security

Examples of Phishing emails that could contain Ransomware

The FS-ISAC, or the Financial Services Information Sharing and Analysis Center, is the global financial industry’s go to resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is unique in that it was created by and for members and operates as a member-owned non profit entity.

Here are some examples of phishing emails that member banks have received over the past few days. I’m sending them to you to familiarize you with the types of emails that you might receive. If you DO receive any emails that appear suspicious, PLEASE notify the helpdesk, or Bill or myself. Thank you.

YOU HAVE A PACKAGE WITH DHL – DHL / Adobe Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail purporting to be from DHL with the subject “YOU HAVE A PACKAGE WITH DHL”, containing a .pdf file attachment with an embedded URL that leads to an Adobe Online-themed credential harvesting site.

Important Account Notification – Capital One-Themed Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail purporting to be from Capital One with subject “Important Account Notification”, containing an embedded URL.

Closing Settlement Disclosure – Google Docs-Themed Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Helmsmortgage spreedsheet”, containing a .pdf file attachment with an embedded URL that leads to a Google Docs-themed credential harvesting site.

Electronic Shipping Documents Now Ready – NanoCore-RAT Phishing Email

An FS-ISAC member reported receiving a phishing e-mail with the subject “Electronic Shipping Documents Now Ready”, containing a malicious .ace file attachment that leads to Nanocore – Remote Access Trojan.

Inv <#####> – Ursnif Phishing Emails

An FS-ISAC member reported receiving phishing e-mails with subject lines in the following format: “Inv <#####>”, containing a malicious .docx file attachment that leads to Ursnif malware.

Your Email Will Be Blocked. – Webmail-themed Phishing E-mail

An FS-ISAC member reported receiving phishing e-mails with the subject line “Your Email Will Be Blocked.”, containing an embedded URL that leads to a Webmail-themed credential harvesting site.

the exorcists list – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “the exorcists list” containing a suspicious .doc file attachement and URLs.

Re:invoice – Phishing E-mail

An FS-ISAC member reported receiving a phishing e-mail with the subject “Re:invoice”, containing a malicious .ace file attachment that leads to a Trojan.

Total messages: 23 – Phishing E-mail

An FS-ISAC member reported observing a phishing email with the subject “Total messages: 23” containing a malicious URL.

MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ – Adwind – RAT Phishing E-mail

FS-ISAC members reported receiving phishing e-mails with the subject “MyFax message from “<COMPANY NAME>” – 4 page(s), Caller-ID: 1-516-799-6300″ containing a malicious .zip file attachment that leads to the Adwind – Remote Access Trojan.

Complaint Letter – AutoIT Wrapped-Trojan Phishing Email

An FS-ISAC member received a phishing e-mail with the subject “Complaint Letter”, containing a malicious .zip file attachment that leads to AutoIT Wrapped – Trojan.

By ncol on May 15, 2017 · Comments Off

How to block outgoing SMTP with IPCOP

Edit the /etc/rc.d/rc.firewall.local file and add our new SMTP blocking rules. Open the file with vi or nano, then look for the line “## add your ‘start’ rules here” and put your new rules under it.

# allow smtp from some allowed ips
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s 10.1.0.6 –dport 25 -j ACCEPT
# log stuff that is not the mail server
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j LOG –log-prefix “SMTP”
# block all other outgoing SMTP traffic
/sbin/iptables -A CUSTOMFORWARD -p tcp -i eth0 -s ! 10.1.0.6 –dport 25 -j REJECT

By ncol on September 10, 2014 · Comments Off

Enable SSH and TELNET login on Cisco ASA 7.x inside Interface

Configuration with ASDM 6.x

Complete these steps:

Choose Configuration > Device Management > Users/AAA > User Accounts in order to add a user with ASDM.
Choose Configuration > Device Management > Users/AAA > AAA Access > Authentication in order to set up AAA authentication for SSH with ASDM.
Choose Configuration > Device Setup > Device Name/Password in order to change the Telnet password with ASDM.
Choose Configuration > Device Management > Certificate Management > Identity Certificates, click Add and use the default options presented in order to generate the same RSA keys with ASDM.
Under Add a new Identity certificate click New in order to add a default key pair if one does not exists. Then, click Generate Now.
Choose Configuration > Device Management > Management Access > Command Line (CLI) > Secure Shell (SSH) in order to use ASDM to specify hosts allowed to connect with SSH and to specify the version and timeout options.
Click Save on top of the window in order to save the configuration.
When prompted to save the configuration on flash, choose Apply in order to save the configuration.

By ncol on April 17, 2014 · Comments Off

Google IS scanning your Gmail and admits it!

http://www.digitalspy.com/tech/news/a564741/google-clarifies-email-scanning-policy.html

Google has updated its terms of service to offer more transparency regarding its email-scanning practices. The web giant confirmed that Gmail messages are automatically scanned when content passes between its servers. Google has staunchly defended this policy, insisting that email scanning is necessary to provide tailored content and protect users against malware.

