Month: August 2017

Mitigating Active Shooter Risks

From “Mitigating Active Shooter Risks”
PropertyCasualty360 (08/16/17). Posted by ASIS.

Security professionals should prepare their companies for the possibility of an active shooting, as the number of incidents involving active shooters has risen steadily over the last 15 years. Keith Plaisance of Global SHE Solutions says implementing an active shooter program is similar to preparing for a fire drill, and survival depends on having a plan with three specific options: run, hide or, fight. Preparing for an active shooter scenario involves the development of a workplace violence policy and plan, emergency response plans, training, and exercises. For the workplace violence policy, the employer should establish acceptable workplace behavior, affirm the company’s commitment to take action and provide a safe workplace for employees, and address physical violence as well as threats, bullying, harassment, and weapon possession. Plaisance says a reporting mechanism should be in place letting employees know who to approach with concerns. He also recommends creating a threat assessment team within the company. Companies should test plans to determine effectiveness and identify potential problems, presenting plans to employees in regular training. Companies should also conduct a detailed physical security assessment, with the goal of denying unauthorized access and protecting property, personnel, and operations.

Microsoft PowerPoint Used as Attack Vector to Download Malware

From “Microsoft PowerPoint Used as Attack Vector to Download Malware”
Neowin (08/15/17). Reposted by ASIS.

Trend Micro researchers have discovered that a vulnerability in the Windows Object Linking Embedding (OLE) interface is being exploited by cybercriminals through Microsoft PowerPoint in order to install malware. The interface is commonly exploited by the use of malicious Rich Text File (RTF) documents. The attack starts with a phishing email that contains an attachment. The message appears to be some sort of order request, with the attached file supposedly containing shipping details. The provided document is a PPSX file, which is a type of PowerPoint file that only allows the playback of the slideshow, and is not editable. Should the victim download and open it, the content will only display the text “CVE-2017-8570,” a reference to a different vulnerability for Microsoft Office. Instead, the file will launch an exploit for the CVE-2017-0199 vulnerability, and will then begin to infect the host computer with malicious code being run through PowerPoint animations. A file called “logo.doc” will then be downloaded, an XML file with JavaScript code that runs a PowerShell command to download a new program called RATMAN.exe, a trojanized version of a remote access tool called Remcos.

Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital

From “Man Used Gurneys to Steal TVs, Laptops from Phoenix Hospital”
Campus Safety Magazine (08/04/2017) Brennan, Amy. Reposted by ASIS

A man was allegedly caught on camera stealing three laptops and five big screen televisions from Abrazo Central Campus Hospital in Phoenix. Brian Leroy Nichols, 35, was seen on surveillance video wandering the basement of the hospital for approximately three hours, going from room and room and changing his appearance along the way. Nichols allegedly took the computers from a classroom and hid them under a staircase, covering them with a gurney mattress. At one point, he reportedly left the hospital and sold two of the laptops. The third was found in his backpack when he was apprehended by police. Once in custody, police asked Nichols about how he was able to get three televisions out of the hospital unseen. Nichols said he put the stolen televisions on a gurney and covered them with sheets. Abrazo Central Hospital officials released a statement, stating, “We are reviewing campus security footage of this incident to assist the Phoenix police department with its investigation. We are also conducting a thorough review of our campus security measures.”