Computer Threats & Vulnerabilities

logo (1)

—————————————————————–

National Cyber Awareness System:
OPM Identity-Protection Phishing Campaigns
06/30/2015 05:50 PM EDT

Original release date: June 30, 2015
US-CERT is aware of phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID. For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com.
US-CERT recommends that users visit the OPM website for more information. Users are also encouraged to report suspicious email to US-CERT.

—————————————————————–

National Cyber Awareness System:
Nepal Earthquake Disaster Email Scams
04/30/2015 09:01 AM EDT

Original release date: April 30, 2015
US-CERT would like to warn users of potential email scams regarding the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.
US-CERT encourages users to take the following measures to protect themselves:
• Do not follow unsolicited web links or attachments in email messages.
• Maintain up-to-date antivirus software.
• Review the Federal Trade Commission’s Charity Checklist.
• Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
• Refer to the Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

—————————————————————–

National Cyber Awareness System:
IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials
04/21/2015 09:33 PM EDT

Original release date: April 21, 2015
The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking collectives may exploit publicly available information identifying officers or officials, their employers, and their families. These target groups should protect their online presence and exposure.
Users are encouraged to review the IC3 Alert for details and refer to US-CERT Tip ST06-003 for information on staying safe on social network sites

—————————————————————–

National Cyber Awareness System:
TA15-098A: AAEH
04/09/2015 12:00 AM EDT

Original release date: April 09, 2015
Systems Affected
• Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
• Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview
AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other malware, including password stealers, rootkits, fake antivirus, and ransomware.
The United States Department of Homeland Security (DHS), in collaboration with Europol, the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), released this Technical Alert to provide further information about the AAEH botnet, along with prevention and mitigation recommendations.

—————————————————————–

National Cyber Awareness System:
Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV
04/08/2015 05:52 PM EDT

Original release date: April 08, 2015
Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.
Available updates include:
• OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.2
• iOS 8.3 for iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later
• Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
• Apple TV 7.2 for Apple TV 3rd generation and later
US-CERT encourages users and administrators to review Apple security updates HT204659, HT204661, HT204658, and HT204662, and apply the necessary updates.

—————————————————————–

National Cyber Awareness System:
IC3 Issues Alert for Fake Government Websites
04/07/2015 11:21 PM EDT

Original release date: April 07, 2015
The Internet Crime Complaint Center (IC3) has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones. Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information (PII) and collect fees for services that are never delivered.
US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

—————————————————————–

National Cyber Awareness System:
IC3 Releases Alert on Web Site Defacements
04/07/2015 11:18 PM EDT

Original release date: April 07, 2015
The Internet Crime Complaint Center (IC3) has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). However, FBI assesses that the perpetrators are not actually associated with this group. The perpetrators exploit WordPress content management system (CMS) vulnerabilities, leading to disruptive and costly effects.
Users and administrators are encouraged to review the IC3 Alert for details and refer to the US-CERT Alert TA13-024A for information on CMS security.

—————————————————————–

National Cyber Awareness System:
Installer Hijacking Vulnerability in Android Devices
03/24/2015 01:08 PM EDT

Original release date: March 24, 2015
A vulnerability in Google’s Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.
US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores.

—————————————————————–