Angler Exploit Kits Reported

Published: 2016-08-31
Last Updated: 2016-08-31 18:12:41 UTC
by Deborah Hale (Version: 1)
0 comment(s)

We have had a report from one of our readers (thanks Andrew) indicating that they are seeing Angler Exploit Kit attempts in the past 2 days appearing to be tied to Heart Internet. I am not seeing any activity in my logs. 

Is anyone else seeing this type of activity in your weblogs?

 

Deb Hale

Keywords: Angler Angler EK
0 comment(s)

Cisco Security Advisories Issued

Published: 2016-08-31
Last Updated: 2016-08-31 18:04:25 UTC
by Deborah Hale (Version: 1)
1 comment(s)

If you use any of these Cisco Devices please take recommended action.

WebEx Player - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player

Cisco Small Business 220 Series Smart Plus (Sx220) Switches-  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3

Cisco Small Business SPA3x/5x Series - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa

Deb Hale

 

Keywords: Cisco Advisory
1 comment(s)

Dropbox Breach

Published: 2016-08-31
Last Updated: 2016-08-31 16:22:34 UTC
by Deborah Hale (Version: 1)
1 comment(s)

Dropbox has just been added to the myriad of sites that have been hacked.  It seems that back in 2012 there was a breach and around 60 million accounts were stolen.  There is now evidence surfacing that the details from the accounts are out there.  Dropbox is forcing password changes for a number of users that have been affected. 

I don’t use dropbox but have a number of our employees that do so I went to www.haveibeenpwned.com to check their accounts.  Sure enough I had a couple that were included in the list.  I immediately notified the users to change their dropbox passwords.  Out of curiosity I checked my email addresses… I use several for security purposes.  I found that 3 of mine were listed.  One was for a potential breach at Logmein.com.  They notified me several weeks ago and when I logged in I was forced to change my password.  I felt pretty good about that.  However, what I discovered today is that I also had a potential breach from Adobe.com which I was not notified of on 2 of my email addresses.  I forgot that I had even setup an account on the one email address.  I also discovered that I had a potential breach on an email address that I no longer use for myspace.com.  Of course, no way to change this password because that email address has been done away with. I requested my account to be removed. Hopefully, they will take care of that. Interesting that I have a subscription to one of the so-called financial protection sites that are supposed to be watching for these and notifying me when it happens.  I was notified by them about 6 weeks after I received the email from Logmein that I may have been breached.  They have never notified me of the others.  I guess I will keep an eye on my email addresses using the previously mentioned website.

I then started looking at some key email addresses here in the company.  One of them had a potential breach on linkedin.com.  I notified the user and his response was so why would they steal LinkedIn information.  My response, not sure…  Perhaps they are banking on people using the same password for other accounts such as banking/credit card accounts.  If they happen on to the email address in some other “breach” (such as your bank or your credit card) they will try the password.  His response was might be a good time to change some passwords.

An article on Motherboard concerning the breach states:

This is just the latest so-called “mega-breach” to be revealed. This summer, hundreds of millions of records from sites such as LinkedIn, MySpace, Tumblr, and VK.com from years-old data breaches were sold and traded amongst hackers.

Perhaps it is a good time to change those passwords as well. I try not to use the same password for multiple sites and I strive to use good strong passwords. I have devised a scheme in creating my passwords that allows me to recall the password from any site even though all of the passwords are different. 

Many thanks to Troy for the haveibeenpwned.com website. 

For more information about the Dropbox breach see …

http://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts

https://www.troyhunt.com/the-dropbox-hack-is-real/

Deb Hale

1 comment(s)
ISC Stormcast For Wednesday, August 31st 2016 http://isc.sans.edu/podcastdetail.html?id=5147

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives