Security Protection – Harry Waldron MVP Rotating Header Image

Facebook – Fake Flash Update infects 110,000 users in FEB 2015

Always avoid clicking on Facebook links that may be sent from another user, which are out-of-character or a potentially dangerous site.  Facebook security administrators have responded to reduce spread of this new threat.

http://seclists.org/fulldisclosure/2015/Jan/131

http://facecrooks.com/Scam-Watch/Huge-Facebook-Malware-Outbreak-Infects-110K-Users-Two-Days.html/

A new trojan is propagating through Facebook which was able to infect more than 110,000 users only in only two days.

Propagation — The trojan tags the infected user’s friends in an enticing post. Upon opening the post, the user will get a preview of a porn video which eventually stops and asks for downloading a (fake) flash player to continue the preview. The fake flash player is the downloader of the actual malware.

Background — We have been monitoring this malware for the last two days where it could infect more than 110K users only in two days and it is still on the rise. This malware keeps its profile low by only tagging less than 20 user in each round of post.  This trojan is different from the previous trojans in online social network in some techniques. For instance, the previous trojans sent messages (on behalf of the victim) to a number of the victim’s friends. Upon infection of those friends, the malware could go one step further and infect the friends of the initial victim’s friends.

New “Magnet” technique – Malware gets more visibility to the potential victims as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim’s friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.

Data Breach – Personal data costs 10X more than exposed credit cards

Personal data fetches 10X more $$$ than credit cards. And this makes sense, as many will cancel credit cards.  However, it’s impossible to change your SSN, birthdate, address (unless you move) etc., once exposed. 

Our nation needs to wake up and combat “identity theft”. It needs to be more difficult for folks to open accounts.  Currently, there is almost zero authentication as to who is actually making that request on the other side.

http://www.networkworld.com/article/2880366/security0/anthem-hack-personal-data-stolen-sells-for-10x-price-of-stolen-credit-card-numbers.html

Leadership – Planning for future requires introspection of past

John Maxwell offers an excellent resource for leaders and managers.  In planning for 2015 projects, it is beneficial to evaluate both successes and failures during the past year

http://www.johnmaxwell.com/blog/look-back-to-plan-forward

QUOTE:  STUDY YOUR WINS AND LOSSES - First, I pull out my calendar and make a list of significant events, tasks, meetings, decisions, and accomplishments. I spend time reflecting, in order to remember and write down every experience that stood out in the past year. I write down both positive and negative experiences, because I know that I learn more from losing than from winning.

ASK YOURSELF QUESTIONS

What did I do that I shouldn’t have done?
What did I spend a lot of time on?
Was it a priority?
Was it in my strength zone?
Was it something only I could do, or should I have delegated it?
What will I do differently this year?

What didn’t I do that I should have done?
What’s missing from the calendar?
What did I neglect that I should have been a priority?
What action didn’t I take, that really should have been done?
What will I do differently this year?

What is the most important thing I did this year to help someone else?
Can I do it again next year (for them or another person)?
Did I do it as effectively as possible?
How could I do it better in the future?

What did I do this year that helped me grow more than anything else?
Is it repeatable?
Do I want to make it a regular habit?
How can I break it down into manageable “chunks” to make it happen again this year?
What else can I do to grow?

Where do I need to be more intentional?
Where did I let things happen to me, instead of making them happen?
What bad habits do I need to break?
In what areas do I need to focus more attention, make important decisions, and take steps in a positive direction?

How can I take things to the next level?
How can I take a good experience and make it somehow better?
How can I grow more this year?
How can I make something that was satisfying even more satisfying?
How can I top last year’s accomplishments?
How can I exceed my own expectations, as well as the expectations of others?

Adobe Flash – Security update addresses CVE-2015-0313

Users should update Adobe Flash as they are prompted to ensure protection against in-the-wild zero day attacks circulating as malicious advertisting (where just visiting the site, may lead to an infection)

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4.  This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.

More information can be found on malicious threats circulating in the wild here:

http://blogs.msmvps.com/harrywaldron/2015/02/04/malware-adobe-flash-vulnerability-cve-2015-0313-exploited-in-wild/ 

Data Breach – Anthem alerts millions of health insurance customers

Hackers gained unauthorized access to a server containing over 80 million records at Anthem recently.  While details of this incident are still being assessed, all customers should be alert for email, phishing attacks or other activities of a suspicious nature. 

http://www.usatoday.com/story/tech/2015/02/05/anthem-health-care-computer-security-breach/22917635/

SAN FRANCISCO – Millions of Anthem health insurance customers woke Thursday morning to an email from the company telling them hackers had gained access to the company’s computers and that their names, birthdays, Social Security numbers, addresses and employment data including income might have been stolen. “Anthem will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection free of charge so that those who have been affected can have piece of mind,” Anthem president and CEO Joseph Swedish said in the email. No credit card information was accessed in the attack, the company said.  The breach was first announced late Wednesday. It could affect as many as 80 million current and former customers of the nation’s second-largest health insurance company.

