GOOD INTRODUCTION FOR BEGINNERS
SOPHOS, another security firm has this interesting audio/video "Malware 101" presentation which runs slightly over an hour.
Thursday, February 27, 2014
MALWARE 101
SOPHOS, another security firm has this interesting audio/video "Malware 101" presentation which runs slightly over an hour.
APT = ADVANCED PERSISTENT THREAT
FireEye RELEASES 2013 APT REPORT
While checking out some of my favorite security Blogs this morning I read on FireEye's site that they just released their 2013 APT [Advanced Persistent Threat] report, which made for interesting reading. The post was written by Kenneth Geers, a Senior Global Threat Analyst at FireEye.
It didn't come as a shock that they discovered 11 "Zero Day" attacks with JAVA security holes holding the dubious honor of "Most Attacked" in the first half of the year, giving way to Internet Explorer attacks during the second half of 2013, including issues with FLASH being built into the latest browser for Windows 8.
While there were specific numbers in the amount and type of attacks, I think the graphic they displayed will give you a better picture of things.
 |
| YOU'LL SEE A LARGER, EASIER TO READ GRAPHIC ON THEIR SITE |
If interested, the post on the report can be found HERE.
'Nuff Said,
Brian
Wednesday, February 26, 2014
ROUTER ME THIS, ROUTER ME THAT BATMAN...
OH WOE THE WIRELESS ROUTER
As I wrote sometime ago, there was a security problem with Linksys wireless routers, and then I read about security issues with ASUS wireless routers. Did it stop there? No. Having recently read an article on Techworld's website, it was somewhat disturbing to digest it's contents. Here is an excerpt -
"Using the top 50 selling home routers for sale on Amazon, the firm detected software vulnerabilities in three quarters with a third of these having publically documented flaws open for any attacker to exploit. Common problems included vulnerable management interfaces and dodgy authentication."
That my fervent readers is a freak'n bunch of routers. This all ties in with another article whose topic dealt with wireless routers propagating an aerial viral attack on other wireless routers.
I can attest to the fact that many of the routers I come across have never had their login/passwords changed from the factory default [until I changed them], but how many others are there like this? I think there are a lot of them. You can read the Techworld article HERE, and the aerial assault article HERE.
'Nuff Said,
Brian
APPLE FINALLY PATCHES MAC'S
RELEASE OS X 10.9.2
While iOS users got their patch for the goofball security hole in Apple's OS, they have finally issued a patch for Mac's, as seen above, 10.9.2 - and please, make sure you do it.
The download can be rather large [ed. - DSL users start download just before your nap], in the 400-800mb size range and patches other things besides the one hole that has been making headlines.
And, if you're the type of person who would like to know everything about 10.9.2, you can look no further than HERE.
'Nuff Said,
Brian
Tuesday, February 25, 2014
WHAT SMART PHONES ARE USED FOR
AND WHO GETS INFECTED THE MOST
[Originally posted on my Everythingandthebathwater Blog]
This graphic displays what Intel researchers determined [Source: web.stagram.com .@intelitcenter]:
And of course, this can lead to problems like - Malware infections. Here are two graphics from a Kaspersky report on the malware growth of 2013:
"Android remains a prime target for malicious attacks. 98.05% of all malware detected in 2013 targeted this platform, confirming both the popularity of this mobile OS and the vulnerability of its architecture."
Which is very visible in the next graphic:
You can read Kaspersky's full report HERE.
'Nuff Said,
Brian
IS YOUR PC INFECTED?
SURE SIGNS OF INFECTION...
Is your computer infected? Maybe you know, perhaps you suspect, or, maybe you don't know. In any case, here are 7 typical symptoms of infection, and remember, if your computer becomes infected and you aren't computer savvy, call in your technical support but turn the computer OFF until they arrive -
- Seemingly overnight you have new icons on your desktop for PC optimization, 24x7 support, etc. As well as new icons in the lower right corner of your desktop screen next to where the time is displayed. Some of these may pop-up and want you to start their product and as often as you can kill the pop-up, it returns.
- A somewhat official looking pop-up/screen appears that seems to be from Microsoft security and starts finding an improbable number of viruses. You now have what is called the "FAKE AV" virus.
- When your on the Internet and choose to go to a website you are frequently, if not always re-directed elsewhere.