By ncol on April 17, 2014 · Comments Off

What you need to know about Windows XP expiring

What is end of support?

After 12 years, support for Windows XP will end on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. Customers moving to a modern operating system will benefit from dramatically enhanced security, broad device choice for a mobile workforce, higher user productivity, and a lower total cost of ownership through improved management capabilities.

Get more here….

http://wp.me/P2YEZ7-cd

By ncol on April 7, 2014 · Comments Off

Add routes to OpenVPN on IPCOP

To add additional networks behind your IPCop firewall for OpenVPN clients you must PUSH routes to the client. To do this, in /var/ipcop/ovpn/server.conf add the following line:

push “route 10.1.0.0 255.255.0.0”

By ncol on February 24, 2014 · Comments Off

How to save IPTABLES rules

The following lines allow SMTP and HTTP traffic through an IPTABLES firewall. But this information is not automatically saved and reloaded if the service restarts.

iptables -I INPUT -p tcp –dport 25 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT -p tcp –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables-save

Whenever you make a change to your firewall, on a Fedora/CentOS type system, you will want to save the changes.

The output can be redirected to a file.

# iptables-save > /root/firewall-rules
The following command line restores all rules from /root/firewall-rules assuming that the file /root/firewall-rules exists.

# iptables-restore < /root/firewall-rules

By default, iptables-restore deletes all existing rules before restoring the saved rules. If the saved rules are to be appended to existing rules, use the -n or –noflush option.

Save Your Firewall and Load on Restart
You will need to edit the /etc/sysconfig/iptables-config as root to help iptables save and reload your firewall correctly. Be sure the following settings are changed to “yes”.

# Unload modules on restart and stop
# Value: yes|no, default: yes
# This option has to be ‘yes’ to get to a sane state for a firewall
# restart or stop. Only set to ‘no’ if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD=”yes”

# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP=”yes”

# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART=”yes”

By ncol on January 30, 2014 · Comments Off

Snapchat’s Hack: What Users Should Do Now

Snapchat’s Hack: What Users Should Do Now, http://fxn.ws/1kchy8I

By ncol on January 3, 2014 · Comments Off

Love Snapchat? Here’s a reason to stop

Love Snapchat? Here’s a reason to stop, http://fxn.ws/1g6ILEy

By ncol on December 28, 2013 · Comments Off

Four tips for creating stronger passwords

It’s complicated. But that’s a good thing.

http://usat.ly/1d0Z2IA

By ncol on December 6, 2013 · Comments Off

2 million Facebook, Google accounts compromised: How to protect yourself

2 million Facebook, Google accounts compromised: How to protect yourself, http://fxn.ws/1hzSCWv

By ncol on December 6, 2013 · Comments Off

How to port forward with a Cisco ASA via ASDM

Create NAT Rule

Click Configuration (top)
Click Firewall (bottom-left)
Click NAT Rules (middle-left)
Select Add->Static NAT Rule
Original

Interface: inside
Source: 10.80.5.47

Translated
- Interface: Outside
- Select Use Interface IP Address
Port Address Translation (PAT)
- Check Enable Port Address Translation (PAT)
- Protocol: TCP
- Original Port: 3389
- Translated Port: 3389
Click OK

asa_port1

Create Access Rule

Click Access Rules
Select Add->Add Access Rule

Interface: outside
Action: Permit
Source: any
Destination: 10.80.5.47 or the object you created
Service: tcp/3389
Enable Logging: unchecked

By ncol on December 5, 2013 · Comments Off

The five scariest hacks we saw last week

The five scariest hacks we saw last week
http://www.cnn.com/2013/08/05/tech/mobile/five-hacks/index.html

By ncol on August 16, 2013 · Comments Off

Hackers hit the US Department of Energy

http://news.cnet.com/8301-1009_3-57567581-83/hackers-hit-u.s-department-of-energy/

By ncol on August 16, 2013 · Comments Off

The five scariest hacks we saw last week

The five scariest hacks we saw last week
http://www.cnn.com/2013/08/05/tech/mobile/five-hacks/index.html

By ncol on August 7, 2013 · Comments Off

Hackers break into homes electronically

So you think your dvr is safe. Hackers can listen to your baby monitor and turn your lights on! Hackers break into homes — electronically
http://www.cnn.com/2013/08/02/tech/innovation/hackable-homes/index.html

By ncol on August 3, 2013 · Comments Off

FBI pressures Internet providers to install surveillance software

http://news.cnet.com/8301-13578_3-57596791-38/fbi-pressures-internet-providers-to-install-surveillance-software/

By ncol on August 3, 2013 · Comments Off

Samsung said to be near deals to supply devices to FBI, Navy

After winning Pentagon security approval, Samsung is close to a deal with the FBI and Navy. http://news.cnet.com/8301-1035_3-57594476-94/samsung-said-to-be-near-deals-to-supply-devices-to-fbi-navy/

By ncol on July 19, 2013 · Comments Off

How to remove password from SSL key

Always backup the original key first (just in case)!

