June, 2014:

The FBI is warning about increased attacks in recent months:

http://www.networkworld.com/article/2393048/malware-cybercrime/fbi-warns-businesses-man-in-the-e-mail-scam-escalating.html

QUOTE: The FBI and Internet Crime Complaint Center (IC3) are warning businesses to be on the lookout for growing scam that tricks them into paying invoices from established partners that look legitimate but in fact are fraudulent. The FBI says the scam is a tweak of the timeworn “man-in-the-middle” scam and usually involves chief technology officers, chief financial officers, or comptrollers, receiving an e-mail via their business accounts purportedly from a vendor requesting a wire transfer to a designated bank account, the FBI said.  In the “man-in-the-e-mail” scam, e-mails are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it difficult to identify the perpetrator’s e-mail address from the legitimate address. The scheme is usually not detected until the company’s internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made.

A rare Android SMS worm has been discovered that spreads to other users via links in text messages.

http://www.adaptivemobile.com/blog/selfmite-worm

http://www.computerworld.com/s/article/9249430/Self_propagating_SMS_worm_Selfmite_targets_Android_devices

QUOTE: SMS worms for Android smartphones don’t appear very often. The vast majority of Android malware that has been discovered to date can be treated as trojans. But it doesn’t mean that other types of malware like SMS worms don’t exist. Recently an SMS worm dubbed Samsapo was discovered and analysed by a number of antivirus companies. Samsapo used a pretty common monetization mechanism: it was able to subscribe an infected device to a premium-rate service. It was also capable of stealing various types of personal information from a smartphone. AdaptiveMobile has analysed and confirmed a new piece of malware, termed Selfmite, that is also able to propagate via SMS. Potential victims receive the following SMS message containing a URL pointing to the Selfmite worm.

More comprehensive history review techniques are highlighted below:

http://www.nytimes.com/2014/06/26/technology/personaltech/finding-old-posts-on-the-facebook-timeline.html

https://www.facebook.com/help/www/280386008655300

QUOTE:  QUESTION — I was scrolling back through my Facebook Timeline in my web browser and noticed some of my previous posts and photos weren’t there. How do I get them all back?

ANSWER — Facebook typically begins to just show you Timeline “highlights” after about a week. All your previously posted material is still there, but you have to find the menu option to display it.  To find the missing stories, start scrolling down your Timeline page. After you get about seven or eight days into the past, you should see a little gap in the posts and a small menu triangle next to the word “Highlights.”  Click the menu triangle and select “All Stories” instead of “Highlights” to see your previous posts when you scroll through.  If you do not want to spend a lot of time scrolling, you can also jump to a more specific point in your Timeline by clicking the month or year on the vertical gray list to the right of the Timeline column.

Lastline Labs shares a year long study of AV effectiveness.  While noting AV protection is essential, it isn’t always timely in detecting latest threats.

http://labs.lastline.com/lastline-labs-av-isnt-dead-it-just-cant-keep-up

QUOTE: Much has been said in recent weeks about the state of AV technology. To add facts to the debate, Lastline Labs malware researchers studied hundreds of thousands of pieces of malware they detected for 365 days from May 2013 to May 2014, testing new malware against the 47 vendors featured in VirusTotal to determine which caught the malware samples, and how quickly.  Some other interesting findings of this Lastline Labs research:

1. On Day 0, only 51% of AV scanners detected new malware samples
2. When none of the AV scanners detected a malware sample on the first day, it took an average of two days for at least one AV scanner to detect it
3. After two weeks, there was a notable bump in detection rates (up to 61%), indicating a common lag time for AV vendors
4. Over the course of 365 days, no single AV scanner had a perfect day – a day in which it caught every new malware sample
5. After a year, there are samples that 10% of the scanners still do not detect

Users must safely navigate social networks where sensitive information may be exchanged:

http://securitywatch.pcmag.com/security/325048-are-social-media-networks-the-next-cyberattack-victims

http://www.zerofox.com/whatthefoxsays/the-anatomy-enterprise-social-cyber-attack-infographic/

QUOTE: The past year has seen a number of security horror stories. Now the big question is, who or what will be targeted next? Social risk management company ZeroFox argues that social media platforms are going to be compromised next. In a recent infographic, the company reveals that cyber-criminals are using popular social networks such as Facebook, Twitter, and LinkedIn, to launch targeted malware and phishing campaigns.

