Archive | December 2015

OneDrive: Maintain your 15GB of storage

Earlier this morning Microsoft adjusted the default space for OneDrive from 15Gbt o 5GB. This was to be for both new accounts and existing accounts. After some push back from customers they have relented somewhat… users who have the 15G can keep that amount provided they opt in. You can opt in with the link below:

Keep your 15GB of space

Abobe final patch release for 2015: 78 Updates

Adobe has released their latest (and last) security update includeding 78 security vulnerabilities including five Priority 1 updates and five Priority 3 updates.

The patches affected all platforms, 56 of which addressed use-after-free vulnerabilities, 12 of which resolved memory corruption vulnerabilities and five fixed various types of overflow vulnerabilities, all of which could lead to code execution


Source: Adobe

Security: CryptoWall 4.0

Cryptolocker began circulating in 2013, with variants coming soon after. Designed to infect, encrypt and then ransom it has been shockingly effective. The typical infection vector of attack is phishing because the average user has proven to be susceptible to this type of attack.

These attacks begin with a zip file email attachment. Inside the zip is what appears to the user as a PDF/doc/text attachment, but this is actually the initial dropper. Once launched, this will silently drop an executable in a random temp or appdata. This will be what communicates to the command and control sever – which will then take information about your PC that’s already been gathered and then based on that info, drop the appropriate ransomware, pre-built for your PC environment.

The most significant change in CryptoWall 4.0 is that it now also encrypts the filenames of the encrypted files.  Each file will have its name changed to a unique encrypted. The filenames are  encrypted to make it more difficult to know what files need to be recovered.

We cannot stress enough how important managing email attachments is. At this point in time we recommend all clients regardless of size ensure there is more than a simple email policy in-place, that they have an active software based solution scanning their messages and limiting the exposure to mail based attacks.