Security Protection – Harry Waldron MVP Rotating Header Image

Abode Flash – Major Zero-Day Malware Advertising attacks for 2 Months

An estimated ONE BILLION visits may have occurred at major infected websites, from DEC 2014 through FEB 2015 as documented below. Clicking on a malicious advertising link had the potential to drop the Cryptowall Ransomware agent onto vulnerable systems.

http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092

RSA CONFERENCE — San Francisco — Cybercriminals deployed an Adobe Flash Player zero-day exploit embedded in online ads for close to two months in an attack that targeted US users with a ransomware payload, researchers said here today.

The use-after-free vulnerability, CVE 2015-0313, was patched by Adobe on Feb. 2, and the day after, the attack campaign came to a screeching halt, according to researchers at Malwarebytes, which traced the zero-day’s lifecycle after their systems detected the attacks in December of last year. The attackers injected the malware-ridden ads on the websites of Dailymotion, Huffington Post, answers.com, New York Daily News, HowToGeek.com, tagged.com, as well as a handful of other sites.

“A zero-day was under everybody’s nose for two months on top websites,” says Pedro Bustamante, director of special projects for Malwarebytes. Bustamante says the researchers had never before seen a malvertising campaign like this one. The attackers used a popular advertising network, which Malwarebytes did not name but said is ranked as the number one such network by Comscore.

Malwarebytes doesn’t have a head count of victims hit with the ransomware, but traffic to the infected sites reached over 1 billion in February of this year. Not all of those victims obviously were infected–they would have to click on the infected ad, and meet the demographics the attackers were looking for, which were US consumers behind residential IP addresses.   The attackers used the HanJuan exploit kit, which was hosted on rotating domains to evade detection. It drops CryptoWall ransomware for click fraud purposes. The attackers appear to be “a highly professional operation” given the use of an 0day for months on high-profile sites, Jerome Segura, senior security researcher at Malwarebytes wrote in a report on the attacks.

Leadership skills – Building Team Member Confidence

John Maxwell features excellent blog on project management and leadership skills. This post focuses on how to encourage team members to better believe in their own capabilities as they are stretched by new challenges

http://www.johnmaxwell.com/blog/be-a-belief-magnet

When I speak to people, whether in a crowd or one-on-one, I make it my goal to increase their belief in themselves. I want to share my belief and do things with them until one day it’s not my belief in them, but it’s their belief in themselves. That’s what I call the ultimate transfer of a leader. It’s when leaders take the belief that they have for their people and pass it on until the people own it. It’s not borrowed. That’s always my goal, to help people to get to that belief level. Here’s how I share my belief in people and help them find that belief in themselves.

1. Affirmation - When people sense that we believe in their potential and desire to be successful, it literally draws them in.
2. Mentoring - team needs to feel excitement of little victories and experience successes
3. Equipping - Provide the specific tools and skills that they need to be successful
4. Practice - We need to put in the work and do the tasks before getting to the final stage.
5. Victory - Nothing, nothing, nothing helps a person’s belief in self like success.

As a leader, I encourage you to set people up for success. When you believe in them to start with, and communicate that belief, you become a magnet, drawing them to you. Then when you mentor and equip them, you’re giving them the tools and experiences that keep them on the path with you. Finally, when you allow them to own the victory, you help them make your belief their own.

ISC YELLOW ALERT — MS15-034 IIS DoS exploits actively circulating

A rare Yellow Alert was recently declared by Internet Storm Center to promote awareness on the need to patch IIS environment, as MS15-034 denial of service exploits are actively circulating in the wild. The ISC also recently updated MS15-034 as a “PATCH NOW” for IIS installations. 

https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/

http://www.darkreading.com/vulnerabilities—threats/microsoft-zero-day-bug-being-exploited-in-the-wild/d/d-id/1319988

https://blog.sucuri.net/2015/04/website-firewall-critical-microsoft-iis-vulnerability-ms15-034.html

Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server (IIS) . The patch was released on Tuesday (April 14th) as part of Microsoft’s Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.  Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the “detection” version of the exploit. The scans appear to be “Internet wide”.

Microsoft Security Updates – APRIL 2015

Critical security updates to Microsoft Windows, Office, IE, and other products became available on Patch Tuesday and users should promptly update for the best levels of protection against new threats

https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+April+2015/19577/

http://technet.microsoft.com/en-us/security/bulletin/ms15-apr

SIMDA – Major Botnet shutdown on April 9th

A major BOTNET was shutdown last week as the FBI & Interpol seized 14 command-and-control servers.  Microsoft, Kaspersky, Trend, and other major software vendors participated in helping take down this former threat.   

http://www.techweekeurope.co.uk/security/interpol-simda-botnet-166373

https://securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/

https://grahamcluley.com/2015/04/simda-check/

Microsoft MMPC -SIMDA Blog post

On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime Unit (NHTCU), the FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by the INTERPOL National Central Bureau in Moscow.

As a result of this takedown 14 C&C servers were seized in the Netherlands, USA, Luxembourg, Poland and Russia. Preliminary analysis of some of the sinkholed server logs revealed a list of 190 countries affected by the Simda botnet. Microsoft said it measured about 128,000 new Simda.AT infections each month for the past six months, with a sharp increase in recent weeks, registering 90,000 new infections in the US alone in the first two months of 2015. The countries most affected include the US, the UK, Turkey, Canada and Russia, according to Interpol.

Kaspersky IP CHECK to see if PC was registered as part of BOTNET
https://checkip.kaspersky.com/

Microsoft celebrates 40th anniversary

Microsoft celebrated it’s 40th anniversary as a corporation and there are 40 slides that commemorate the company’s history through the years 

http://www.techradar.com/news/world-of-tech/microsoft-turns-40-here-s-every-milestone-since-1975-1288322

Although the date that Microsoft is generally considered to have started is April 4, 1975, the seeds were sown on the first day of the same year when the MITS Altair 8800 appeared on the cover of Popular Electronics and got the creative juices inside Messrs Allen and Gates going.  From there, they created BASIC, the following month, as the first computer programming language for a PC and sold it to MITS (Micro Instrumentation and Telemetry Systems) of Albuquerque, New Mexico.

Windows 10 – Spartan browser techincal preview review

Network World shares a 12 slide presentation for the new Windows 10 Spartan browser

http://www.networkworld.com/article/2905396/windows/first-look-microsoft-s-new-spartan-browser-for-windows-10.html

The most recent Windows 10 Technical Preview comes with Spartan, a web browser that will eventually replace Internet Explorer. It’s not an updated version of IE under a different name; it’s a new browser that Microsoft built from scratch. Here’s what sets Spartan apart from Internet Explorer.  IE 11 is still part of the Windows Accessories menu for backwards comptability to support corporate legacy website needs.

Facebook – How to turn off automated photo recognition

The Facecrooks security group offers protective techniques to help safeguard privacy to avoid being tagged in photos by Facebooks automated photo recognition software.

http://facecrooks.com/Internet-Safety-Privacy/how-to-turn-off-facebooks-photo-recognition-software.html/

Facebook has a feature that uses facial recognition software to “help” your Facebook friends tag you in their photos. If you have this option enabled, any time one of your friends uploads a photo, Facebook will “suggest” you as a match based on the recommendations of the software.  Thankfully, you do have a choice in whether you want to have the facial recognition feature enabled or disabled. Not surprisingly, it is enabled by default.

If you want to opt-out of this feature, then follow the steps below:

1. You need to access your ’Timeline Settings‘ by clicking the ‘Settings’ link located in the top right corner of your Facebook page.

2. Next, click the  ’Timeline and Tagging‘ link on the left side of your page. Then, you will click the ‘Edit‘ link shown below.

3. Set the ‘Who sees tag suggestions when photos that look like you are uploaded?” to No One.

This feature still may not be available for all users, but now would be a great time to check – especially if you do not want this enabled on your Facebook account.

FBI – Fraud Alert issued for 2015 Tax season

An informative fraud alert for the 2015 tax season was issued a few days by the FBI

http://www.ic3.gov/media/2015/150402.aspx

Criminals are proficient in stealing the personally identifiable information (PII) of individuals to facilitate various fraud activities, including using stolen identity information to file fraudulent tax returns. Once the fraudsters obtain victim PII, they electronically file tax returns and set up pre-paid debit cards or bank accounts to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued.

The fraudsters utilize multiple methods to obtain the information needed to file a tax return. The most popular methods include: computer intrusion, the online purchase of stolen PII, the recruitment of insiders who have legitimate access to sensitive information, the physical theft of computers that contain PII, the impersonation of Internal Revenue Service personnel, and the aggregation of information that is obtained through multiple publicly available Web sites.

Tips to protect yourself:

* Monitor your credit statements for any fraudulent activity.
* Report unauthorized transactions to your bank or credit card company as soon as possible.
* Review a copy of your credit report at least once a year.
* Be cautious of scams requiring you to provide your personal information.
* Do not open email or attachments from unknown individuals.
* Never provide credentials of any sort via email. This includes clicking on links sent via email. Always go to an official website.
* If you use online tax services, double check to ensure your bank account is accurately listed before and after you file your tax return.
* Ensure accounts that are no longer being utilized are properly deleted or scrubbed of sensitive information. Allowing online accounts to become dormant can be risky and make you more susceptible to tax fraud schemes.

FBI – International Corruption squads established

The FBI has just announced improved support to combat fraud on an international basis.

http://www.fbi.gov/news/stories/2015/march/fbi-establishes-international-corruption-squads/fbi-establishes-international-corruption-squads

The FCPA, passed in 1977, makes it illegal for U.S. companies, U.S. persons, and foreign corporations with certain U.S. ties to bribe foreign officials to obtain or retain business overseas. And we take these crimes very seriously—foreign bribery has the ability to impact U.S. financial markets, economic growth, and national security. It also breaks down the international free market system by promoting anti-competitive behavior and, ultimately, makes consumers pay more.

We’re seeing that foreign bribery incidents are increasingly tied to a type of government corruption known as kleptocracy, which is when foreign officials steal from their own government treasuries at the expense of their citizens. (See sidebar for more on kleptocracy). And that’s basically what these foreign officials are doing when they accept bribes in their official capability for personal gain, sometimes using the U.S. banking system to hide and/or launder their criminal proceeds.

The FBI—in conjunction with the Department of Justice’s (DOJ) Fraud Section—recently announced another weapon in the battle against foreign bribery and kleptocracy-related criminal activity: the establishment of three dedicated international corruption squads, based in New York City, Los Angeles, and Washington, D.C

Kleptocracy 101 – A kleptocracy—loosely translated from Greek as “rule by thieves”—is a form of political or government corruption involving officials who steal from their government treasuries to enrich their own personal wealth. Both cases mentioned above were opened under DOJ’s Kleptocracy Asset Recovery Initiative, which—in coordination with the FBI and other federal agencies—seeks to forfeit the proceeds of corruption by foreign officials and, where appropriate, use the recovered assets to benefit the people harmed by the acts of corruption. Both cases, investigated by the FBI, are prime examples of kleptocracy-related criminal activity: Through bribes and other schemes, these “kleptocrats” stole money from their own governments and used the U.S. banking system, among others, to launder the funds.