Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

The Two Million Dollar Heist

By Richard Branson – Virgin CEO tells how he was almost duped out of $5 Million, and how a close friend of his lost $2 million to scammers.

International Internet Day

Late at night on October 29, 1969, today celebrated as International Internet Day, the first message was sent over the Internet.

IRS chief: assume your identity has been stolen

American’s should “assume their data is already in the hands of criminals and ‘act accordingly.’”  This is something I have said repeatedly since the Equifax breach.  Why is the IRS telling us this?  Because late tax filers can expect to have their refund stolen.

Microsoft Office DDE zero-day: are you protected?

Now comes word of a zero-day vulnerability in Microsoft’s Dynamic Data Exchange (DDE) protocol — which sends messages and shares data between applications. Applications, for example, can use DDE for one-time data transfers and for continuous exchanges where apps send updates to each another as new bits are available.

Office DDE attack works in Outlook too

On Friday, independent reports surfaced showing that it’s possible to run DDE attacks in Outlook using emails and calendar invites formatted using Microsoft Outlook Rich Text Format (RTF), not just by sending Office files attached to emails.  No attachments are required for this exploit to run.

Bad Rabbit Ransomware Attack Appears to be Over

From Barkly , Sophos, and Armor:  The new Petya ransomware variant went offline before we could get it into our reporting schedule.  The solution to this strain of malware is to keep your Windows computer fully updated.

If you come across a request to update Adobe Flash Player, do not install or ask to be reminded later. This update message is fake, and that’s how the malware is currently spreading. Once the system is compromised, the malware encrypts the files and demands a ransom to unlock them.

TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

10/20/2017 06:50 PM EDT  Original release date: October 20, 2017

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers


This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners, DHS and FBI identified victims in these sectors. This report contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims’ networks.

DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign. The intent of this product is to educate network defenders and enable them to identify and reduce exposure to malicious activity.

Feds urge airlines to ban laptops in checked bags, citing fire, explosion risk

The U.S. government is urging the world airline community to ban large, personal electronic devices like laptops from checked luggage because of the potential for a catastrophic fire.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.