Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

November 2013 - Posts

Microsoft Office 2013 SP1 - planned for early 2014

Corporate and business users should track this important change and it's availability in early 2014:

http://www.zdnet.com/microsoft-office-2013-service-pack-1-to-arrive-in-early-2014-7000023505/

QUOTE: Microsoft is planning to deliver Service Pack (SP) 1 for Office 2013, SharePoint 2013 and Exchange 2013 in early 2014, company officials said on November 20. Microsoft shared a partial list of some of the updates that will be part of the SP1 via blog posts on the Office and Exchange Team blogs. On that list:

* Improved compatibility with Windows 8.1
* Support for Windows Server 2012 R2 for Exchange and SharePoint
* Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across Outlook, Exchange ActiveSync clients, and OWA
* Inclusion of the Edge Transport server role for Exchange Server 2013
* General performance enhancements and feature updates for all the Office 2013 products

McAfee 2013 Q3 Threats - Corporate Digital Trust Issues

McAfee's Q3 Threats report focuses on Digital Trust concerns:

http://blogs.mcafee.com/executive-perspectives/serious-trust-issues-abound-in-the-mcafee-labs-q3-threats-report

QUOTE: Most important was the issue of whether we question the validity of our digital trust mechanisms upon which our software-driven Digital Age has relied for years. Every organization on the face of the earth relies on security controls, be they on the endpoint or the perimeter, to accept downloaded binaries if they are digitally signed. These digital signatures signify that code originated from a given manufacturer and should be allowed… Security industry leaders have long predicted that it would only be a matter of time before cybercriminals would use compromised certificates at scale to camouflage large numbers of malware. McAfee Labs’ third quarter report suggests that we could, in fact, be approaching that state of “at scale” signed malware.

While the leading code signing certificate authorities (CAs) have worked hard to validate the legitimacy of the customers to whom they sell their certificates, the evolution and commoditization of the certificate authority market has spawned an ecosystem of CAs who are decidedly unconcerned with such reputation measures, as well as a web of retailer relationships that make verification and validation difficult for the top root certificate authorities.

Malware - Fake AV update messages trick users DEC 2013

Symantec documents several fake AV update email or website messages

http://www.symantec.com/connect/blogs/fake-av-software-updates-are-distributing-malware

QUOTE: A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as to what they may be actually installing.

Cyber Monday safety awareness - December 2, 2013

Symantec shares  safety awareness tips for Cyber Monday ...

http://www.symantec.com/connect/blogs/cyber-monday-shoppers-and-retailers-beware-scams-and-attacks

QUOTE:  December 2, 2013 marks Cyber Monday, the day when Internet retailers expect to experience a major surge in traffic thanks to people shopping online for the holiday season. The concept of Cyber Monday, or Mega Monday as it’s known in Europe, was introduced back in 2005. It takes place after the Thanksgiving holiday weekend, when people return to the office and buy Christmas presents from their work computers, according to retailers. Some dismissed Cyber Monday as marketing hype but over time, the day has grown in significance, thanks to competitive deals on offer from many major retailers. In 2012, the 500 biggest retailers in the US took more than US$206.8 million on Cyber Monday while in Europe, approximately €565 million was spent on this day. This year, experts believe that Cyber Monday sales will grow by 13.1 percent as consumers increasingly move from buying presents in bricks-and-mortar stores to shopping online.

 However, considering the hype surrounding Cyber Monday and the expected traffic on ecommerce sites on this date, there could be a chance that attackers will take advantage of the day to target both consumers and retailers. According to a recent study from RSA Security and the Ponemon Institute, 64 percent of retail-focused IT professionals have seen an increase in attacks and fraud attempts during high traffic days such as Cyber Monday. But just one third of these IT professionals take special precautions to ensure high availability and integrity of websites on these days. Worse still, the estimated direct cost of a cyberattack around the holiday season is believed to be US$8,000 a minute. 
Bitcoin - Fraudulent attacks on digital currency

F-Secure shares an informative article related to cybercrime attacks against digital currency

http://www.f-secure.com/weblog/archives/00002644.html

QUOTE: Bitcoin, and other digital currencies such as Litecoin and Peercoin, will change the way we exchange money. But they come with a major flaw: they can also be used to turn infected computers into devices that "print" money. The beauty of the algorithm behind Bitcoin is that it solves two main challenges for cryptocurrencies - confirming transactions and generating money without causing inflation - by joining them together. Confirmations are given by other members of the peer-to-peer network, who in return are given new Bitcoins for their labour. The whole process is known as "mining".

