Author Archives: admin

Critical Microsoft Security Updates June 2017

Microsoft, as part of their regular Update Tuesday schedule, have provided additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.

Affected Platforms

  • Microsoft Windows: XP, Vista, 7, 8, 8.1 and 10
  • Microsoft Windows Server, 2003, 2008, 2008 R2, 2012, 2012 R2 and 2016

Some of the releases are new and some are for older platforms that are out of support – they are making these publicly available for the first time.

Microsoft security teams actively monitor for emerging threats to help organisations protect themselves against potential attacks. Those on older platforms (such as Windows XP) should prioritise applying these critical updates which can be found in the Download Center (or alternatively in the Update Catalog).

The patches for out of support operating systems include protection against the EsteemAudit, ExplodingCan and EnglishmanDentist exploits – these exploits target flaws in the Windows remote desktop protocol, IIS 6.0 and Microsoft Exchange servers.



Microsoft made the following statement:

“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.

As usual, customers on supported platforms with automatic updates enabled, like Windows 10 or Windows 8.1, are protected and do not need to take additional action.”

Further Resources:

    • Microsoft June 2017 security updates release: https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
    • A detailed list of the updates released due to heightened risk can be found on Microsoft Security Advisory 4025685, along with Frequently Asked Questions
    • For customers using Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 8.1 RT, Windows Server 2012 R2, Windows 10, or Windows Server 2016 see Microsoft Knowledge Base Article 4025686 for guidance.
    • For customers using Windows XP, Windows Vista, Windows 8, Windows Server 2003, or Windows Server 2003 R2 see Microsoft Knowledge Base article 4025687 for guidance.
    • For customers using Windows Embedded versions see Microsoft Knowledge Base article 4025688 for guidance.

Computers configured with automatic updates enabled are protected and there is no additional action required.





Microsoft Issues Patches And Guidance For WannaCrypt Ransomware Attacks

Microsoft have issued patches for previously unsupported operating systems alongside the following statement :-

Many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).  This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

Download Links

Download English language security updates:

Windows Server 2003 SP2 x64,

Windows Server 2003 SP2 x86,

Windows XP SP2 x64,

Windows XP SP3 x86,

Windows XP Embedded SP3 x86,

Windows 8 x86, Windows 8 x64

To download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

Ransomware Infections Reported Worldwide

Multiple organizations around the world including hospitals and telecommunications companies, reported falling victim to ransomware, and researchers said a worldwide campaign of attacks was ongoing. However, the full extent of the hacks, and whether all of them were connected to one another, is unclear.

Among the organisations affected are the NHS, Spanish telecoms firm Telefónica, and logistics firm FedEx.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”

The reason for the malware’s virulent spread appears to be its use of an exploit of Windows software developed by the National Security Agency (NSA), the American spy agency. The exploit was leaked online months ago and patched by Microsoft — but those affected seem not to have updated their software to install the fix.

Cyber security experts say it is WanaCrypt0r 2.0, a new version of the WCry or WannaCry ransomware. Although it is early days and experts are battling to figure out how it works, some are suggesting what’s new about it is that it may exploit a vulnerability that was made public by a group called The Shadow Brokers that hacked the National Security Agency in the US, stole its hacking tools and then dumped them on the internet. Microsoft subsequently published a patch for the vulnerability.

Here is  a link to the Microsoft patch to preotect yourself from this attack  – https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w&tduid=(b64538ebf66a9a2ee395d95da957a62c)(256380)(2459594)(TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w)()

 





Spotting Fake Web Addresses

To most people at quick glance at the above address will look genuine, even if you look in detail you may say its Primark in the US, wrong !

It’s a fake site, what we have here is a well constructed fake web address.  Most people associate the www with the start of a web address and com as part of the address and the company name in the middle.

What we have here really is a site with 2 subdomains setup.  The first www is just a subdomain, the primark is a subdomain and the com-stores.us is the actual domain name.  Typically criminals and others setting up fake sites are using this method more often in order to trick people in to thinking the web address is genuine.

When you visit the site it maybe layed out to give the impression you are on a genuine site for that company.  In reality the site may have infected your computer with a virus or spyware, or maybe they want you to login to the site in order to get your login or bank details.

Note :- The above example web address is known to be fake, please do not visit that site.



Almost Half Of UK Firms Hit By Cyber Breach Or Attack In The Past Year

Nearly seven in ten large companies identified a breach or attack, new Government statistics reveal.

  • Firms holding personal data more likely to be attacked
  • Most common attacks were fraudulent emails, followed by viruses and malware

Businesses large and small are being urged to protect themselves against cyber crime after new Government statistics found nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months.

The Cyber Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching millions. The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51 per cent compared to 37 per cent).

The most common breaches or attacks were via fraudulent emails – for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments – followed by viruses and malware, such as people impersonating the organisation online and ransomware.

Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented using the Government-backed, industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats.

These new statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence.

The Government has committed to investing £1.9 billion to protect the nation from cyber attacks to help make the UK the safest place to live and do business online.

Business also has a role to play to protect customer data. The government offers free advice, online training and Cyber Essentials and Cyber Aware schemes.

The survey also revealed:

Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to third party systems they rely on, and one in ten had their website taken down or slowed.

Firms are increasingly concerned about data protection, with the need to protect customer data cited as the top reason for investing by half of all firms who spend money on cyber security measures.

Following a number of high profile cyber attacks, businesses are taking the threat seriously, with three quarters of all firms saying cyber security is a high priority for senior managers and directors; nine in ten businesses regularly update their software and malware protection; and two thirds of businesses invest money in cyber security measures.

Small businesses can also be hit particularly hard by attacks, with nearly one in five taking a day or more to recover from their most disruptive breach.

Areas where industry could do more to protect itself include around guidance on acceptably strong passwords (only seven in ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one in five firms), and planning for an attack with a cyber security incident management plan (only one in ten firms).

All businesses which hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.

The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy to transform this country’s cyber security and to protect the UK online. As part of the strategy, the Government recently opened the new National Cyber Security Centre (NCSC), a part of GCHQ.

One of the key objectives of the NCSC is to increase the UK’s cyberspace resilience by working with and providing expert advice tailored to organisations and businesses in every sector of the UK economy and society.




Ciaran Martin, CEO of the National Cyber Security Centre, said:

UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy.

The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.

Cyber Essentials, technical advice on CiSP and regularly updated guidance on the NCSC website offers companies, big and small, simple steps that can significantly reduce the risk of a successful attack.

IIS Zero Day Vulnerability Will Never Be Patched

Affected Platforms

Microsoft Internet Information Services 6.0

Description

A vulnerability found in Microsoft’s Internet Information Services (IIS) web server technology has been publicly detailed along with proof of concept exploit code. It is understood to have been under attack since July 2016. The flaw itself is found on IIS version 6.0. It reached end of life in July 2015 meaning it will likely not be patched which will leave all remaining servers that are yet to upgrade with the potential of a complete system compromise.

The vulnerability is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service for IIS 6. The flaw itself is found within the WebDAV service, an extension to the [http] protocol designed to simplify sharing and content authoring.

An attack launched against a vulnerable server can cause a denial of service event but it could also result in a full remote code execution exploit.. With many IIS deployments running on a full Windows server installation often hosting other services for internal services, a break of this nature is capable of allowing a threat actor to gain a serious foothold in the network.

Remediation

  • Either upgrade IIS or disable WebDAV as soon as possible (see below how to disable WebDAV in IIS6)
  • Conduct scans of your own address space either internally or with the use of a third party to discover any previously forgotten deployments that may be left vulnerable.
  • Where vulnerable deployment have been available from the internet, access logs and other log data source should be analysed for unusual activity that may indicate a previous compromise.




How To Disable WebDAV In Microsoft IIS6

  • Click the Windows “Start” button, select “Administrative Tools,” and then click “Internet Information Services (IIS) Manager.”
  • Select the “Web Service Extensions” folder on the left side of the IIS Manager window.
  • Select the “Extended” tab near the bottom of the window.
  • Select the “WebDAV” item below the “Web Service Extension” heading on the right side of the window.
  • Click the adjacent “Prohibit” button.

Cisco Wireless Security Updates

Cisco has issued the following security alert for a range of Wireless products :-

Affected Platforms

Aironet 1830 Series and 1850 Series Access Points
Wireless LAN Controller 802.11 WME
Wireless LAN Controller IPv6
Wireless LAN Controller Management GUI

Description

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Remediation

Cisco encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates :-

Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability cisco-sa-20170405-ame (Full details here)

Wireless LAN Controller 802.11 WME Denial-of-Service Vulnerability cisco-sa-20170405-wlc (Full details here)

Wireless LAN Controller IPv6 UDP Denial-of-Service Vulnerability cisco-sa-20170405-wlc2 (Full details here)

Wireless LAN Controller Management GUI Denial-of-Service Vulnerability cisco-sa-20170405-wlc3 (Full details here)




Extracurricular Cyber Clubs To Inspire And Identify Tomorrow’s Cyber Security Professionals

Thousands of teenagers are to be given intensive cyber security training and mentoring in extracurricular clubs as part of plans to address the risk of a future skills shortage, as the need for cyber security experts is set to skyrocket.

The Cyber Schools Programme aims to support and encourage schoolchildren to develop some of the key skills they would need to work in the growing cyber security sector and help defend the nation’s businesses against online threats.

Up to £20m is available to deliver an extracurricular school programme which will see an army of expert external instructors teaching, testing and training teenagers selected for the programme, with a comprehensive cyber curriculum expected to mix classroom and online teaching with real-world challenges and hands-on work experience.

The Cyber Schools Programme, led by the Department for Culture, Media and Sport (DCMS), is aimed at those aged between 14 and 18, with a target for at least 5,700 teenagers to be trained by 2021.

This programme is for students with the aptitude and enthusiasm for the subject. It aims to appeal to children from all backgrounds, including those currently underrepresented in cyber security jobs.

