hacking

Examples of Phishing emails that could contain Ransomware

The FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non profit entity.

Here are some examples of phishing emails that member banks have received over the past few days.  I’m sending them to you to familiarize you with the types of emails that you might receive.  If you DO receive any emails that appear suspicious, PLEASE notify the helpdesk, or Bill or myself.  Thank you.

YOU HAVE A PACKAGE WITH DHL  – DHL / Adobe Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail purporting to be from DHL with the subject “YOU HAVE A PACKAGE WITH DHL”, containing a .pdf file attachment with an embedded URL that leads to an Adobe Online-themed credential harvesting site.

Important Account Notification – Capital One-Themed Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail purporting to be from Capital One with subject “Important Account Notification”, containing an embedded URL.

Closing Settlement Disclosure – Google Docs-Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Helmsmortgage spreedsheet”, containing a .pdf file attachment with an embedded URL that leads to a Google Docs-themed credential harvesting site.

Electronic Shipping Documents Now Ready – NanoCore-RAT Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Electronic Shipping Documents Now Ready”, containing a malicious .ace file attachment that leads to Nanocore – Remote Access Trojan.

Inv <#####>  – Ursnif Phishing Emails

An FS-ISAC member reported receiving phishing e-mails with subject lines in the following format: “Inv <#####>”, containing a malicious .docx file attachment that leads to Ursnif malware.

Your Email Will Be Blocked. – Webmail-themed Phishing E-mail

An FS-ISAC member reported receiving phishing e-mails with the subject line “Your Email Will Be Blocked.”, containing an embedded URL that leads to a Webmail-themed credential harvesting site.

the exorcists list – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “the exorcists list” containing a suspicious .doc file attachement and URLs.

Re:invoice – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “Re:invoice”, containing a malicious .ace file attachment that leads to a Trojan.

Total messages: 23 – Phishing E-mail

An FS-ISAC member reported observing a phishing email with the subject “Total messages: 23” containing a malicious URL.

MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ – Adwind – RAT Phishing E-mail

FS-ISAC members reported receiving phishing e-mails with the subject “MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ containing a malicious .zip file attachment that leads to the Adwind – Remote Access Trojan.

Complaint Letter  – AutoIT Wrapped-Trojan Phishing Email

An FS-ISAC member received a phishing e-mail with the subject “Complaint Letter”, containing a malicious .zip file attachment that leads to AutoIT Wrapped – Trojan.

Active Partition Recovery

Accidentally deleted some files or even a partition? Has your data been lost due to a formatted drive? You will be able to retrieve pictures, music, movies and document files even if your drive letter has disappeared from the computer and need to get back all the files that resided there. Lsoft has several solutions to recover that very important data of yours: Active@ File Recovery,Active@ UNDELETE, Active@ Partition Recovery.

Active Partition Recovery

Active Partition Recovery

Use Robocopy to move shares with permissions.

robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:Robocopy.log

Here’s what the switches mean:

source :: Source Directory (drive:\path or \\server\share\path).
destination :: Destination Dir (drive:\path or \\server\share\path).
/E :: copy subdirectories, including Empty ones.
/ZB :: use restartable mode; if access denied use Backup mode.
/DCOPY:T :: COPY Directory Timestamps.
/COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU). Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
/R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
/W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
/V :: produce Verbose output, showing skipped files.
/TEE :: output to console window, as well as the log file.
/LOG:file :: output status to LOG file (overwrite existing log).

Enable Remote Desktop Connection on Windows 7 Home Premium

Here’s the steps to get it working:

  1. Download W7-SP1-STM-RDP-v4.zip and extract it to a location on your PC.
  2. Navigate to the folder you just extracted and right click Install.cmd, then choose Run as administrator.
  3. You’ll get a window similar to the one below and you should now be good to go:

You can also enable multiple sessions per user, and the logging in of users with a blank password (although I wouldn’t recommend this). There are some switches that are available when running the program:

  • -? – Show this help
  • help – Same as -?
  • multi – Enable multiple sessions per user
  • blank – Enable remote log on for user accounts that are not password protected

So for example, if you wanted to enable multiple sessions per user:

  1. Go to start and find Command Prompt. Right click it and select Run as administrator.
  2. At the prompt type cd “c:\DIRECTORY\TO\EXTRACTED\FILES”
  3. The prompt should switch to c:\DIRECTORY\TO\EXTRACTED\FILES >
  4. Type: Install multi

Thanks to the guys over at Missing Remote for this hack.

Security lessons from the 2013 Verizon Data Breach Report

Verizon’s latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

Verizon has released the 2013 edition of their Data Breach Investigations Report (DBIR), an analysis of the data obtained from breach investigations that they and other organizations have performed during the previous year. The data for this report includes incidents from Verizon’s own investigations and 18 other organizations around the world, for a total of 621 confirmed data breaches and over 47,000 security incidents.

The report contains a wealth of information that paints a clear picture of the motives and techniques used by attackers to compromise their target organizations. It’s an interesting read and there are many lessons that can be found within.

 

http://www.techrepublic.com/blog/security/security-lessons-from-the-2013-verizon-data-breach-report/9513?tag=content;blog-list-river

Cyber attack on daily deal site

http://usat.ly/1214yE2 Cyber attack on popular daily deals site The attack impacts 50 million customers of the daily deal site.