 # cp www.key www.key.orig

Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:

 # openssl rsa -in www.key -out new.key

Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.

By ncol on July 14, 2013 · Comments Off

Wi-Fi insecurities

http://usat.ly/12usoMG

Public Wi-Fi can alarm your browser, don’t let it alarm you

Wi-Fi networks with Web logins can be a hassle, but they add security.

By ncol on June 30, 2013 · Comments Off

How to remain anonymous on the Internet

http://usat.ly/15TzBUn

How to fly under the radar online

Here are some privacy-friendly sites to help you keep a hold on your personal information.

By ncol on June 30, 2013 · Comments Off

Government orders Facebook to turn over nearly 20,000 accounts

http://usat.ly/11Oc1dg Surveillance revelations from Facebook, Microsoft Facebook says government orders for user data in latter half of 2012 involved 19,000 accounts.

By ncol on June 15, 2013 · Comments Off

Apple adding a ‘kill switch’ to iPhones

Apple adding ‘kill switch’ to iPhones http://www.cnn.com/2013/06/11/tech/mobile/iphone-ios7-kill-switch/index.html

By ncol on June 12, 2013 · Comments Off

What is the NSA’s PRISM program? (FAQ)

With all of the news of the NSA data security program, this puts the pieces of the puzzle together. http://news.cnet.com/8301-1009_3-57588253-83/what-is-the-nsas-prism-program-faq/

By ncol on June 12, 2013 · Comments Off

Microsoft and Symantec collaborate to stop botnet

http://news.cnet.com/8301-1009_3-57568067-83/microsoft-symantec-shutter-another-botnet/

By ncol on June 6, 2013 · Comments Off

How to renew a self signed certificate in Exchange Server 2007

The Exchange 2007 self signs a certificate when the server role is first added for all the Exchange services that run in unison with IIS (smtp & owa etc). The certificate expires after one year from the date the server was first installed or the date the certificate was assigned manually.

First, check the status of the certificate by opening the Exchange Management Shell and executing the command ‘Get-ExchangeCertificate |FL’ – this displays all information about the currently assigned certificates and the status of each certificate.

It is common that they may be more than one certificate listed in the display – if that is the case, find the certificate that shows an expired date in the field ‘NotAfter‘ – as this defines when each certificate becomes invalid/expired. An expired certificate may cause problems such as connectivity to web services, SMTP transport and Outlook prompting certificate security warnings.

Use the following steps to generate a new certificate and enable it to run IIS services:

1. Type ‘Get-ExchangeCertificate |FL’ – This only lists details of certificates that are assigned to Exchange Services. Then note down the Thumbprint of the expired certificate.

2. Then type ‘Get-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63” | New-ExchangeCertificate’ . This generates a new certificate, and you will then be prompted to confirm if you want to overwrite the expired certificate and use the new one for the SMTP service.

3. If you run the cmdlet in step 1 you will notice the new certificate is not used to secure IIS services anymore. Make a note of the new thumbprint and run the following command typing the new thumbprint between the quotation marks: ‘Enable-ExchangeCertificate – Thumbprint “7A843B04EA2865CA9E6C34B42329AEE4456F9013” –Services IIS’

4. Be sure to verify all the services are working correctly after renewing and enabling the certificate – test Outlook clients by closing and opening Outlook to esnure there are no security certificate warnings.

6. Finally, Remove the old certificate by typing the following cmdlet into the management shell: Remove-ExchangeCertificate –Thumbprint “9E6DD4B4EA2865CA9E6C34B42329A9AC994EBF63″.

By ncol on June 5, 2013 · Comments Off

Facebook virus running rampant

http://usat.ly/15yDctc

Hijacking of Facebook accounts spikes

The Koobface worm on the move again, luring Facebook users to click on tainted links

By ncol on June 4, 2013 · Comments Off

Stuck at “Preparing to configure Windows”

How do I reset Windows Update components?

http://support.microsoft.com/default.aspx/kb/971058

Once the Windows Update components are reset, try installing the updates again. To do so,

1. Open Windows Update by clicking the Start button, clicking All Programs, and then clicking Windows Update.

2. Click on the Change settings option in the navigation bar on the left. You will now be at a screen where you will be able to set up how Windows Vista will download and install updates on your computer.

