August, 2013:

Trend Micro updates further developments for Java security attacks. Oracle is improving Java security over time and this documents new sophistication in current approaches:

http://blog.trendmicro.com/trendlabs-security-intelligence/java-native-layer-exploits-going-up/

QUOTE: Recently, security researchers disclosed two Java native layer exploits (CVE-2013-2465 and CVE-2013-2471). This caused us too look into native layer exploits more closely, as they have been becoming more common this year. At this year’s Pwn2Own competition at CanSecWest, Joshua Drake showed CVE-2013-1491, which was exploitable on Java 7 running on Windows 8. CVE-2013-1493 has become a popular vulnerability to target in exploits kits such as Blackhole.

Facebook will be updating their privacy policy in early September as noted below

https://www.facebook.com/notes/facebook-site-governance/proposed-updates-to-our-governing-documents/10153167395945301

http://bits.blogs.nytimes.com/2013/08/29/facebook-to-update-privacy-policy-but-adjusting-settings-is-no-easier/

QUOTE: We are proposing updates to two important legal documents – our Data Use Policy and our Statement of Rights and Responsibilities. These two documents tell you about how we collect and use data, and the rules that apply when you choose to use Facebook. From time to time we update these documents to make sure we keep you posted about the latest things you can do with Facebook.

Mobile phone users should exercise caution as malicious applications are circulating with many noted in China app download centers

http://securitywatch.pcmag.com/mobile-security/315218-nearly-7-000-malicious-android-apps-infest-china-s-appstores

QUOTE: The independent testing lab AV-Comparatives has released the results of a six-month long study of third-party Android app stores. They found that most of the dangerous apps are concentrated in Chinese stores, and encountered about 7,000 dangerous apps in third-party stores. Now that’s a number to worry about. The study ran from November 2012 to May 2013, and looked at 20 major third-party app stores. Of these stores, most are known to be located in China and the region also boasts the most malware found in a single store (1,637 malicious apps in the Anzhi store, but more on that later).  In total, AV-Comparatives found 7,175 pieces of malware and greyware, the latter of which the company defines as things like spyware and adware which is risky but not necessarily malicious. Of the dangerous apps, 95 percent were concentrated in Chinese stores.

Microsoft’s direct support for Windows XP ends on April 8, 2014.   All home & corporate users should prepare in advance and migrate to Windows 7 or 8 well ahead of this event.

http://technet.microsoft.com/library/dn283963.aspx

QUOTE:  It has been twelve years since the release of Windows XP and the world has changed so much since then.  Internet usage has grown from ~361 million to more than 2.4 billion users.  We have witnessed the rise of the internet citizen with members of society connected through email, instant messaging, video-calling, social networking and a host of web-based and device-centric applications.  As the internet becomes more and more woven into the fabric of society, it has also become an increasingly popular destination for malicious activity (as evidenced in the Microsoft Security Intelligence Report.)  Given the rapid evolution, software security has had to evolve to stay ahead of cybercrime.  To help protect users from rapid changes in the threat landscape, Microsoft typically provides support for business and developer products for 10 years after product release, and most consumer, hardware, and multimedia products for five years after product release.

Per our long established product support lifecycle, after April 8, 2014, Windows XP SP3 users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its end of life will not be addressed by new security updates by Microsoft.  Moving forward, this will likely make it easier for attackers to successfully compromise Windows XP-based systems using exploits for unpatched vulnerabilities. In this scenario, antimalware software and other security mitigations are severely disadvantaged and over time and will become increasingly unable to protect the Windows XP platform.

Key links were featured in AUGUST 2013 Microsoft Security newsletter:

http://technet.microsoft.com/library/dn283963.aspx?ocid=wc-nl-secnews

Department of Homeland Security released concerns on growing threat of Android malware and need for improved security controls

http://info.publicintelligence.net/DHS-FBI-AndroidThreats.pdf

Facecrooks security notes new version of this scam currently circulating.  Facebook does not track who views user profiles (and FB users should avoid this)

http://facecrooks.com/Scam-Watch/Your-Recent-Profile-Viewers-Facebook-Scam.html

QUOTE: First off, the sketchy domain name you are redirected to should be a huge red flag. If you choose to continue then you are taken to a Facebook application login screen. We decided to stop here, but it’s pretty safe to assume that you are logging in to a rogue app and this is how the scam is spreading from user to user.  It’s important to remember that anything offering to show you who has viewed or visited your profile is certain to be a scam. Facebook doesn’t allow developers access to the data required to create such apps or extensions.

