Category Archives: News

Critical Microsoft Security Updates June 2017

Microsoft, as part of their regular Update Tuesday schedule, have provided additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.

Affected Platforms

  • Microsoft Windows: XP, Vista, 7, 8, 8.1 and 10
  • Microsoft Windows Server, 2003, 2008, 2008 R2, 2012, 2012 R2 and 2016

Some of the releases are new and some are for older platforms that are out of support – they are making these publicly available for the first time.

Microsoft security teams actively monitor for emerging threats to help organisations protect themselves against potential attacks. Those on older platforms (such as Windows XP) should prioritise applying these critical updates which can be found in the Download Center (or alternatively in the Update Catalog).

The patches for out of support operating systems include protection against the EsteemAudit, ExplodingCan and EnglishmanDentist exploits – these exploits target flaws in the Windows remote desktop protocol, IIS 6.0 and Microsoft Exchange servers.



Microsoft made the following statement:

“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly. As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.

As usual, customers on supported platforms with automatic updates enabled, like Windows 10 or Windows 8.1, are protected and do not need to take additional action.”

Further Resources:

    • Microsoft June 2017 security updates release: https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
    • A detailed list of the updates released due to heightened risk can be found on Microsoft Security Advisory 4025685, along with Frequently Asked Questions
    • For customers using Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows 8.1 RT, Windows Server 2012 R2, Windows 10, or Windows Server 2016 see Microsoft Knowledge Base Article 4025686 for guidance.
    • For customers using Windows XP, Windows Vista, Windows 8, Windows Server 2003, or Windows Server 2003 R2 see Microsoft Knowledge Base article 4025687 for guidance.
    • For customers using Windows Embedded versions see Microsoft Knowledge Base article 4025688 for guidance.

Computers configured with automatic updates enabled are protected and there is no additional action required.





Microsoft Issues Patches And Guidance For WannaCrypt Ransomware Attacks

Microsoft have issued patches for previously unsupported operating systems alongside the following statement :-

Many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).  This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

Download Links

Download English language security updates:

Windows Server 2003 SP2 x64,

Windows Server 2003 SP2 x86,

Windows XP SP2 x64,

Windows XP SP3 x86,

Windows XP Embedded SP3 x86,

Windows 8 x86, Windows 8 x64

To download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

Ransomware Infections Reported Worldwide

Multiple organizations around the world including hospitals and telecommunications companies, reported falling victim to ransomware, and researchers said a worldwide campaign of attacks was ongoing. However, the full extent of the hacks, and whether all of them were connected to one another, is unclear.

Among the organisations affected are the NHS, Spanish telecoms firm Telefónica, and logistics firm FedEx.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”

The reason for the malware’s virulent spread appears to be its use of an exploit of Windows software developed by the National Security Agency (NSA), the American spy agency. The exploit was leaked online months ago and patched by Microsoft — but those affected seem not to have updated their software to install the fix.

Cyber security experts say it is WanaCrypt0r 2.0, a new version of the WCry or WannaCry ransomware. Although it is early days and experts are battling to figure out how it works, some are suggesting what’s new about it is that it may exploit a vulnerability that was made public by a group called The Shadow Brokers that hacked the National Security Agency in the US, stole its hacking tools and then dumped them on the internet. Microsoft subsequently published a patch for the vulnerability.

Here is  a link to the Microsoft patch to preotect yourself from this attack  – https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w&tduid=(b64538ebf66a9a2ee395d95da957a62c)(256380)(2459594)(TnL5HPStwNw-sm.x5myUIV87dNNyqEa68w)()

 





Spotting Fake Web Addresses

To most people at quick glance at the above address will look genuine, even if you look in detail you may say its Primark in the US, wrong !

It’s a fake site, what we have here is a well constructed fake web address.  Most people associate the www with the start of a web address and com as part of the address and the company name in the middle.

What we have here really is a site with 2 subdomains setup.  The first www is just a subdomain, the primark is a subdomain and the com-stores.us is the actual domain name.  Typically criminals and others setting up fake sites are using this method more often in order to trick people in to thinking the web address is genuine.

When you visit the site it maybe layed out to give the impression you are on a genuine site for that company.  In reality the site may have infected your computer with a virus or spyware, or maybe they want you to login to the site in order to get your login or bank details.

Note :- The above example web address is known to be fake, please do not visit that site.