- A large screen bearing the initials FBI appears, and says you have been on some very bad websites but they can fix you up for a fee.
- You can't access TASK manager, Control Panel, much less open a command window, and the little red icon on the right says "Alert, computer no longer protected by anti-virus product" [or something similar to that].
- You can access the TASK manager and while you aren't even using the internet you observe a high amount of traffic passing between your computer and the internet, and you can see your hard disk light showing quite a bit of activity.
- Strange toolbars are suddenly appearing on your browser when you open it. If you didn't ask for them, you should suspect where they came from.
Remember to keep your Adobe Reader and Flash updated, along with JAVA via their respective websites. May all of your web surfing be safe, and shark-free...
'Nuff Said,
Brian
Monday, February 24, 2014
JAVA??
MUCH LIKE SWISS CHEESE, JAVA HAS MANY HOLES
There is not much reason to go into this subject, which I've written about before, too deeply. Basically, both Java and Adobe Flash make easy targets of your computer.
FireEye has released a security paper which covers 4 of the most widely exploited Java vulnerabilities which you can view (.pdf) HERE.
'Nuff Said,
Brian
APPLE'S SECURITY ISSUE
A PROBLEM WITH ENCRYPTION
This is probably not new news to some, but I read about it last Friday (21st). It's about a coding error when Apple implemented a basic encryption feature that shields data from snooping. The problem was in both iOS and MAC systems, but shortly after reading the article, Apple had already sent an update to iOS devices [ed. - talk about F-A-S-T], but a patch has yet to be released for users of the MAC OS.
This also affected several applications including: Apple’s Mail, FaceTime, Calendar, Keynote, the Safari browser, iBooks and its Software Update applications, along with several 3rd party apps. Until a patch for MAC users is provided, consider your personal information in more danger than usual.
For iOS users, you should have iOS version 7.06 and takes only a few minutes to update your device.
'Nuff Said,
Brian
ANDROID USERS - THERE'S AN OLD BOT IN TOWN
"YET STILL VERY DANGEROUS"
A banking ibot for the Android operating system will see an increase. Last year it sold for $5,000 per bot, but recently the code was released on some shady websites so that any group or person can come up with a way to infect you [ed. - yet another reason to have some sort of mobile security].
According to an article by Lucian Constantin on Computerworld's website the bot can do a variety of things. He wrote -
"In addition to capturing incoming and outgoing text messages, the iBanking app can redirect calls to a pre-defined phone number, capture audio from the surrounding environment using the device's microphone and steal data like the call history log and the phone book, the researchers said."
You can find the article HERE.Oh, and here's another article based on a paper put out by researchers at RiskIQ regarding malicious APPS in the Google Play store. The headline for this article is:
Malware-infected Android apps spike in the Google Play store
Wallpaper Dragon Ball and Finger Hockey were among the most downloaded malicious apps
Also, here's a nugget from the article which you'll find HERE,"In 2011, there were approximately 11,000 apps in Google's mobile marketplace that contained malicious software capable of stealing people's data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google's store contained spyware and information-stealing Trojan programs, researchers said."
'Nuff Said,
Brian
Friday, February 21, 2014
ADOBE SECURITY BULLETIN RELEASED
UPDATE YOUR ADOBE FLASH [FROM THEIR WEBSITE]
Adobe should have issued an emergency Flash update on Thursday [Adobe Security Bulletin, in full, HERE], and you should go to their website to update yours today. Do not trust pop-up windows with a link to the update because it's [ed. - as I always say, "Possible that it's a fake pop-up window"].
'Nuff Said,
Brian
Microsoft Security Advisory (2934088)
MICROSOFT OFFERS SOME HELP TO I.E. 9 AND 10 USERS
Microsoft issued Security Advisory (2934088), dealing with attacks on Internet Explorer 9 and 10 users, which should thwart and attack under they issue a patch, possibly on March 11th. In part, the advisory said -
'Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability. Other supported versions of Internet Explorer are not affected. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information.
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.'
The full advisory can be read HERE, and the work around can be found HERE. You'll want to click on the FIXIT icon that is marked ENABLE.
