Security Protection – Harry Waldron MVP Rotating Header Image

November, 2013:

Microsoft Office 2013 SP1 – planned for early 2014

Corporate and business users should track this important change and it’s availability in early 2014:

http://www.zdnet.com/microsoft-office-2013-service-pack-1-to-arrive-in-early-2014-7000023505/

QUOTE: Microsoft is planning to deliver Service Pack (SP) 1 for Office 2013, SharePoint 2013 and Exchange 2013 in early 2014, company officials said on November 20. Microsoft shared a partial list of some of the updates that will be part of the SP1 via blog posts on the Office and Exchange Team blogs. On that list:

* Improved compatibility with Windows 8.1
* Support for Windows Server 2012 R2 for Exchange and SharePoint
* Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across Outlook, Exchange ActiveSync clients, and OWA
* Inclusion of the Edge Transport server role for Exchange Server 2013
* General performance enhancements and feature updates for all the Office 2013 products

McAfee 2013 Q3 Threats – Corporate Digital Trust Issues

McAfee’s Q3 Threats report focuses on Digital Trust concerns:

http://blogs.mcafee.com/executive-perspectives/serious-trust-issues-abound-in-the-mcafee-labs-q3-threats-report

QUOTE: Most important was the issue of whether we question the validity of our digital trust mechanisms upon which our software-driven Digital Age has relied for years. Every organization on the face of the earth relies on security controls, be they on the endpoint or the perimeter, to accept downloaded binaries if they are digitally signed. These digital signatures signify that code originated from a given manufacturer and should be allowed… Security industry leaders have long predicted that it would only be a matter of time before cybercriminals would use compromised certificates at scale to camouflage large numbers of malware. McAfee Labs’ third quarter report suggests that we could, in fact, be approaching that state of “at scale” signed malware.

While the leading code signing certificate authorities (CAs) have worked hard to validate the legitimacy of the customers to whom they sell their certificates, the evolution and commoditization of the certificate authority market has spawned an ecosystem of CAs who are decidedly unconcerned with such reputation measures, as well as a web of retailer relationships that make verification and validation difficult for the top root certificate authorities.

Malware – Fake AV update messages trick users DEC 2013

Symantec documents several fake AV update email or website messages

http://www.symantec.com/connect/blogs/fake-av-software-updates-are-distributing-malware

QUOTE: A new clever way of social engineering spam is going around today that attempts to trick users into running malware on their computers. The methods malware authors are using include emails pretending to be from various antivirus software companies with an important system update required to be installed by the end user, along with attaching a fake hotfix patch file for their antivirus software. The email plays on end user concern over the lack of detection, especially in the face of the latest threats showcased in the media recently, such as the Cryptolocker Trojan. This type of social engineering entices users to open and install the hotfix without using much discretion as to what they may be actually installing.

Cyber Monday safety awareness – December 2, 2013

Symantec shares  safety awareness tips for Cyber Monday …

http://www.symantec.com/connect/blogs/cyber-monday-shoppers-and-retailers-beware-scams-and-attacks

QUOTE:  December 2, 2013 marks Cyber Monday, the day when Internet retailers expect to experience a major surge in traffic thanks to people shopping online for the holiday season. The concept of Cyber Monday, or Mega Monday as it’s known in Europe, was introduced back in 2005. It takes place after the Thanksgiving holiday weekend, when people return to the office and buy Christmas presents from their work computers, according to retailers. Some dismissed Cyber Monday as marketing hype but over time, the day has grown in significance, thanks to competitive deals on offer from many major retailers. In 2012, the 500 biggest retailers in the US took more than US$206.8 million on Cyber Monday while in Europe, approximately €565 million was spent on this day. This year, experts believe that Cyber Monday sales will grow by 13.1 percent as consumers increasingly move from buying presents in bricks-and-mortar stores to shopping online.
 However, considering the hype surrounding Cyber Monday and the expected traffic on ecommerce sites on this date, there could be a chance that attackers will take advantage of the day to target both consumers and retailers. According to a recent study from RSA Security and the Ponemon Institute, 64 percent of retail-focused IT professionals have seen an increase in attacks and fraud attempts during high traffic days such as Cyber Monday. But just one third of these IT professionals take special precautions to ensure high availability and integrity of websites on these days. Worse still, the estimated direct cost of a cyberattack around the holiday season is believed to be US$8,000 a minute.

Bitcoin – Fraudulent attacks on digital currency

F-Secure shares an informative article related to cybercrime attacks against digital currency

http://www.f-secure.com/weblog/archives/00002644.html

QUOTE: Bitcoin, and other digital currencies such as Litecoin and Peercoin, will change the way we exchange money. But they come with a major flaw: they can also be used to turn infected computers into devices that “print” money. The beauty of the algorithm behind Bitcoin is that it solves two main challenges for cryptocurrencies – confirming transactions and generating money without causing inflation – by joining them together. Confirmations are given by other members of the peer-to-peer network, who in return are given new Bitcoins for their labour. The whole process is known as “mining”.