When Bitcoin was young, mining was easy. You could earn Bitcoins by mining on a home computer. However, as the currency's value grew (from $8 to $1000 during 2013) - more people applied to do it, and, in response, mining became (mathematically) harder and required more powerful computers. Unfortunately, those computers don't have to be your own. Some of the largest botnets run by online criminals today are monetized by mining. Any infected home computer could be mining Bitcoins for a cybercrime gang.

eCommerce Security - 2013 Holiday Season is peak time of year for crime

Trend Labs share an informative article that this holiday season is most dangerous times of year, due to heavy e-commerce and gift giving.  Cybercriminals see as "prime opportunity to steal"

http://blog.trendmicro.com/trendlabs-security-intelligence/the-season-for-danger-holiday-season-spam-and-phishing/

http://about-threats.trendmicro.com/us/webattack/74/Beware+of+HolidayThemed+Multicomponent+Online+Threats

QUOTE:  For many, the holiday season is a season for shopping and spending. But cybercriminals see it in a different light—they see it as a prime opportunity to steal.  Take, for example, online shopping. Malicious websites to try and trick online shoppers into giving them their money instead of the legitimate shopping websites. These sites are often made to look exactly like the website they’re mimicking, and feature a login screen that asks the user to enter their personal information. They are interested in any and all kinds of login information – for example, we recently saw phishing sites that stole the Apple IDs of users.   We have kept track of the number phishing sites created since 2008. We pay particular attention to those that target Christmas shoppers and/or have holiday themes. There are plenty of these, and they persist all year. Unsurprisingly, they rise towards the end of the year

Malware - SOGOMOT and MIRYAGO use encrypted JPEG files in targeted attacks

Trend shares awareness of new targeted attacks circulating in Asia-Pacific region

http://blog.trendmicro.com/trendlabs-security-intelligence/jpeg-files-used-for-targeted-attack-malware/

QUOTE: We recently came across some malware of the SOGOMOT and MIRYAGO families that update themselves in an unusual way: they download JPEG files that contain encrypted configuration files/binaries. Not only that, we believe that this activity has been ongoing since at least the middle of 2010. A notable detail of the malware we came across is that these malware  hide their configuration files. These JPEGs are located on sites hosted in the Asia-Pacific region, and we believe that these malware families are used in targeted attacks in the region as well.

Microsoft Security Advisory 2914486 - Details of Windows XP 0 day exploit in wild

More details on Windows XP zero day exploit circulating ... Ensuring Adobe Acrobat reader is patched will help mitigate dangers and all users have until April 2014 to move to later versions of Windows.

https://technet.microsoft.com/en-us/security/advisory/2914486

https://isc.sans.edu/forums/diary/Microsoft+Security+Advisory+2914486+Vulnerability+in+Microsoft+Windows+Kernel+0+day+exploit+in+wild/17117

http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-targeting-windows-zero-day-vulnerability-spotted/

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE (Trend Labs): We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in May of this year. This vulnerability is used in tandem with the Windows zero-day vulnerability  (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.  This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.

Windows XP exploit - works in concert with Adobe Reader vulnerability

Home and corporate users will benefit greatly in phasing out Windows XP, for the more secure kernel and browser architectures offered by Windows 7 and 8.1 ... PC Magazine shares awareness of new vulnerability affecting older Windows XP version only.

http://securitywatch.pcmag.com/vulnerabilities/318465-latest-microsoft-zero-day-targets-xp-unpatched-adobe-reader

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE: Microsoft confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 is currently being exploited in active attacks. If you are still running XP, why don't you put a new computer on your wish list?  Originally reported by researchers at FireEye, the the issue is an elevation of privilege flaw which allows an attacker to run arbitrary code in kernel mode. By exploiting this bug, an attacker could install additional programs, view or modify data, or create new administrator accounts on the computer, Microsoft said in its security advisory, released on Wednesday. Microsoft also said the attackers must first log in with valid account credentials to launch the exploit, and the vulnerability cannot be triggered remotely or by anonymous users.  "It is being abused in the wild in conjunction with an Adobe Reader vulnerability that had a fix published in August 2013," said Wolfgang Kandek, CTO of Qualys. Users running outdated versions of Adobe Reader 9, 10, and 11 on Windows XP SP3, FireEye researchers Xiaobo Chen and Dan Caselden wrote on the company blog. Chen and Caselden recommended. Later versions of Windows are not affected.

