Security Protection – Harry Waldron MVP Rotating Header Image

Computer Hardware – Gartner warns of price increase in 2nd half 2015

http://www.computerworld.com/article/2916485/computer-hardware/pc-prices-to-go-up-later-this-year-gartner-warns.html

PC prices have enjoyed record lows for many years now, but buyers might have to shell out a few more bucks for their desired laptop or desktop later this year. Research firm Gartner is sounding the alarm that PC prices might go up later this year due to recent currency fluctuations. The effect may especially be felt in Europe and Japan, where local currencies are weakening against the U.S. dollar. The alternative to rising prices is fewer features. PC makers might opt for less memory, a cheaper webcam or a lower-capacity hard drive to avoid higher prices. PC makers do something similar every holiday shopping season when they sell computers at rock-bottom prices. Businesses will likely cut the PC purchases by 20 percent this year, Gartner said.

Windows 10 Phone – Review of preview version

The Windows 10 phone O/S was tested by Redmond Magazine as described in article below

http://redmondmag.com/articles/2015/04/14/first-look-at-windows-phone-10.aspx

We’re getting closer to the much anticipated release of Windows 10 and the gifts from Redmond just keep coming. Recently, Microsoft announced a preview of what many are referring to as Windows Phone 10 (the more official name seems to be Windows 10 for Phones).

The initial preview release is somewhat limited in that the OS will only run on specific models of Windows phones. I couldn’t risk installing the preview on my “production” phone and none of my lab phones were supported. Some Web sites have published hacks for installing Windows Phone 10 onto unsupported devices, but I didn’t want to risk bricking a lab phone. Besides, I wanted to experience the preview as Microsoft intended. Uortunately, there was an easy solution. I was able to get an AT&T Nokia Lumia 635 No Contract GoPhone from Amazon for under $50. Upon receiving the device I was able to install the Windows Phone preview onto it very easily.

Microsoft 2015 BUILD conference – April 29, 2015 announcements

A summary of all major announcements on “Day One” of the Microsoft 2015 BUILD conference are summarized in link below:

http://thenextweb.com/insider/2015/04/29/everything-microsoft-announced-at-its-build-developer-conference-day-1/

Key topical areas include:

.NET Core preview opens to Mac and Linux
Visual Studio Code goes live
New Azure services arrive
Office Graph API allows cross-platform integrations for Office 2016
WINDOWS 10 news!
Run universal Windows apps on desktop
Android and iOS apps arrive on Windows 10
Spartan browser gets an official name: Microsoft Edge
Windows 10 continuum for phones
Windows Holographic demo

Windows 10 – Microsoft Announces new EDGE browser

As Windows 10 development continues, Microsoft formally announced that the browser being developed under “Project Spartan”, will be called “Edge”.  It will be the default browser and will contain all the innovations.  IE11 will also ship as a secondary browser so that Windows 10 can still interact with legacy websites as needed

http://www.pcmag.com/article2/0,2817,2483459,00.asp

Among the many fascinating reveals in the opening keynote of the Microsoft Build 2015 developer conference—Android and iOS code running on Windows phones, holograms that can attach themselves to physical robots, and Visual Studio for Mac and Linux—was the Microsoft Edge browser.

Internet Explorer’s more modern and fast successor, previously code-named Project Spartan, is now Edge, and one of its most notable new features is extensions. Edge also maintains Spartan innovations like page markup, reading view, and Cortana integration. It’s also a Universal Windows app, meaning one application runs on PCs, phones, tablets, and whatever other Windows-running devices emerge.

Perhaps Edge’s greatest asset is that it’s not Internet Explorer, which, even after lots of improvements in speed and tightened design, was one of the most reviled pieces of software in history. Though Edge’s icon still sports an “E,” it really isn’t IE. Even underneath, it runs a new page-rendering engine called…wait for it—Edge. Yes, that was the name of Project Spartan’s engine, and it has now been elevated to the full product name. It tops IE’s longtime Trident engine in speed and compatibility with new Web standards such as HTML5.

Windows 10 will still ship with IE11 for legacy compatibility, especially for corporate intranets and other entreprise Web apps, but it won’t get new features and Edge will be the default browser.

