Security Protection – Harry Waldron MVP Rotating Header Image

Security – Pokemon Go Servers hacked as proof-of-concept

Some possible weaknesses for the key servers supporting the Pokemon Go application, were discovered by a hacking group who shared issue more to create awareness than actual harm to the user community.  

http://www.pcmag.com/news/346190/hackers-we-attacked-pokemon-go-servers

As Niantic rolled out Pokemon Go to 26 additional countries over the weekend, it’s easy to assume the rush of new players was to blame for recent server issues.  But hacking collective OurMine may have also played a part. The group—famous for infiltrating the social media accounts of Mark Zuckerberg, Sundar Pichai, and Jack Dorsey, among others—claimed responsibility for the popular game going offline on Sunday.  As an OurMine member told PCMag via email, the three-person team is “just trying to protect [companies’] servers.”  “We wrote we will stop the attack if any [Niantic] staff talked with us, because we will teach them how to protect their servers,” the anonymous representative said.

According to OurMine, if it doesn’t break into celebrity accounts and knock games offline, someone else will.  Someone like PoodleCorp, which also attacked Pokemon Go servers this weekend via a massive Distributed Denial of Service attack. The group’s Twitter account hints at another invasion planned for Aug. 1.

Android Malware – Pokemon GO Ultimate is fake lockscreen application

Malware authors always target the most popular applications as a vector infect others with.  They can create realistic looking attacks by creating fake screens or web link invitations.  One a user clicks on this with a vulnerable device this fake application can infect their device.  ESET Security is reporting some early attacks in this area:

http://www.welivesecurity.com/2016/07/15/pokemon-go-hype-first-lockscreen-tries-catch-trend/

ESET has discovered the first ever fake lock screen app on Google Play, named Pokémon GO Ultimate. As its characteristics suggest, it deliberately locks the screen right after the app is started, forcing the user to restart the device. Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows. The user needs to restart the device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online. The bad guys are aware of this and are trying to exploit the hype by infecting Pokémon-hungry victims with malicious fake apps. Pokémon GO Ultimate serves as a perfect example, promising the victim to play the original title, but instead delivering only malicious activity.

Microsoft Edge Browser – Efficient and Effective Video streaming support

Microsoft noted improved video quality and battery preservation using Microsoft Edge verses other browser alternatives

https://blogs.windows.com/windowsexperience/2016/07/13/get-better-quality-video-with-microsoft-edge/

When it comes to video, the closer to the hardware, the better.  From video hardware acceleration to PlayReady Content Protection and the Protected Media Path, Windows 10 is designed to provide the highest quality, most secure, and most power-efficient video playback available on any version of Windows.  Microsoft Edge has been engineered to optimize for and take advantage of these Windows 10 built-in media capabilities, providing the best video experience of any browser on Windows 10 based on our data and testing. So go ahead, binge watch your favorite shows on Microsoft Edge!

Most Power Efficient Video Playback — Our results have shown that Microsoft Edge outlasts the rest, delivering 17%-70% more battery life than the competition.

Higher Quality Video — In our video tests, not only was Microsoft Edge the most power efficient, but the premium video site we used also sent higher resolution and bitrate video to Microsoft Edge compared to the other browsers.  Here are the details:

Microsoft Security Updates – JULY 2016

Below are key resources documenting this recent monthly Microsoft Patch Tuesday release:

https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx

https://isc.sans.edu/mspatchdays.html?viewday=2016-07-12

http://blog.talosintel.com/2016/07/ms-tuesday.html

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is has 11 bulletins addressing 49 vulnerabilities. 6 of these bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Print Spooler, Office and Adobe Flash Player.  The remaining bulletins are rated important and address vulnerabilities in Windows Kernel, Office, Kernel-Mode Drivers, .NET Framework, and Secure Boot.

WINDOWS 7 – Improved Windows Update efficiencies with KB-3161608

Installing KB-3161608 made a world of difference on my WIN7 corporate laptop.  The 64 bit version of the WIN7 rollup was installed after downloading the 25MB patch.  After installation and rebooting, the Windows Update process was about 3-4 times faster this month.  The patch inventory & search process was the most time consuming part of the past process.  It usually took 2-3 hours alone to complete, prior to downloading any changes (and after the change the inventory portion completes within 10 minutes) 

June 2016 update rollup for Windows 7 SP1
25MB download and you must reboot PC after installing
https://support.microsoft.com/en-us/kb/3161608

The June 2016 update rollup package for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 fixes issues and includes performance and reliability improvements. We recommend that you apply this update rollup as part of your regular maintenance routines. Check out the fixed issues in this update. Also, see the prerequisite and restart requirement for installing this update.

