Friday, April 28, 2017

Beyond 'Fake News:' Facebook Fights 'Information Operations'

From Newsmax:

Beyond 'Fake News:' Facebook Fights 'Information Operations'

"Facebook is acknowledging that governments or other malicious non-state actors are using its social network to sway political sentiment, including elections."

NSA Stops Gathering Some Messages From US Residents

I feel so much better now.

From Newsmax:

NSA Stops Gathering Some Messages From US Residents

"The U.S. National Security Agency has halted a form of surveillance that allowed it to collect digital communications of U.S. residents that mentioned a foreign intelligence target without a warrant, three sources told Reuters."

US-CERT Alert: FTC Releases Announcement on Identity Theft

From US-CERT:

FTC Releases Announcement on Identity Theft

"The Federal Trade Commission (FTC) recommends that consumers who are affected by identity theft file a report at IdentityTheft.gov—a one-stop resource to help you report and recover from identity theft. Information provided there includes checklists, sample letters, and links to other resources."

US-CERT: Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors

Alert from US-CERT:

US-CERT: Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors

"The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including Information Technology, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.

According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools."

Thursday, April 27, 2017

PassFreely Attack Bypasses Oracle Database Authentication

From DataBreach Today:

PassFreely Attack Bypasses Oracle Database Authentication

"The attack tool in question, called PassFreely, dates from 2013. Based on leaked documents, tools and exploits tied to the Equation Group - the nickname for a group of hackers that experts believe is part of the National Security Agency's Tailored Access Operations group - it appears that PassFreely may have been used to hack into two or more SWIFT service bureaus (see Hackers Reveal Apparent NSA Targeting of SWIFT Bureaus).

The interbank messaging system from Brussels-based SWIFT - formally known as the Society for Worldwide Interbank Financial Telecommunication - is designed to guarantee that money-moving messages between more than 11,000 banks worldwide are authentic. While some banks host the related infrastructure themselves, many instead use one of 74 accredited SWIFT bureaus."

Organizations Fail to Maintain Principle of Least Privilege

This is a basic tenant of cybersecurity & I cannot stress how important this is to any size organization.  Yes, user audits are painful & tedious but they need to be performed at least annually.  Depending on the size of your organization & its turnover it may even be something to perform on a quarterly basis.

From Security Week:

Organizations Fail to Maintain Principle of Least Privilege

"Security requires that confidential commercial data is protected; compliance requires the same for personal information. The difficulty for business is the sheer volume of data generated makes it difficult to know where all the data resides, and who has access to it. A new report shows that 47% of analyzed organizations in 2016 had at least 1,000 sensitive files open to every employee; and 22% had 12,000 or more.

These figures come from the Varonis 2016 Data Risk Assessments report. Each year Varonis conducts more than 1,000 risk assessments for both existing and potential customers. For its latest analysis of data risk, it has selected, at random, 80 of these assessments. They cover 33 industries in 12 different countries. Forty-two of the organizations have fewer than 1000 employees, and 38 have 1001 or more employees."

HHS Hits CardioNet with $2.5M HIPAA Settlement Fee

From Dark Reading:

HHS Hits CardioNet with $2.5M HIPAA Settlement Fee

"The US Department of Health and Human Services slapped the mobile cardiac monitoring service with fee after breach of customer health data."

USAF Launches 'Hack the Air Force'

From Dark Reading:

USAF Launches 'Hack the Air Force'

"Bug bounty contest expands Defense Department outreach to the global hacker community to find unknown vulnerabilities in DoD networks.

Let the friendly hacking fly: The US Air Force will allow vetted white hat hackers and other computer security specialists root out vulnerabilities in some of its main public websites."

IRS and Immigration Officials Impersonated in Call Center Scam

From Dark Reading:

IRS and Immigration Officials Impersonated in Call Center Scam

"A call center in India was used to scare US residents with threats of imprisonment and deportation in a ruse that impersonated US officials.

With stolen data and a call center based in India, a group of thieves impersonated Internal Revenue Service and US Citizenship and Immigration Services officials to scare money out of US residents."

Samsung Smart TV flaw leaves devices open to hackers

From Sophos Naked Security:

Samsung Smart TV flaw leaves devices open to hackers

"Your Samsung Smart TV might be pretty dumb.