When Bitcoin was young, mining was easy. You could earn Bitcoins by mining on a home computer. However, as the currency’s value grew (from $8 to $1000 during 2013) – more people applied to do it, and, in response, mining became (mathematically) harder and required more powerful computers. Unfortunately, those computers don’t have to be your own. Some of the largest botnets run by online criminals today are monetized by mining. Any infected home computer could be mining Bitcoins for a cybercrime gang.

eCommerce Security – 2013 Holiday Season is peak time of year for crime

Trend Labs share an informative article that this holiday season is most dangerous times of year, due to heavy e-commerce and gift giving.  Cybercriminals see as “prime opportunity to steal

http://blog.trendmicro.com/trendlabs-security-intelligence/the-season-for-danger-holiday-season-spam-and-phishing/

http://about-threats.trendmicro.com/us/webattack/74/Beware+of+HolidayThemed+Multicomponent+Online+Threats

QUOTE:  For many, the holiday season is a season for shopping and spending. But cybercriminals see it in a different light—they see it as a prime opportunity to steal.  Take, for example, online shopping. Malicious websites to try and trick online shoppers into giving them their money instead of the legitimate shopping websites. These sites are often made to look exactly like the website they’re mimicking, and feature a login screen that asks the user to enter their personal information. They are interested in any and all kinds of login information – for example, we recently saw phishing sites that stole the Apple IDs of users.   We have kept track of the number phishing sites created since 2008. We pay particular attention to those that target Christmas shoppers and/or have holiday themes. There are plenty of these, and they persist all year. Unsurprisingly, they rise towards the end of the year

Malware – SOGOMOT and MIRYAGO use encrypted JPEG files in targeted attacks

Trend shares awareness of new targeted attacks circulating in Asia-Pacific region

http://blog.trendmicro.com/trendlabs-security-intelligence/jpeg-files-used-for-targeted-attack-malware/

QUOTE: We recently came across some malware of the SOGOMOT and MIRYAGO families that update themselves in an unusual way: they download JPEG files that contain encrypted configuration files/binaries. Not only that, we believe that this activity has been ongoing since at least the middle of 2010. A notable detail of the malware we came across is that these malware  hide their configuration files. These JPEGs are located on sites hosted in the Asia-Pacific region, and we believe that these malware families are used in targeted attacks in the region as well.

Microsoft Security Advisory 2914486 – Details of Windows XP 0 day exploit in wild

More details on Windows XP zero day exploit circulating … Ensuring Adobe Acrobat reader is patched will help mitigate dangers and all users have until April 2014 to move to later versions of Windows.

https://technet.microsoft.com/en-us/security/advisory/2914486

https://isc.sans.edu/forums/diary/Microsoft+Security+Advisory+2914486+Vulnerability+in+Microsoft+Windows+Kernel+0+day+exploit+in+wild/17117

http://blog.trendmicro.com/trendlabs-security-intelligence/exploit-targeting-windows-zero-day-vulnerability-spotted/

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE (Trend Labs): We acquired this sample from a targeted attack. In this incident, a malicious PDF (detected as TROJ_PIDEF.GUD) exploits an Adobe vulnerability (CVE-2013-3346) referenced in APSB13-15, which was released in May of this year. This vulnerability is used in tandem with the Windows zero-day vulnerability  (CVE-2013-5065), resulting in a backdoor being dropped into the system. The backdoor, detected as BKDR_TAVDIG.GUD, performs several routines including downloading and executing files and posting system information to its command-and-control server.  This incident also serves as a reminder to users of the importance of shifting to the newer versions of Windows. Last April, Microsoft announced that they will discontinue its support of Windows XP by April 2014. For users, this may mean that they will no longer receive security updates provided by the software vendor. Those who are using Windows XP will be vulnerable to attacks using exploits targeting the OS version.

Windows XP exploit – works in concert with Adobe Reader vulnerability

Home and corporate users will benefit greatly in phasing out Windows XP, for the more secure kernel and browser architectures offered by Windows 7 and 8.1 … PC Magazine shares awareness of new vulnerability affecting older Windows XP version only.

http://securitywatch.pcmag.com/vulnerabilities/318465-latest-microsoft-zero-day-targets-xp-unpatched-adobe-reader

http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/ms-windows-local-privilege-escalation-zero-day-in-the-wild.html

QUOTE: Microsoft confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 is currently being exploited in active attacks. If you are still running XP, why don’t you put a new computer on your wish list?  Originally reported by researchers at FireEye, the the issue is an elevation of privilege flaw which allows an attacker to run arbitrary code in kernel mode. By exploiting this bug, an attacker could install additional programs, view or modify data, or create new administrator accounts on the computer, Microsoft said in its security advisory, released on Wednesday. Microsoft also said the attackers must first log in with valid account credentials to launch the exploit, and the vulnerability cannot be triggered remotely or by anonymous users.  “It is being abused in the wild in conjunction with an Adobe Reader vulnerability that had a fix published in August 2013,” said Wolfgang Kandek, CTO of Qualys. Users running outdated versions of Adobe Reader 9, 10, and 11 on Windows XP SP3, FireEye researchers Xiaobo Chen and Dan Caselden wrote on the company blog. Chen and Caselden recommended. Later versions of Windows are not affected.

Social Networking Security – 85 percent of consumers use Public WiFi

PC Magazine shares awareness of extensive connectivity to Twitter, Facebook, Instagram and other social networks. Users need to think ahead of security risk especially with large # of malicious applications in circulation

http://facecrooks.com/Internet-Safety-Privacy/85-Consumers-Use-Social-Media-Networks-While-Connected-Public-WiFi.html/

QUOTE:  They’re so popular, those ubiquitous mobile devices. For better or worse, we’ve evolved into a society that is a texting, Facebooking, Snapchatting, online-banking, TMI-ing, forever-connected, 24/7-kind of world.  And 85% of users are connecting to social media sites via public WiFi!   There’s positives to that, for sure, and is a great way to stay connected. But have you ever considered the negatives when you’re doing all that in a public wireless hotspot? After all, identity theft is a huge epidemic — have you ever thought about the risks to your personal life by using a “free” Internet connection? What information are you (over)sharing? Is that data protected and encrypted from prying eyes? What security tools do you use regularly?