Scam Message: Your Recent Profile

Viewer’s Scam Type: Profile Viewer, Rogue Facebook Application

Trending: August 2013

Why it’s a Scam: Clicking the scam link takes you to a malicious website outside of Facebook

Facebook shares that they do not track you views user web pages.

https://www.facebook.com/help/210896588933875#Can-I-know-who’s-viewing-my-profile-(timeline)-or-how-often-it’s-being-viewed

A highly realistic email phishing attack led to compromises in website and DNS settings by hackers as described in links:

http://www.theverge.com/2013/8/28/4668346/new-york-times-twitter-hack-linked-to-phishing-email-syrian-electronic-army

http://blog.cloudflare.com/details-behind-todays-internet-hacks

QUOTE:  The dust is still settling from yesterday’s attacks on Twitter and the New York Times, but observers have already gained valuable insight into the methods that made the hacks possible. The LA Times is reporting that the hacks originated with a phishing email sent by the Syrian Electronic Army to the CTO of MelbourneIT, the DNS registrar for both Twitter and the New York Times. The emails were convincing enough to trick one of Melbourne’s resellers into giving up login credentials, which gave the hackers a crucial opening. From there, they were able to acquire the credentials of one of MelbourneIT’s resellers, and go to work redirecting NYTimes.com visitors to the SEA’s own IP address

A Cloudflare post went into more detail on the aftermath of the hack, in which the Times called in outside help from Google, Cloudflare and OpenDNS. The bad records entered by the hackers quickly moved upstream to Verisign, the top-level registrar for nytimes.com, which resulted in major outages and redirections. Strangely, MelbourneIT was unable to fix the registry itself, so the team went to work at every level of the DNS system, from Verisign’s top-level registry to the various servers connecting Verisign to MelbourneIT.

Trend Micro provides an excellent recap in this post:

http://blog.trendmicro.com/trendlabs-security-intelligence/how-can-social-engineering-training-work-effectively/

QUOTE: One particular aspect of DEF CON that always gets some media coverage is the Social Engineering Capture the Flag (SECTF) contest, where participants use nothing more than a phone call to get victims at various Fortune 500 to give up bits of information. These are the sort of social engineering attacks that give security professionals at large enterprises nightmares.  These same professionals may be in charge of programs meant to train employees on how to avoid social engineering attacks, but many of these programs are not as effective as they can and should be. What are some of the things that organizations can do to improve these programs?

1. Give these programs a good name.  It keeps training programs – and their lessons – in the minds of users.

2. Put users on the other side of the attack – teach them basic social engineering.  By putting employees in the role of the attacker, they can understand how to spot an attack and that any data is valuable to a social engineer – not just what would normally be considered “sensitive.”

3. Don’t forget the value of “no”. A very effective tactic used by social engineers is veiled threats that if the target doesn’t do what they are asked, their boss will hear about it and be angry. (employees should not be penalized for being reluctant to share sensitive information over phone or email)

4. Implement “social” penetration testing – i.e., having someone play the role of an attacker and trying to socially engineer employees.

A new application for Windows 7 /8 has just been released that fully indexes all 800 pages into a searchable format. This is an excellent resource for security professionals

http://blogs.technet.com/b/security/archive/2013/08/14/new-microsoft-security-intelligence-report-application-for-windows.aspx

QUOTE: Today we are pleased to announce the availability of a new Microsoft Security Intelligence Report (SIR) desktop application. This app works on Windows 7 and Windows 8 and is designed to provide our readers with an enhanced way to access the vast amount of threat intelligence contained in the SIR.  Here’s a summary of the new SIR app’s key features. All content in one convenient place – The app includes all 800+ pages of content from SIR Volume 14, the latest volume of the report, and is fully searchable.  This makes it easy to find every mention of a particular threat or country/region.

DOWNLOAD – Security Intelligence Report desktop search application

http://www.microsoft.com/en-us/download/details.aspx?id=39929