Cyber security is an exciting industry with strong job prospects. Recent figures from the Tech Partnership show there are already 58,000 cyber security specialists in a growing sector worth £22bn a year to the economy. This is part of the Government’s commitment to prepare Britain for the challenges it faces now and in the future.

Minister of State for Digital and Culture Matt Hancock said:

This forward-thinking programme will see thousands of the best and brightest young minds given the opportunity to learn cutting-edge cyber security skills alongside their secondary school studies. We are determined to prepare Britain for the challenges it faces now and in the future and these extracurricular clubs will help identify and inspire future talent.

Students will be expected to commit to four hours a week. This will include classroom-based and online-teaching with flexibility around exams and busier study periods.




The aim is for students to start aged 14 and complete a four-year programme. It will be delivered in modules, meaning older students can join at any point providing they meet the right criteria. The provider will have the flexibility to decide the most appropriate way to deliver the programme, and the pilot, to begin in September 2017, will be monitored and reviewed after the first year.

The programme is all part of the Government’s National Cyber Security Programme to find, finesse and fast-track tomorrow’s online security experts.

It includes the recently announced CyberFirst bursary funding scheme, which offers grants of up to £4,000 for up to 1,000 students by 2020 to study a relevant degree, do a placement or attend a summer school and, depending on meeting requirements, the chance to work in national security on graduation.

There are 2,500 free places on CyberFirst in 2017 and an additional CyberFirst Girls Competition, where teams of 13-to-15-year-old young women can pit their wits against one another to crack a series of online puzzles.

DCMS is also supporting leading employers in critical energy and transport infrastructure to train and recruit up to 50 highly skilled apprentices aged 16 and over to help defend essential services against cyber attacks. The Cyber Security Apprenticeships for Critical Sectors Scheme is open now for applications for those with a natural flair for problem solving and who are passionate about technology.

A Cyber Retraining Academy, launched in January, is also helping more than 50 high-aptitude people fast-track into the cyber security industry with a ten-week intensive training course.



Story via gov.uk

Windows 10 (Version 1607) Unable To Install KB3200970

  1. Check windows update for KB3197954
  1. Uninstall this update as this is the one that seems to cause the error – Reason: Checking the CBS.log file (located in c:\windows\logs\CBS) showed that Package 7 of KB3197954 was not installed.
  1. Copy the following file on to a notepad and save the file as “Repair.Bat”

net stop wuauserv

cd %systemroot%\SoftwareDistribution

ren Download Download.old

net start wuauserv

net stop bits

net start bits

net stop cryptsvc

cd %systemroot%\system32

ren catroot2 catroot2old

net start cryptsvc

  1. Run this Repair.Bat as Administrator
  1. Check if the c:\windows\system32\catroot2 has been renamed to c:\windows\system32\catroot2old
  1. Copy “Catroot2” file folder from c:\windows\system32 from a working PC where the updates have been installed successfully.
  1. Upon completing all the above reboot the PC.
  1. Post Restart, Check for updates.
  1. The updates should now download and install successfully.




The Scammers Who Warn You Of Scammers

We had to share this one with you.  Alongside the daily intake of spam we spotted this one.  All the rest wanted our money, but this guy is warning us that there is scammers about ! But he does want $240, have a read.

Attn:

I am Mardiani Nasution, I am an Indonasia Citizen living in the USA ,62 years Old. I reside in New Jersey. My residential address is 35 romney road Bound brook NJ ,USA 08805 United States, I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $28,000 while in the United States of America, trying to get my payment all to no avail.

So I decided to travel down to Nigeria with all my compensation documents, and I was directed to meet Mr Phillip Uba, who is the heads member of COMPENSATION AWARD COMMITTEE with the UNITED NATIONS, and I contacted him and he explained everything to me. He said whoever has been contacting us through emails are fake and I saw your name (in the Central Computer among the list of unpaid beneficiaries, contractors,Internet Dating Scam, lottery winners, inheritance next of kin, that was originated from West Africa, United Kingdom, Asia and US .Please i will want to advice you to stop all further communication with any parties ,bank or group of people claiming to be in charges of your fund,

He took me to the paying bank for my Compensation payment of $5,400,000.00 and he showed me the full list of EMAIL ADDRESS of those that are yet to receive their payments were I saw your EMAIL ADDRESS as one of the beneficiaries. This is why I decided to email you to stop dealing with wrong people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr Phillip Uba

UNITED NATIONS COMPENSATION
Name: Mr Phillip Uba
Email: solutiongiver091@outlook.com
TEL:+234 9075009131
You really have to stop dealing with those people that are contacting you telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Mr Phillip Uba was just $240 for the paper work which you have to pay once you contact him and he’ll work it out for you, take note of that. Once again stop contacting those people, I will advise you to contact Mr Phillip so that he can help you to transfer your Fund into your account, instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You

Maradiani

This e-mail had the subject “GOOD NEWS BENEFICIARY” and it was from site_reg@aol.com