3. Select the option Check for updates but let me choose whether to download and install them. When you are done configuring the options as you wish, press the OK button to save these settings. You will now be back at the main Windows Update screen.

4. In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.

5. You may then download the updates one or two at a time.

6. Click on install updates to install the currently selected updates.

7. Repeat the steps 5 and 6 till you get all the updates you want on your PC.

By ncol on May 31, 2013 · Comments Off

Security lessons from the 2013 Verizon Data Breach Report

Verizon’s latest report on data breach statistics offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

Verizon has released the 2013 edition of their Data Breach Investigations Report (DBIR), an analysis of the data obtained from breach investigations that they and other organizations have performed during the previous year. The data for this report includes incidents from Verizon’s own investigations and 18 other organizations around the world, for a total of 621 confirmed data breaches and over 47,000 security incidents.

The report contains a wealth of information that paints a clear picture of the motives and techniques used by attackers to compromise their target organizations. It’s an interesting read and there are many lessons that can be found within.

http://www.techrepublic.com/blog/security/security-lessons-from-the-2013-verizon-data-breach-report/9513?tag=content;blog-list-river

By ncol on May 30, 2013 · Comments Off

Android Threats Growing

The Android threat landscape is growing in both size and complexity with cybercriminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.

http://www.computerworld.com/s/article/9239188/Android_threats_growing_in_number_and_complexity_report_says

By ncol on May 30, 2013 · Comments Off

Senator demands DOJ, FBI seek warrants to read e-mail

Last month, Sen. Mark Udall and a handful of other privacy-focused politicians persuaded the IRS to promise to cease warrantless searches of Americans’ private correspondence.

http://news.cnet.com/8301-13578_3-57583743-38/senator-demands-doj-fbi-seek-warrants-to-read-e-mail/

By ncol on May 9, 2013 · Comments Off

Senator demands DOJ, FBI seek warrants to read e-mail

Last month, Sen. Mark Udall and a handful of other privacy-focused politicians persuaded the IRS to promise to cease warrantless searches of Americans’ private correspondence.

http://news.cnet.com/8301-13578_3-57583743-38/senator-demands-doj-fbi-seek-warrants-to-read-e-mail/

By ncol on May 9, 2013 · Comments Off

Google Aims To Patent Policy Violation Checker, Potentially Revolutionizing Email Snooping

BEWARE!!! Google Aims To Patent Policy Violation Checker, Potentially Revolutionizing Email Snooping http://huff.to/13ZlQVa

By ncol on May 6, 2013 · Comments Off

Symantec – File System Auto-Protect is malfunctioning

File System Auto-Protect is malfunctioning

http://www.symantec.com/docs/TECH102962

Try these Steps as well.

1) Go to services.msc

2) Stop all the symantec services

3) Open task manager

4) Kill rtvscan.exe and smc.exe

5) Again, restart the service

6) If that does not fix, repairing from add/remove programs should fix the issue.

By ncol on May 2, 2013 · Comments Off

Cyber attack on daily deal site

http://usat.ly/1214yE2 Cyber attack on popular daily deals site The attack impacts 50 million customers of the daily deal site.

By ncol on April 26, 2013 · Comments Off

Hackers send bogus tweets from ’60 Minutes’ account

The Twitter accounts for CBS News programs “60 Minutes” and “48 Hours” were used by hackers earlier today to send out messages accusing the U.S. of aiding terrorists, the network confirmed.

http://news.cnet.com/8301-1009_3-57580604-83/hackers-send- bogus-tweets-from-60-minutes-account/

By ncol on April 23, 2013 · Comments Off

Security certificate problem trips up Bing Web site

A security certificate problem triggered warnings not to use Bing over a secure Web connection Friday, and Microsoft said an issue with network service provider Akamai is to blame.

Browsers displayed prominent error messages and warnings at about 9 a.m.

http://news.cnet.com/8301-1009_3-57580459-83/security-certificate-problem-trips-up-bing-web-site/

By ncol on April 21, 2013 · Comments Off

Vudu resets user passwords after hard drives lost in office burglary

Video service Vudu began warning users today that it has instituted a systemwide password reset following an office break-in last month.

A burglary March 24 resulted in the loss of hard drives that contained users’ sensitive personal information, including names, e-mail addresses, postal addresses, phone numbers, account activity, dates of birth, and the last four digits of some credit card numbers, Vudu Chief Technology Officer Prasanna Ganesan informed customers in an e-mail. He said no complete credit card numbers were stolen because the company does not store that information.

http://news.cnet.com/8301-1009_3-57578766-83/vudu-resets-user-passwords-after-hard-drives-lost-in-office-burglary/

By ncol on April 21, 2013 · Comments Off

security

Configuration with ASDM 6.x

What is end of support?

Most Popular

Recent Posts