Penetration testing firm Neseso has found that a 32-inch Tizen-based smart TV, first released as part of the 2015 model year and still being sold in North America, isn’t authenticating devices that connect to it via Wi-Fi Direct.

Rather than requiring a password or PIN to authenticate devices that want to connect to the TV – like, say, your smartphone when you want to use it as a remote control – it’s relying on a whitelist of devices that the user’s already authorized."

Do you know where your old email addresses are?

Interesting piece about what to do when an old email address domain is being shut down from Sophos Naked Security:

Do you know where your old email addresses are?

"Here’s something that isn’t really news because it’s not new, but that nevertheless got us thinking.

UK mobile phone provider EE, now part of the BT Group, started life as an admixture of two former competitors of BT.

In a previous life, EE was known by the long name of “everything everywhere” (thankfully for professional writers everywhere, that orthographic oddity didn’t last), and in a life before that, it was two separate mobile providers, T-Mobile and Orange."

Murder victim’s Fitbit contradicts husband’s version of events

From Sophos Naked Security:

Murder victim’s Fitbit contradicts husband’s version of events

"A murdered woman’s Fitbit data indicates her husband may have lied about her being shot to death by a masked intruder who, he’d claimed, had zip-tied him to a chair and calmly cut him up… without leaving any scent anywhere in or around the house that a police dog could sniff out.

According to court documents, the woman, Connie Dabate, was shot dead in her Ellington, Connecticut home on December 23 2015. The weapon used to murder her was a .357 Magnum that her husband, Richard, had bought months earlier."

How much are you giving away to fraudsters on Facebook?

From Sophos Naked Security:

How much are you giving away to fraudsters on Facebook?

"How much personal information are you giving fraudsters access to on Facebook? Are you giving them enough information to steal your identity?

Information Age reported recently that an online survey conducted by YouGov in the UK had found that almost 30% of adults with social media accounts “include their full name and date of birth on their profiles” – that’s two of the three key pieces of information a fraudster needs to steal your identity."

Hackers exploited Word flaw for months while Microsoft investigated

From Reuters:

Hackers exploited Word flaw for months while Microsoft investigated

"To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199.

The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update."

Baldwin County man committed suicide on Facebook Live, sheriff's office reports

This is becoming a very disturbing trend.  From AOL News:

Baldwin County man committed suicide on Facebook Live, sheriff's office reports

"The Baldwin County Sheriff's Office has reported that a Robertsdale man apparently broadcast his own suicide on Facebook Live on Tuesday.

According to information released Wednesday by the BCSO, a woman contacted the Sheriff's Office with concerns about her boyfriend, 49-year-old James M. Jeffrey of Robertsdale. The couple were in the middle of a breakup and he had stopped responding, she said."

FCC Chief Sparks Clash With Call to Repeal Net Neutrality

'Bout time. From Bloomberg:

FCC Chief Sparks Clash With Call to Repeal Net Neutrality

"FCC's Pai Says Net Neutrality Rules Cause Uncertainty

The chairman of the U.S. Federal Communications Commission proposed rolling back the Obama-era net-neutrality rule, prompting the regulation’s defenders to vow a “tsunami” of resistance.

FCC Chairman Ajit Pai said he would ask the agency next month to begin considering removing the strong legal authority that underpins the rules, and to take suggestions for replacement regulations."

Cyberattacks Involving Extortion Are on the Up, Verizon Says

From Bloomberg:

Cyberattacks Involving Extortion Are on the Up, Verizon Says

"Who's Winning the Battle in Digital Warfare?

Cyberattacks involving ransomware -- in which criminals use malicious software to encrypt a users’ data and then extort money to unencrypt it -- increased 50 percent in 2016, according to a report from Verizon Communications Inc.

And criminals increasingly shifted from going after individual consumers to attacking vulnerable organizations and businesses, the report said. Government organizations were the most frequent target of these ransomware attacks, followed by health-care businesses and financial services, according to data from security company McAfee Inc., which partnered with Verizon on the report published Thursday."

Wednesday, April 26, 2017

What Role Should ISPs Play in Cybersecurity?

From DarkReading:

What Role Should ISPs Play in Cybersecurity?

"There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.

For well over a decade, the security industry has debated what role Internet service providers (ISPs) should take in cybersecurity. Should they proactively protect their customers with upstream security controls and filters (e.g., intrusion prevention systems, IP/URL blacklists, malware detection, etc.), or are customers responsible for their own security?"

New computers could delete thoughts without your knowledge, experts warn

From The Independent:

New computers could delete thoughts without your knowledge, experts warn

“Thou canst not touch the freedom of my mind,” wrote the playwright John Milton in 1634.

But, nearly 400 years later, technological advances in machines that can read our thoughts mean the privacy of our brain is under threat.

Now two biomedical ethicists are calling for the creation of new human rights laws to ensure people are protected, including “the right to cognitive liberty” and “the right to mental integrity”.

New BrickerBot Variants Emerge

From SecurityWeek:

New BrickerBot Variants Emerge

"New variants of a recently discovered BrickerBot Internet of Things (IoT) malware capable of permanently disabling devices were observed last week, Radware security researchers warn.

BrickerBot first emerged about a month ago, with two variants observed in early April. The first threat had a short life span of less than a week and targeted BusyBox-based Linux devices. The other is still activ and targeting devices both with and without BusyBox. Devices with an exposed Telnet service that is secured with default credentials are potential victims."

More LastPass flaws: researcher pokes holes in 2FA

From Sophos Naked Security:

More LastPass flaws: researcher pokes holes in 2FA

"Recently we’ve been writing about LastPass more than seems healthy.

March saw two rounds of serious flaws made public by Google’s Tavis Ormandy (quickly fixed), which seemed like a lot for a single week. Days ago, news emerged of a new issue (also fixed) in the company’s two-factor/two-step authentication (2FA) security."

Display Software Flaw Affects Millions of Devices

From SecurityWeek:

Display Software Flaw Affects Millions of Devices


"A potentially serious vulnerability has been found in third-party software shipped by several major vendors for their displays. The developer has rushed to release a patch for the flaw, which is believed to affect millions of devices worldwide.

The security hole was identified by researchers at SEC Consult in display software developed by Portrait Displays. The impacted product allows users to configure their displays (e.g. rotation, alignment, colors and brightness) via a software application instead of hardware buttons.

Portrait Displays’ products are used by several major vendors, including Sony, HP, Acer, Fujitsu, Philips, Dell, Benq, Lenovo, Sharp and Toshiba. However, SEC Consult could only confirm the vulnerability for Fujitsu’s DisplayView, HP’s Display Assistant and My Display, and Philips’ SmartControl applications. The apps, which are pre-installed on millions of devices, have been classified by the security firm as bloatware."

Flaws in Hyundai App Allowed Hackers to Steal Cars

From SecurityWeek:

Flaws in Hyundai App Allowed Hackers to Steal Cars

"South Korean carmaker Hyundai has released updates for its Blue Link mobile applications to address vulnerabilities that could have been exploited by hackers to locate, unlock and start vehicles.

The Blue Link application, available for both iOS and Android devices, allows users to remotely access and monitor their car. The list of features provided by the app includes remote engine start, cabin temperature control, stolen vehicle recovery, remote locking and unlocking, vehicle health reports, and automatic collision notifications."

Chipotle Investigating Payment Card Breach

From SecurityWeek:

Chipotle Investigating Payment Card Breach

"Fast-casual restaurant chain Chipotle Mexican Grill, which has more than 2,000 locations in the United States and other countries, informed customers on Tuesday that its payment processing systems have been breached.

Chipotle said it recently detected unauthorized activity on the network that supports payment processing for its restaurants. The company’s investigation into the incident is ongoing and only limited information has been made public for now."

Tuesday, April 25, 2017

What happens when a vendor doesn’t patch its software?

From Sophos Naked Security:

What happens when a vendor doesn’t patch its software?

"Microsoft engineers won’t be happy this month, thanks to the community-minded actions of a Github user named Zeffy. Not content with the way that Redmond was updating its software, he decided to patch Microsoft’s patch.

Zeffy is irritated with Microsoft’s decision to stop updating Windows 7 and 8.1 on newer CPUs. The company, which worked hard to push users to upgrade to Windows 10, announced in January last year that it would not update versions of these older operating systems running on seventh-generation processors (that’s Kaby Lake silicon from Intel, and Bristol Ridge silicon from AMD). A select set of products using sixth-generation Skylake processors would continue to get support until the middle of this year, it said."

