Security Protection – Harry Waldron MVP Rotating Header Image

Microsoft 2015 BUILD conference – April 29, 2015 announcements

A summary of all major announcements on “Day One” of the Microsoft 2015 BUILD conference are summarized in link below:

http://thenextweb.com/insider/2015/04/29/everything-microsoft-announced-at-its-build-developer-conference-day-1/

Key topical areas include:

.NET Core preview opens to Mac and Linux
Visual Studio Code goes live
New Azure services arrive
Office Graph API allows cross-platform integrations for Office 2016
WINDOWS 10 news!
Run universal Windows apps on desktop
Android and iOS apps arrive on Windows 10
Spartan browser gets an official name: Microsoft Edge
Windows 10 continuum for phones
Windows Holographic demo

Windows 10 – Microsoft Announces new EDGE browser

As Windows 10 development continues, Microsoft formally announced that the browser being developed under “Project Spartan”, will be called “Edge”.  It will be the default browser and will contain all the innovations.  IE11 will also ship as a secondary browser so that Windows 10 can still interact with legacy websites as needed

http://www.pcmag.com/article2/0,2817,2483459,00.asp

Among the many fascinating reveals in the opening keynote of the Microsoft Build 2015 developer conference—Android and iOS code running on Windows phones, holograms that can attach themselves to physical robots, and Visual Studio for Mac and Linux—was the Microsoft Edge browser.

Internet Explorer’s more modern and fast successor, previously code-named Project Spartan, is now Edge, and one of its most notable new features is extensions. Edge also maintains Spartan innovations like page markup, reading view, and Cortana integration. It’s also a Universal Windows app, meaning one application runs on PCs, phones, tablets, and whatever other Windows-running devices emerge.

Perhaps Edge’s greatest asset is that it’s not Internet Explorer, which, even after lots of improvements in speed and tightened design, was one of the most reviled pieces of software in history. Though Edge’s icon still sports an “E,” it really isn’t IE. Even underneath, it runs a new page-rendering engine called…wait for it—Edge. Yes, that was the name of Project Spartan’s engine, and it has now been elevated to the full product name. It tops IE’s longtime Trident engine in speed and compatibility with new Web standards such as HTML5.

Windows 10 will still ship with IE11 for legacy compatibility, especially for corporate intranets and other entreprise Web apps, but it won’t get new features and Edge will be the default browser.

Malware – IRC Botnet attacks continue with greater sophistication

ZScaler security labs shares an informative analysis on IRC based attacks which have diminished since their peak back in 2007. However, these attacks are still present and have grown in sophistication even though attacks today are more likely in other vectors.

http://www.darkreading.com/vulnerabilities—threats/irc-botnets-are-not-quite-dead-yet/d/d-id/1320212

Far from going the way of the dodo as many had surmised, Internet Relay Chat (IRC) botnets are alive and thriving.  A new study by security vendor Zscaler shows that IRC botnets, while not growing at a particularly rapid rate, continue to be active and have incorporated several new features over the years that make them as a potent a threat as ever.

While the core C&C communication protocol that is used remains IRC, several new features have been added that make them comparable to some of the more sophisticated web-based botnets out there, he said. For example, IRC botnet operators these days use multiple servers and channels for command and control purposes, so they no longer have a single point of failure like before.

The link to ZScaler security labs more in-depth report is as follows:

http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html

An IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel. It usually involves a Botnet operator controlling the IRC bots through a previously configured IRC server & channel. The Botnet operator, after appropriate checks, periodically moves the IRC bot to a new IRC channel to thwart researchers & automated sandboxes from monitoring the commands.  In this blog, we will look at one of the most prevalent IRC based malware families – DorkBot, followed by three additional IRC Botnet families – RageBot, Phorpiex, and IRCBot.HI.

Security Awareness – Corporate Security programs are challenging

An excellent article below shares challenges in creating an effective security awareness program.  Security professionals must adjust for differing audiences to effectively communicate dangers and best practices throughout the company.  The key challenge is to present risks and safety practices in business terms or other ways that are more clearly understood

http://www.darkreading.com/to-evangelize-security-get-out-of-your-comfort-zone/a/d-id/1320181

IT security, I’ve learned, is a tight-knit community of people who “get it” — that ethical security research is an essential part of the industry, that signatures are no longer enough, that a certain amount of risk is inherent in any enterprise security plan. Certain themes are accepted as truth, certain cost/benefit ratios are accepted as conventional wisdom. We argue over strategies, but we agree on most of the basic principles. When you’re at a security conference, it’s sort of like living in your home town

When we move outside of our own circles, however, we members of the security community often find ourselves on unfamiliar ground. Here at Interop, for example, an audience of CIOs and data center professionals consider security an important plank in the IT platform — but not the only consideration. Issues of business, bandwidth, performance, and storage play just as important a role as security — and priorities may differ according to the situation. Security messages and practices must be taken in the context of a broader pallette of IT disciplines.

