Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Two Million Dollar Heist

By Richard Branson – Virgin CEO tells how he was almost duped out of $5 Million, and how a close friend of his lost $2 million to scammers.


International Internet Day

Late at night on October 29, 1969, today celebrated as International Internet Day, the first message was sent over the Internet.


IRS chief: assume your identity has been stolen

American’s should “assume their data is already in the hands of criminals and ‘act accordingly.’”  This is something I have said repeatedly since the Equifax breach.  Why is the IRS telling us this?  Because late tax filers can expect to have their refund stolen.


Microsoft Office DDE zero-day: are you protected?

Now comes word of a zero-day vulnerability in Microsoft’s Dynamic Data Exchange (DDE) protocol — which sends messages and shares data between applications. Applications, for example, can use DDE for one-time data transfers and for continuous exchanges where apps send updates to each another as new bits are available.


Office DDE attack works in Outlook too

On Friday, independent reports surfaced showing that it’s possible to run DDE attacks in Outlook using emails and calendar invites formatted using Microsoft Outlook Rich Text Format (RTF), not just by sending Office files attached to emails.  No attachments are required for this exploit to run.


Bad Rabbit Ransomware Attack Appears to be Over

From Barkly , Sophos, and Armor:  The new Petya ransomware variant went offline before we could get it into our reporting schedule.  The solution to this strain of malware is to keep your Windows computer fully updated.

If you come across a request to update Adobe Flash Player, do not install or ask to be reminded later. This update message is fake, and that’s how the malware is currently spreading. Once the system is compromised, the malware encrypts the files and demands a ransom to unlock them.


TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

10/20/2017 06:50 PM EDT  Original release date: October 20, 2017

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners, DHS and FBI identified victims in these sectors. This report contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by APT actors on compromised victims’ networks.

DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign. The intent of this product is to educate network defenders and enable them to identify and reduce exposure to malicious activity.


Feds urge airlines to ban laptops in checked bags, citing fire, explosion risk

The U.S. government is urging the world airline community to ban large, personal electronic devices like laptops from checked luggage because of the potential for a catastrophic fire.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment