Security Protection – Harry Waldron MVP Rotating Header Image

November 19th, 2012:

Cool Exploit Kit – Possible new variant of Blackhole Exploit kit

The new “Cool Exploit Kit” appears to be a new and improved variant of Blackhole Exploit kit

http://www.f-secure.com/weblog/archives/00002458.html

QUOTE: Exploit kits are still making rounds, nothing new there. But in addition to the popular Blackhole Exploit Kit, a new kid on the block emerges which has been dubbed as Cool Exploit Kit. It’s very interesting to see how these two actually fare against each other… So is Cool really better? With all these “differences”, it appears that Cool and Blackhole are more than just a tiny bit related. And it wasn’t only us that notices that there’s a high chance that both kits have the same author.

Google Android 4.2 – Will offer Application malware scanning service

Google will offer a new malware scanning service that can help identify malicious applications as documented below.

http://securitywatch.pcmag.com/none/305131-google-to-verify-android-apps-in-jellybean-update

QUOTE:  Users with Android 4.2 (Jelly Bean) devices will have the option of scanning apps installed on their devices to identify malicious apps, Google engineer Michael Morrissey wrote in a Google+ post on Wednesday. The new mechanism would complement the existing Bouncer technology, which scans apps as they are uploaded to Google Play to detect and remove malicious apps, by scanning apps as they are installed on the device.

We will check for potentially harmful applications no matter where you are installing them from,” wrote Morrissey, a member of the Android Security team.  Google has already begun rolling out this feature to Nexus 7 and Galaxy Nexus devices as an over-the-air Jelly Bean 4.2 update. The app verifier is enabled by default, according to a Web page describing the security settings in the Nexus 4.

Adobe – Password Database breach impacts 230 users

Almost every month, new online password breaches are reported.  In this case, a relatively small group of users were impacted.  As noted, strong passwords and periodic changes are best practices that can help mitigate these attacks

https://isc.sans.edu/diary.html?storyid=14515

https://blogs.adobe.com/adobeconnect/2012/11/connectusers-com-forum-outage-following-database-compromise.html http://arstechnica.com/security/2012/11/adobe-breach-reportedly-spills-easy-to-crack-password-hashes/

QUOTE: Adobe has revealed that apparently a password database was compromised via a SQL injection attack. Ars Technica reports that the passwords were hashed using MD5 (not clear whether they were salted or not). Do we really need to remind you what constitutes a strong password and not to reuse them?  Adobe officials are investigating the breach of an online user forum related to its Connect conferencing software following a report that 230 names, e-mail addresses, and cryptographically hashed passwords were leaked online.

Some previous password diaries that might be of interest:

Potential leak of 6.5+ million LinkedIn password hashes

Critical Control 11: Account Monitoring and Control

Theoretical and Practical Password Entropy

An Impromptu Lesson on Passwords

Password Rules: Change them every 25 years (or when you know the target has been compromised)

Facebook – College Admissions often evaluates candidates online history

High school students seeking college admission or employment should be always be careful with content posted on Facebook

http://facecrooks.com/Internet-Safety-Privacy/Over-25-of-Colleges-Now-Prying-Into-High-Schoolers%e2%80%99-Facebook-Profiles.html

QUOTE: According to a recent Kaplan Test Prep survey, which polled 350 admissions officers from colleges all over the country, over 25 percent said they had looked up applicants on Facebook and Google. Many high school students are now taking steps that were common place among older college students entering the job market: they’re changing their names on Facebook, or they are ditching the site altogether.  The same Kaplan survey found that 15 percent of schools have a rigid social media policy when it comes to admissions. That may not seem like a lot, but compared to the college admissions climate even just a few short years ago, it accounts for many schools.

According to Nancy McDuff, associate vice president for admissions and enrollment management at the University of Georgia, students open themselves up to inquiries from schools when they put themselves out there online. “If a student mentions something in their application that isn’t well explained, and you’re looking for more information, you may check their Facebook,” she told Time Magazine. “They’re writing about themselves. That’s no different from what a guidance counselor may write about them when they ask for someone to write a letter of recommendation.”

 

Ten Thousand Identity Fraud gangs active in United States

This article shares alarming statistics on how large identity theft has become in our nation:

http://redtape.nbcnews.com/_news/2012/11/14/15144350-10000-id-fraud-gangs-active-in-us-especially-the-southeast-study-finds?lite=obinsite

QUOTE: There are 10,000 active identity theft crime rings across the United States, with the greatest concentration in a “ring of fraud” that stretches across the Southeast from Virginia to Mississippi, according to a new report by fraud-fighting firm ID Analytics.

A majority of these rings are what the firm calls “Friends & Family” groups, not professional criminal organizations, the report concludes. The rings are most highly concentrated in Washington D.C.; Detroit; Tampa, Fla.; Greenville, Miss., Macon, Georgia; and Montgomery, Ala., the report found.

ID Analytics compiled the results by examining its massive database of credit applications and other identity “risk events,” which now includes 1.7 billion entries.  The firm cross references credit applications from major banks, auto dealers, wireless firms and other credit grantors looking for evidence of systematic identity fraud.

Holiday Shopping 2012 – Avoid online scams

As the Holiday shopping season officially starts this weekend, please be careful as scams and malware attacks are actively circulating

http://www.technewsdaily.com/15546-black-friday-scams.html

QUOTE: Black Friday, the day after Thanksgiving, marks the start of the American holiday shopping season. Brick-and-mortar retailers gear up for it by offering gargantuan sales to get shoppers in the doors. But they’re not they only ones getting ready. Cybercriminals are prepping their online wares too.  Many of the scams also target Cyber Monday, which falls on the Monday after Thanksgiving. For the past few years, Cyber Monday has been the biggest day for online retailers, who entice customers with special “one day only!” promotions. Search the Web for “Black Friday” and there will be thousands of sites promoting sales and discount codes. The sad thing is, a lot of the sites are fake.

Below are Safety Tips for shopping online from last year:

http://www.technewsdaily.com/7346-cyber-monday-safety-tips.html

Additional Home Security tips are noted below:

http://www.technewsdaily.com/8177-10-home-security-tips.html

OPSWAT – Free Security Evaluation tool

This new scanning tool can evaluate and measure the completeness and strength of workstation security

http://www.opswat.com/products/security-score

QUOTE: OPSWAT Security Score is a free tool that scans your computer for the status of your installed security applications and provides a score along with recommendations on how to improve both the score and the security of your device. Download it now to find out your security score!  The OPSWAT Security Score tool is powered by OPSWAT’s OESIS Framework, a development toolkit that can be integrated to solutions to enable detection and management of antivirus, antiphishing, backup, patch management, firewall, public file sharing, hard disk encryption and many other types of third party applications. Security Score uses OESIS to scan your computer for the presence of these types of applications and to get information about their current status.

Avira Security – Symptoms of Malware Infection

Home users should note these symptoms that might point to a possible malware infection as documented by Avira security

http://techblog.avira.com/2012/10/30/security-101-october-2012/en/

QUOTE: Usually, if your computer is performing strangely, this is a good sign of being infected with malware. “Strange” can mean one or more of the following symptoms:

– Heavy CPU processing – Too much RAM consumed – High network activity – Runs overall slower – Doesn’t enter in the standby mode anymore – Programs takes longer than usual to open

You see strange errors popping up on the screen, including BSOD (blue-screen-of-death – aka complete operating system crash)