Cyber Security

[Somatung]

Hi

An old topic new actual: Microsoft Office Malware

The Microsoft Malware Protection Center (MMPC) has recently seen an increasing number of threats using macros to spread their malicious code. This technique uses spam emails and social engineering to infect a system.

Using macros in Microsoft Office can help increase productivity by automating some processes. However, malware authors have also exploited these capabilities. Since Microsoft set the default setting to "Disable all macros with notification", the number of macro-related malware threat has declined. More recently we have seen new threats emerging that include some form of social engineering to convince users to manually enable macros and allow the malicious code to run.

Two recent macro downloaders that we have seen spreading through spam email campaigns are TrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir. These recent campaigns are one example of an increasing trend of macro malware targeting home users and enterprise customers.

Here the full article: http://blogs.technet.com/b/mmpc/archive/2015/01/02/before-you-enable-those-macros.aspx

Now how to stop such Malware (Trojans) which infect through Office in an easy way?

Most logical way: Do never open any documents you receive from some body you do not know or trust. If you are not sure about who can you trust, then here the next step:

Open a "Word" document,
then open the "Word options",
here you open "Trust Center",
then you open "Trust Center settings"
here you open "Macro Settings"
and here you choose "Disable all Macros with notification".
Then you press "OK" and "OK" and that's it so far. You can do that with any documents you use with M'Office.

As a third step you can check your system with "Malicious software removal tool" from Microsoft which you find here https://www.microsoft.com/security/portal/mmpc/products/default.aspx or you do it with "Malwarebits" you find here http://www.malwarebytes.org

Now as a final step: If you want to get rid of Microsoft Office as you think it is not safe, then you can download the following software, which is an open source software and for free https://www.libreoffice.org What ever you can do with Microsoft Office you more or less can all do with this software. No malware so far was ever found in it.

Have a nice day / Dan

 

[Somatung]

Hi

Since a few days there is a problem on a high critical level with "Adobe Flash-Player". Adobe did an update last week, but that was not enough sufficient to solve the problem. Here you can check which version of AFP is installed on your system: https://www.adobe.com/de/software/flash/about/ If you got to know it is version 16.0.0.287 then you must now or as fast as possible update to the newest version to have the problem solved. The newest version is 16.0.0.296 and you may even have to download it by your self.

UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post. Here you see the full text: https://helpx.adobe.com/security/products/flash-player/apsa15-01.html

If you feel you want to protect your self until the download is available, then you could "Enable Click-to-Play Plugins in your Web Browser". How to do? Read this: http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/. In Firefox you best install "Flashblock" https://addons.mozilla.org/en-US/firefox/search/?q=Flashblock&appver=26.0&platform=windows which gives you control over AFP and when to use it, as you can decide if AFP should run or not.

Have a nice day / Dan

 

[Raghuveer]

Hi

Since a few days there is a problem on a high critical level with "Adobe Flash-Player". Adobe did an update last week, but that was not enough sufficient to solve the problem. Here you can check which version of AFP is installed on your system: https://www.adobe.com/de/software/flash/about/ If you got to know it is version 16.0.0.287 then you must now or as fast as possible update to the newest version to have the problem solved. The newest version is 16.0.0.296 and you may even have to download it by your self.

UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post. Here you see the full text: https://helpx.adobe.com/security/products/flash-player/apsa15-01.html

If you feel you want to protect your self until the download is available, then you could "Enable Click-to-Play Plugins in your Web Browser". How to do? Read this: http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/. In Firefox you best install "Flashblock" https://addons.mozilla.org/en-US/firefox/search/?q=Flashblock&appver=26.0&platform=windows which gives you control over AFP and when to use it, as you can decide if AFP should run or not.

Have a nice day / Dan

Flash Player 16.0.0.296 now available.
See comments section of calendarofupdates for download link.
http://www.calendarofupdates.com/up...dar&section=view&do=showevent&event_id=136378

 

[Somatung]

Hi

Do you know which apps and tools actually keep your messages safe?

If not, you may are really interested in the following:

In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto.

This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here. As such, the results in the scorecard below should not be read as endorsements of individual tools or guarantees of their security; they are merely indications that the projects are on the right track.

Here the link: https://www.eff.org/secure-messaging-scorecard

 

[Somatung]

Hi

Some of you may are interested in the following, coming event: Safer Internet Day 2015

Let’s create a better internet together

Safer Internet Day 2015 will take place on 10th February 2015, with the theme 'Let's create a better internet together'.

The day offers the opportunity to focus on both the creative things that children and young people are doing online, as well as the role and responsibility that all stakeholders have in helping to create a better internet.