UK Man Jailed for Running Global Cyberattack Business

From NewsMax:

UK Man Jailed for Running Global Cyberattack Business

"LONDON (AP) — A British man has been sentenced to two years in prison for creating and selling a program used in online attacks around the world.

Adam Mudd was 16 when he created Titanium Stresser, a program that carried out more than 1.7 million "denial of service" attacks on websites including gaming platforms Minecraft and Xbox Live."

Facebook's thought police

From The Week:

Facebook's thought police

"The social panic and media hysteria over fake news continues unabated. And once again, Facebook's reaction is all wrong."

LinkedIn app’s oversharing via Bluetooth sparks alarm

From Sophos Naked Security:

LinkedIn app’s oversharing via Bluetooth sparks alarm

"Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”."

Top secret messages sent via Confide might not be so secret after all

From Sophos Naked Security:

Top secret messages sent via Confide might not be so secret after all

"Nervy constituents! Prying newspapers! Always wanting to find out what politicians are up to, who they’re talking to, and what they’re saying!

No wonder politicians (and their whistleblowing staff) have flocked to message-erasing app Confide."

Trump’s promise on cybersecurity: what’s been happening?

From Sophos Naked Security:

Trump’s promise on cybersecurity: what’s been happening?

"As US President Donald Trump closes in on his 100th day in office, he faces plenty of scrutiny over things that didn’t get done in that all-important period of any new administration. One big criticism in the media last week was that he’d blown his self-imposed 90-day deadline to unveil a tough new cybersecurity plan for the federal government."

Kelihos Botnet Author Indicted in U.S.

You. Will. Get. Caught.  From SecurityWeek:

Kelihos Botnet Author Indicted in U.S.

"The alleged author of the Kelihos botnet has been charged in an eight-count indictment returned by a federal grand jury in Bridgeport, Connecticut, after being arrested in Spain earlier this month.

Peter Yuryevich Levashov, 36, a Russian national also known as Petr Levashov, Peter Severa, Petr Severa and Sergey Astakhov, was charged last week with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email, and one count of aggravated identity theft."

Webroot Tags Windows Files, Facebook as Malicious

From SecurityWeek:

Webroot Tags Windows Files, Facebook as Malicious

"An update released by Webroot has caused the company’s home and business products to flag legitimate files and websites as malicious.

While the faulty update was only available for less than 15 minutes on Monday, many customers took to social media and Webroot’s forum to complain that it had caused serious problems for their organization. Users reported that hundreds and even thousands of their endpoints were affected."

Monday, April 24, 2017

Cyber Shield Act: A New Legislative Approach to Improving Cyber Security

From SecurityWeek:

Cyber Shield Act: A New Legislative Approach to Improving Cyber Security

"The Cyber Shield Act is a legislative proposal designed to cut "to the core of critical infrastructure cyber defense." It is proposed by Senator Edward J. Markey, Massachusetts -- but you won't find a draft bill anywhere yet."

Hackers Are Using NSA's DoublePulsar Backdoor in Attacks

From SecurityWeek:

Hackers Are Using NSA's DoublePulsar Backdoor in Attacks

"A hacking tool allegedly used by the NSA-linked threat actor “Equation Group” that was exposed to the public roughly a week ago has been already observed in live attacks.

Dubbed DoublePulsar, the backdoor was released by the Shadow Brokers hacker group on Friday before the Easter holiday, as part of a password-protected archive containing a larger set of tools and exploits. Last week Microsoft said that the newly revealed exploits don’t affect up-to-date systems.
"

Ransomware hidden inside a Word document that’s hidden inside a PDF

From Sophos Naked Security:

Ransomware hidden inside a Word document that’s hidden inside a PDF

"SophosLabs has discovered a new spam campaign where ransomware is downloaded and run by a macro hidden inside a Word document that is in turn nested within a PDF, like a Russian matryoshka doll. The ransomware in this case appears to be a variant of Locky.

Most antivirus filters know how to recognize suspicious macros in documents, but hiding those document inside a PDF could be a successful way to sidestep it, according to SophosLabs researchers.
"

Multiple security holes discovered in Linksys routers

From Sophos Naked Security:

Multiple security holes discovered in Linksys routers

"Do home router makers devote enough resources to finding security vulnerabilities in their products before they ship?

