Scam Of The Week: Americans don’t recognize phishing attacks
A new Pew Research Center survey titled “What the Public Knows About Cybersecurity” tallied responses from 1,055 adults about their understanding of concepts important to online safety and privacy. The results are troublesome. Most respondents could not recognize phishing attacks, for example.
The Pew Research survey asked 13 questions about cybersecurity. The median score was five correct answers. Just 20 percent answered eight questions correctly. A relatively large percentage of respondents answered “not sure” to questions rather than providing the wrong answer.
Regarding cybersecurity, Americans recognize the need for strong passwords and know that public Wi-Fi hotspots aren’t necessarily safe for online banking or e-commerce.
However, they have big trouble in recognizing phishing schemes or determining if the web site where they’re entering credit card information is encrypted or not. These mixed results highlight that employee awareness of staying secure online remains a weak link in blocking cyber-threats.
Other findings in the Pew survey:
- 75 percent of participants identified the most secure password from a list of four options.
- 52 percent of people knew that turning off the GPS function on smartphones does not prevent all tracking. Mobile phones can be tracked via cell towers or Wi-Fi networks.
- 39 percent were aware that Internet Service Providers can still see the websites their customer visit even when they’re using “private browsing” on their search engines.
- 10 percent were able to identify one example of multi-factor authentication when presented with four images of online log-in screens.
Read full article: https://blog.knowbe4.com/cybersecurity-iq-americans-receive-mixed-results
ThreatPost – Netflix’s HTTPS Update Can’t Combat Passive Traffic Analysis Attacks
Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack.
According to Andrew Reed and Michael Kranch, researchers with the U.S. Military Academy at West Point, it wouldn’t take much work for an attacker to capture traffic and sniff out what a user was watching.
For the work, the researchers built a system that can determine which Netflix video is being delivered by a TCP connection solely by using information disseminated from TCP/IP headers.
The Hacker News – Here’s How Hacker Activated All Dallas Emergency Sirens On Friday Night
Last weekend when outdoor emergency sirens in Dallas cried loudly for over 90 minutes, many researchers concluded that some hackers hijacked the alarm system by exploiting an issue in a vulnerable computer network.
But it turns out that the hackers did not breach Dallas’ emergency services computer systems to trigger the city’s outdoor sirens for tornado warnings and other emergencies, rather they did it entirely on radio.
According to a statement issued on Monday, Dallas City Manager T.C. Broadnax clarified the cause of the last Friday’s chaos, saying the hacker used a radio signal that spoofed the system used to control the siren network centrally.
“I don’t want someone to understand how it was done so that they could try to do it again,” Broadnax said without going much into details. “It was not a system software issue; it was a radio issue.”
CNBC – Saks Fifth Avenue Exposed Personal Info On Tens Of Thousands Of Customers
The personal information of tens of thousands of customers of Saks Fifth Avenue has been publicly available in plain text online, BuzzFeed News has learned.
The online shopping site for the brand is maintained by the digital division of its owner, the Canada-based Hudson’s Bay Company. Until recently, unencrypted, publicly accessible web pages on the site contained tens of thousands of records for customers who signed up for wait lists to buy products.
The records included email addresses and product codes for the items customers expressed interest in buying; some also contained phone numbers. Each record also included a date and time, and one of a handful of recurring IP addresses.
Security Bulletins from the FBI and DHS
DHS – Stealing your PIN by tracking the motion of your phone
Cyber experts have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analyzing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70 percent accuracy on the first guess — 100 percent by the fifth guess — using just the data collected via the phone’s numerous internal sensors.
FBI – Feds Can’t Compete With Top Tech Companies for Cybersecurity Analysts
The United States has a shortage of cybersecurity analysts qualified to prevent cyberattacks that is contributing to the vulnerability of the nation’s computer networks, an FBI official said Wednesday.
Speaking at a City & State forum on post-Sept. 11 security threats, Supervisory Special Agent Prashanth Mekala of the FBI’s New York office said it takes unique skills to detect internet- and computer-based bad actors, and the government is having trouble competing with high-tech companies for their services.
“In the federal government, there’s a shortage of skills of folks within cybersecurity space,”
“There is a growing third party in the private sector that we are also competing with,” he said.
So-called “big data” companies such as Google and Microsoft employ many of the same cyber-savvy people that law enforcement agencies also would like to have working for them to investigate major breaches when they occur, and to shore up weak technology safeguards, Mekala told about 200 people.
“That’s a problem [a security shortage] that’s being faced across the U.S. intelligence community, from the [National Security Agency], the CIA, the Department of Defense and, of course, the FBI.”
Sophos – UTM 9.5 is on its way – and we’d like your help to polish it
UTM 9.5, including many new features you’ve asked us for, is just around the corner – and we’d like to invite you to join the beta test of the release.
This version builds on our industry-leading protection and performance, with several new features for Web Application Firewall, Sophos Sandstorm sandboxing and to make management and reporting even easier, faster and more flexible.
Here’s a brief overview of what’s new:
Web Application Firewall Enhancements
- WAF URL Redirection gives you the ability to redirect traffic for a WAF protected URL to a different backend system or URL.
- Configure minimum allowed TLS version to improve security.
- WAF protection and authentication policy templates were added for common Microsoft services for protection and authentication.
- True File Type Scanning to be able to block uploads and downloads based on MIME type.
- WAF Proxy Protocol Support to use the client IP info inside the ProxyProtocol header to make policy decisions and improve logging.
Sophos Sandstorm Enhancements
- Datacenter location selection option for Sophos Sandstorm without relying on DNS-based location detection.
- Scan exceptions for Sophos Sandstorm to exclude specific filetypes from being sent to Sophos Sandstorm analysis.
- Sandstorm activity reporting expanded to include email attachments for improved visibility
Management and Reporting Enhancements
- 64-bit PostgreSQL Database to generate reports with big datasets faster.
- Download all UTM logs in a single archive.
- Certificate Expiration Notification 30 days before expiration date via WebAdmin and e-Mail to be able to react early on certificate renewal.
- Support Access with SSH is extending the existing Support Access feature.
- SNMP Monitoring of full filesystem to integrate UTM filesystem monitoring in regular SNMP based monitoring solutions.
- RESTful API to configure Sophos UTM 9
Microsoft – You Want To Fix This MS-Word 0-day Threat Today
Monday night, researchers at Proofpoint sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks be sent to millions of employees claiming to be a PDF sent to them by their company photocopier.
This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn’t require your employee to enable macros, works even against Windows 10 which is Redmond’s most secure OS yet, and this exploit works on most or all Windows versions of Word.
The Russian Dridex banking trojan mafia is notorious for being the most prominent banking malware, and moved into ransomware last year with the Locky strain.
Campaign Uses Spoofed Email Domains
Dridex used to rely on macro-infected documents attached to emails and use social engineering to trick the user to open the attachment and click the macro button. This time around they were pretty nimble and leveraged a zero-day in Word. Proofpoint’s technical analysis said:
“Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from “”. [device] may be “copier”, “documents”, “noreply”, “no-reply”, or “scanner”. The subject line in all cases read “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits. Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing.
What To Do About It
1) Fortunately, on Tuesday Microsoft released its regular batch of security patches – including a fix for this nasty Office zero-day vulnerability CVE-2017-0199. Turns out that this wasn’t the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.
2) In case for some reason you cannot apply the patch (and there are plenty) here is a quick and dirty fix to prevent this exploit from working by adding the following to your Windows registry:
Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles to 2 and OpenInProtectedView to 0.