Security Protection – Harry Waldron MVP Rotating Header Image


ISC YELLOW ALERT — MS15-034 IIS DoS exploits actively circulating

A rare Yellow Alert was recently declared by Internet Storm Center to promote awareness on the need to patch IIS environment, as MS15-034 denial of service exploits are actively circulating in the wild. The ISC also recently updated MS15-034 as a “PATCH NOW” for IIS installations.—threats/microsoft-zero-day-bug-being-exploited-in-the-wild/d/d-id/1319988

Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server (IIS) . The patch was released on Tuesday (April 14th) as part of Microsoft’s Patch Tuesday. Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.  Update: We are seeing active exploits hitting our honeypots from We will be going to Infocon Yellow as these scans use the DoS version, not the “detection” version of the exploit. The scans appear to be “Internet wide”.

Microsoft Security Updates – APRIL 2015

Critical security updates to Microsoft Windows, Office, IE, and other products became available on Patch Tuesday and users should promptly update for the best levels of protection against new threats

SIMDA – Major Botnet shutdown on April 9th

A major BOTNET was shutdown last week as the FBI & Interpol seized 14 command-and-control servers.  Microsoft, Kaspersky, Trend, and other major software vendors participated in helping take down this former threat.

Microsoft MMPC -SIMDA Blog post

On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime Unit (NHTCU), the FBI, the Police Grand-Ducale Section Nouvelles Technologies in Luxembourg, and the Russian Ministry of the Interior’s Cybercrime Department “K” supported by the INTERPOL National Central Bureau in Moscow.

As a result of this takedown 14 C&C servers were seized in the Netherlands, USA, Luxembourg, Poland and Russia. Preliminary analysis of some of the sinkholed server logs revealed a list of 190 countries affected by the Simda botnet. Microsoft said it measured about 128,000 new Simda.AT infections each month for the past six months, with a sharp increase in recent weeks, registering 90,000 new infections in the US alone in the first two months of 2015. The countries most affected include the US, the UK, Turkey, Canada and Russia, according to Interpol.

Kaspersky IP CHECK to see if PC was registered as part of BOTNET

Microsoft celebrates 40th anniversary

Microsoft celebrated it’s 40th anniversary as a corporation and there are 40 slides that commemorate the company’s history through the years

Although the date that Microsoft is generally considered to have started is April 4, 1975, the seeds were sown on the first day of the same year when the MITS Altair 8800 appeared on the cover of Popular Electronics and got the creative juices inside Messrs Allen and Gates going.  From there, they created BASIC, the following month, as the first computer programming language for a PC and sold it to MITS (Micro Instrumentation and Telemetry Systems) of Albuquerque, New Mexico.

Windows 10 – Spartan browser techincal preview review

Network World shares a 12 slide presentation for the new Windows 10 Spartan browser

The most recent Windows 10 Technical Preview comes with Spartan, a web browser that will eventually replace Internet Explorer. It’s not an updated version of IE under a different name; it’s a new browser that Microsoft built from scratch. Here’s what sets Spartan apart from Internet Explorer.  IE 11 is still part of the Windows Accessories menu for backwards comptability to support corporate legacy website needs.

Facebook – How to turn off automated photo recognition

The Facecrooks security group offers protective techniques to help safeguard privacy to avoid being tagged in photos by Facebooks automated photo recognition software.

Facebook has a feature that uses facial recognition software to “help” your Facebook friends tag you in their photos. If you have this option enabled, any time one of your friends uploads a photo, Facebook will “suggest” you as a match based on the recommendations of the software.  Thankfully, you do have a choice in whether you want to have the facial recognition feature enabled or disabled. Not surprisingly, it is enabled by default.

If you want to opt-out of this feature, then follow the steps below:

1. You need to access your ’Timeline Settings‘ by clicking the ‘Settings’ link located in the top right corner of your Facebook page.

2. Next, click the  ’Timeline and Tagging‘ link on the left side of your page. Then, you will click the ‘Edit‘ link shown below.

3. Set the ‘Who sees tag suggestions when photos that look like you are uploaded?” to No One.

This feature still may not be available for all users, but now would be a great time to check – especially if you do not want this enabled on your Facebook account.

FBI – Fraud Alert issued for 2015 Tax season

An informative fraud alert for the 2015 tax season was issued a few days by the FBI

Criminals are proficient in stealing the personally identifiable information (PII) of individuals to facilitate various fraud activities, including using stolen identity information to file fraudulent tax returns. Once the fraudsters obtain victim PII, they electronically file tax returns and set up pre-paid debit cards or bank accounts to route fraudulent returns. The balances on the pre-paid cards and bank accounts are depleted shortly after the tax refund is issued.

The fraudsters utilize multiple methods to obtain the information needed to file a tax return. The most popular methods include: computer intrusion, the online purchase of stolen PII, the recruitment of insiders who have legitimate access to sensitive information, the physical theft of computers that contain PII, the impersonation of Internal Revenue Service personnel, and the aggregation of information that is obtained through multiple publicly available Web sites.

