ANCHOR CYBER FEED

Clever and Widespread Google Phishing Campaign Raises Concerns Last week a new worm spread rapidly through the Internet. It used a very convincing (because it was partly genuine) Google Docs invitation to lure Google users into giving access to their Gmail accounts, then copied itself to addresses in the victim's contacts. Repeating this process led to a rapid storm of emails. Google took action within an hour to remove the rogue app from users' account permissions and stem the tide of emails, but the success of the tactic shows the risk inherent in cloud-based accounts like this -- a quieter version of the same tactic could easily compromise a handful of people without attracting much attention. Selecting and authorizing specific file-sharing services for your organizational data is a good idea, as is ensuring users are trained in how to use them (and what NOT to do). https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/ ...

In honor of "World Password Day," we're providing some thoughts and tips to improving the security of the passwords you use. For better or worse (and in many cases it's definitely worse), passwords are still the primary authentication mechanism we use to control access to most computing resources. While multi-factor authentication is becoming more common (and it's a great thing to use if you can), much of our digital life still depends on the humble password. Really I don't even like the name, "World Password Day," because I'm trying to get people to think of them as "passphrases" -- as in multiple words separated by spaces, meaning quite a bit longer than we are used to using. A natural-languge phrase is easy to type, easy to remember, and (if it's long enough) very difficult to guess or crack. When I say long, you should be thinking at least 15 characters long. Remember, spaces are characters, too! Here are our key tips to...

Unpatched Vulnerability in Microsoft IIS 6.0 Web Services Announced A serious vulnerability in Microsoft Internet Information Server (IIS) 6.0 was publicized last week when someone posted proof-of-concept exploit code to GitHub. The vulnerability was apparently known to some hacker groups previously, and has been exploited in attacks since last summer, but its existence was not well-known and the ability to exploit it was not widespread. IIS 6.0 runs on Windows 2003 Server, which is no longer supported by Microsoft, so no patch for this flaw is expected to be released. Still, there are hundreds of thousands of publicly-accessible websites still running on IIS 6.0, so this is a serious issue. Critical Vulnerability Discovered in IIS 6.0 Web Services VMWare Issues Patches for Critical VM-Escape Flaws in Multiple Products Since virtual computing technology was popularized in the 2000s, the greatest security concern has been the possibility of "virtual machine escape," or...

IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There ar...

Microsoft Releases Massive Amount of Updates, Fixing 135 Vulnerabilities in 17 Security Bulletins ​After February's abortive Patch Tuesday, March's Patch Tuesday is predictably larger than usual. Nine of the bulletins are marked as critical. The Windows updates are bundled together per Microsoft's new patch distribution method, though the updates for the IE and Edge browsers are available separately. Several of the critical vulnerabilities fixed here are already publicly-known, and some are already being actively exploited. These include the GDI vulnerability fixed by MS17-013 and two of the browser vulnerabilities fixed in MS17-006/007. We recommend that organizations test and deploy these updates as quickly as possible. https://technet.microsoft.com/en-us/library/security/MS17-MAR http://www.computerworld.com/article/3180996/security/largest-ever-patch-tuesday-from-microsoft.html http://www.csoonline.com/article/3181411/security/microsoft-fixes-record-number-of-fla...

The broad adoption and use of cryptography throughout modern enterprises is an important innovation and a key tool to improve the security of organizational systems and data. However, cryptography creates some complexities and dependencies that are often not well accounted-for and can lead to system downtime as a result. The use of cryptographic certificates for encryption and authentication is a key source of such downtime. In a recent survey , 79% of responding organizations said they had suffered at least one certificate-related system outage during 2016; 38% suffered six or more such outages! This is something that we see from time-to-time in our business. Even when an outage is not directly attributable to a certificate problem, it is common to see a system or service restore be significantly delayed due to a difficulty in restoring a certificate or a need to generate or obtain new certificates. A recent incident at the Department of Homeland Security underscores the risk h...

As the Internet of Things (IoT) market progresses, the number of malware threats targeting the sector is rising as well. The ultimate goal for many of these IoT threats is to build solid botnets in order to launch distributed denial of service (DDoS) attacks. Some of the threats that lack DDoS capabilities might still install DDoS-capable malware, researchers say. “DDoS attacks remain the main purpose of IoT malware. With the rapid growth of IoT, increased processing power in devices may prompt a change of procedures in the future, with attackers branching out into cryptocurrency mining, information stealing, and network reconnaissance,” Symantec concludes. http://www.securityweek.com/ddos-attacks-are-primary-purpose-iot-malware ​ http://www.securityweek.com/linux-xor-ddos-botnet-flexes-muscles-150-gbps-attacks