Antivirus Products – AVAST and AVG merger announced

Two leading vendors of free AV protection have announced plans to merge. Avast plans to acquire rival AVG for $1.3 billion as noted below:

http://thenextweb.com/insider/2016/07/07/antivirus-giant-avast-acquiring-rival-avg-1-3b

Avast, which is known for its consumer-grade antivirus software with over 230 million users worldwide, has announced that it will acquire rival AVG for $1.3 billion in an all-cash deal. Both firms have their roots in the Czech Republic. The transaction will allow Avast to expand its business across more markets worldwide; together, the two companies have a user base of about 400 million, including about 16 million people who use their mobile security products.

Avast also hopes that its new acquisition will allow to create better security services for sectors like small and medium businesses and IoT hardware. It isn’t yet clear if Avast will fold AVG’s software offerings into its own brand or continue to sell them under the existing banner.

WIN10 – Free upgrade considerations for WIN7 and WIN8 users

Windows 10 is a more secure, reliable, and feature rich O/S introduced so far.  Users on recently purchased systems are likely to benefit the most.  But there are some considerations where users on older equipment or software may wish to stay with their current older software.

http://www.pcworld.com/article/3092365/windows/10-reasons-why-you-shouldnt-upgrade-to-windows-10.html

The clock is ticking, folks. If you want to upgrade to Windows 10 for free, you only have until July 29, 2016 to do so. And most people should! Windows 10 is  the best Windows yet, chock full of handy new features, sleek  under-the-hood improvements, and  headache-killing extras.  But it’s not for everybody. There are some very real, very valid reasons not to upgrade to Windows 10.  If you’re on the fence about whether to accept or reject Microsoft’s freebie, read on for some concrete justifications for staying put.

1. No Windows Media Center or DVD support
2. No desktop gadgets or widgets (Win 7 feature)
3. No OneDrive placeholders (Win 8.1 feature)
4. No control over Windows Updates (only minimal postponement)
5. Privacy concerns (aggregate data sent to Microsoft)
6. Ads and more ads (Skype or Office upgrades)
7. Microsoft’s aggressive upgrade tactics (some WIN7 users disabled updates)
8. Software compatibility (XP compatibility mode disappears)
9. Hardware compatibility (Old scanners, printers, wi-fi connectivity)
10. Ain’t broke, don’t fix it (some users may not wish to learn new O/S and UI)

Android Security – Fake infected Pokemon-Go application circulating

Mobile phone users should carefully ensure they download the Pokemon-Go from official sites only.  Due to it’s popularity, fake versions are now appearing on alternate malicious sites, as noted below:  

https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app

Pokemon GO is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. The augmented reality game was first released in Australia and New Zealand on July 4th and users in other regions quickly clamored for versions for their devices. It was released on July 6th in the US, but the rest of the world will remain tempted to find a copy outside legitimate channels. To that end, a number of publications have provided tutorials for “side-loading” the application on Android. However, as with any apps installed outside of official app stores, users may get more than they bargained for.

In this case, Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone. The DroidJack RAT has been described in the past, including by Symantec and Kaspersky. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia.

ConclusionInstalling apps from third-party sources, other than officially vetted and sanctioned corporate app stores, is never advisable. Official and enterprise app stores have procedures and algorithms for vetting the security of mobile applications, while side-loading apps from other, often questionable sources, exposes users and their mobile devices to a variety of malware. As in the case of the compromised Pokemon GO APK we analyzed, the potential exists for attackers to completely compromise a mobile device. If that device is brought onto a corporate network, networked resources are also at risk.

Social Engineering – Hackers use of Four emotional tactics

Both technological and human defensives are necessary in preserving computer security. A company can have a level of security like Fort Knox, but if the user still clicks and opens the door, the bad guys may steal all the gold. This excellent article by Network World shares baiting tactics employed that cause users to compromise security.  I would also add “Curiosity” as a 5th common attack theme, where false news articles are used to get users to click on an infected item. 

http://www.networkworld.com/article/3070455/cloud-security/hacker-psychology-understanding-the-4-emotions-of-social-engineering.html

While technological know-how certainly plays a large role in enabling attackers to hack any given system, corporation or individual, what often is overlooked is that some tricks of the trade, like social engineering, are also psychological games. That means that protecting and defending against these kinds of attacks is, in turn, part mental as well.

It’s important for IT professionals to understand the ways in which social engineers take advantage of human emotion in order to carry out their attacks. Let’s examine the four human emotions and behaviors hackers most commonly exploit as part of a social engineering campaign, the distinct campaign characteristics for each manipulated emotion, and some key considerations for better positioning your employees and your organization against falling prey to these types of attacks in the future.

