Symantec releases the Latest Intelligence report for July 2016

Symantec releases the Latest Intelligence report for July 2016

Symantec released the latest Intelligence report for July 2016 stating a major increase in email phishing attacks on the manufacturing industry from June.

The Neutrino toolkit attacks doubled from 10.7 in June to 21.5% in July.

This report is an analysis of cyber security threats, trends, and insights about malware, spam, and other potentially harmful business risks.

EFS Network Management encourages administrators and users to check the Symantec’s Latest Intelligence Report for July 2016.

Spam has increased from 52.7% in June to 53.2% in July.

Manual Sharing scams has increased slightly but is up to a whooping 83 percent of Mobile and Social Media scams. Fake offers were down to 11.85%. Like Jacking was down at 3.09%. Fakes Apps was up to 1.61%. FakePlugin was up a bot to 0.02% to round out the top five for social media.

If you need tech support with a security issue please open a EFS Network Management Support Request and we will take a look at the issue or you can contact us for help.

Security Now 571: Phishing & Filtering

Security Now 571: Phishing & Filtering

Steve Gibson of GRC discusses the latest in security issues with LastPass vulnerabilities, new wireless keyboard headaches, deprecating SMS as a second authentication factor, obtaining Windows 10 for free after July, the pervasive problem with website spoofing, and the power and application of multi-interface packet filtering.

Details of this episode with links and additional information can be found in the Security Now # 571 show notes. A transcript and audio versions of the show are also available.

We are on the eve of DEF CON 24, Aug 4-7, 2016, which is a black hat, white hat and grey hat hacker convention in Las Vegas. It has been traditional that during the conference and after a conference a number of new exploits are revealed. It is important that users and administrators update their systems to the current known security patches to mitigate issues that may come from new exploits.

EFS Network Management encourages administrators and users to check the latest video podcast of Security Now.

If you need tech support with a security issue please open a EFS Network Management Support Request and we will take a look at the issue or you can contact us for help.

EFS Network Management Bi-Weekly Antivirus Review

Bi-Weekly Antivirus Review

EFS Network Management encourages users and administrators to check your antivirus software for desktops and servers.

The antivirus software should be reviewed bi-weekly for known security issues and known stability issues. Your antivirus software should be checked to ensure that it is functioning correctly. We tend to get complacent and not think to check our antivirus software.

Sometimes the software may stop getting its daily updates for various reasons. The antivirus software might be expired and it needs to be renewed with the vendor. A firewall setting may have been enabled and now the firewall is blocking the updates. It could be the desktop firewall or the network firewall. A group policy might have been enabled that blocks the updates, by accident. Malware maybe blocking the updates. A new security update might have broken the antivirus updates software. The service could have been disabled during a troubleshooting session and never turned back on. The antivirus software might have been uninstalled to address an issue and the antivirus software never got re-installed. The antivirus software may no longer be compatible with the current version of software that your are running.

There are many more reasons why the antivirus software may not be working. So it is very important to check that it is working and that it is up to date.

  • Check the antivirus definition files and they should be within a few days of the current date.
  • Check the last time that the operating system had a full virus scan.
  • Check the antivirus history files and logs.
  • Check the antivirus quarantine and delete all files if they are not critical.
  • Check the antivirus expiration date, if the one being used is not a free version.
  • Check the antivirus exclusion paths and make sure that they are not excluding critical systems.
  • Check the antivirus software for services that may not be working, especially if you are running an antivirus/malware suite.
  • Search the web or Youtube on “How to’s” for your version of antivirus software” make sure the information is coming from a reputable source. This will empower you with working knowledge of your antivirus software.
  • If it has been a while since your last deep scan, update your antivirus software, boot into safe mode for Windows computers and run a full system scan.
  • If you suspect you have malware, then a bootable antivirus software may be needed in order to deal with the malware.
  • While checking for antivirus, check for the last good backup of the operating system and create recovery disks or jump drives if you do not have them.

If issues do arise from checking your antivirus or you need assistance please open a EFS Network Management Support Request and we will take a look at the issues or you can contact us for help.

EFS Network Management - July 25th Weekly DHS US-CERT Security Summary

July 25th Weekly DHS US-CERT Security Summary

The Department of Homeland Security’s division of US-CERT (United States Computer Emergency Readiness Team) has released the latest weekly security notices for software that has new known security issues. SB16-214: Vulnerability Summary for the Week of July 25, 2016 listed all the details.

EFS Network Management encourages users and administrators to check the DHS US-Cert Security Bulletin for software vulnerabilities that might affect their business.

dhs

The security bulletin this week’s covers the following software: Cisco, PHP, Google Chrome, CA eHealth, apache, siemens software and many other products.

It is important to check this list of products to decide if your organization is using them. If so, please update the affected software to address known security issues. These security vulnerabilities may allow remote code execution with full system privileges.

Please expect that there maybe issues with the updates. There are no known issues at the release of this security notice from DHS US-CERT.

If issues do arise, please reboot the system to see if it will self-heal and recover. If it does not recover please open a EFS Network Management Support Request and we will take a look at the issues or you can contact us for help.

EFS Network Management - Uploaded ToQuarterly Firmware Update Review

Quarterly Firmware Update Review

EFS Network Management encourages administrators to check firmware updates for various devices. Most all computer based devices today have some type of firmware. This firmware should be reviewed for known security issues and known stability issues.

Types of devices that have firmware are printers, copiers, desktops, notebooks, handheld devices, credit card machines, fax machines, alarm systems, phone systems, video systems, key fob systems, smartphones, hard drives, servers, controller cards, firewall devices, wireless devices, scanners, network switches, USB drives, barcode scanners, mice, security devices and more.

These are vectors of attack and exploitation. A lot of these devices have embedded web servers. Since most users never access them they go forgot about. If malware gets a foot hold in your network, it may scan for devices that have known vulnerabilities. Malware is increasing in sophistication and looks for areas to hide that are not normally checked or updated. While attacks on printers etc are rare, they do offer a weak security link that could become an issue.

It is important to update all these devices on a regular schedule to close that gap of a potential security breach. Examples of breaches are the Home Depot case study, and Target attacks in which devices, etc were not patched and that lead to the exploitations. These examples allowed remote attackers control over their networks, servers and point of sale devices. More recent firmware issue example is the Lenovo UEFI exploit was found on ThinkPad and HP systems. For details review the Lenovo Security Advisor LEN-6718.

Your best defense is to keep all your devices updated and current.

That said also expect issues with updates. This is a primary reason a lot of devices do not get updated. The updates can deprecate old features, change the way things work and be disruptive. However while that maybe true, it could be more disruptive if malware gains a foothold into your network on an unpatched device, and repeatedly re-infecting other devices, computers, etc.

Ideally one would want to update as soon as a patch is released. However many vendors do not do a good job at communicating an update, or if you are not an a vendor’s mailing list you may not get the update.  So a practical approach is to check the devices in your inventory and look up the latest firmware version. Next read about the update and do a web search for any known issues with the update. Then install and test the update. Fall back to an older update if issues occur and if the device allows a down grade.

Lastly update your documentation or management software. Then add the next firmware update review on your calendar or task management system.

If issues do arise from the updates please open a EFS Network Management Support Request and we will take a look at the issues or you can contact us for help.