2015 is promising to be an action-packed year for Safer Internet Day India, with hundreds of Schools, Clubs, Associations, Organisations and Individuals having already registered at our Website, committing to hold various events, contests and Seminars on the 10th February. For first time, we have a country-wide participation from 14 states across India having confirmed and many more expected in these days. These are from the States of Delhi, Assam, Bihar, Chandigarh, Gujarat, Haryana, Himchal Pradesh, Jharkhand, Karnataka, Kerala, Maharashtra, Rajasthan, Uttar Pradesh and Uttarkhand.

Here the link for India: http://www.saferinternetday.org/web/india/home or this one: http://saferinternetday.in

If you look for an other country, you may visit this link: http://www.saferinternetday.org/web/guest;jsessionid=8E7333BDE2E8CECA836586A8345D46DA

Have a nice day / Dan

 

[Somatung]

Hi

I have posted about the open source "WhatsApp" in the past, as it is not very safe. http://www.traderji.com/software-issues/70091-cyber-security-27.html#post1033806 Now here some more information about "WhatsApp" and if you are a person who concerns about your privacy, then you may are deeply interested in the following:

Whatsapp privacy is broken!(")

So there is this menu called "privacy" in Whatsapp. Here you can edit your "last seen", "profile picture" and "status" privacy options. You may think now that you've set all options to "nobody" you are privacy-wise safe. But nevertheless I can still track your moves on Whatsapp.

What is WhatsSpy Public?("")

WhatsSpy Public is an web-oriented application that tracks every move of whoever you like to follow. This application is setup as an Proof of Concept that Whatsapp is broken in terms of privacy. Once you've setup this application you can track users that you want to follow on Whatsapp. Once it's running it keeps track of the following activities:

-Online/Offline status (even with privacy options set to "nobody")
-Profile pictures
-Privacy settings
-Status messages

I made this project for you to realise how broken the privacy options actually are. It just started out as experimenting with Whatsapp to build an Bot, but I was stunned when I realised someone could abuse this "online" feauture of Whatsapp to track anyone. I could just say this in like a blog article (like I tried but got marked as spam) that the privacy options are broken, but you wouldnt realise the impact it actually has.

For reference view this blog article about the Whatsapp Privacy problem.

Here the links:
(") https://www.maikel.pro/blog/en-whatsapp-privacy-options-are-illusions/
("") https://gitlab.maikel.pro/maikeldus/WhatsSpy-Public/wikis/home

Have a nice day / Dan

 

[Somatung]

Hi

Windows had an other patch day and again there was a problem with one of the patches. This time it was patch "KB3001652" https://support.microsoft.com/kb/3001652 which made problems for many, as they no more could start there systems after the patch did run on there automatic update service. In case you still haven't done those updates, do this specific one (KB3001652) manually. You can download it from here https://www.microsoft.com/en-US/download/details.aspx?id=44074 and during the installation you must give an ok when asked about the EULA-Dialog. Other wise you will face the same problems like the once who did install it through there automatic update service. It is a bit stupid that Windows did not inform there clients about this EULA-Dialog fact.

Any way: Here a tool you can download for further update problems or past once from Windows updates. It is a "Fix Microsoft Windows Update Issues" tool and easy to handle. Just download and run it and it will check and fix your legal Windows OS system for any past update problems. Here the link: https://support.microsoft.com/gp/windows-update-issues/

Have a nice day / Dan

 

[Somatung]

Hi

Here an interesting link to read in about the work of NSA and his friends: http://www.forbes.com/sites/thomasbrewster/2015/02/16/nsa-equation-cyber-tool-treasure-chest/

Take care / Dan

(By the way: If any can understand German and read it, I have a very interesting link about those subject. Let me know if you are interested in those link)

 

[Somatung]

Hi

If you use any laptop from "Lenovo" you should pay attention to this post, as "Lenovo" has probably also done a preinstallation on your notebook, which is adware. The software is called: VisualDiscovery Superfish

They say it was installed because they thought to help customers potentially discover interesting products while shopping. A warning was already given last week about this software in certain presses and the danger it is to those notebooks. Now the software is clearly hacked (") and cyber criminals will use that knowledge. So it is better to check if you have those software installed on your notebook. There are different ways to do so and then uninstall it ("").

Here a test you can do, even on any other notebook and with all your browsers you use: https://filippo.io/Badfish/ (If you see an image with "YES" written on it, you have a problem. Do the test with all browsers installed.)

Here some further links, marked in the above test with (") and (""):

(")http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html#.VOb5cpiG_o8
("")https://forums.lenovo.com/t5/Lenovo...lDiscovery-Superfish-application/ta-p/2029206

Have a nice, coming weekend / Dan

 

[Somatung]

Hi

The Snowden documentary "Citizenfour" has won last night an Oscar in the US. Official links are already around in the net like this one: https:// twitter.com/ cryptomeorg/ status/ 559407184992538625 (Just take out the spaces I put in the link) It is a Zip file and takes some time to download, as it is 1.1 GB. Your choice and have a nice evening / Dan