Wildfire Scams
As with any disaster in the past, we expect some scams related to the California wildfires. So far, we are happy to report that we see almost no activity. But if you come across something, please let us know!
Basic tips:
- only donate to charities you know.
- do not respond to donation requests that you may receive via e-mail.
- If in doubt, make your donation via mail or phone using a well published phone number.
- The IRS operates a registry of charities apps.irs.gov/portal/site/pub78
Our best wishes are with the victims of the fire.
Johannes
UPDATE: We are starting to see hunderds of domain registers about the California Wildfires. Keep a watchful eye out for spam related to these "suspicious" domains.
Joel Esler
Cyber Security Awareness Tip #26 ? Safe File Transfer
The Internet has provided us with a convenient method to share information with each other and one thing we all do is to move files around. Whether they be documents attached to emails, music, movies or programs we install, it is all about files, files, files. So how do you safely transfer files from one location to another? We're talking important stuff, the super secret info that your business relies on in order to stay afloat or information that keeps the country safe, but things you need to share with others in order to function. We've had plenty of examples over the last year or so on what not to do, especially with backup tapes and credit card numbers. So we need some tips on what people should do or should not do. I'll kick it off. DO: Set up a secure file exchange facility within the corporate infrastructure to securely exchange files with others. UPDATES: Don't: Send us some good tips on what to do (bad ones are acceptable as well, but have to be amusing) Cheers Mark H - Shearwater
1. "Use secure thumb drives. They don't cost that much more.
2. Use strong passwords.
3. Store the password and data separately.
4. Don't e-mail the password with the data.
5. When sending data by courier make sure they are trust worthy, we have had customers send data that just never made it to us.
6. Password protect all storage devices, including cell phones they can hold a lot of data now a days." (Paul)
Request for info, IPs, exploit examples on PDF mailto documents
Hi all,
we are looking for examples of the PDFs being sent out, snort signatures, the IP addresses sending them out, the IP addresses they download malware from, and examples of the malware.
Please upload here: http://isc.sans.org/contact.html
Cheers,
Adrien de Beaupré
Bell Canada
UPDATE: Thanks all for the examples for the pdf's. Please be sure and submit some IP addresses for the controllers, if you have anymore. I've been told that Snort rules have been created by Sourcefire's VRT team. They are subscription only.
Joel Esler
URL Update to Internet Explorer URL Handling Vulnerability
Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
Thanks to Chris and Gilbert to alert us of the update! Let us know if you see an exploit in the wild, or if you encounter any 3rd party applications which are not protecting Internet Explorer.
Update: unlike noted earlier, Microsoft is working on a patch for this problem. (thanks Nate for pointing this out)
Links:
www.microsoft.com/technet/security/advisory/943521.mspx
Comments