1. Fear — Defined as an unpleasant emotion caused by the belief that someone or something is dangerous, likely to cause pain or a threat.  As one of our most powerful motivators, fear is arguably the most commonly manipulated emotion when it comes to social engineering campaigns. These attacks can come in the form of a phony email that your online bank account has been compromised.  It forces users to act quickly to avoid or rectify a dangerous or painful situation.

2. Obedience — Defined as complying with an order, request or law or submission to another’s authority. Social engineering scams that prey on obedience are often disguised as an email, instant message or even a phone call or voicemail from a person or group of superior authority, such as law enforcement or an executive at one’s company.

3. Greed — Defined as an intense and selfish desire for something, especially wealth or power. In the case of greed-exploitative campaigns, these routinely offer a reward – usually monetary – for performing a specific action.

4. Helpfulness — Defined as a willingness to help other people. These campaigns are often targeted at customer support or customer service departments, as attackers are betting these employees’ propensity to lend a hand and keep people happy will encourage them to divulge or accept more information than they should.

It’s not only important that IT and security leaders understand hackers’ evolving tactics, but that they also continuously adjust policies and share their knowledge by educating their colleagues and training them to be vigilant against nefarious activity. For example, employees need to be taught to take a step back when they receive, say, a suspicious email or instant message and consider the emotion the vehicle for an attack is eliciting and how that might help indicate foul play. While it may be obvious to you as an IT professional that an unexpected email that provokes an urgent emotional or behavioral response – such as fear, obedience, greed or helpfulness – is an automatic red flag, the average employee likely does not.

Windows 10 – Anniversary Update 1607 in-depth review by ZDNET

On August 2, 2016, this ZDNET article shares what to anticipate from WIN10 Anniversary update

http://www.zdnet.com/article/what-to-expect-from-the-windows-10-anniversary-update/

The unconventional evolution of Windows 10 continues with the upcoming release of the Anniversary Update, version 1607. It’s not just a service pack. Microsoft wants you to think of Windows 10 as a service, where new features arrive as they’re ready, and where regular updates are themselves a feature.

On July 29, Windows 10 celebrates the first anniversary of its release. Four days later, on August 2, a new upgrade will begin rolling out to the 350 million or so devices already running Windows 10.  The Anniversary Update is, technically, version 1607, and it is far more than a service pack. In this post and the accompanying gallery, I offer a preview of what you can expect from this major update, based on near-final preview releases.

1. Upgrading — A bigger change is the way that Windows 10 version 1607 handles those monthly cumulative updates. This release still offers no way to defer those updates automatically (short of using Windows Update for Business Group Policy settings), but you can at least define an Active Hours period of up to 12 hours per day during which you normally use the PC.

2. Control panel migration – Since the release of Windows 8 nearly four years ago, Microsoft has been methodically moving user controls from the old Control Panel to the new Settings app. With version 1607, that work takes a major step forward. Several major groups of options, including networking, have now moved almost entirely to the new Settings app, and the new iconography, replacing the generic gear icons used in previous versions, adds to the sense that this version of Settings is a major update.

3. Cortana — with the changes in version 1607 I find myself calling on her services more often, as a calculator, a translator, a bringer of sports scores and search results, and a package tracker. This is definitely not Siri, but it’s also not exactly Google Now. Microsoft has created something unique with Cortana.  And if you don’t like the idea of an intelligent personal assistant sitting on the Start menu, you can just say no. Cortana is still an opt-in feature, one that can be completely disabled (so that it works as a search box only) and even hidden from the taskbar completely.

4. Edge Browser — The new default browser for Windows 10, Microsoft Edge has been playing catch-up ever since. The big news for version 1607, of course, is the arrival, at long last, of extensions. After a rocky start, the limited selection of preview releases seems to be working well. The LastPass password manager, which was the number-one request from many of my correspondents, does its job as expected, and the two Adblock extensions have the same strengths and weaknesses as on other platforms.  In current builds, Edge has been fast and smooth. In fact, it appears that Microsoft’s goal with Edge is to make a browser that is essentially a clone of Google’s Chrome.

5. Windows Ink — Microsoft has been delivering support for digital pens and the ink datatype since the dawn of the Tablet PC in 2002. Those designs never took off. Version 1607 tries to reboot that feature with the introduction of the Windows Ink platform.  With its Surface Pro and Surface Book lines, both equipped with pens as standard equipment, Microsoft remains firmly committed to the idea of the pen as a first-class input device. Whether that vision becomes a reality is still very much an open question