May 21, 2012

Posts Comments

You are here: Home / Archives for exploits

Phishing Email from FDIC targets Businesses

February 8, 2012 By Leave a Comment

It’s tax season and we’ve already seen the tax related phishing Emails showing up in our inbox. Early this morning a new phishing scheme was detected that is targeting businesses with Emails purportedly from the FDIC. If you take the time to evaluate the link it can be easily determined to be just that. Here is a screenshot of the message:

FDIC Phishing Email Screenshot

For your convenience and to learn more on how to protect yourself you can also check out this video:

Video not displaying? You can also view it on Youtube.

Here is the entire text of the message (added to properly index this article with the search engines):

Attn: Financial Department

By this message we would like to inform you about the recent alterations in the FDIC insurance coverage for transaction accounts.

During the period from December 31, 2010 to December 31, 2012 all the money in a “noninterest-bearing transaction account” are insured in full by the Federal Deposit Insurance Corporation. Please note, that this measure is temporary and separate from the FDIC’s common deposit insurance regulations.

The term “noninterest-bearing transaction account” includes a traditional checking account or demand deposit account on which no interest is paid by the insured depository institution.

For detailed information about temporary FDIC insurance coverage of transaction accounts, please view the official site link.

Yours sincerely,
Tad Melendez.

Federal Deposit Insurance Corporation

Popularity: 3% [?]

Filed Under: Business/Productivity, News, Security, Videos Tagged With: , , , , , ,

Duqu in the wild, not the drivers you were looking for.

October 19, 2011 By Leave a Comment
Duqu not Dooku

Duqu not Dooku, Image Credit Tracheotomy Bob

The Duqu Remote Access Trojan (RAT) that hit the wild in Europe this week is not a character in the latest Star Wars movie. While it sounds like a George Lucas inspired character duqu comes from the ~DQ prefix that researchers noticed this previously unknown malware was adding to files it creates when it was discovered. I am sure Dairy Queen is happy with their choice. Joking aside this virus is no laughing matter. It seems to have been written by the authors of or with the benefit of the Stuxnet source code. Stuxnet is the virus that was believed to have setback the Iranian nuclear program last year. It’s smaller and appears to be designed to spy on infected computers with a combination of a key stroke logger, a data siphon and remove itself after eluding detection for 36 days.

A new breed of threat

One disconcerting aspect of this particular Trojan is that one of the drivers in a variant used a signed certificate of a known organization in Taiwan. That means that a windows machine will treat that driver as a legitimate driver, just like one you’d download to access a new hardware device on your Windows PC. Luckily the certificate has been revoked. This particular malware mask’s it’s presence on the infected machine quite well providing a challenge to detect.

What can you do to protect yourself?

All of the best practices that apply to information security will help you avoid Duqu. This includes:

  1. Keeping your critical components up to date.
  2. Cautious web surfing and Email habits.
  3. Avoid public charging kiosks.
  4. Avoid flash drives from unknown sources.
Did you already get infected? You might want to visit the post virus opportunity center.

Can we prevent this?

Seeing as the machines that were infected with this Trojan were hit when it was “Zero-Day” it is prudent to consider what other means may have prevented the infection. If it ends up that this virus communicates with hosts in remote countries that a security solution I recently proposed would prevent the infection from transferring or downloading any information rendering it useless.

More information

If you found this article helpful or interesting please share it with your friends.

Popularity: 4% [?]

Filed Under: Business/Productivity, IT Professionals, News, Security, Technology Tagged With: , , , , , ,

Windows and Mac both vulnerable to potential USB Vulnerability

January 31, 2011 By 2 Comments

USB (in)security

There are bulletins at us-cert.gov today for both Windows and Mac OS X being vulnerable to potential Human Interface Device (HID) functionality over USB exploit. The simplest way to explain this vulnerability is that both OS X and Windows lack a warning when you connect a USB connected device such as a smart phone when it is given keyboard or mouse capability. This could lead to a number of different compromises of the host system. This vulnerability has existed since USB HID support was added to both operating environments but was only publicly demonstrated recently. An example was demonstrated at the Black Hat DC conference, Cnet ran an article about it on January 19th.

Other USB related risks

USB connected devices have become a more common source of virus and malware infections. In 2010 there was actually a worm that spread via USB memory sticks called “Conficker” worm. As early as 2008 USB was becoming recognized as a much more common vector for virus propagation.

Protecting yourself

Since USB devices involve user interaction, it is an area where user education and caution is key. We can count on Apple and Microsoft to respond to this HID issue, but we can also say with certainty that there will be others that will come up in the future. Here are some simple suggestions to prevent becoming a victim:

Tips for individuals

  1. Store your USB storage devices in a safe place.
  2. Use memory sticks only from extremely trusted sources.
  3. Do not allow others to use your computer to charge their USB devices.
  4. Purchase memory sticks from trusted sources in clearly sealed packaging.

