Microsoft PowerPoint Used as Attack Vector to Download Malware

From “Microsoft PowerPoint Used as Attack Vector to Download Malware”
Neowin (08/15/17). Reposted by ASIS.

Trend Micro researchers have discovered that a vulnerability in the Windows Object Linking Embedding (OLE) interface is being exploited by cybercriminals through Microsoft PowerPoint in order to install malware. The interface is commonly exploited by the use of malicious Rich Text File (RTF) documents. The attack starts with a phishing email that contains an attachment. The message appears to be some sort of order request, with the attached file supposedly containing shipping details. The provided document is a PPSX file, which is a type of PowerPoint file that only allows the playback of the slideshow, and is not editable. Should the victim download and open it, the content will only display the text “CVE-2017-8570,” a reference to a different vulnerability for Microsoft Office. Instead, the file will launch an exploit for the CVE-2017-0199 vulnerability, and will then begin to infect the host computer with malicious code being run through PowerPoint animations. A file called “logo.doc” will then be downloaded, an XML file with JavaScript code that runs a PowerShell command to download a new program called RATMAN.exe, a trojanized version of a remote access tool called Remcos.

IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears

From “IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears”
eWeek (04/05/17) Kerner, Sean Michael. Printed by ASIS International.

IBM Security is warning of an increase in tax-related spam email and related fraud scams that aim to exploit tax filers as the April 18 tax filing deadline nears. IBM’s “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings” report, released on April 5, details how attackers are increasing their efforts ahead of the deadline. IBM X-Force security researchers have tracked a 6,000 percent increase in tax-related spam emails from December 2016 to February 2017. Limor Kessem, executive security advisor at IBM Security, says that this is the first year that IBM is seeing campaigns targeting businesses. “Last year, consumer tax fraud was the most common illicit activity linked with compromised taxpayer information,” she says. “This year, things are getting bigger and bolder.” She went on to say that attackers have several different ways to get taxpayer information, depending on their technical skill levels. “The more technically inclined may breach a company’s infrastructure to steal data directly from their internal servers,” she explains.

Yahoo Says Information on at Least 500 Million User Accounts Was Stolen

From “Yahoo Says Information on at Least 500 Million User Accounts Was Stolen”
Wall Street Journal (09/23/16) McMillan, Robert. Posted by ASIS.

Yahoo Inc. reported Thursday that hackers backed by an unnamed foreign government had stolen personal information from more than 500 million of its users’ accounts. Hackers penetrated Yahoo’s network in late 2014 and stole personal data on more than 500 million users. The stolen data included names, email addresses, dates of birth, telephone numbers, and encrypted passwords, Yahoo said. Yahoo said it believes that the hackers are no longer in its corporate network. The company said it did not believe that unprotected passwords, payment-card data, or bank-account information had been affected. In July, Yahoo began investigating claims by hackers who were offering to sell what they said were 280 million Yahoo usernames and passwords. Yahoo said it concluded the information for sale was not legitimate, but the company decided to broaden its probe, eventually determining that it had been breached by “a state-sponsored actor.” Yahoo did not say how the hackers broke into its network or which country sponsored the attacks. The intrusion, in 2014, came during a period when many computer attacks were believed to be the work of China. More recent hacks, however, including of the Democratic National Committee earlier this year, have been blamed on Russia. Both countries have denied involvement in the hacks. The Yahoo breach appears to be the largest ever disclosed, based on the number of users affected, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearing House.

 

Laptops Most Often Stolen From Most Unlikely Place

From “Laptops Most Often Stolen From Most Unlikely Place”
CIO (08/15/16) Olavsrud, Thor. Posted by ASIS.

According to Kensington’s IT Security & Laptop Theft report, the No. 1 place employees had experienced IT theft was ‘cars and transportation’. The No. 2 response, coming in ahead of ‘airports and hotels’ and ‘restaurants’ was the office. Kensington, a supplier of desktop and mobile device accessories, surveyed 300 U.S. IT professionals from a range of industries for the report. The company found that 34 percent of organizations do not have a physical security policy in place for their laptops, mobile devices, and other electronic assets. Additionally, 54 percent of respondents do not currently use physical locks for IT equipment. “Since studies confirm that well-implemented security can significantly decrease laptop theft by as much as 85 percent, it’s important for IT personnel to consistently utilize physical locks for computing and mobile equipment to provide resistance to tampering and theft,” said Rob Humphrey, director of Global Product Management, Security, Kensington.

Wondering if that LinkedIn password e-mail is real? Read on.

Security Management Magazine by 

LinkedIn is invalidating passwords for all accounts created before 2012 following the disclosure that 100 million members’ passwords may have been compromised.

In a post on the social network’s blog, LinkedIn confirmed that in 2012 it was the victim of an unauthorized access and disclosure of 6.5 million of its users’ passwords.

“At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure,” the blog post said. “Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.”

On Tuesday, however, LinkedIn became aware that an additional set of data that has been released claims to be e-mail and hashed password combinations of more than 100 million LinkedIn members from the 2012 theft.

The data is reportedly for sale on a dark web market called The Real Deal by the dealer Peace, who is selling the data for 5 Bitcoin (approximately $2,200), according to Forbes.

Due to this new development, LinkedIn began invalidating passwords on Wednesday for all accounts created before the 2012 breach that have not updated their password.

“We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will continue those members to reset their passwords,” the blog post explained. “We have no indication that this is as a result of a new security breach.”

LinkedIn said it will be notifying individual users if they need to reset their password. “However, regularly changing your password is always a good idea and you don’t have to wait for the notification,” it explained.

To change your password on LinkedIn, follow the below instructions:

  1.  Login to your LinkedIn account
  2. Move your cursor over your photo in the top right of your homepage and select Privacy & Settings
  3. Select the Account tab at the top of the page
  4. Under the Basics section, click Change next to Change Password
  5. Enter your old password, type your new password, and then type it again to confirm it. (Passwords are case sensitive and must contain at least six characters.)
  6. Select the checkbox if you’d like to automatically be signed out of all sessions once you change your password
  7. Click Save

Homeland Security Warns Windows PC Users to Uninstall Quicktime

From “Homeland Security Warns Windows PC Users to Uninstall Quicktime”
Fox News (04/18/16) Published by ASIS

The U.S. Department of Homeland Security and cybersecurity firm Trend Micro are advising Windows PC users to immediately uninstall Apple’s Quicktime video player, after two new bugs were found in the software. According to Trend Micro, the bugs could be used to launch attacks on PCs if users visit a compromised web page or open a tainted file. As Apple is no longer issuing security updates for Quicktime for Windows, despite the presence of the bugs, Trend Micro said removing the software is the safest call. While the company said it is not aware of any cases where the bugs had been exploited by hackers, DHS’s United States Computer Emergency Readiness Team, which put out a similar alert on April 14, said the “only mitigation available is to uninstall QuickTime for Windows.” The alert does not apply to Mac operating systems.