Security Protection – Harry Waldron (WP) Rotating Header Image

Laptops and Mobile devices – Hotels hold lost items briefly

An interesting article notes that hotels may only retain lost items for short period of time and dispose of electronic items in a variety of ways

http://blog.winmagic.com/2014/03/26/with-lost-laptops-its-finders-keepers/

http://securitywatch.pcmag.com/laptops/321933-hotels-play-finders-keepers-with-lost-smartphones-and-laptops

QUOTE: We’re all human, and humans forget things. And as previously discussed on this bog, laptops are commonly lost. And while one cannot really blame hotels for discarding lost devices that are cluttering their storage rooms (if no one claims them after a reasonable period of time, of course), the survey reminds us all that our laptops could literally end up anywhere. IT and security pros need to deploy full disk encryption technologies to protect the information on these devices, and they need to establish policies that do not interfere with how people work but protect any data on the device if it is lost or stolen.

Privacy – Unlike passwords SSN cannot be changed

PC Magazine shares excellent security awareness that static identifiers like SSN or birthdates can never change and must be protected from criminals.

http://securitywatch.pcmag.com/identity/321982-change-your-password-fine-change-your-ssn-oh-dear

QUOTE: When an online shopping site suffers a data breach, you’ll get a warning to change your password. If your bank is hacked, they’ll send you a new credit card. The real problem occurs when a business authenticates you using personal data that can’t be changed, like your SSN or birthdate. A new whitepaper from NSS Labs examines the use of static and dynamic information for authentication, and offers businesses advice for improving security.

Static Data – The SSN was never meant as a personal identifier. The report notes that the equivalent identifier in the UK is never used for authentication. Once your SSN is revealed in a breach, it’s forever compromised. And that’s a problem. Some businesses attempt to protect customers by storing only the last four digits of the SSN. It turns out that this isn’t very effective. The first five digits aren’t random; they’re based on when and where you first applied for your SSN. A research project from five years ago analyzed data from the government’s “Death Master File” and devised an algorithm to predict those first five digits.

Malware – Crigent “Power worm” infects Office documents

Trend Labs warns of this new threat which uses PowerShell scripts to infect Word and Excel documents

http://blog.trendmicro.com/trendlabs-security-intelligence/word-and-excel-files-infected-using-windows-powershell/

QUOTE: Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as “Power Worm”) which brings several new techniques to the table. (We detect these files as W97M_CRIGENT.A and X97M_CRIGENT.A.).   Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell to carry out its routines. PowerShell is a powerful interactive shell/scripting tool that is available for all current versions of Windows (and is built-in from Windows 7 onwards); this malware carries out all its behavior via PowerShell scripts. IT administrators that are normally on the lookout for malicious binaries may overlook this, as malware using this technique is not particularly common.

This particular threat arrives as an infected Word or Excel document, which may be dropped by other malware or downloaded/accessed by users. When opened, right away it downloads two additional components from two well-known online anonymity projects:  the Tor network, and Polipo, a personal web cache/proxy.  Using the installed Tor and Polipo software, it accesses its command-and-control server. The URL it uses contains two GUIDs.

Adobe Flash Player security update for March 2014

During mid-March, Adobe released an important update for Flasher player

http://www.intego.com/mac-security-blog/adobe-flash-player-12-0-0-77-released-for-mac-and-windows/

QUOTE: Adobe Flash Player 12.0.0.77, released for Mac and Windows, is now available for download. Adobe has also released Adobe Flash Player 11.2.202.346 for Linux. These updates address two vulnerabilities, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

Malwarebytes version 2.0 – improved GUI & features

PC Magazine reviews Malwarebytes version 2.0, which is excellent tool with improved user interface, built-in rootkit detection, and thorough malware scanning capabilities.

http://securitywatch.pcmag.com/security-software/322084-malwarebytes-2-0-still-tough-on-malware-now-with-a-pretty-face

FULL REVIEW – Malwarebytes Anti-Malware 2.0  (Editor’s Choice – free product) http://www.pcmag.com/article2/0,2817,2455505,00.asp

QUOTE: After ten years of version 1.x, Malwarebytes has finally released version 2.0. The powerful malware-fighting tools are all still there, but the package is a lot better looking. A new dashboard page displays security status; if anything isn’t right, you just click Fix Now. And you can track progress of updates and scans right in the dashboard. Rootkit detection, once a separate component, is now integrated. A variety of other once-awkward mechanisms have been streamlined for ease of use. It’s quite an improvement. Want to know more? Read my full review. Malwarebytes remains our Editors’ Choice for free, cleanup-only antivirus.

Facebook – Financial Pyramid scheme shutdown by SEC

The SEC recently stopped a financial scam where Facebook and other sites were utilized

http://www.usatoday.com/story/money/business/2014/03/05/sec-pyramid-facebook-twitter/6089055/

QUOTE: The Securities and Exchange Commission took emergency action against an alleged fraudulent pyramid scheme promoted on Facebook and Twitter. A federal court gave the SEC a court order to freeze the accounts held by Fleet Mutual Wealth and MWF Financial, doing business as Mutual Wealth. The SEC claims Mutual Wealth has “been exploiting investors” using social media including Facebook and Twitter. Investors were promised returns of 2% to 3% a week, the SEC says, by using an investment strategy that “invests into securities for no more than a few minutes.”

