Security Protection – Harry Waldron (WP) Rotating Header Image

EMAIL 419 SCAM – Free World Cup 2014 tickets

A new variant of the 419 scam uses both monetary amounts and Free World Cup 2014 finals tickets to lure individuals in revealing bank account and other sensitive information.  These spammed emails should be deleted.

http://blog.malwarebytes.org/fraud-scam/2014/04/world-cup-2014-cash-prize-tickets-email-is-a-419-scam/

QUOTE; From the spam traps: a World Cup 2014 419 missive, with a wonderfully enlightening subject line: “gkxzhlfgjs‏”.  This is, of course, complete nonsense and if you see one of these in your Inbox feel free to send it straight to the trash. You won’t receive free tickets, or a cash prize or anything else for that matter – all they want is the money in your bank account and they’ll spin out any set of lies required to get their hands on it.  It reads:

Dear Email User, We wish to inform you that your email address was generated during the announcement of the Brazil 2014 world cup kick-off days and time for the world cup finals in Brazil and won GBP 3000.000.00,Three Million Pounds CASH plus 2 tickets to watch the opening match to take place in Sao Paulo on June 12 2014 at 5pm local time and the final, on July 13 2014, at the iconic Maracana stadium (in Rio de Janeiro), at 4pm local time. The notification was send to you because your email address is active online and your reference number is Brazil912/2014. this was in conjunction with the South African LOC Team (Local Organizing Committee) FIFA2010 and Brazilian LOC (Local Organizing Committee) Team FIFA2014.

HeartBleed Open SSL vulnerability – How to test using NMAP

The ISC shares techniques for testing vulnerable Open SSL sites using NMAP, which is an excellent free PENTEST tool used in network vulnerability testing

https://isc.sans.edu/forums/diary/Testing+your+website+for+the+heartbleed+vulnerability+with+nmap/17991

QUOTE: We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this vulnerability using a reliable tool as nmap.  You just need to trigger a version scan (-sV) along with the script (ssl-heartbleed). The following example with show a command that will scan 192.168.0.107 for this bug:  nmap -sV 192.168.0.107 –script=ssl-heartbleed

Heartbleed – Arrest made in Canada for hacking tax agency records

This is likely someone capitalizing on use of the exploit itself (not original developer)

http://money.cnn.com/2014/04/16/technology/security/canada-heartbleed/index.html

QUOTE: Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country’s tax agency. Shortly after the Internet bug was revealed to the world last week, the Canada Revenue Agency suffered a data breach that leaked the Social Insurance Numbers of about 900 taxpayers. The agency was forced to shut down its website temporarily to prevent further theft of sensitive personal information. On Wednesday, the Royal Canadian Mounted Police said it arrested 19-year-old Stephen Arthuro Solis-Reyes at his London, Ontario home a day earlier. During the police raid, agents seized computer equipment as evidence. Solis-Reyes now faces two counts of computer-related crimes.  The arrest appears to be the first related to the Heartbleed bug since it was discovered last week.

HeartBleed – List of Major sites where passwords should be changed

A “zero day” attack for this Open SSL flaw has been undetected for two or more years.  The changing of static passwords at least annually is always a beneficial best practice. Some of the MAJOR impacted sites are listed below:

IMPACTED SITES YOU SHOULD SHOULD CHANGE PASSWORDS FOR: Yahoo, Flickr, Tumblr, Blogger/Blogspot, Dropbox, Facebook, Electronic Frontier Foundation, Etsy, Google, Imgur, Instagram, Netflix, Pinterest, Stack Overflow, Twitter, Wikipedia, Woot, WordPress.com/Wordpress.org and YouTube

SITES WITH STRONGER SECURITY AND NOT LIKELY IMPACTED INCLUDE: Amazon, AOL, Apple, Ask.com, Bank of America, Bing, Buzzfeed, Capital One, Chase, CNET, Craigslist, eBay, ESPN, Evernote, GoDaddy, Hotmail, HSBC, Huffington Post, Intuit, LinkedIn, Live.com, Microsoft, Newegg, The New York Times, PayPal, Reddit, Salesforce, Target, TD Bank, Walmart, Wells Fargo and Zillow.

MAJOR SITES INITIALLY IMPACTED (While most sites have been fixed – if it was on initial list as vulnerable Passwords should be revised) https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

SITE TESTING LINK (many sites with special security controls may not allow test to work) http://filippo.io/Heartbleed/

GOOD CONSOLIDATION OF IMPACTS & GUIDELINES http://www.tomsguide.com/us/heartbleed-bug-to-do-list,news-18588.html

Malware – HEARTBLEED Open SSL vulnerability

 

The ISC has escalated to rare YELLOW ALERT status and it is important for administrators to patch expediently and for users to change passwords for email, banking, and other sites that may have been affected.

https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921

http://www.f-secure.com/weblog/archives/00002694.html

http://www.komando.com/blog/247387/super-bug-exposes-your-information-on-tons-of-websites

http://heartbleed.com/

QUOTE: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Malwarebytes v2.0 – Documentation and additional resources

Additional information shared by fellow security professionals is noted below on how to use the product and the new features effectively:

The online guide is available here:

http://www.malwarebytes.org/support/guides/mbam/

PDF version available here:

http://static-cdn.malwarebytes.org/assets/userguides/2014-03-10/MalwarebytesAntiMalwareUserGuide.pdf

Quick Scan –> Threat Scan — Threat Scan is the primary scan to choose because in almost all cases it catches all malware that a “Full Scan” would in less time. It scans for threats in all of the locations that malware likes to hide on your system, and ignoring places that it doesn’t.  Generally, all that is needed is a Threat Scan.