Social Networking Security - 85 percent of consumers use Public WiFi

PC Magazine shares awareness of extensive connectivity to Twitter, Facebook, Instagram and other social networks. Users need to think ahead of security risk especially with large # of malicious applications in circulation

http://facecrooks.com/Internet-Safety-Privacy/85-Consumers-Use-Social-Media-Networks-While-Connected-Public-WiFi.html/

QUOTE:  They’re so popular, those ubiquitous mobile devices. For better or worse, we’ve evolved into a society that is a texting, Facebooking, Snapchatting, online-banking, TMI-ing, forever-connected, 24/7-kind of world.  And 85% of users are connecting to social media sites via public WiFi!   There’s positives to that, for sure, and is a great way to stay connected. But have you ever considered the negatives when you’re doing all that in a public wireless hotspot? After all, identity theft is a huge epidemic — have you ever thought about the risks to your personal life by using a “free” Internet connection? What information are you (over)sharing? Is that data protected and encrypted from prying eyes? What security tools do you use regularly?

Microsoft Xbox One – PC Magazine Editors Choice

PC Magazine awarded Editor’s Choice rating on this advanced new gaming system

http://www.pcmag.com/article2/0,2817,2420311,00.asp

QUOTE: Well, Microsoft’s ambition has paid off. Not only is the Xbox One  $499.99 at Microsoft Store a powerful game system that rivals the PlayStation 4, it really is the comprehensive entertainment hub Microsoft envisioned. (And it turns out that it doesn’t require an always-on Web connection and you can turn off the camera.) Kinect voice controls, television integration, and multitasking features make the Xbox One an ideal combination of game system, media hub, universal remote, program guide, and Blu-ray player. The Xbox One’s voice controls and TV integration are revolutionary and could pave the way for game systems to become true all-in-one entertainment centers. …but it does so much so well that its flaws and price can be forgiven, making it an Editors’ Choice.

Microsoft Xbox One comparison with Play Station 4

Interesting head-to-head comparison of latest two advanced gaming console systems.

http://thenextweb.com/gadgets/2013/11/27/playstation-4-vs-xbox-one-one/


QUOTE: Now that the PlayStation 4 and the Xbox One are both on sale, we are officially in the next-generation of console gaming. For many of you, deciding which one to buy is going to be the toughest shopping decision you’ll make this holiday season.  Buying a console is a highly personal decision, but it’s worth outlining the specific use cases that might tip you one way or the other. While I don’t have a deep loyalty to either Sony or Microsoft, you should know that I bought an Xbox One because it best fit my overall gaming/entertainment needs. You can also check out our occasional gamer guides for the PS4 and the Xbox One if you need more help deciding.

The Xbox One is designed to serve as your living room’s primary media device, so it may be the better option if you’re looking for an all-in-one system. Unlike the PS4, the new Xbox has an HDMI input that can be used for watching live TV. The conversation around the next-gen consoles has centered around the PS4 being best for gamers and the Xbox One is being tailored for users who want an all-in-one package. That characterization may feel reductive, but, based on the time we’ve spent with both systems, it’s also pretty accurate.

Mobile Security - mSpy monitoring software

This article warns of possible mis-use in this legitimate tracking where parents monitor cell phone usage by their kids

http://thenextweb.com/apps/2013/11/28/mspy-terrifying-app-spying-another-smartphone-tablet-user/

QUOTE: Those of you interested in preserving your privacy will want to watch out for the mSpy app. When installed on an Android or iOS device, it can track phone calls, location data and keyboard strokes in the background without your knowledge.  The app is ostensibly intended for legal monitoring use, and there are certainly legitimate reasons to install the software. Companies, for instance, could inform their employees that they’re surveilling company phones for security purposes, or concerned parents could include the software on devices they give to their kids.

Thankfully, the app requires physical access for installation. The iOS version requires that the client device is jailbroken, and it isn’t currently compatible with iOS 7 and recent versions of iOS 6 (6.1.3 and 6.1.4). mSpy for Android works with some of the platform’s most popular devices, including the Galaxy S4, Moto X and the HTC One, but spying on apps like Facebook, Skype, Viber and Whatsapp requires the phone to be rooted. Older BlackBerry and Symbian phones are also supported.

Microsoft Xbox One - PC Magazine review
PC Magazine awarded Editor's Choice rating on this advanced new gaming system http://www.pcmag.com/article2/0,2817,2420311,00.asp QUOTE: Well, Microsoft's ambition has paid off. Not only is the Xbox One $499.99 at Microsoft Store a powerful game...
Android Security - Malicious application steals Korean Phone Numbers

McAfee reports of new Android attacks circulating and targeting Korean users

http://blogs.mcafee.com/mcafee-labs/javascript-apps-on-google-play-steal-korean-phone-numbers

QUOTE: In a recent blog, McAfee Labs reported on suspicious JavaScript-based Android chat applications for Japanese users. These apps were found on Google Play, and steal users’ phone numbers. We have now found about 120 applications that use similar, but not the same, JavaScript techniques to steal a device’s phone number. These apps seem to mainly target Korean users.  When launched, these apps automatically retrieve the device’s phone number and send it to a server managed by the developer, without any prior notice to the user. Because the use of the phone number does not seem related to the app’s functionality, we can safely say they are designed to secretly collect users’ phone numbers.