Malware – IRC Botnet attacks continue with greater sophistication

ZScaler security labs shares an informative analysis on IRC based attacks which have diminished since their peak back in 2007. However, these attacks are still present and have grown in sophistication even though attacks today are more likely in other vectors.

http://www.darkreading.com/vulnerabilities—threats/irc-botnets-are-not-quite-dead-yet/d/d-id/1320212

Far from going the way of the dodo as many had surmised, Internet Relay Chat (IRC) botnets are alive and thriving.  A new study by security vendor Zscaler shows that IRC botnets, while not growing at a particularly rapid rate, continue to be active and have incorporated several new features over the years that make them as a potent a threat as ever.

While the core C&C communication protocol that is used remains IRC, several new features have been added that make them comparable to some of the more sophisticated web-based botnets out there, he said. For example, IRC botnet operators these days use multiple servers and channels for command and control purposes, so they no longer have a single point of failure like before.

The link to ZScaler security labs more in-depth report is as follows:

http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html

An IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel. It usually involves a Botnet operator controlling the IRC bots through a previously configured IRC server & channel. The Botnet operator, after appropriate checks, periodically moves the IRC bot to a new IRC channel to thwart researchers & automated sandboxes from monitoring the commands.  In this blog, we will look at one of the most prevalent IRC based malware families – DorkBot, followed by three additional IRC Botnet families – RageBot, Phorpiex, and IRCBot.HI.

Security Awareness – Corporate Security programs are challenging

An excellent article below shares challenges in creating an effective security awareness program.  Security professionals must adjust for differing audiences to effectively communicate dangers and best practices throughout the company.  The key challenge is to present risks and safety practices in business terms or other ways that are more clearly understood

http://www.darkreading.com/to-evangelize-security-get-out-of-your-comfort-zone/a/d-id/1320181

IT security, I’ve learned, is a tight-knit community of people who “get it” — that ethical security research is an essential part of the industry, that signatures are no longer enough, that a certain amount of risk is inherent in any enterprise security plan. Certain themes are accepted as truth, certain cost/benefit ratios are accepted as conventional wisdom. We argue over strategies, but we agree on most of the basic principles. When you’re at a security conference, it’s sort of like living in your home town

When we move outside of our own circles, however, we members of the security community often find ourselves on unfamiliar ground. Here at Interop, for example, an audience of CIOs and data center professionals consider security an important plank in the IT platform — but not the only consideration. Issues of business, bandwidth, performance, and storage play just as important a role as security — and priorities may differ according to the situation. Security messages and practices must be taken in the context of a broader pallette of IT disciplines.

If we want security issues to be recognized by the world, we’ll have to step out of our community — and our comfort zone — and bring our most important messages to more general IT and business audiences. A home town is a great place to live, but it only reaches so far.

Malicious Advertising – Transparent Ad overlays Coloring Page site

A full screen transparent (invisible to user) malicious advertisting web page overlays a site containing coloring pages for kids. Malwarebytes warns of this special danger in the following post

https://blog.malwarebytes.org/privacy-2/2015/04/ads-on-colouring-pages-website-lead-to-installs-explicit-content/

Today, we came across a website called “Best Arts Wallpaper Online 2015″ which offers colouring pages intended to be printed / drawn on by the smaller members of your family. The site features Minions (From Despicable Me), My Little Pony, Batman, Mario, Looney Tunes and more – clearly, there’s a wide range of interests on offer.

The page is overlaid with a transparent full-window ad (the page doesn’t look as grey once the advert is gone) – you can see the “x” in the top right hand corner. Clicking the visible banner in the middle will take you to the ad. However, clicking anywhere else on the page with the exception of the “x” will still cause it to act as though the ad in the middle of the page had been clicked – and you’ll also have the possibility of another window opening containing entirely unrelated content.

Clearly, this isn’t somewhere you want the intended audience hanging out as they grab pages for you to print. There’s no real way to know what they may end up installing, and as for the last example – who knows where some of those URLs might lead.