Almost Half Of UK Firms Hit By Cyber Breach Or Attack In The Past Year

Nearly seven in ten large companies identified a breach or attack, new Government statistics reveal.

  • Firms holding personal data more likely to be attacked
  • Most common attacks were fraudulent emails, followed by viruses and malware

Businesses large and small are being urged to protect themselves against cyber crime after new Government statistics found nearly half of all UK businesses suffered a cyber breach or attack in the past 12 months.

The Cyber Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching millions. The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51 per cent compared to 37 per cent).

The most common breaches or attacks were via fraudulent emails – for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments – followed by viruses and malware, such as people impersonating the organisation online and ransomware.

Businesses also identified these common breaches as their single most disruptive breach, and the vast majority of them could have been prevented using the Government-backed, industry supported Cyber Essentials scheme, a source of expert guidance showing how to protect against these threats.

These new statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing, which risks damaging profits and customer confidence.

The Government has committed to investing £1.9 billion to protect the nation from cyber attacks to help make the UK the safest place to live and do business online.

Business also has a role to play to protect customer data. The government offers free advice, online training and Cyber Essentials and Cyber Aware schemes.

The survey also revealed:

Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to third party systems they rely on, and one in ten had their website taken down or slowed.

Firms are increasingly concerned about data protection, with the need to protect customer data cited as the top reason for investing by half of all firms who spend money on cyber security measures.

Following a number of high profile cyber attacks, businesses are taking the threat seriously, with three quarters of all firms saying cyber security is a high priority for senior managers and directors; nine in ten businesses regularly update their software and malware protection; and two thirds of businesses invest money in cyber security measures.

Small businesses can also be hit particularly hard by attacks, with nearly one in five taking a day or more to recover from their most disruptive breach.

Areas where industry could do more to protect itself include around guidance on acceptably strong passwords (only seven in ten firms currently do this), formal policies on managing cyber security risk (only one third of firms), cyber security training (only one in five firms), and planning for an attack with a cyber security incident management plan (only one in ten firms).

All businesses which hold personal data will have to make sure they are compliant with the new General Data Protection Regulation (GDPR) legislation from May 2018. This will strengthen the right to data protection, which is a fundamental right, and allow individuals to have trust when they give their personal data.

The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy to transform this country’s cyber security and to protect the UK online. As part of the strategy, the Government recently opened the new National Cyber Security Centre (NCSC), a part of GCHQ.

One of the key objectives of the NCSC is to increase the UK’s cyberspace resilience by working with and providing expert advice tailored to organisations and businesses in every sector of the UK economy and society.




Ciaran Martin, CEO of the National Cyber Security Centre, said:

UK businesses must treat cyber security as a top priority if they want to take advantage of the opportunities offered by the UK’s vibrant digital economy.

The majority of successful cyber attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities.

Cyber Essentials, technical advice on CiSP and regularly updated guidance on the NCSC website offers companies, big and small, simple steps that can significantly reduce the risk of a successful attack.

IIS Zero Day Vulnerability Will Never Be Patched

Affected Platforms

Microsoft Internet Information Services 6.0

Description

A vulnerability found in Microsoft’s Internet Information Services (IIS) web server technology has been publicly detailed along with proof of concept exploit code. It is understood to have been under attack since July 2016. The flaw itself is found on IIS version 6.0. It reached end of life in July 2015 meaning it will likely not be patched which will leave all remaining servers that are yet to upgrade with the potential of a complete system compromise.

The vulnerability is a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service for IIS 6. The flaw itself is found within the WebDAV service, an extension to the [http] protocol designed to simplify sharing and content authoring.

An attack launched against a vulnerable server can cause a denial of service event but it could also result in a full remote code execution exploit.. With many IIS deployments running on a full Windows server installation often hosting other services for internal services, a break of this nature is capable of allowing a threat actor to gain a serious foothold in the network.

Remediation

  • Either upgrade IIS or disable WebDAV as soon as possible (see below how to disable WebDAV in IIS6)
  • Conduct scans of your own address space either internally or with the use of a third party to discover any previously forgotten deployments that may be left vulnerable.
  • Where vulnerable deployment have been available from the internet, access logs and other log data source should be analysed for unusual activity that may indicate a previous compromise.