Tips to protect yourself:

* Monitor your credit statements for any fraudulent activity.
* Report unauthorized transactions to your bank or credit card company as soon as possible.
* Review a copy of your credit report at least once a year.
* Be cautious of scams requiring you to provide your personal information.
* Do not open email or attachments from unknown individuals.
* Never provide credentials of any sort via email. This includes clicking on links sent via email. Always go to an official website.
* If you use online tax services, double check to ensure your bank account is accurately listed before and after you file your tax return.
* Ensure accounts that are no longer being utilized are properly deleted or scrubbed of sensitive information. Allowing online accounts to become dormant can be risky and make you more susceptible to tax fraud schemes.

FBI – International Corruption squads established

The FBI has just announced improved support to combat fraud on an international basis.

The FCPA, passed in 1977, makes it illegal for U.S. companies, U.S. persons, and foreign corporations with certain U.S. ties to bribe foreign officials to obtain or retain business overseas. And we take these crimes very seriously—foreign bribery has the ability to impact U.S. financial markets, economic growth, and national security. It also breaks down the international free market system by promoting anti-competitive behavior and, ultimately, makes consumers pay more.

We’re seeing that foreign bribery incidents are increasingly tied to a type of government corruption known as kleptocracy, which is when foreign officials steal from their own government treasuries at the expense of their citizens. (See sidebar for more on kleptocracy). And that’s basically what these foreign officials are doing when they accept bribes in their official capability for personal gain, sometimes using the U.S. banking system to hide and/or launder their criminal proceeds.

The FBI—in conjunction with the Department of Justice’s (DOJ) Fraud Section—recently announced another weapon in the battle against foreign bribery and kleptocracy-related criminal activity: the establishment of three dedicated international corruption squads, based in New York City, Los Angeles, and Washington, D.C

Kleptocracy 101 – A kleptocracy—loosely translated from Greek as “rule by thieves”—is a form of political or government corruption involving officials who steal from their government treasuries to enrich their own personal wealth. Both cases mentioned above were opened under DOJ’s Kleptocracy Asset Recovery Initiative, which—in coordination with the FBI and other federal agencies—seeks to forfeit the proceeds of corruption by foreign officials and, where appropriate, use the recovered assets to benefit the people harmed by the acts of corruption. Both cases, investigated by the FBI, are prime examples of kleptocracy-related criminal activity: Through bribes and other schemes, these “kleptocrats” stole money from their own governments and used the U.S. banking system, among others, to launder the funds.

Windows 10 – Key improvements from Windows 8

This informative article and slide presentation from Information Week shares key features that will implemented for Windows 10 coming later this year

Microsoft has gone back to the old days with the inclusion of the Start menu, which was missing from Windows 8. Another significant boost is that the company plans to include the personal digital assistant Cortana in the desktop version.  The other big news is the inclusion of a new browser, code-named Spartan.  Here are a few new features and improvements over Windows 8 that IT managers, administrators, and even some CIOs may find interesting in Windows 10, especially when compared to the previous version of the OS:

New features in Windows 10:
* Single platform for smartphones, tablets, and PCs
* Return of Start menus
* New browser, code-named Spartan
* Multiple desktops
* Cortana personal assistant for desktops

* Improved Command Prompt
* Unified app store
* Advanced menu for settings
* More options for Task View
* Revised File Explorer and icons

IRS Fraudulent scams – Warnings for 2015 tax returns

Kim Komando features some protective advice in this security alert.  Users should also not respond to any unexpected calls from IRS, as this US Mail still remains the primary means of communication (and they do not contain by email or phone initially)

In its most basic form, a crook uses your Social Security number to file a bogus tax return in your name, claiming some huge refund. According to the plan, the IRS sends out the refund to the fraudster who gets away scot-free. Or at least that’s the plan. Last summer, a Florida man was sentenced to 10 years in prison for stealing identities and then filing false returns claiming over $13 million in false refunds.

Unfortunately, convictions like this are the exception rather than the rule. Last year, the IRS actually paid out $5.8 billion in refunds that it later realized were actually fraudulent. But those were only the ones it caught. The IRS may never know just how many dollars in fraudulent refunds it has paid and gone undetected. You and other taxpayer victims may not know you’ve been hit until your legitimate return is rejected by the IRS because a crook has already filed using your information.

That’s why I’ve recommended the first step to protecting your tax return is to file as soon as possible. This reduces the window of time a thief has to file on your account. But I understand that’s not always practical for everyone. Perhaps you have a complex tax situation or you are still waiting on paperwork from others. Some people delay filing because they actually owe the government additional tax payments, and they want wait until the last minute to pay up. However, it is perfectly fine to file your return early and still hold off making your payment until the April 15 deadline.