One could be forgiven for having doubts after this week’s news that research outfit IOActive had found 10 significant flaws affecting almost every home router currently sold by Linksys.
"

How Uber Deceives the Authorities Worldwide

Didn't mean to start the morning trashing Uber but there seems to be some privacy issues going on with the company.  Another from the NY Times:

How Uber Deceives the Authorities Worldwide

"SAN FRANCISCO — Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was resisted by law enforcement or, in some instances, had been banned."

Uber’s C.E.O. Plays With Fire

From the NY Times:

Uber’s C.E.O. Plays With Fire

"SAN FRANCISCO — Travis Kalanick, the chief executive of Uber, visited Apple’s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading."

Friday, April 21, 2017

7 Ways Hackers Target Your Employees

From Dark Reading:

7 Ways Hackers Target Your Employees

"One employee under reconnaissance by cyberattackers can put your whole business at risk. Where are they being targeted, and what should they know?"

UK government reports on business breaches and it’s not pretty

From Sophos:

UK government reports on business breaches and it’s not pretty

"The UK is about to go into general election mode unexpectedly, so it’s a funny time for its government to be issuing its Cyber Security Breaches Report 2017, which acknowledges that at least 2.5m cyberhacks have happened over the past 12 months."

Several Google engineers have left one of its most secretive AI projects to form a stealth start-up

From CNBC


Several Google engineers have left one of its most secretive AI projects to form a stealth start-up

"Google has slowly been pulling back the curtain on homegrown silicon that could define the future of machine learning and artificial intelligence."

Elon Musk Lays Out Plans to Meld Brains and Computers

From the Wall Street Journal

Elon Musk Lays Out Plans to Meld Brains and Computers

"Billionaire entrepreneur Elon Musk on Thursday confirmed plans for his newest company, called Neuralink Corp., revealing he will be the chief executive of a startup that aims to merge computers with brains so humans could one day engage in “consensual telepathy.”

Thursday, April 20, 2017

DNS Query Length... Because Size Does Matter

Great tutorial on how cybercriminals can exfiltrate data through DNS queries from SANS ISC:

DNS Query Length... Because Size Does Matter

"In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on "TXT" records used to deliver the encoded payload. "TXT" records are also used for good reasons, like delivering SPF records but, too many TXT DNS request could mean that something weird is happening on your network."

The Rise Of The Social Media Killer

From Vocativ:

The Rise Of The Social Media Killer

"This week, the nation tuned in as hundreds of news outlets reported that an Ohio man was still on the loose after killing an elderly stranger named Robert Godwin Sr. and posting the footage on Facebook on Monday. Steven Stephens, the killer who quickly became the subject of a nationwide manhunt, was found dead in an apparent suicide on Tuesday, but only after becoming the ringleader of a media circus he had orchestrated."

Tuesday, April 18, 2017

That ‘iPhone Wi-Fi bug’ isn’t just for Apple users – here’s a rundown

From Sophos:

That ‘iPhone Wi-Fi bug’ isn’t just for Apple users – here’s a rundown

"Earlier this week, we advised iPhone users to waste no time applying the latest iOS update, even though it came out just five days after Apple’s previous, much bigger update."

Update your iPhone to avoid being hacked over Wi-Fi

From Sophos:

Update your iPhone to avoid being hacked over Wi-Fi

"It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched."

Apple Readies iPhone Overhaul for Smartphone's 10th Anniversary

From Bloomberg:

Apple Readies iPhone Overhaul for Smartphone's 10th Anniversary

"Apple is testing a revamped iPhone with an all-screen front, curved glass and a stainless steel frame alongside upgrades to the current models."

FTC Alert: There’s no Nintendo Switch emulator

From the Federal Trade Commission:

There’s no Nintendo Switch emulator

"If you can’t get your hands on a Nintendo Switch gaming system, you may think an emulator is the next best thing. Think again. Online ads for emulators, sometimes with Nintendo branding, say they can run Switch’s games on your desktop. But there is no legit Nintendo Switch emulator. It’s a scam."

US-CERT Alert: Microsoft Addresses Shadow Brokers Exploits

From US-CERT:

Microsoft Addresses Shadow Brokers Exploits

"The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products."

Thursday, April 13, 2017

Nation-State Hackers Go Open Source

From Dark Reading:

Nation-State Hackers Go Open Source

"Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.

"Nation-state hacking teams increasingly are employing open-source software tools in their cyber espionage and other attack campaigns."

4 Bad Cyber-Security Habits

From Core Security:

4 Bad Cyber-Security Habits

"We hear about high-profile breaches almost every week in the news, but what actions are organizations taking to keep these breaches from happening? Implementing new solutions is great and new tools are always helpful, but it’s the bad habits formed by your team that can really hurt you."

US-CERT Alert: Easter Holiday Phishing Scams and Malware Campaigns

From US-CERT:

Easter Holiday Phishing Scams and Malware Campaigns

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:
  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

FTC Alert - The FTC won’t offer to fix your computer

From the FTC:

The FTC won’t offer to fix your computer

"Some cons send pop-up computer warnings to pitch unnecessary – and sometimes harmful – tech support services. Some make phone calls. Others – like one scammer the FTC just sued – send spam emails that falsely claim the FTC hired them to help remove problem software. In this case, announced today, the court has ordered the defendant to stop claiming he’s affiliated with the FTC, to shut down his websites and phone numbers, and inform current customers who contact him that he is not affiliated with the FTC. If you got one of those messages, please tell the FTC."

FTC Alert - Free movies, costly malware

From the FTC:

Free movies, costly malware

Something for nothing” sounds appealing, but often there’s a hidden cost. If the something is a site or app offering free downloads or streams of well-known movies, popular TV shows, big-league sports, and absorbing games, the hidden cost is probably malware. Sites offering free content often hide malware that can bombard you with ads, take over your computer, or steal your personal information."

FTC Alert - “I have an emergency and need money”

From the FTC:

“I have an emergency and need money”

"If you’ve ever gotten one of those calls, you know how alarming they can be. And that’s exactly what the scammers count on. They want you to act before you think – and acting always includes sending them money: by wiring it or by getting a prepaid card or gift card, and giving them the numbers on the card. Either way, your money’s gone."

ISC Releases Security Updates for BIND

From US-CERT:

ISC Releases Security Updates for BIND

The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.

Available updates include:
•BIND 9 version 9.9.9-P8
•BIND 9 version 9.10.4-P8
•BIND 9 version 9.11.0-P5
•BIND 9 version 9.9.9-S10

Wednesday, April 12, 2017

Microsoft Releases April 2017 Security Updates

From US-CERT:

Microsoft Releases April 2017 Security Updates

"Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code."

Microsoft patches Word zero-day booby-trap exploit

From Sophos:

Microsoft patches Word zero-day booby-trap exploit

"Microsoft Tuesday patched a previously undisclosed Word zero-day vulnerability attackers used to install a variety of malware on victims’ computers."

Attackers using a Word zero-day to spread malware

From Sophos:

Attackers using a Word zero-day to spread malware

"Attackers are using a previously undisclosed security hole in Microsoft Word to install a variety of malware on victims’ computers. Microsoft knows about the zero-day and is expected to patch it later today. As we await that security update, here’s a review of the bug and the available defenses."

United Talent Agency Hacked: Work Disrupted, Ripples Throughout Hollywood (Exclusive)

From The Wrap (never heard of them, fake news?):

United Talent Agency Hacked: Work Disrupted, Ripples Throughout Hollywood (Exclusive)

"United Talent Agency was the victim of a computer hack that severely disrupted business at the agency on Tuesday, shutting down email, causing meetings to cancel and forcing staff to work on their personal devices, numerous individuals told TheWrap."

Tuesday, April 11, 2017

Millions of Stolen US University Email Credentials for Sale on the Dark Web

From Dark Reading:

Millions of Stolen US University Email Credentials for Sale on the Dark Web

"Researchers find booming underground market for stolen and fake email credentials from the 300 largest universities in the US."

That Fingerprint Sensor on Your Phone Is Not as Safe as You Think

From the NY Times:

That Fingerprint Sensor on Your Phone Is Not as Safe as You Think

"SAN FRANCISCO — Fingerprint sensors have turned modern smartphones into miracles of convenience. A touch of a finger unlocks the phone — no password required. With services like Apple Pay or Android Pay, a fingerprint can buy a bag of groceries, a new laptop or even a $1 million vintage Aston Martin. And pressing a finger inside a banking app allows the user to pay bills or transfer thousands of dollars."