How To Disable WebDAV In Microsoft IIS6

  • Click the Windows “Start” button, select “Administrative Tools,” and then click “Internet Information Services (IIS) Manager.”
  • Select the “Web Service Extensions” folder on the left side of the IIS Manager window.
  • Select the “Extended” tab near the bottom of the window.
  • Select the “WebDAV” item below the “Web Service Extension” heading on the right side of the window.
  • Click the adjacent “Prohibit” button.

Cisco Wireless Security Updates

Cisco has issued the following security alert for a range of Wireless products :-

Affected Platforms

Aironet 1830 Series and 1850 Series Access Points
Wireless LAN Controller 802.11 WME
Wireless LAN Controller IPv6
Wireless LAN Controller Management GUI

Description

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Remediation

Cisco encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates :-

Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability cisco-sa-20170405-ame (Full details here)

Wireless LAN Controller 802.11 WME Denial-of-Service Vulnerability cisco-sa-20170405-wlc (Full details here)

Wireless LAN Controller IPv6 UDP Denial-of-Service Vulnerability cisco-sa-20170405-wlc2 (Full details here)

Wireless LAN Controller Management GUI Denial-of-Service Vulnerability cisco-sa-20170405-wlc3 (Full details here)




The Scammers Who Warn You Of Scammers

We had to share this one with you.  Alongside the daily intake of spam we spotted this one.  All the rest wanted our money, but this guy is warning us that there is scammers about ! But he does want $240, have a read.

Attn:

I am Mardiani Nasution, I am an Indonasia Citizen living in the USA ,62 years Old. I reside in New Jersey. My residential address is 35 romney road Bound brook NJ ,USA 08805 United States, I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $28,000 while in the United States of America, trying to get my payment all to no avail.

So I decided to travel down to Nigeria with all my compensation documents, and I was directed to meet Mr Phillip Uba, who is the heads member of COMPENSATION AWARD COMMITTEE with the UNITED NATIONS, and I contacted him and he explained everything to me. He said whoever has been contacting us through emails are fake and I saw your name (in the Central Computer among the list of unpaid beneficiaries, contractors,Internet Dating Scam, lottery winners, inheritance next of kin, that was originated from West Africa, United Kingdom, Asia and US .Please i will want to advice you to stop all further communication with any parties ,bank or group of people claiming to be in charges of your fund,

He took me to the paying bank for my Compensation payment of $5,400,000.00 and he showed me the full list of EMAIL ADDRESS of those that are yet to receive their payments were I saw your EMAIL ADDRESS as one of the beneficiaries. This is why I decided to email you to stop dealing with wrong people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr Phillip Uba

UNITED NATIONS COMPENSATION
Name: Mr Phillip Uba
Email: solutiongiver091@outlook.com
TEL:+234 9075009131
You really have to stop dealing with those people that are contacting you telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Mr Phillip Uba was just $240 for the paper work which you have to pay once you contact him and he’ll work it out for you, take note of that. Once again stop contacting those people, I will advise you to contact Mr Phillip so that he can help you to transfer your Fund into your account, instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You

Maradiani

This e-mail had the subject “GOOD NEWS BENEFICIARY” and it was from site_reg@aol.com

Register My Appliance Day

Staffordshire Fire and Rescue Service is urging residents to make their homes safer by taking part in Register My Appliance Day this Thursday (January 19).  The call comes as latest statistics show that Staffordshire  Fire and Rescue Service received 119 calls attributed to faulty appliances  or equipment in 2016. Appliance manufacturers are reminding their customers that they can instantly improve their home safety by taking a few minutes to register the white goods that they rely on every day, have never registered, and completely forget they own.

“Remembering to register household appliances is a vital part of keeping one’s home and family safe. These products are the workhorses of the home, often running daily and for many years, but it is all too easy to forget about them. Getting into the habit of spending a few minutes on www.registermyappliance.org.uk guarantees the household will receive any relevant safety messages from the manufacturer and they should respond immediately. This simple admin task should become second nature to anyone who is serious about home safety.”

Community Safety Lead James Russell

As part of the Fire Kills campaign, Staffordshire Fire and Rescue Service is backing this sensible and simple precaution, to ensure that householders can be contacted swiftly if a safety repair is ever needed.

Those who register their January sale bargains or the thousands of older models already running in their homes, will be entered into a free draw for a range of prizes from many of the 60 leading brands on www.registermyappliance.org.uk(opens in a new window).
The latest YouGov survey for the Association of Manufacturers of Domestic Appliances (AMDEA) has found that less than half (43 per cent) of British adults usually register their large domestic appliances with the manufacturer.  Of those that don’t always register, 39 per cent said this was because they forgot and 29 per cent didn’t think it was necessary.  Potentially they all risk missing out on product safety warnings.