Facebook – DeepFace software improves Facial recognition in photos

Facebook has introduced new software to improve facial recognition

http://www.huffingtonpost.com/2014/03/18/facebook-deepface-facial-recognition_n_4985925.html

http://facecrooks.com/Internet-Safety-Privacy/Facebook-Announces-%e2%80%9cDeepFace%e2%80%9d-Photo-Matching-Technology.html/

QUOTE: Facebook owns the world’s largest photo library, and it now has the technology to match almost all the faces within it.   Facebook announced last week that it has developed a program called “DeepFace,” which researchers say can determine whether two photographed faces are of the same person with 97.25 percent accuracy. According to Facebook, humans put to the same test answer correctly 97.53 percent of the time — only a quarter of a percent better than Facebook’s software.

 

Facebook – Spam controls for newly installed applications

When special Facebook applications are installed they may email friends and contacts excessively.  These links provide helpful controls:

http://www.businessinsider.com/prevent-apps-from-updating-on-facebook-2014-3

http://facecrooks.com/Internet-Safety-Privacy/How-Stop-Your-Facebook-Apps-From-Spamming-Your-Friends.html/

QUOTE: That’s why Business Insider published a valuable blog post this week telling readers how they can stop their Facebook apps from spamming their friends. First, open your Facebook page and click on the “Settings” button in the upper right-hand corner of the browser window. Next, click on the Apps tab underneath “General Account Settings.” From there, you can control all facets of your apps, including who can see them, what they can do, and whether or not you want to keep them at all. You can also click the “X” button next to the option for apps to “Post on your behalf.” This will effectively prevent your apps from spamming your friend list.

SmartTV Security – improved controls for Wi-Fi and other vulnerabilities needed

While a specific manufacturer is noted, improved security is needed for all Television sets with internet connectivity.  Key vulnerability cited were weak WiFi controls that hackers could tap into within radio range.

http://arstechnica.com/security/2014/03/philips-smart-tvs-wide-open-to-gmail-cookie-theft-other-serious-hacks/

http://grahamcluley.com/2014/03/philips-tv/

QUOTE: Internet-connected TVs manufactured by Philips running the latest firmware update are wide open to browser cookie theft and other serious attacks by hackers within radio range, a security researcher has warned.  Once someone has connected to the Miracast-enabled Wi-Fi network, they can use publicly available software to download any personal files that may be contained on USB drives plugged in to the Philips Smart TV. More troubling, connected devices can steal the highly sensitive browser cookies that many websites rely on to authenticate users when they access their private accounts.

WINDOWS SUPPORT TELEPHONE SCAM – 2014 ADDITIONAL LINKS

Several additional links shared by a friend and documenting historically that Microsoft is not monitoring your PC and will not fix it as the scammers claim during these random phone calls to scare individuals into action.

RECENT ASSISTANCE TO FRIEND:  A friend reccently called me in panic regarding this scam actively circulating … While it’s an older and popular attack, it has been “kicked up a notch” and is actively circulating far more actively today than 2013.  By using the social engineering tactic of “fear”, they are asking users to launch the Windows Event Viewer to show them “how many malware errors their system is registering”.  Thankfully, my friend did not give them control, credit card info, etc., but reached out to me immediately instead.  She was highly concerned because the perpetrators were so convincing. The most important aspect to note is that Microsoft does not call users in this manner. With some phone automation techniques, there is increased activity on this scam in the wild.

LATEST 2014 VERSION OF WINDOWS SUPPORT TELEPHONE SCAM

http://msmvps.com/blogs/harrywaldron/archive/2014/03/21/windows-support-scam-fake-phone-calls-actively-circulating-in-2014.aspx

HISTORICAL INFORMATION on this fake telephone scam

http://msmvps.com/blogs/harrywaldron/archive/2011/05/18/telephone-scams-microsoft-will-not-come-to-your-home-and-fix-your-pc.aspx

Security Awareness Newsletter (July 2012; PDF available in 13 language) http://www.securingthehuman.org/resources/newsletters/ouch#2012

Microsoft dumps partner over telephone scam claims (21 Sept-11) http://nakedsecurity.sophos.com/2011/09/21/microsoft-dumps-partner-telephone-support-scam/

Microsoft Survey Reveals Extent of Emerging Internet Phone Scam (16 Jun-11) http://www.microsoft.com/Presspass/press/2011/jun11/06-16MSPhoneScamPR.mspx

Fake Tech Support Calls (08 Aug-12) http://isc.sans.edu/diary.html?n&storyid=13879

Microsoft Support Scam (again)  (23 May-11) http://isc.sans.edu/diary.html?storyid=10912

Watch out for ‘Microsoft Tech Support’ scams (03 Feb-11) http://windowssecrets.com/top-story/watch-out-for-microsoft-tech-support-scams/

Older AV Scam Active again (23 Dec-10) http://isc.sans.edu/diary.html?storyid=10135

I received a Phone Call From Someone claiming I have a Virus (10 Aug-09) http://answers.microsoft.com/thread/4489f388-d6de-416d-9158-0079764bb001