Scam Of The Week: “Confidential messages” after a death in the family
Cybercrime is innovating on a known and disgusting scam; preying on people that have recently suffered a loss. Used to be that old time scam artists read the obituary notices in the paper, dress in black and show up to freeload at funerals. Well, here is the modern equivalent and it’s much worse. Keep in mind that over 2,4 million Americans die in accidents every year, and over 1 million of these are sudden.
Unfortunately, the Internet allows crime to scale, so a new criminal industry of death has developed. These criminals scan the Internet for a death in the family and start social engineering the immediate family members via email or social media by claiming the deceased left them a confidential message that must be kept secret. They insist on strict confidentiality and after a few emails it turns out they want $2,500 in exchange for 3 DVDs and other “very important documents”.
Read full article: https://blog.knowbe4.com/scam-of-the-week-death-in-the-family
Security Headlines
Krebsonsecurity – Phishing 101 at the School of Hard Knocks
Bowling Green State University in Ohio has more than 20,000 students and faculty, and like virtually any other mid-sized state school its Internet users are constantly under attack from scammers trying to phish login credentials for email and online services.
BGSU had planned later this summer to make 2FA mandatory for access to the school’s portal — the primary place where students register for classes, pay bills, and otherwise manage their financial relationship to the university.
That is, until a surge in successful phishing attacks resulted in several students having bank accounts and W-2 tax forms siphoned.
https://krebsonsecurity.com/2017/03/phishing-101-at-the-school-of-hard-knocks/
Nakedsecurity – Switch console flaw leaves Nintendo looking flat-footed
Barely two weeks after going on sale, someone has hacked the Nintendo Switch console using an old Apple iOS flaw in a browser that’s not officially supposed to be on the machine.
Welcome to the odd universe of console hacking, by which we mean either jailbreaking or, failing that, making the machine do something interesting nobody knew was possible. For each new console these days, the story always starts as a race to be the first to find a way in.
Nevertheless, Nintendo clearly isn’t paying enough attention to problems it should have anticipated months ago. It’s not as if software flaws in browsers are surprising.
Perhaps the risk from consoles is morphing from old-style jailbreaking to “userland” attacks.
https://nakedsecurity.sophos.com/2017/03/16/switch-console-flaw-leaves-nintendo-looking-flat-footed
SecurityMagazine - More than 70 Percent of Mobile Devices on the Five Major US Carriers Highly Susceptible to Breach
An analysis by Skycure of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old.
In tech city centers, Boston topped a list of tech cities with the largest growth in network incidents with a more than 960 percent increase. The report also found that common malware grew by more than 500% from the first quarter to the fourth quarter of 2016.
“Malware, network attacks and advanced exploitation campaigns many times depend on unpatched vulnerabilities to be successful,” said Yair Amit, co-founder and CTO of Skycure. “It’s essential that users and companies know the moment that a device is able to remove these risks to reduce the window of vulnerability. That’s why we built this capability directly into Skycure and why we have a focus so heavily on security research. The only way to beat the bad guys is to be one step ahead of them.”
Security Bulletins from the FBI and DHS
FBI – National Cyber Investigative Joint Task Force
Communication, commerce, and government are just a few aspects of our daily lives that have been forever changed and, in many ways, made more convenient by the Internet. Unfortunately, these same advancements also have introduced a new breed of technologically-savvy criminal. Such crimes as terrorism, espionage, financial fraud, and identity theft have long existed in the physical realm, but are now being perpetrated in the cyber domain. As criminals more effectively exploit this new frontier, their use of the Internet and technology adds a layer of complexity that cannot be overcome through the efforts of any one agency.
To address this evolving cyber challenge, the National Cyber Investigative Joint Task Force (NCIJTF) was officially established in 2008. The NCIJTF is comprised of over 20 partnering agencies from across law enforcement, the intelligence community, and the Department of Defense, with representatives who are co-located and work jointly to accomplish the organization’s mission from a whole-of-government perspective.
https://www.fbi.gov/investigate/cyber/national-cyber-investigative-joint-task-force
DHS – House kills web privacy protections; ISPs free to collect, sell customers’ information
The House of Representative on Tuesday voted 215 to 205 kill the privacy rules, formulated by the FCC, which were aimed at preventing internet service providers (ISPs) from selling their customers’ web browsing histories and app usage to advertisers. Without these protections, Comcast, Verizon, AT&T, and other ISPs will have complete freedom to collect information about their customers’ browsing and app-usage behavior, then sell this information to advertisers.
The privacy regulations were scheduled to go into effect by the end of this year.
The rules required ISPs to obtain customers’ permission before selling the customers’ information to advertisers.
Vendor Information
Microsoft - Old Microsoft IIS Servers Vulnerable to Zero-Day Exploit
More than 60,000 servers running Microsoft's out-of-support Internet Information Services web server software may be vulnerable to a newly revealed zero-day exploit. Microsoft won't patch the software and is advising users to move to newer versions.
The exploit targets a buffer overflow within IIS 6, which shipped with Windows Server 2003. Microsoft stopped supporting the product in July 2015.
Trend Micro writes that disabling WebDAV eliminates the risk from the vulnerability, which doesn't affect newer versions of IIS.
Sophos – Sophos Central Device Encryption: Now for Mac
Each year, millions of laptop computers are misplaced, stolen, or lost, many of them containing important and sensitive data. Full disk encryption is the essential first line of defense to protect your data in any of these events. Sophos Central gives you the ability to manage full disk encryption from a single, integrated, web-based management center and now available for the Mac.
Cisco – Field Notice: FN - 64291 - ASA and FTD Software-Security Appliance Might Fail To Pass Traffic After 213 Days Of Uptime-Reboot and Software Upgrade Required
All Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) devices that run the affected software versions do not pass network traffic after approximately 213 days 12 hours (~ 5,124 hours) of uptime.
In the near term, immediately reboot the deployed security appliances in order to prevent this issue.
Background
On March 29, 2017 Cisco became aware of an issue that affects all Cisco ASA and Cisco FTD security appliances that run certain versions of software. The affected versions of software cause the security appliance to stop passing network traffic after approximately 213 days 12 hours (~ 5,124 hours) of uptime.
The issue detailed in this Field Notice is not a security vulnerability and there is no associated risk to the integrity of the security appliance.
Problem Symptoms
The Cisco ASA and Cisco FTD security appliances stop passing all network traffic.
Entering the show asp drop command over the console port will indicate that packets are being dropped due to the reason punt-rate-limit-exceeded.
https://www.cisco.com/c/en/us/support/docs/field-notices/642/fn64291.html