'Nuff Said,
Brian
Friday, February 14, 2014
ONE THIRD OF INTERNET EXPLORER USERS UNDER ATTACK
YOU HAD TO KNOW IT WAS ONLY THE TIP OF THE ICEBERG
After reports surfaced late yesterday about IE-10 users being open to a zero day exploit, it was revealed later that not only are IE10, but also IE9 users are open targets. With Microsoft not sure if they'll patch it immediately or just wait until the usual next patch date of March 3rd it sounds like twiddle-dee-dum-twiddle-dee-dee.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10. As our investigation continues, we recommend customers upgrade to Internet Explorer 11 for added protection," a Microsoft spokesperson said via email.
So what do they suggest? upgrade to Internet Explorer 11, which leaves Vista users out in the cold, not to mention that there are still nagging compatibility issues with IE11.
Perhaps you should run Firefox in the meantime, while Microsoft figures out what they'll do, but whatever you do, surf the web safely -
'Nuff Said,
Brian
Thursday, February 13, 2014
ZERO DAY EXPLOIT ATTACKING USERS OF I.E.10
"UGH..."
Just days after Microsoft send out a flurry of patches (24 I.E. patches, 15 just for I.E.10 alone), Internet Explorer 10 is under attack for yet another hole in it's fabric. Microsoft is (of course) saying they are aware of the attacks and will act as soon as possible.
 |
IE10, targeted by attackers exploiting a "zero-day"
vulnerability, is on its way out as Microsoft pushes the newer IE11 to Windows 7
and Windows 8 users. Last month, IE10 accounted for about 16% of all versions of
Internet Explorer used to browse the Web. (Data: Net Applications.)
|
Besides the fact that Microsoft Windows 8 sucks, and they know it, their credibility is on the line as far as the software they push out on customers who are like hamsters running the wheel and taking hits left'n-right because of inadequate testing.
Internet Explorer 9 was a bust, creating issues for many people trying to login to secured websites, I.E.10 had the same issues as well as I.E.11. Obviously they haven't learned their lessons from previous failures, but hopefully the new anointed CEO will act swiftly to prevent further customer damage. You can read about this HERE, and HERE.
'Nuff Said,
Brian
iTUNES ALERT!! VERSION 11.1.14
BE CAREFUL AND THINK BEFORE YOU UPGRADE TO THE LATEST VERSION
Through my work, and unfortunately at home, I have discovered issues with the latest update which could cost you money and lots of time should you try to repair the damage.
My wife Robin ran the latest update and half-way through the process she started receiving errors messages and the update bombed out. Her iTunes no longer works. My first thought was trying a System Restore - which did not repair the damage done. Several days later I was doing a PC cleanup for a customer and he told me of his woes concerning the latest update, and the story was the same. He worked with APPLE support all weekend and finally got a multi-page list of instructions to repair the damage - it took all weekend and added a few gray hairs, but he finally fixed it.
Since then I've personally come across 3 more cases with the same sad story, and have seen other techs assigned calls with similar issues, so before you run an update, look at what the update is for. In many cases it involves their latest devices and if you don't own them, DON'T DO THE UPDATE. I've seen many other people on support pages begging for help and believe this is not specific to any operating system, but to the update itself. I've also read where this may corrupt information on your iPhone or iPad, via the many web searches I've done in the last two weeks. It may work for one person and not for another [I saw this same scenario happen in 2009].
The following has worked for some people, and if your iTunes is already in trouble you can try the steps below:
APPLE NOTES:
For Windows XP, follow these steps to remove and reinstall iTunes and other software components for Windows XP.
Expand All | Collapse All
Overview
In some rare instances, it may be necessary to remove all traces of iTunes and related software components from your computer before reinstalling iTunes. For most technical issues, reinstalling iTunes is an unnecessary and overused troubleshooting step. If you're directed to reinstall iTunes by AppleCare, an article, or an alert dialog, you can do so by following the steps in this article.
Notes
iTunes Store purchases or songs imported from CDs are saved in your My Music folder by default and aren't deleted by removing iTunes. While it's highly unlikely that you'll lose any contents of your iTunes Library when following these steps, it's always a good idea to ensure that your iTunes library is backed up. If you're unsure how to backup, follow these steps.
These steps may take a significant amount of time to complete, depending on your system.
1. Remove iTunes and related components from the Control Panel
Use the Control Panel to uninstall iTunes and related software components in the following order and then restart your computer:
- iTunes
- Apple Software Update
- Apple Mobile Device Support
- Bonjour
- Apple Application Support (iTunes 9 or later)
You can refer to these steps on removing these components:
Quit the following programs if they are running:
iTunes
Apple Software Update
For Windows 8: Click File Explorer > Settings > Control Panel
For Windows Vista or Windows 7: From the Start menu, click Control Panel.
