Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Two Million Dollar Heist

By Richard Branson – Virgin CEO tells how he was almost duped out of $5 Million, and how a close friend of his lost $2 million to scammers.


International Internet Day

Late at night on October 29, 1969, today celebrated as International Internet Day, the first message was sent over the Internet.


IRS chief: assume your identity has been stolen

American’s should “assume their data is already in the hands of criminals and ‘act accordingly.’”  This is something I have said repeatedly since the Equifax breach.  Why is the IRS telling us this?  Because late tax filers can expect to have their refund stolen.


Microsoft Office DDE zero-day: are you protected?

Now comes word of a zero-day vulnerability in Microsoft’s Dynamic Data Exchange (DDE) protocol — which sends messages and shares data between applications. Applications, for example, can use DDE for one-time data transfers and for continuous exchanges where apps send updates to each another as new bits are available.


Office DDE attack works in Outlook too

On Friday, independent reports surfaced showing that it’s possible to run DDE attacks in Outlook using emails and calendar invites formatted using Microsoft Outlook Rich Text Format (RTF), not just by sending Office files attached to emails.  No attachments are required for this exploit to run.


Bad Rabbit Ransomware Attack Appears to be Over

From Barkly , Sophos, and Armor:  The new Petya ransomware variant went offline before we could get it into our reporting schedule.  The solution to this strain of malware is to keep your Windows computer fully updated.

If you come across a request to update Adobe Flash Player, do not install or ask to be reminded later. This update message is fake, and that’s how the malware is currently spreading. Once the system is compromised, the malware encrypts the files and demands a ransom to unlock them.


TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

10/20/2017 06:50 PM EDT  Original release date: October 20, 2017

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners, DHS and FBI identified victims in these sectors. This report contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims’ networks.

DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign. The intent of this product is to educate network defenders and enable them to identify and reduce exposure to malicious activity.


Feds urge airlines to ban laptops in checked bags, citing fire, explosion risk

The U.S. government is urging the world airline community to ban large, personal electronic devices like laptops from checked luggage because of the potential for a catastrophic fire.

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.