Malicious Mac macros and other security headlines this week

Scam Of The Week: First-Ever Russian Malicious Mac Macros Discovered

Appleinsider reported a malicious Mac macro Feb 9, 2017: “Mac malware discovered in Microsoft Word document with auto-running macro”, which was the second example of malware targeting macOS users this week.

Security researchers have detected the first in-the-wild instance of hackers are making use of malicious Mac macros in Word documents to install malware on Mac computers – an old Windows technique. The hack uses the same social engineering tactic, tricking victims into opening infected Word documents that subsequently run malicious macros.

Remember, Think before you click!

Read full article:

Security Headlines

Databreachtoday – $5.5 Million HIPAA Settlement for Florida Provider

Federal regulators have signed a $5.5 million HIPAA settlement with a Florida-based healthcare system for breaches related to unauthorized access to tens of thousands of patients’ information by employees that lasted for more than a year and that subsequently led to criminal charges. It’s the second largest such settlement to date.

In a Feb. 16 statement, the Department of Health and Human Services’ Office for Civil Rights says Memorial Healthcare System, based in Hollywood, Fla., paid the huge financial settlement and agreed to a corrective action plan to address a variety of security control failures related to the insider incidents.

Corrective Action Plan

Under the settlement with OCR, MHS has agreed a corrective action plan requires it to:

  • Complete a risk analysis and implement a risk management plan to mitigate risks and vulnerabilities identified;
  • Revise its policies and procedures regarding information system activity to require the regular review of audit logs, access reports and security incident tracking;
  • Revise policies and procedures regarding user access establishment, modification and termination including protocols for access to MHS’s e-PHI by affiliated physicians, their practices and their employees;
  • Distribute the OCR-approved revised policies and procedures to all MHS workforce members, including those of covered entities that are owned, controlled or managed by MHS, as well as all business associates, vendors and affiliated physician practices.

Darkreading – ‘Shock & Awe’ Ransomware Attacks Multiply

The data-hostage crisis isn’t going away anytime soon:  In fact, it’s starting to get a lot scarier and destructive, and with a more unpredictable outcome.

Security experts long have warned that ponying up with the ransom fee only plays into the hands of ransomware attackers; it doesn’t necessarily guarantee victims get their data back and unscathed, even though most of these bad guys thus far honor their promise of decrypting hijacked data after they receive their payment. Ransomware is rising dramatically, growing by a rate of 167 times year over year with some 638 million attack attempts in 2016, up from 4 million the previous year. Kaspersky Lab data as of last October shows there’s a ransomware attack every 40 seconds.

Databreachtoday – Heartbleed Lingers: Nearly 180,000 Servers Still Vulnerable

Nearly three years after it was discovered, Heartbleed lingers on.

Heartbleed is the nickname for a vulnerability in OpenSSL, an open-source implementation of the SSL and TLS protocols that’s used to secure data sent between clients and servers. The bug was jointly discovered by security firm Codenomicon and Google and publicly detailed in 2014, when related patches and fixes released.

Since the bug was first publicized on April 7, 2014, multiple researchers have been scanning the internet to count how many internet-connected servers that respond with a valid SSL connection appear to be vulnerable to Heartbleed. Here’s what ongoing scans have found:

  • April 2014: As of April 9, 2014, an estimated 600,000 Heartbleed-vulnerable servers connected to the internet.
  • May 2014: One month later, about 320,000 servers that were still vulnerable to Heartbleed.
  • January 2015: scans found 250,000 servers and other systems that connect to the internet that were still vulnerable to Heartbleed.
  • May 2016: Security researchers found about 200,000 vulnerable servers.
  • 30, 2017: The most recent search reported that the number of Heartbleed-vulnerable devices had dropped to about 180,000.


Security Bulletins from the FBI and DHS

FBI – Romance Scams

They met online. He said he was a friend of a friend. The woman, in her 50s and struggling in her marriage, was happy to find someone to chat with. “He was saying all the right things,” she remembered. “He was interested in me. He was interested in getting to know me better. He was very positive, and I felt like there was a real connection there.”

That connection would end up costing the woman $2 million and an untold amount of heartache after the man she fell in love with—whom she never met in person—took her for every cent she had.

It’s called a romance scam, and this devastating Internet crime is on the rise. Victims—predominantly older widowed or divorced women targeted by criminal groups usually from Nigeria—are, for the most part, computer literate and educated. But they are also emotionally vulnerable. And con artists know exactly how to exploit that vulnerability because potential victims freely post details about their lives and personalities on dating and social media sites.

DHS – A Parent’s Guide to Protecting Your Kids Online

Parents today are confronted with an entirely new set of safety concerns for their children – online threats. Children are exposed to the Internet at a very young age. Some tablets are designed specifically for kids as young as two years old and some children in elementary school have their own smartphones. Almost from infancy, the Internet touches their lives on a daily basis.

Just as parents teach their children to look both ways before crossing the street or not talk to strangers, it is critical that parents teach their children safe online habits.  As a parent, you cannot eliminate online threats – like cyberbullying, online predators, or inappropriate content – but you can teach your children how to respond when they come across these things online.

In recognition of Safer Internet Day, DHS encourages all parents to follow these common sense steps to protect your children online.

  • Create an open and honest environment with kids.
  • Have regular conversations with kids about practicing online safety.
  • Emphasize the concept of credibility to teens: not everything they see on the Internet is true and people on the Internet may not be who they appear to be.
  • Watch for changes in behavior — if your child suddenly avoids the computer, it may be a sign they are being bullied online.
  • Review security settings and privacy policies for the websites kids frequent. These settings are frequently updated so check back regularly.
  • Make sure mobile devices are secure. Use PINs and passwords, only install apps from trusted sources, and understand the privacy settings and permissions for all apps.

Vendor Information

Sophos – XG v16.5 Certification Program

Sophos is rewarding the first 200 completed* XG v16.5 engineer or architect certifications with an American Express gift card:

  • XG v16.5 Engineer Certification – $200 American Express e-card
  • XG v16.5 Architect Certification – $400 American Express e-card

*Limited to the first 200 certifications completed between January 1 – March 31, 2017.

Microsoft – Microsoft delays Patch Tuesday as world awaits fix for SMB flaw

Last Tuesday was the second Tuesday of February, and that means it should be Microsoft’s Patch Tuesday. It should be a big Patch Tuesday, too. First, there’s an in-the-wild zero-day flaw in SMB, Microsoft’s file sharing protocol, that at the very least allows systems to be crashed, and the patch should be released today.

Second, Microsoft is continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2. The company started moving to a Windows 10-like cumulative model last year in a bid to ensure that the configurations the company tested (all patches applied, all the time) matched the end-user experience. Each operating system is getting two packages a month: a “Monthly Rollup” and a “Security Only” update.

Related Posts