Here’s some safer examples of colouring in for you and your family to make use of:

Disney – Colouring in
BBC – Crafts and colouring in
Crayola – Colouring in
LEGO – Colouring in
Nick Jr – Colouring in

Microsoft Silverlight – Security Defense techniques

Tech Target shares an informative article on key best practices to ensure safety. These include staying on latest version, deploying patches promptly, avoiding potentially malicious sites, and user security awareness. Those safety tips apply universally to almost all software products.

http://searchsecurity.techtarget.com/tip/Silverlight-security-Defending-against-browser-plug-in-attacks

The Silverlight browser plug-in is Microsoft’s answer to Adobe Flash. Although it’s nowhere near as well-known, Silverlight is used by Netflix for its instant video streaming service. Until recently, Silverlight has escaped the attention of hackers who have focused on more common browser plug-ins like Java, Flash and Adobe’s Acrobat Reader. However, now that it has been successfully exploited, Silverlight is increasingly becoming an attack vector for those looking to infect and compromise users’ computers.

There are many similarities between Java and Silverlight. Both run in a sandbox with low privileges by default that restrict access to the device’s file system and other system resources. Any attack must be able to break the sandbox to be viable. Security researchers have noticed that exploit kits such as Fiesta, Nuclear, RIG and Angler — which in the past mainly targeted Java-based exploits — now include attacks that target vulnerabilities in Silverlight.

The attacks typically rely on luring a user to a hacker-controlled website, checking if their device has Silverlight installed, and then attempting to exploit a vulnerability to infect the victim’s system. These drive-by attacks are also used to exploit vulnerabilities in other browser plugins.

The frustrating thing is that many of these attacks take advantage of vulnerabilities for which vendors have already issued patches. As always, enterprises need to ensure that their users’ operating system and application software is kept up to date and that the devices are not running older versions longer than absolutely necessary. Administrators should configure the Silverlight auto-updater for all network users and prevent users from changing the update settings. If Silverlight is not deemed essential in your enterprise, the plug-in could potentially be banned.

Before an attack can even exploit a Silverlight vulnerability, the hacker has to trick a user into visiting a webpage that’s hosting its attack code, typically by getting them to click a link in an email or instant message that takes them to the malicious page. Enterprises must reinforce the message of not clicking on links from unknown sources; this remains a very important aspect of security awareness training.

 

 

EMAIL SPAM – Dalexis and CTB-Locker malicious threat

EMAIL SPAM is often harmful with malicious website links or downloader agents that install even more software including harmful ransomware agents that can encrypt user files on the computer.  The ISC documents an advanced and harmful new attack as follows:

https://isc.sans.edu/forums/diary/DalexisCTBLocker+malspam+campaign/19641/

Dalexis is a malware downloader.  It drops a CAB file with embedded document that’s opened on a user’s computer then downloads more malware.  Dalexis is often used to deliver CTB-Locker.  CTB-Locker is ransomware that encrypts files on your computer.  In exchange for a ransom payment, the malware authors will provide a key to decrypt your files.  Behavior of this malware is well-documented, but small changes often occur as new waves of malspam are sent out.

ADDITIONAL LINKS

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Dalexis#tab=2

https://heimdalsecurity.com/blog/ctb-locker-ransomware/

https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker

https://techhelplist.com/index.php/spam-list/796-your-account-has-been-something-bad-various-malware

Word Press – ZERO DAY Security Alerts April 2015

Word Press administrators, developers and users should monitor these new vulnerabilities for further developments

https://threatpost.com/wordpress-ecommerce-plugin-vulnerability-details-disclosed/112500

https://threatpost.com/details-on-wordpress-zero-day-disclosed/112435

https://www.htbridge.com/advisory/HTB23254

WORD PRESS CORE ENGINE WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of Klikki Oy reported a new and unpatched stored cross-site scripting vulnerability in the platform; a similar bug was patched this week by WordPress developers, but only 14 months after it was reported. The vulnerability allows an attacker to inject JavaScript in the WordPress comment field; the comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed, Pynnonen said.

WORD PRESS CARTPRESS E-COMMERNCE PLUG-IN Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin. These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched. The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received. “Currently, we are not aware of any official solution for this vulnerability,” the advisory says. CartPress will no longer be supported as of June 1. “We recommend disabling or removing the vulnerable plugin as a workaround.” According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.