Sunday, December 27, 2015
Friday, December 25, 2015
Friday, December 18, 2015
Juniper Releases Out-of-band Security Advisory for ScreenOS
I realize that as I post this most of who read this the subject isn't in their day-to-day responsibilities, but folks; this is a REALLY BIG deal.
Reading the information it says that the unauthorized code they found in the FIREWALLS they create have had this problem since the release of their 6.2 version. That was seven (plus) years ago in 2008. To go on and read you'll see where the access allowed the attacker to delete any references to their presence in the log files.
So even if this isn't your cup of tea you may want to pass this along to someone in your IT department because Juniper Firewalls are pretty popular.
Read More:
https://www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
Reading the information it says that the unauthorized code they found in the FIREWALLS they create have had this problem since the release of their 6.2 version. That was seven (plus) years ago in 2008. To go on and read you'll see where the access allowed the attacker to delete any references to their presence in the log files.
So even if this isn't your cup of tea you may want to pass this along to someone in your IT department because Juniper Firewalls are pretty popular.
Read More:
https://www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS
Friday, December 4, 2015
Dorkbot
Systems Affected
Microsoft Windows
Overview
Dorkbot is a botnet used to steal online payment, participate in distributed denial-of-service (DDoS) attacks, and deliver other types of malware to victims’ computers. According to Microsoft, the family of malware used in this botnet “has infected more than one million personal computers in over 190 countries over the course of the past year.” The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and Microsoft, is releasing this Technical Alert to provide further information about Dorkbot.
Description
Dorkbot-infected systems are used by cyber criminals to steal sensitive information (such as user account credentials), launch denial-of-service (DoS) attacks, disable security protection, and distribute several malware variants to victims’ computers. Dorkbot is commonly spread via malicious links sent through social networks instant message programs or through infected USB devices.
In addition, Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to Microsoft’s analysis, a remote attacker may be able to:
In addition, Dorkbot’s backdoor functionality allows a remote attacker to exploit infected system. According to Microsoft’s analysis, a remote attacker may be able to:
- Download and run a file from a specified URL;
- Collect logon information and passwords through form grabbing, FTP, POP3, or Internet Explorer and Firefox cached login details; or
- Block or redirect certain domains and websites (e.g., security sites).
Impact
A system infected with Dorkbot may be used to send spam, participate in DDoS attacks, or harvest users' credentials for online services, including banking services.
Solution
Users are advised to take the following actions to remediate Dorkbot infections:
The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
- Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though Dorkbot is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date. If you suspect you may be a victim of Dorkbot, update your anti-virus software definitions and run a full-system scan. (See Understanding Anti-Virus Software for more information.)
- Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. (See Choosing and Protecting Passwords for more information.)
- Keep your operating system and application software up-to-date – Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. You should enable automatic updates of the operating system if this option is available. (See Understanding Patches for more information.)
- Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (see example below) to help remove Dorkbot from their systems.
- Disable Autorun – Dorkbot tries to use the Windows Autorun function to propagate via removable drives (e.g., USB flash drive). You can disable Autorun to stop the threat from spreading.
Microsoft
http://www.microsoft.com/security/scanner/en-us/default.aspx (link is external)The above example does not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
References
Second IRS Tax Security Tip
The Internal Revenue Service (IRS) has released the second in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January, and will continue through the April tax deadline. US-CERT and the IRS recommend taxpayers prepare for heightened risk this tax season and remain vigilant year-round.
The second tip focuses on awareness of phishing attempts and prevention of malware infection when conducting business online. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 2 for additional information.
https://www.us-cert.gov/ncas/current-activity/2015/12/03/IRS-Releases-Second-Tax-Security-Tip
The second tip focuses on awareness of phishing attempts and prevention of malware infection when conducting business online. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 2 for additional information.
https://www.us-cert.gov/ncas/current-activity/2015/12/03/IRS-Releases-Second-Tax-Security-Tip
Subscribe to:
Posts (Atom)