Travel Security tips - Holiday Season 2013

PC Magazine offers numerous safety tips to reduce risks while traveling

http://securitywatch.pcmag.com/mobile-security/318366-staying-secure-while-traveling-over-the-holidays

QUOTE: If you are among the 43 million Americans planning to travel over the next days, you are most likely not leaving your electronics behind. Make sure you secure your data before you hit the road (or the air). ... KEY BEST PRACTICES include:

1. Protect the Device - The fewer devices you are carrying, the smaller the chances of losing or breaking them. Password protect, encrypt data, and set up anti-theft applications on mobile devices

2. Backup Your Data - Before you leave, take the time to back up all the files on the devices. That's ebooks, documents, pictures, videos, everything. Do it again before coming home. Back up those pictures you took and the files you created before you head out again. Upload those images and files to Flickr, Dropbox or any cloud storage service of your choice

3. Beware of Public Networks - Beware of public networks, even if they aren't free. You may think you are hopping on to the hotel wireless, or the one belonging to the airport, but it may actually be a rogue network set up to trap unsuspecting users.

Facebook - Christmas Tree Application Hoax 2013 version

Hoaxes are designed as pranks  to confuse users with false information. Just as email virus hoaxes were once popular, the concept has spread to social networking sites as well

http://wafflesatnoon.com/2013/11/23/christmas-tree-app-warning/

http://facecrooks.com/Scam-Watch/Christmas-Tree-App-Hoax-Spreads-Facebook-Once-Again.html/

QUOTE: Let’s first take a look at the warning which has circulated on Facebook for the past three years. There is no evidence that the Christmas Tree app warning described a real threat in 2010, much less in 2013. You should always be careful when installing Facebook apps, but we this warning appears to be false and outdated.

HOAX TEXTWARNING!!!!!! ….. Do not use the Christmas tree app. on Facebook. Please be advised it will crash your computer. Geek squad says its one of the WORST trojan-viruses there is and it is spreading quickly… Re-post and let your friends know ;-}

National Crime Agency - United Kingdom security site

This agency is similar to FBI in warning of breaking news, investigating incidents, and working with law enforcement agencies to prosecute online criminal events.

http://nationalcrimeagency.gov.uk/

QUOTE: The NCA is a new crime-fighting agency with national and international reach and the mandate and powers to work in partnership with other law enforcement organisations to bring the full weight of the law to bear in cutting serious and organized crime.

Ransomware - Crytolocker spreading in massive spam campaigns

Crytolocker is a dangerous new worm that encrypts data on infected user systems and requires them to pay usually $300 for their data back.  As files are permanently damaged by encryption, users must  completely restore data if they refuse payment.  Users should always be cautious with email messages and website links

http://www.symantec.com/connect/blogs/cryptolocker-alert-millions-uk-targeted-mass-spam-campaign

http://nationalcrimeagency.gov.uk/news/256-alert-mass-spamming-event-targeting-uk-computer-users

http://blog.trendmicro.com/trendlabs-security-intelligence/cryptolocker-emergence-connected-to-blackhole-exploit-kit-arrest/

QUOTE:   Last week, the United Kingdom’s National Crime Agency (NCA) warned that tens of millions of customers were being targeted by the Cryptolocker malware through a mass spam campaign. According to the alert, millions of UK customers received malicious emails, but the primary targets seem to have been small and medium businesses.  A recent Symantec blog examined a threat named Trojan.Cryptolocker and how it is an aggressive evolution of the ransomware family of threats. Cryptolocker thrives by encrypting files on a victim’s computer and holding the decryption key for ransom. Interestingly, Symantec predicted this rise in ransomware in its most recent Internet Security Threat Report.

Adobe - Flash Player update NOV 2013

All users should promptly update to latest version of Flash Player for important security patches:

http://www.intego.com/mac-security-blog/adobe-flash-player-update-fixes-memory-corruption-bugs/

QUOTE: Adobe released security updates for Adobe Flash Player for Mac, Windows and Linux, resolving memory corruption bugs in the software. These updates specifically address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.  The following software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.117 and earlier versions for Mac and Windows, as well as Adobe Flash Player 11.2.202.310 and earlier versions for Linux. Moreover, updates are also available for Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh. Adobe’s security bulletin (APSB13-26) describes the bugs fixed in the Flash Player update as follows:  These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-5329, CVE-2013-5330).

More Posts Next page »