In Control Panel, click the "Uninstall a program" link as shown below. The Programs and Features Control Panel opens.
Alternately, if you don't see the "Uninstall a program" link, click Programs and Features.
Select iTunes from the list of currently installed programs.
Click Uninstall.
When asked if you would like to remove iTunes, click Yes.
After the uninstallation is complete, don't restart your computer if you're prompted.
If you see other iTunes entries in the list, remove them by repeating steps 4-6.
- Remove any iPod Updater applications that are listed the same way you removed iTunes.
- Remove all instances of Apple Software Update the same way you removed iTunes.
- Remove all instances of Apple Mobile Device Support the same way you removed iTunes.
- Remove all instances of Bonjour the same way you removed iTunes.
- Remove all instances of Apple Application Support the same way you removed iTunes.
- Restart your computer.
2. Verify iTunes and related components are completely uninstalled
In most cases, removing iTunes and its related components from the Control Panel will remove all supporting files belonging to those programs. In some rare cases, files may be left behind. After following the previous steps, you should confirm that the following files and folders have been removed. If any are left behind, remove them now:
- C:\Program Files\Bonjour
- C:\Program Files\Common Files\Apple\
- C:\Program Files\iTunes\
- C:\Program Files\iPod\
If you have a 64-bit version of Windows, you'll need to confirm that the following folders have been removed:
- C:\Program Files (x86)\Bonjour
- C:\Program Files (x86)\Common Files\Apple\
- C:\Program Files (x86)\iTunes\
- C:\Program Files (x86)\iPod\
If you aren't sure how to remove these files, you can follow these detailed steps:
For Windows Vista or Windows 7: From the Start menu, select Computer.
For Windows 8: Click File Explorer.
Open Local Disk (C:) located in Computer, or whichever hard disk your programs are installed on.
Open the Program Files folder.
Right-click the Bonjour folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the iPod folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Note: Follow the additional steps at the end of this article if you receive the alert "Cannot delete iPodService.exe: It is being used by another person or program" when trying to delete this folder.
Right-click the iTunes folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Open the Common Files folder.
Right-click the Apple folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Note: If you have a 64-bit version of the Windows OS, continue with step #10. Otherwise, skip to step #15.
For Windows Vista or Windows 7: From the Start menu, select Computer.
For Windows 8: Click File Explorer.
Open Local Disk (C:) located in Computer, or whichever hard disk your programs are installed on.
Open the Program Files (x86) folder.
Right-click the Bonjour folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Right-click the iPod folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Note: Follow the additional steps at the end of this article if you receive the alert "Cannot delete iPodService.exe: It's being used by another person or program" when trying to delete this folder.
Right-click the iTunes folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
Open the Common Files folder.
Right-click the Apple folder (if it exists) and select Delete from the shortcut menu. Choose Yes when asked to confirm the deletion.
From the Start menu, select Computer.
Open Local Disk (C:) in Computer, or whichever hard disk your operating system is installed on.
Right-click the Recycle Bin and select Empty Recycle Bin.
3. Reinstall iTunes and related components
After verifying that iTunes is completely uninstalled, restart your computer and download and install the latest version of iTunes.
If the issue you're troubleshooting isn't resolved after following these steps, it isn't necessary to remove and reinstall iTunes multiple times. Instead, you may find helpful information on the iTunes Support page, such as troubleshooting steps related to specific alert messages.
Additional Information
iPodService.exe Alert
Follow these steps if the message "Cannot delete iPodService.exe: It is being used by another person or program" appears when you try to delete the iPod folder.
- Make sure that iTunes and the iPod Updater utility aren't open.
- Press and hold Control-Alt-Delete.
- Select Start Task Manager.
- Click the Processes tab.
- Locate the iPodService.exe in the list.
- Click iPodService.exe and choose End Process.
- Quit the Task Manager.
From INFOWORLD:
MSVCR80.dll errors and other problems plague iTunes 11.1.14 on Windows
Windows-based iTunes customers report problems with the latest update, and solving the issues can be a complex process
If you're trying to install the latest iTunes update, version 11.1.14, on a Windows computer, you may be in for a rocky ride. Customers have reported problems with corrupt Registry entries, MSVCR80.dll missing errors, nightly Genius update crashes, problems locating an attached iPhone, and much more.
