NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities
The National Security Agency (NSA) has released an advisory on advanced persistent threat (APT) actors exploiting multiple vulnerabilities in Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system.
ATP are stealthy cyber attacks where a person or a group gains unauthorised access to a network and remains undetected.
In most cases, these attacks are conducted by nation-state, or criminal organisations (see article there). Their purposes are to extract information, intellectual property, financial data and can be used to steal cask when banks are attacked.
This has reappeared recently in New Zealand. If, when checking your mail box, you find a brand new USB stick, just throw it in the bin immediately.
are placing these USBs in mailboxes pre-loaded with malicious software.
They are even going to the trouble of repacking them so they look factory
fresh. They are banking on the recipients being thankful for a free USB
or being curious as to what might be on them.
If you receive one it is part of a recurring scam and most likely not spearphishing. Spearphishing means that someone is targeting you as a member of an organisation .
If you make the mistake of connecting it to one of your devices such as a phone or a computer, it is likely that viewing the content (on a computer) will lead to a malware infection. Usually, it takes the opening of a file on a computer to activate the malware. It should not activate by connecting the device alone.
Simply throw the USB stick away without connecting it to any computer.
Posted onMarch 20, 2019|Comments Off on Magic Weapons: China’s political influence….
At a time when there is controversy about the rejection by various countries of Huawey equipment, it is interesting to find more about hacks attributed to sources within China. It is also interesting to read the report by professor Anne-Marie Brady about the influence of that country in New Zealand. For memory, her office and home were burglared following the publication of the report, and the breaks on her car were sabotaged. Probably a coincidence, as the police found nothing to incriminate anyone.
The report is very interesting, and worth the effort to read to the end. It is available on the Wilson Center web site and can also be directly downloaded from here.
I do not believe that the attacks are one way in any case.
Phishing emails containing links to fake online banking logins, as well as fraudulent bank accounts where people can make donations for the victims of the Christchurch tragedy.
A phishing email is an email which is sent to a wide range of people in the hope that a few will follow the instruction to make the exercise worthy of the effort. They usually contain links to website containing malicious content
Sharing malicious video files on compromised websites or on social media. A shared on-line video file containing footage related to the attack can have malware embedded in it.
Some attackers are changing New Zealand websites to spread political messages about the Christchurch tragedy
Some New Zealand websites are receiving threats of denial-of-service attacks, which would take them offline.
There are official channels to donate money, please use them should you wish to make a donation.
What to do
If you receive a phishing email or have found a website hosting political messages, report it to CERT NZ.
If your website has been taken over with political content relating to the tragic events in Christchurch, report it to CERT NZ.
CERT NZ recommend you consent to share your report with the NZ Police.
This is not something new: online scams and attacks frequently use disasters and tragedies as opportunities for “business”
If any of the terminology used is confusing you, feel free to comment and I will make the confusing part the subject of a subsequent posting.
Posted onMarch 8, 2019|Comments Off on Google Chrome Security Advisory
As reported by CERT New Zealand, attackers might be able to attack and take control of your computer if you do not have the latest version of Chrome. You need to check the version of Chrome used. Anything earlier than 72.0.3626.121 is vulnerable.
How do you check if you are at risk?
The instructions from CERT are:
“If you are on a laptop or desktop computer, open Chrome and visit chrome://settings/help. If you are not up-to-date, visiting the page should automatically update your browser.
If you are on a mobile device, like a mobile phone or tablet, open Chrome and visit chrome://version. If you are not up-to-date, visit your app store and download the update.”
Don’t take a chance. Check if you need to update, or use the latest version of Firefox.
As a general advice, you always need to update promptly any software installed on any of you devices to minimize exposure. An attacker would try to identify what you are running, then exploit whatever unpatched vulnerability encountered, as in this example.
Interesting interactive map displaying in real-time the Denial of Service attacks taking place worldwide. The map also allows access to historical records. DoS is only one type of attack, and include multiple flavours. Source: http://www.digitalattackmap.com/
There has recently be an increase in the now classic scam by which so-called technicians are targeting New Zealanders with phone calls informing them that their computer had been infected. The scale of the problem has become such that Microsoft New Zealand and NetSafe have issued an alert this week (Fraud Awareness Week).
– The caller, often from overseas, states they are from Microsoft
– indicates that
your computer is infected and harming others on-line users
their ISP has identified their system as a problem.
– Con the computer owner to give the caller remote access using a genuine networking service.
– Use the ‘Event Viewer’ tool on the computer to highlight error messages which are supposedly signs of an infection.
– Offer to clean up the infection and/or install security software and provide an ongoing support service costing anywhere up to $500.
That software, looking like a security software could also be collecting your credentials for identity theft and financial fraud. The credit card number supplied can be used to purchase goods using your account. The remote technician could install ransomware on your device, which means that he or she could encrypt your data, and demand a payment to give you access back to them.
What you can do:
ignore the call: hang-up
if you fell for it, and gave access to your computer, disconnect the machine from the internet immediately then consult a genuine local PC technician to check that nothing serious has been installed on your PC or laptop
report the call to NetSafe.
If you have paid money, discuss your options with your bank.
Posted onApril 9, 2014|Comments Off on Another Chrome Security Concern
The Password Security Concern.
We already knew that storing any passwords on Google Chrome was dangerous , and the method to do this is widely available, as for example on this video.
The Microphone Concern.
It has now come to light that people can eavesdrop on you by accessing your microphone, without you being aware of it. It is not a simple process, but Guya.net describes it very well . Chrome is using outdated technology, which can be abused to have a web site accessing your microphone without any warning.
Posted onMarch 27, 2014|Comments Off on New Attack Discovered on Monday
A zero-day attack affecting Microsoft Word as just been detected.
a zero-day attack is a type of attack that might have been used for a while, unknown to users. Zero day indicates that it has just been discovered, and that the security industry is furiously trying to write a patch to stop it from being used. Expect a Microsoft update soon.
How does the attack work?
Microsoft word 2003 to 2013 are all vulnerable. Text file with the extension .rtf can be modified to corrupt the system memory in a way that some code is executed. When a user opens the file in Microsoft Word (default setting in Windows), or previews an malicious .rtf file in Outlook, an attacker can gain the same privileges as the user, and this can lead to a remote takeover of the PC.
How can you protect your system from this attack?
3 easy ways come to mind:
Stop using MSWord by default to open the .rtf file. To do that , right click on a .rtf file, select open with then Choose default program. Select WordPad, then tick Always use the selected program to open this kind of file.
Ignore emails coming from people you do not know; links in them can point towards infected site, and if there are file attached, they are likely to be malicious. In this case, even previewing the file is enough to trigger the attack.