Flash Scan –> Hyper Scan — (Only available with Malwarebytes Premium)  This was renamed because with the word “flash”, it can be implied that this scan will search flash memory devices such as flash drives/thumbsticks, which it does not. This type of scan primarily searches for malicious processes that are currently running in memory. Because it takes less time to perform than a Threat Scan, it was renamed “Hyper Scan” to avoid the confusion with “flash”.

Full Scan –> Custom Scan — A custom scan can be used to perform a full scan, that is, scanning every file and folder on every drive connected to the system. However, that’s not its only function.  A few specific directories can be selected as well instead of simply scanning everything.

For any issues with Malwarebytes Anti-Malware 2.0 the development team recommend you start a new topic and report them here:

https://forums.malwarebytes.org/index.php?showforum=41

Hardware – Advantages and Disadvantages of physically shutting down PC

Interesting & updated article below from Kim Komando on pros/cons of physically powering off desktops or laptops when not in use.  I usually have always done that without major issues. One key advantage is that Windows Updates are often installed during the power off process. Also, when there is a potential for T-Storms everything gets physically unplugged including DSL.  Conversely, there are benefits in performing overnight defrags, AV scans, or other maintenance functions.  Leaving a system on/off is more a usage consideration than one which saves equipment these days.

http://www.komando.com/tips/11929/should-you-shut-down-your-computer-at-night

QUOTE: For decades, the debate has raged over whether you should leave your computer on every single second or give it regular rest. Both sides believe their way is better for a computer’s life. The shut-it-down crowd believes that leaving it on and working will wear out components faster and shorten your computer’s life.  The leave-it-on crew believes that repeated shutdowns and startups will wear out components faster and shorten your computer’s life. In other words, they’re worried about the same thing for completely opposite reasons. So, who is right, and what does it mean for you?

Malwarebytes v2.0 – FAQs and Press announcement

More details on this great new product release:

http://blog.malwarebytes.org/news/2014/03/malwarebytes-anti-malware-2-0/

QUOTE: We have also built in and improved our Anti-Rootkit and Chameleon self-protection technologies, which have been in beta for the past year. Additionally, we’ve rewritten Malicious Website Blocking and improved native x64 support.  Most importantly, our detection and removal engine was significantly improved under the hood and kicks even more malware butt!  With the launch of 2.0, we’ll also be moving to a subscription licensing model, $24.95 per year. As more and more people have come to rely on us for malware protection and cleanup, our costs in bandwidth, hosting fees, infrastructure, salaries of our researchers, QA department and more have grown immensely. Though our company is about more than just making money, we are a company and we do have to make money to pay our staff to continue doing what they love, which is fighting malware.

ADDITIONAL LINKS

http://securitywatch.pcmag.com/security-software/322084-malwarebytes-2-0-still-tough-on-malware-now-with-a-pretty-face

http://www.pcmag.com/article2/0,2817,2455505,00.asp

Microsoft – System Development Lifecycle story to implement TWC

An excellent historical recap of how security was strategically integrated into Microsoft’s development process.

http://www.microsoft.com/security/sdl/story/

QUOTE: Across thousands of developers and millions of lines of code, one company learns to build secure software in an increasingly insecure world.  It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm — a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious. At the time, ABC News reported that, in just two weeks, more than 300,000 computers around the world were infected with Code Red — including some at the U.S. Department of Defense and Department of Justice.

Mobile Security – Marble Labs Study of applications with high risk

Communications and social media application plug-ins may create greatest risk of privacy and security according to excellent study performed by Marble Labs during Q1 2014.

http://www.marblesecurity.com/wp-content/uploads/2014/03/Marble-Mobile-App-Threat-Report-March_2014_0317.pdf

http://securitywatch.pcmag.com/none/321703-the-10-riskiest-mobile-app-types

QUOTE: Communication apps topped the list; over ten percent of them got tagged as risky. Social media apps came next, around nine percent risky. Somewhat to my surprise, the “news and magazines” category was third, with a bit over eight percent risky apps. Safest of all, according to this study, were game apps, with less than one percent of them identified as risky. The full report points out that consumers may well accept risk levels that businesses wouldn’t. Data leakage in particular is more of a business problem. It concludes, “Companies should monitor or restrict use of these apps on devices that connect to corporate networks, data or online cloud services. Risk-based restrictions are more important than ever, given the ever-growing number of apps and the increased use of mobile devices in the enterprise.”