If we want security issues to be recognized by the world, we’ll have to step out of our community — and our comfort zone — and bring our most important messages to more general IT and business audiences. A home town is a great place to live, but it only reaches so far.

Malicious Advertising – Transparent Ad overlays Coloring Page site

A full screen transparent (invisible to user) malicious advertisting web page overlays a site containing coloring pages for kids. Malwarebytes warns of this special danger in the following post

https://blog.malwarebytes.org/privacy-2/2015/04/ads-on-colouring-pages-website-lead-to-installs-explicit-content/

Today, we came across a website called “Best Arts Wallpaper Online 2015″ which offers colouring pages intended to be printed / drawn on by the smaller members of your family. The site features Minions (From Despicable Me), My Little Pony, Batman, Mario, Looney Tunes and more – clearly, there’s a wide range of interests on offer.

The page is overlaid with a transparent full-window ad (the page doesn’t look as grey once the advert is gone) – you can see the “x” in the top right hand corner. Clicking the visible banner in the middle will take you to the ad. However, clicking anywhere else on the page with the exception of the “x” will still cause it to act as though the ad in the middle of the page had been clicked – and you’ll also have the possibility of another window opening containing entirely unrelated content.

Clearly, this isn’t somewhere you want the intended audience hanging out as they grab pages for you to print. There’s no real way to know what they may end up installing, and as for the last example – who knows where some of those URLs might lead.

Here’s some safer examples of colouring in for you and your family to make use of:

Disney – Colouring in
BBC – Crafts and colouring in
Crayola – Colouring in
LEGO – Colouring in
Nick Jr – Colouring in

Microsoft Silverlight – Security Defense techniques

Tech Target shares an informative article on key best practices to ensure safety. These include staying on latest version, deploying patches promptly, avoiding potentially malicious sites, and user security awareness. Those safety tips apply universally to almost all software products.

http://searchsecurity.techtarget.com/tip/Silverlight-security-Defending-against-browser-plug-in-attacks

The Silverlight browser plug-in is Microsoft’s answer to Adobe Flash. Although it’s nowhere near as well-known, Silverlight is used by Netflix for its instant video streaming service. Until recently, Silverlight has escaped the attention of hackers who have focused on more common browser plug-ins like Java, Flash and Adobe’s Acrobat Reader. However, now that it has been successfully exploited, Silverlight is increasingly becoming an attack vector for those looking to infect and compromise users’ computers.

There are many similarities between Java and Silverlight. Both run in a sandbox with low privileges by default that restrict access to the device’s file system and other system resources. Any attack must be able to break the sandbox to be viable. Security researchers have noticed that exploit kits such as Fiesta, Nuclear, RIG and Angler — which in the past mainly targeted Java-based exploits — now include attacks that target vulnerabilities in Silverlight.

The attacks typically rely on luring a user to a hacker-controlled website, checking if their device has Silverlight installed, and then attempting to exploit a vulnerability to infect the victim’s system. These drive-by attacks are also used to exploit vulnerabilities in other browser plugins.

The frustrating thing is that many of these attacks take advantage of vulnerabilities for which vendors have already issued patches. As always, enterprises need to ensure that their users’ operating system and application software is kept up to date and that the devices are not running older versions longer than absolutely necessary. Administrators should configure the Silverlight auto-updater for all network users and prevent users from changing the update settings. If Silverlight is not deemed essential in your enterprise, the plug-in could potentially be banned.

Before an attack can even exploit a Silverlight vulnerability, the hacker has to trick a user into visiting a webpage that’s hosting its attack code, typically by getting them to click a link in an email or instant message that takes them to the malicious page. Enterprises must reinforce the message of not clicking on links from unknown sources; this remains a very important aspect of security awareness training.

 

 

EMAIL SPAM – Dalexis and CTB-Locker malicious threat

EMAIL SPAM is often harmful with malicious website links or downloader agents that install even more software including harmful ransomware agents that can encrypt user files on the computer.  The ISC documents an advanced and harmful new attack as follows:

https://isc.sans.edu/forums/diary/DalexisCTBLocker+malspam+campaign/19641/

Dalexis is a malware downloader.  It drops a CAB file with embedded document that’s opened on a user’s computer then downloads more malware.  Dalexis is often used to deliver CTB-Locker.  CTB-Locker is ransomware that encrypts files on your computer.  In exchange for a ransom payment, the malware authors will provide a key to decrypt your files.  Behavior of this malware is well-documented, but small changes often occur as new waves of malspam are sent out.

