks too good to be true, it probably is. Think twice before you click on a link for free airline tickets or other common scams.
2.Choose a one-of-a-kind password -- Is your Facebook password different than your email password? If not, please reset your password today.For more password related security tips see our article: The Top Ten Commandments of Password Protection.
3.Confirm your mobile number -- If you forget your password, we’ll be able to text you a new one. To make sure we can reach you, confirm your mobile number. We often encourage our readers to enable login approvals, so that even if your Facebook password is compromised the hacker will need a code sent via text message to access your account.
Please note that the Internet Explorer MS12-037 update is rated as "PATCH NOW" by the ISC and is being actively exploited in the wild.
Microsoft Security Updates - June 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jun
Microsoft Security Updates - June 2012
(excellent analysis by ISC)
https://isc.sans.edu/diary.html?storyid=13453
More Posts
Next page »