Toshiba Encrypted USB Flash Drive

Toshiba announced a new hardware based design for an Encrypted USB Flash Drive.  While it is very expensive compared to regular USB Flash drives, it offers an improved layer of safety for mailing, travel, or other business needs.

http://www.eweek.com/blogs/storage-station/toshiba-releases-new-key-size-encrypted-usb-flash-drive.html

http://www.toshiba.com/us/flash-drives

The Irvine, Calif.-based company on Feb. 3 unveiled its Toshiba Encrypted USB Flash Drive, a key-size device of up to 32GB in capacity that utilizes a hardware-based encryption process to deliver military-grade AES 256-bit encryption. The new drive uses a built-in mini-keyboard to authenticate access, incorporating a rechargeable battery so the user can enter a secure code before plugging into a USB port. Pricing ranges from $95 MSRP for the 4GB model, to $112 for the 8GB model, to $140 for the 16GB edition and $200 for the 32GB model.

Notable Features include:

Users simply enter their secure PIN and plug the drive into any USB 2.0 port on a compatible device.

Once access is granted, the drive unlocks the media, permitting clearance to all of the content stored on the drive.

When the drive is removed from a USB port, the drive automatically re-locks and encrypts the stored media.

— It is equipped with a brute force hack defense mechanism that will render all stored information irrecoverable after 10 consecutive unsuccessful attempts to enter the secure PIN, Toshiba said.

Malware – Adobe Flash vulnerability CVE-2015-0313 exploited in wild

Trend Labs documents a new zero day attack that Adobe will like patch quickly.  Users should be cautious in website navigation, keep AV protection updated and they may even want to temporarily disable flash until a patch is available:

http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

http://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-the-exploit-kit-in-cve-2015-0313-attack/

 

Our researchers have discovered a new zero-day exploit in Adobe Flash used in malvertisement attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313. Our initial analysis suggests that this might have been executed through the use of the Angler Exploit Kit, due to similarities in obfuscation techniques and infection chains.

According to our data, visitors of the popular site dailymotion.com were redirected to a series of sites that eventually led to a malicious URL where the exploit itself was hosted. It is important to note that infection happens automatically, since advertisements are designed to load once a user visits a site. It is likely that this was not limited to the Dailymotion website alone, since the infection was triggered from the advertising platform and not the website content itself. Trend Micro detects this exploit as SWF_EXPLOIT.MJST and blocks the URL mentioned above. The ads from this particular infection chain appear to be down as of this writing.

IRS Scam and Malware Alerts – 2015 Tax Season

Kim Komando highlights an IRS security alert related to scams and malware attacks circulating during the tax filing season ahead. Please keep in mind that the IRS will not contact individuals by email or phone in an unexpected manner.

http://www.komando.com/happening-now/294540/alert-irs-warns-against-scammers-and-thieves

 

There’s an important warning out today about a scary income tax return scam that could cost you big. And the clock is ticking in a race with hackers and identity thieves to file your legitimate tax return before the crooks file bogus returns with your personal information. But this year, the Internal Revenue Service is offering a new layer of protection that might help you avoid this tax return nightmare. Follow along and I’ll explain.

In its simplest form, this scam happens when an identity thief files a false income tax return using your name and ID. But nearly everything about the return is bogus including a huge refund due to the scammer. Problem is, all that fraudulent information gets added to your account. And that is just the beginning of your nightmare. Usually the IRS quickly processes the return and sends the refund to the bank account shown on the return. If that account just happens to be a pre-paid debit card, the receiver is untraceable and that leaves you holding the bag.

Windows 10 – Latest Preview Build 9926 Release

During late January 2015, the latest major preview build for Windows 10 was made available, as shared below:

http://blogs.windows.com/bloggingwindows/2015/01/23/january-build-now-available-to-the-windows-insider-program/

 

I hope that you were able to watch our live stream on Wednesday, where we shared more details on the Windows 10 experience. If you missed it, you can watch the video on demand anytime and read Terry Myerson’s blog post that recaps the latest Windows 10 news. As Terry mentioned, we continue to be humbled by the amount of feedback and excitement we’re seeing from the Windows Insider community.

Some of the new features that Joe demoed on Wednesday will be available for our Windows Insiders starting today with our newest build – 9926. However, not everything you saw on Wednesday is included in this new build. Much is still in-progress and we’re getting it out to you as fast as we can – so you can try it out and give us feedback. Over the course of the next few builds, you will see us refine Windows 10 and continue to improve the experiences as well as quality and stability.   If you’re unfamiliar with the Windows Insider Program, this is our community who is helping us build Windows 10. If you’re not a Windows Insider yet, we’d love to have you join – see below. Also make sure you read the list of known issues at the end of this post before getting started.

MALWARE – Super Bowl 2015 spam and phishing attacks

Major sporting or world events offer opportunities for bad guys to create attacks that may entice folks to click on a malicious link or object, or to divulge highly personal information.

https://isc.sans.edu/forums/diary/Beware+of+Phishing+and+Spam+Super+Bowl+Fans/19261/

 

Beware of Super Bowl spam that may come to your email inbox this weekend. The big game is Sunday and the spam and phishing emails are pouring in complete with helpful links – back-ended by malware and/or credential harvesting of course. It’s worth a reminder friends and family if they see any emails about the Super Bowl that appears to be too good to be true to simply delete it. Be safe!