ADDITIONAL LINKS

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Dalexis#tab=2

https://heimdalsecurity.com/blog/ctb-locker-ransomware/

https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker

https://techhelplist.com/index.php/spam-list/796-your-account-has-been-something-bad-various-malware

Word Press – ZERO DAY Security Alerts April 2015

Word Press administrators, developers and users should monitor these new vulnerabilities for further developments

https://threatpost.com/wordpress-ecommerce-plugin-vulnerability-details-disclosed/112500

https://threatpost.com/details-on-wordpress-zero-day-disclosed/112435

https://www.htbridge.com/advisory/HTB23254

WORD PRESS CORE ENGINE WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of Klikki Oy reported a new and unpatched stored cross-site scripting vulnerability in the platform; a similar bug was patched this week by WordPress developers, but only 14 months after it was reported. The vulnerability allows an attacker to inject JavaScript in the WordPress comment field; the comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed, Pynnonen said.

WORD PRESS CARTPRESS E-COMMERNCE PLUG-IN Another round of WordPress vulnerability disclosures has taken place with details made public on a handful of unpatched bugs in the CartPress ecommerce plugin. These disclosures come on the heels of a separate disclosure of a zero-day in the WordPress core engine. Those vulnerabilities have since been patched. The CartPress vulnerabilities were reported on three separate occasions by researchers at High Tech Bridge on April 8, 17 and 27. From a timeline published in the High Tech Bridge advisory, no acknowledgement from CartPress was received. “Currently, we are not aware of any official solution for this vulnerability,” the advisory says. CartPress will no longer be supported as of June 1. “We recommend disabling or removing the vulnerable plugin as a workaround.” According to High-Tech Bridge, the vulnerabilities can be exploited to run code, disclose data or carry out cross-site scripting attacks against sites running the plugin.

Leadership – Creativity is important during a Crisis

John Maxwell reflects on tragedy in Nepal and how creativity & innovation are needed during a time of crisis.

http://www.johnmaxwell.com/blog/cultivating-creativity-in-times-of-crisis

To face the greatest challenges of life, we need to cultivate creative thinking. In times of crisis, you need to tap into every good idea you have. And of course, the best time to increase your creativity is before the crisis occurs. This can be done by establishing the discipline of creative thinking.  Here are a few ways we can do that:

1.  Spend time with creative people — Make a habit, both inside and outside of work, of spending time with creatives. Let their way of thinking challenge and influence yours.

2. Look for the obvious — When problem-solving, many of us make the mistake of looking only for the “big” solution. Creativity means exploring all ideas, even the obvious and seemingly insignificant ones. Often the simplest solution is the best solution.

3. Be unreasonable — Logic and creativity can work together quite well, but sometimes rational thinking gets in the way of being creative. Be willing to look at unreasonable ideas. Often they expand your thinking and lead to breakthroughs that you might otherwise miss.

4. Practice mental agility — Creativity requires flexibility. Rigid, bureaucratic thinking is in direct opposition innovation and creativity. So make a habit of considering every idea, no matter how difficult it might seem to implement or how much change it may require.

5. Dare to be different — Being creative means standing outside of the norm. You must cultivate a willingness to challenge every rule and assumption.

6. See problems as opportunities — Sometimes the only difference between a problem and an opportunity is the word you use to describe it. Whenever you face a problem, take a step back and ask how it could be described as an opportunity—to innovate, build, and improve.

Google Chrome – Password Alert Extension

Google Chrome now offers a new extension called “Password Alert” to help detect Phishing Attacks

http://www.pcmag.com/article2/0,2817,2483392,00.asp

https://support.google.com/a/answer/6197508

Security breaches are on the rise, but in many cases, hackers gain access to your accounts through simple phishing schemes rather than sophisticated attacks. You’ve heard it time and again: don’t click on suspicious links in emails and enter your account info.

But many phishing emails can look legit, and people are still clicking and unknowingly handing their personal details to hackers. Human error is a tough thing to combat, but Google has a new solution for Chrome users that might help you prevent significant data loss. The search giant today released a new Chrome extension, dubbed Password Alert, that can detect if you’re using your Google password on any non-Google site.

Whenever your login credentials are entered anywhere other than accounts.google.com, Password Alert will tell you that your password may need to be reset. You can then choose a new key (of eight characters or more), or ignore the alert if you’re sure you’ve not been hacked. Gmail users can also mute website alerts.