Crooks rely on bot armies to successfully carry out their campaigns, whether it’s malware or phishing. Bots are molded to look like trustworthy social media profiles; they usually have relevant popular content and post viral videos and articles that can reach many users. Two different types of bots exist: a bot account and a “sock puppet”. A bot account is created and operated remotely through software. A “sock puppet” is a fake account operated by a person pretending to be someone he or she isn’t.

After the bot army is made, the cybercriminal will decide on a target. Attacks could be focused against specific organizations, an organization’s customers, or against the general public via trendjacking, a PR tactic that subverts trending topics to highlight different messages. Once a method of attack is chosen, criminals connect their bots to targeted victims by filling their bots’ profiles with funny images or attention-grabbing content

The following article from eWeek provides an update of alliances working for common good of Internet communities.

http://www.eweek.com/security/threat-intel-sharing-communities-spring-up-to-aid-network-defenders.html

QUOTE: Three years ago, companies that wanted to exchange information on the latest cyber-threats needed to belong to one of several exclusive clubs, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC), Microsoft’s Active Protections Program (MAPP) or the Anti-Virus Information Exchange Network (AVIEN). Since then, new information sharing tools and networks have emerged to allow businesses to exchange attack information with other companies. In September 2013, for example, Hewlett-Packard launched a threat-intelligence sharing environment, dubbed Threat Central, which allows its customers to upload threat data and share it with other subscribers. Security and network-management provider AlienVault supports the Open Threat Exchange that allows anyone to upload threat data and post analyses.

Security services firm Cyber Squared offers companies a similar environment known as Threat Connect. While each provider has a different goal for their platform, the offerings allow business customers to gain intelligence and share information on threats, usually in machine-readable format that speeds their response to attacks, Jerry Bryant, lead security strategist for the Microsoft Security Response Center (MSRC), told eWEEK. Defenders need to counter attackers’ ability to quickly share information on network weaknesses, he said.

Users should promptly update their systems to the latest version of Adobe Flash Player 14

http://www.intego.com/mac-security-blog/adobe-tackles-security-flaws-with-flash-update/

http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

QUOTE: Adobe Systems has released a new round of security updates for Adobe Flash Player for Windows and Mac. The company released Adobe Flash Player 14.0.0.125, which tackles a total of 6 “vulnerabilities that could potentially allow an attacker to take control of the affected system,” described Adobe’s security bulletin (APSB14-16).

Mozilla Firefox 30 provides security and feature enhancements

http://www.eweek.com/security/firefox-30-delivers-7-security-fixes-other-changes.html

http://www.mozilla.org/en-US/firefox/30.0/releasenotes/

QUOTE: In contrast to the fanfare associated with Firefox 29 and its new interface, Firefox 30 delivers security fixes and incremental feature updates.  Not all browser releases are full of exciting, new features users will immediately notice. The Mozilla Firefox 30 browser does not include major new features, yet it does provide users with security fixes and some incremental updates.   Released June 10, Firefox 30 improves on the Firefox 29 browser, which debuted April 29 with the biggest user interface update for the open-source browser in years.  On the user interface side, the Firefox 30.0 release notes indicate that the sidebars button in the browser now enables faster access to social, bookmark and history sidebars. Additionally, with Firefox 30.0, Mozilla is now providing users with support for the GStreamer 1.0 framework for multimedia streaming.  Firefox 30.0 includes seven security advisories attached to the open-source browser release.

Intego security shares an informative summary of key parental concerns for children accessing Internet resources.

http://www.intego.com/mac-security-blog/infographic-teen-internet-use-and-parental-controls/

QUOTE: These days, children of all ages can access the Internet from all sorts of devices. Do your kids have their own computers or smartphones? Well, if so, chances are good you won’t always be around to monitor their online activities.   It’s up to parents to make the decisions in their households, putting you in charge of protecting your children online. To better understand how teens access the Internet and to see whether or not they are monitored by parental controls, Intego surveyed over 490 parents this month. Check out the infographic below for statistics on teen Internet use and how parents use parental controls.

ESET provides an excellent analysis of Simplelocker, which is an Android based File-Encrypting and TOR-enabled Ransomware.  Cleaning and removal techniques are available for variants currently circulating

http://www.welivesecurity.com/2014/06/04/simplocker/

http://www.welivesecurity.com/2014/06/25/simplocker-new-variants/

http://www.virusradar.com/en/Android_Simplocker.A/description

QUOTE: Our developers have created ESET Simplocker Decryptor, an easy-to-use tool to decrypt files that have been encrypted by Simplocker. To install the application, please download it from Virus Radar with your device or scan the QR code below. To install the app, you must allow installation from Unknown Sources (Settings -> Security -> Unknown Sources).