According to recent official estimates, UK homes are currently using around 93 million (92.7m.) wet and dry large appliances. They are kept for ten or many more years yet, unlike cars, the vast majority are untraceable and have never had a health check.

The YouGov survey also revealed that 70 per cent of GB adults with a fridge or  fridge freezer over ten years old  have never had a professional review or check to verify if they are safely connected or running correctly.

The Service urges the public to register any recent purchases and not to forget about their older appliances:

Community Safety Lead James Russell said: “Remembering to register household appliances is a vital part of keeping one’s home and family safe. These products are the workhorses of the home, often running daily and for many years, but it is all too easy to forget about them. Getting into the habit of spending a few minutes on www.registermyappliance.org.uk(opens in a new window)  guarantees the household will receive any relevant safety messages from the manufacturer and they should respond immediately. This simple admin task should become second nature to anyone who is serious about home safety.
“It only takes a few minutes to register an appliance at it could save so much time and money in the long run if one their items does have a safety concern.”

On Register My Appliance Day manufacturers are sending reminders to over 4 million consumers. With supporters including RoSPA, Trading Standards, Citizens Advice, Electrical Safety First and the National Landlords Association using both regional press and social media to promote registration on www.registermyappliance.org.uk(opens in a new window)




Story via – Staffordshire Fire and Rescue Service

£60 Million Tax Reform To Boost UK’s Digital Revolution

The UK’s digital revolution is set to benefit from a multi-million pound boost, under plans announced by Communities Secretary Sajid Javid.

A new Local Government Finance Bill published today (13 January 2017) will make it easier for companies to connect more homes and businesses across England to gold standard full fibre broadband and help get the UK ready for 5G by cutting the cost of laying the cables.

Currently telecoms networks pay business rates on the fibre infrastructure needed to deliver high quality broadband and mobile connectivity to their customers. The Bill introduced in Parliament will give these companies a tax break for up to 5 years on the new infrastructure they lay for full fibre broadband – a saving of £60 million, which can be reinvested in this work.

This new tax relief will not apply to existing infrastructure, giving companies an added incentive to move further and faster to get people connected to the best possible services as they become available.

The move is part of a £1 billion package of measures by the government, announced at Autumn Statement 2016, to help communities get digitally connected. The package also includes:

  • a £400 million Digital Infrastructure Investment Fund, at least matched by private finance, to invest in new fibre networks over the next 4 years
  • £740million funding to encourage the market development of full fibre networks in both urban and rural areas
  • a coordinated programme of integrated fibre and 5G trials, to keep the UK at the forefront of the digital revolution

Communities Secretary Sajid Javid said:

We need to have the best possible digital technology and broadband connections if we’re to create an economy that works for all.

The Local Government Finance Bill will offer a £60 million boost to deliver ever-faster broadband connections, making UK PLC an ever-stronger competitor on the global stage.




Supporting local economic growth – in communities and online

The government is determined to create an economy that works for everyone, by giving councils and communities the powers they need to boost local economic growth.

The Local Government Finance Bill includes a range of measures to cut business rates for small businesses and local amenities and help local communities to thrive.

They include:

  • bringing rural rate reliefs into line with those in urban areas – currently, eligible small businesses in rural areas benefit from a 50% discount on their business rates. The Bill will double this, bringing it into line with rate reliefs in urban areas
  • rate reliefs on public toilets – councils are currently required to charge themselves business rates on the public toilets they are responsible for, and cannot grant themselves any rate reliefs. This Bill will change that, and allow councils to provide rate relief to all public toilets, making it cheaper for councils to keep them open in their areas.

This is on top of the biggest ever cut in business rates announced at the Budget – worth £6.7 billion over the next 5 years – which means 600,000 small businesses will never have to pay business rates again.

The Bill also lays the groundwork for historic reform to business rates so that, by 2020, local government will keep 100% of the business rates it collects.

From April 2017, this new approach will be piloted in London, Manchester and Liverpool, as well as the devolution deal areas of the West of England, Cornwall and the West Midlands.

This is a change local government has campaigned for, for years – and will put councils firmly at the heart of efforts to drive local economic growth, encouraging them to further support local firms and jobs and, in turn, ensure their communities see the benefits of increased local economic growth.