Thursday, February 27, 2014

Free tools for Windows Servers

From Network World:

Free tools for Windows Server admins

US Tax Season Phishing Scams and Malware Campaigns


In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing campaigns may include, but are not limited to:
  • Information that refers to a tax refund,
  • Warnings about unreported or under-reported income,
  • Offers to assist in filing for a refund, or
  • Links to counterfeit e-file websites.
These messages, which can appear to be from the IRS, may ask users to submit personal information via email, or include links to sites that request personal information or host malicious code.
To protect themselves against these types of phishing scams and malware campaigns, users and administrators are encouraged to take the following measures:

Linux security cheat sheet

I realize my blog is heavy on content for Microsoft Windows.  The reason is Windows workstations and servers make up the lions share of systems used by SMB's.  To help even things out here are two links for Linux security.

Linux security quick reference guide

2014-02-17 Link of the Day: OnGuard Online

Todays link offers a wealth of info on cyber security for small business, educators and parents.

OnGuard Online

Wednesday, February 26, 2014

10 Cybersecurity Tips For Small Business

I just came across this when reviewing tweets sent by DHS's Cybersecurity team (@cyber) from the RSA Conference. 

Ten Cybersecurity Tips For Small Business

These commonsense tips are always worth repeating.  It never hurts to reiterate these basic tenants of cyber/information security with your staff and IT team members.

2014-02-26 Link of the Day: Microsoft EMET 5.0 Technical Preview

Yesterday Microsoft released the latest upgrade to its Enhanced Mitigation Experience Toolkit, EMET 5.0 Technical Preview.  This FREE tool promises "to disrupt and block the attacks that we have detected and analyzed over the past several months."  Technically this is a beta release & customer input will be used to address any issues before the final release.

You can learn more and download EMET 5.0 Technical Preview here.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Monday, February 24, 2014

Apple releases security update for iOS & other products

Time to patch your iDevices by upgrading to iOS 7.0.6.  This one deals with a vulnerability in SSL that could allow an attacker to view/capture, and possibly manipulate, data.

US-CERT Advisory

More info from SearchSecurity

2014-02-24 Link of the Day: US Dept. of Homeland Security's Cybersecurity resources

Happy Monday!  Today I am giving the link to the US Dept. of Homeland Security's Cybersecurity resources page.  Lot's of good stuff here with links to many other useful resources.

Friday, February 21, 2014

2014-02-21 Link of the Day: Crystal Anti-Exploit Protection (CrystalAEP)

Today's product is Crystal Anti-Exploit Protection (CrystalAEP).  It was brought to my attention by a friend and seems like an interesting concept in anti-malware applications.  The application does not use signatures like traditional anti-malware software.  From the vendors website:
"CrystalAEP is designed to provide frontline protection against Internet-borne threats such as viruses and malware. Unlike the typical anti-virus program, Crystal does not attempt to recognise threats based on signatures, and does not require constant updating to protect against the latest threats. Crystal works instead by manipulating at-risk software while it runs to help form an environment which is hostile to Internet worms, malware and other types of malicious code."

For the record, I have neither installed nor tested this product.  Time providing I will install and test it over the next few weeks.  Upon completion I will release my results.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

More on Microsoft Security Advisory 2934088

Here is a technical explanation of Security Advisory 2934088 from SecurityWeek.  It explains how the vulnerability allows an attacker to use JavaScript to manipulate the use-after-free condition and Adobe Flash to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).

Microsoft Releases Fix It Tool to Address IE 10 Attacks

From the article above, Microsoft's Security Response Center's Neil Sikka's explanation & remediation steps (includes a link to the FixIt tool).

Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322

Thursday, February 20, 2014

Cryptolocker Scambles U.S. Law Firm's Entire Cache of Legal Files

From CIO magazine, a classic example of why SMB's must take security seriously:

Cryptolocker Scambles U.S. Law Firm's Entire Cache of Legal Files

MS Releases Emergency Fixit Tool To Address Active IE 9 & 10 Exploit (Security Advisory 2934088)

Microsoft has just released a Fixit tool to remediate a security issue in IE 9 and 10.  The exploit addressed in Security Advisory 2934088 is being actively exploited & allows for remote code execution on the vulnerable system.

Seriously consider applying this patch in an expedited manner.  At the very least deploy it to desktop and other end user devices running the affected application and OS as soon as you can.  These systems are usually used for web surfing and are the machines most likely to be compromised.  Also make sure any/all malware protection programs deployed on your network have updates that can protect users from this attack until you have fully deployed the Fixit tool.

2014-02-20 Link of the Day: Microsoft Attack Surface Analyzer

After an absence I am happy to be back blogging.  Here is a FREE security tool from Microsoft called Attack Surface Analyzer.

Microsoft Attack Surface Analyzer is a freeware security program for Microsoft Windows Vista and above.  The purpose of this tool is to provide insight into changes made to a system after a new application has been installed.  This is especially useful for IT security professionals working with software developers and at organizations using custom applications.  By analyzing changes to the systems overall attack surface any security issues introduced by the new application are identified for remediation.

For more information on how Attack Surface Analyzer can help your organization see this great article, "Improving Security Using Attack Surface Analyzer", by Solomon Lukie.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.