Many -- but not all -- of those problems succumb when all Apple products are removed and reinstalled. Not just iTunes, mind you, but every program Apple has installed on your Windows computer. The screw-up is so common that Apple has a Knowledge Base article on the topic.
Please be careful and after reading this, try to put this current update off until a better one comes your way -
'Nuff Said,
Brian
Wednesday, February 12, 2014
A CYBERESPIONAGE STORY ABOUT...
"CARETO"
[English translation: "The Mask"]
It all started in a dim lit alleyway, where two shadowy figures exchanged secret handshakes and a exchange transpired - money, for a USB stick. Not any USB stick mind you, but one that carried a certain Malware on it known to security firms around the world as "Careto", or, "The Mask". The USB stick was then encased in a hollow section of the statue of a black bird, known only as "The Malware Falcon"....Enough of my imagination running away with itself, but you can forget the narrative above except for "Careto" which is real, and does translate as "The Mask". The reporting of such things like this can be a little dry and boring so I thought I'd grab your attention briefly. This cyber-espionage operation was so secret it went undetected for many years, attacking, infesting hundreds of computers in over thirty countries. The fact that much of the code was in Spanish was unique, as you don't see much Malware come from Spain.
Kaspersky researchers released a .PDF document detailing exactly what Careto did, and if you'd like to find out more, here is a link to that .PDF [all 65 pages! ]
'Nuff Said,
Brian
NEW XP AND IE PATCHES OUT NOW
If you don't have your Windows updates set to "auto", then you should do a manual update to catch the latest patches for Windows XP and Internet Explorer (All versions).
Monday, February 10, 2014
SILENCE TO THE LAMBS
I was surprised to today while checking various security blogs and websites that last week 24 of Comcast's mail-servers had been hacked. No one knows if or whose data was stolen, only that Comcast was aggressively looking into the situation. I would have preferred an email letting me know of this issue rather than having to read about it a week later HERE. What about you, do you like being a lamb?
Thursday, February 6, 2014
ADOBE RELEASES PATCH TO BLOCK DEATH RAY
WHAT?? WHO WRITES THIS DRIBBLE?
Okay folks, it's time to check your Adobe Flash lotto numbers!! Go to your control panel and then to the area which shows applications and if your Adobe Flash version isn't 12.0.0.44 for either Windows or MAC and a lower version - then get thee to a nunnery [ed. - in this case Adobe's website].
That terrible zero-day exploit I mentioned recently can allow someone to take over your computer (Windows or MAC), and it can even be embedded in an email!
So if you do only ONE thing today, make sure that you go to Adobe's website, scroll down their home page until you see the update links (usually on the lower left side corner) -
'Nuff Said,
Brian
Wednesday, February 5, 2014
ANOTHER ZERO DAY EXPLOIT. WHO IS IT THIS TIME?
ADOBE FLASH
Adobe issued a security bulletin yesterday warning users to upgrade to a new update just released that addresses an exploit discovered "In the Wild". These updates address a critical vulnerability that could potentially allow an
attacker to remotely take control of the affected system [ed. - not good. Very-very-very bad]. This exploit was discovered by Kaspersky Labs, and to get a better idea of what's going on, read the bulletin HERE.
'Nuff Said,
Brian
Tuesday, February 4, 2014
A NASTY COCKTAIL
POS MALWARE AND XP
With support for Windows XP ending this April, and a high percentage of POS devices using it, or the embedded version, it would be fair to say this may be the "YEAR OF THE SWIPE". Symantec published a 12 page .PDF document about this same subject/scenario which you can find HERE.
'Nuff Said,
Brian
Monday, February 3, 2014
GLANCING UP AT MOUNT OLYMPUS WE SEE...
ZEUS!!
You remember Zeus right? As a Trojan [ed. - No, not the "300" kinda Trojan], it hit banks/online banking very hard, if you recall the stories. Well, Zeus is still around and being manipulated in a variety of ways to continue to make it a threat. One of the latest involves an email with a zipped file and a file extension .enc which slips by most security ware because .enc is not considered a virus. Crafty fellows...
To read more about this, read this full story HERE.
'Nuff Said,
Brian
Subscribe to:
Posts (Atom)