The new campaign was discovered by App River. Potentially 23 million of emails were sent with subjects such as ‘please print’, ‘documents’ and ‘scans’ in an effort to spread Locky ransomware.
As with all Phishing campaigns end user education is your best defense. With this number o emails, even if it is overestimated by 90% there will be significant numbers of users caught but it and they potentially will send more mail messages.
The past two mornings have had businesses in the Albany area who use Microsoft’s Office 365 receive a Phishing email claiming that users passwords have had a password change request and please follow the link included in order to cancel the request.
The sender will be listed as “Office” or “Office 365” and the Subject line will read “Password Reset Alert”
This email should be deleted immediately.
Mozilla has revealed that 64-bit Firefox will soon become the default build for 64-bit Windows versions. In the near future, users whose PCs fit the hardware requirement will be migrated to Firefox 64-bit automatically with Firefox 56 scheduled to be released on September 26th. The default the Windows installer will default to
64-bit Firefox beginning on August 8th.
Microsoft has released an out of out of band security update for Windows Defender found on Windows 7, 10 and Server 2008. If you are running a third Party Anti Virus solution your version of Windows Defender will be disabled. If not you should run Windows Update to ensure you apply the update ASAP.
Previously limited almost exclusively to machines running Windows two new Ransomware variants have been detected that target Apple Mac users.
The first encrypts data and demands payment before files are released. This is similar to standard, the second is spyware that captures screenshots and keystrokes.
Both attacks are relatively new, and details on their origins are still sparse. Users are advised to keep regular backups of their data in case their devices are compromised and files are made inaccessible.
Both programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor network.
Today security experts are warning of the continued spread of WCry and of numerous variants being released over the weekend.
Typical of Any Ransomware users should be vigilant with any emails that could be carrying a payload or be links to a payload. At this point Microsoft has not ruled out any attack vectors:
We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios we believe are highly possible for this ransomware family:
- Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
- Infection through SMB exploit when an unpatched computer can be addressed in other infected machines
Microsoft has released a patch for Operating systems going as far back as XP:
Windows update MS17-010
Microsoft has released an update to the Microsoft Malware Protection Engine addressing a security vulnerability. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Users should run their Microsoft updates ASAP and apply the patch if using one of the Microsoft Provided Malware products such as the Windows Defender line.