Extra tips for businesses

  1. Include an area that governs USB devices in your Acceptable Usage Policy (AUP).
  2. Do not allow third parties to use USB devices or charge phones on your corporate systems.
  3. Consider implementing software or software policies that control access to USB ports on your systems.

You might also want to read these related articles on how you can function more securely:

Education: the Answer to Zero Day Exploits
Good Personal Choices – the most powerful Information Security Tool

Popularity: 8% [?]

Filed Under: Business/Productivity, Hardware, IT Professionals, Security Tagged With: , , , , , ,

Large batch of Google Chrome Vulnerabilities and How to Protect Yourself

January 24, 2011 By Leave a Comment

There is a rather large batch of critical Chrome Vulnerabilities in this weeks US CERT advisory report SB11-024. The CERT Advisories are part of a US Government effort to keep people informed of product security issues.  Most of them have a factor of 9.3 to 10 out of 10, the highest possible which means if exploited on your computer it is likely that the attacker could gain access to your computer. The actual bulletins include PDF and HTML document handling, denial of service and unknown impacts that lead to “stale pointer”. This would most likely occur when accessing a website or a PDF file with a vulnerable version of the Chrome browser.

Who should care?

Do you use the Chrome Browser or Chrome OS? If you do then you should take action to confirm that you will not be vulnerable.

How to tell

With your Chrome Browser open click the small tool icon in the top right of the browser window pictured below:

How to Open About on Google Chrome

Once the above drop-down menu appears click the “About Google Chrome” menu item. This will result in a screen that will tell you if your browser is up to date and what version it is running:

About Results Google Chrome

The critical piece of information is the green check mark at the bottom of the page. If Chrome is not update or in this case is a version older than 8.0.552 your browser is vulnerable and needs to be updated. In most cases Chrome will be up to date as it is configured to update automatically. This is actually one of the strengths of this browser platform.

Popularity: 5% [?]

Filed Under: IT Professionals, News, Security Tagged With: , , , , , , , , , ,

Joe Reviews SB10-242 Cert Report (Video)

August 30, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. This includes issues with Adobe products, Chrome and Mozilla Firefox. Be sure to update these products if you haven’t recently. This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Popularity: 4% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , , , , ,

Joe Reviews SB10-221 Cert Report (Video)

August 9, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. This update contains issues with Apple iTunes, Safari and Mozilla Firefox. Be sure to update these products if you haven’t recently. This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Popularity: 4% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , , , , , , ,

Plague of Adobe Acrobat and Reader Vulnerabilities Continues

July 7, 2010 By Leave a Comment

I seem to write a post on this once a month minimum. When I opened this weeks Cert advisory there were 14 9.3 vulnerabilities for Adobe Reader and Acrobat. This plague of vulnerabilities and the related exploits that have popped up remind me of Internet Explorer 5 years ago. So here at Managed Solutions we are once again advising our clients to apply any updates to Adobe products when prompted or to exercise extra caution with .pdf files. Here is the menacing list of vulnerabilities announced on 6/30/2010:

Click to view full size.

14 Adobe Acrobat Vulnerabilities

Enhanced by Zemanta

Popularity: 6% [?]

Filed Under: IT Professionals, Security, Technology Tagged With: , , , ,

Why you should not bypass Java and other Updates

April 5, 2010 By 2 Comments

A very common complaint by end users involves “automatic updates” and some people go to great lengths to avoid them. We published this quick tip about when and how to run them to minimize the impact. There are several programs that you should think twice before bypassing or ignoring the update:

  • Windows Critical Updates
  • Adobe Acrobat
  • Flash Viewer
  • Oracle/Sun Java

The last item on this list is the primary purpose for this post, check out this bulletin from March 2009 related to Oracle Java. There were a total of 27 new security fixes:

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 27 new security fixes across all products.”

So please, when you get the notices for these updates – run them. Another great way to avoid many of these problems is to operate your computer with an account that has lower permissions. We will write a follow up describing how to do that and why.

If you’d like to see a chronological history of the Java updates or see if there are new ones go here. You can also add them to your RSS reader here.

Reblog this post [with Zemanta]

Popularity: 7% [?]

Filed Under: Business/Productivity, Security Tagged With: , , , ,

Update Microsoft Office Products – Joe Reviews SB10-074 Cert Report (Video)

March 15, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. This update contains the infamous Arucer.dll that came with the charging software on the Energizer Duo USB. Also definitely recommend updating your Microsoft Office products if you haven’t recently. This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Reblog this post [with Zemanta]

Popularity: 5% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , , , ,

Update Adobe Acrobat, Again – Joe Reviews SB10-060 Cert Report (Video)

March 5, 2010 By Leave a Comment

Here is a review of this weeks Cert Advisory. Adobe Acrobat has returned, please be sure to update! This is a weekly feature here at Managed Solutions. If you have questions about this video post a comment here or ask on our Facebook Fan Page.

Reblog this post [with Zemanta]
Related Posts Plugin for WordPress, Blogger...

Popularity: 3% [?]

Filed Under: IT Professionals, Security, Videos Tagged With: , , , , ,
« Older Posts