Archive for April, 2011

US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service.  In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE.  Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.

Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.

US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://support.xbox.com/en-us/Pages/xbox-live/xbox-live-status.aspx>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

USB drives are popular for storing and transporting data, but some of the
characteristics that make them convenient also introduce security risks.

What security risks are associated with USB drives?

Because USB drives, sometimes known as thumb drives, are small, readily
available, inexpensive, and extremely portable, they are popular for storing
and transporting files from one computer to another. However, these same
characteristics make them appealing to attackers.

One option is for attackers to use your USB drive to infect other computers.
An attacker might infect a computer with malicious code, or malware, that
can detect when a USB drive is plugged into a computer. The malware then
downloads malicious code onto the drive. When the USB drive is plugged into
another computer, the malware infects that computer.

Some attackers have also targeted electronic devices directly, infecting
items such as electronic picture frames and USB drives during production.
When users buy the infected products and plug them into their computers,
malware is installed on their computers.

Attackers may also use their USB drives to steal information directly from a
computer. If an attacker can physically access a computer, he or she can
download sensitive information directly onto a USB drive. Even computers
that have been turned off may be vulnerable, because a computer’s memory is
still active for several minutes without power. If an attacker can plug a
USB drive into the computer during that time, he or she can quickly reboot
the system from the USB drive and copy the computer’s memory, including
passwords,  encryption keys, and other sensitive data, onto the drive.
Victims may not even realize that their computers were attacked.

The most obvious security risk for USB drives, though, is that they are
easily lost or stolen (see Protecting Portable Devices: Physical Security
for more information). If the data was not backed up, the loss of a USB
drive can mean hours of lost work and the potential that the information
cannot be replicated. And if the information on the drive is not encrypted,
anyone who has the USB drive can access all of the data on it.

How can you protect your data?

There are steps you can take to protect the data on your USB drive and on
any computer that you might plug the drive into:
* Take advantage of security features – Use passwords and encryption on
your USB drive to protect your data, and make sure that you have the
information  backed  up in case your drive is lost (see Protecting
Portable Devices: Data Security for more information).
* Keep personal and business USB drives separate – Do not use personal USB
drives on computers owned by your organization, and do not plug USB
drives containing corporate information into your personal computer.
* Use and maintain security software, and keep all software up to date -
Use a firewall, anti-virus software, and anti-spyware software to make
your computer less vulnerable to attacks, and make sure to keep the
virus definitions current (see Understanding Firewalls, Understanding
Anti-Virus Software, and Recognizing and Avoiding Spyware for more
information). Also, keep the software on your computer up to date by
applying any necessary patches (see Understanding Patches for more
information).
* Do not plug an unknown USB drive into your computer – If you find a USB
drive, give it to the appropriate authorities (a location’s security
personnel, your organization’s IT department, etc.). Do not plug it into
your computer to view the contents or to try to identify the owner.
* Disable Autorun – The Autorun feature causes removable media such as
CDs, DVDs, and USB drives to open automatically when they are inserted
into a drive. By disabling Autorun, you can prevent malicious code on an
infected USB drive from opening automatically. In How to disable the
Autorun functionality in Windows, Microsoft has provided a wizard to
disable  Autorun.  In the “More Information” section, look for the
Microsoft Fix it icon under the heading “How to disable or enable all
Autorun features in Windows 7 and other operating systems.”
_________________________________________________________________

Author: Mindi McDowell

Microsoft Updates for Multiple Vulnerabilities

Original release date: April 12, 2011
Last revised: –
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
* Microsoft Visual Studio

Overview

There are multiple vulnerabilities in Microsoft Windows, Office,
Internet Explorer, and Visual Studio. Microsoft has released
updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for April 2011 describes
multiple vulnerabilities in Microsoft Windows, Office, Internet
Explorer, and Visual Studio. Microsoft has released updates to
address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for April 2011. That bulletin
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for April 2011 -
<http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

Online trading can be an easy, cost-effective way to manage investments.
However, online investors are often targets of scams, so take precautions to
ensure that you do not become a victim.

What is online trading?

Online  trading allows you to conduct investment transactions over the
internet. The accessibility of the internet makes it possible for you to
research and invest in opportunities from any location at any time. It also
reduces the amount of resources (time, effort, and money) you have to devote
to managing these accounts and transactions.

What are the risks?

Recognizing the importance of safeguarding your money, legitimate brokerages
take steps to ensure that their transactions are secure. However, online
brokerages  and  the  investors who use them are appealing targets for
attackers. The amount of financial information in a brokerage’s database
makes it valuable; this information can be traded or sold for personal
profit. Also, because money is regularly transferred through these accounts,
malicious activity may not be noticed immediately. To gain access to these
databases, attackers may use Trojan horses or other types of malicious code
(see Why is Cyber Security a Problem? for more information).

Attackers may also attempt to collect financial information by targeting the
current or potential investors directly. These attempts may take the form of
social engineering or phishing attacks (see Avoiding Social Engineering and
Phishing Attacks for more information). With methods that include setting up
fraudulent investment opportunities or redirecting users to malicious sites
that appear to be legitimate, attackers try to convince you to provide them
with financial information that they can then use or sell. If you have been
victimized, both your money and your identity may be at risk (see Preventing
and Responding to Identity Theft for more information).

How can you protect yourself?

* Research your investment opportunities – Take advantage of resources
such as the U.S. Securities and Exchange Commission’s EDGAR database and
your state’s securities commission (found through the North American
Securities Administrators Association) to investigate companies.
* Be wary of online information – Anyone can publish information on the
internet, so try to verify any online research through other methods
before  investing  any money. Also be cautious of “hot” investment
opportunities advertised online or in email.
* Check  privacy  policies  – Before providing personal or financial
information,  check  the  website’s  privacy policy. Make sure you
understand how your information will be stored and used (see Protecting
Your Privacy for more information).
* Conduct  transactions  on  devices  you control – Avoid conducting
transactions on public resources such as internet kiosks, computers in
places like libraries, and other shared computers and devices. Other
users may introduce security risks.
* Make sure that your transactions are encrypted – When information is
sent  over  the  internet,  attackers may be able to intercept it.
Encryption  prevents  the  attackers  from  being able to view the
information.
* Verify that the website is legitimate – Attackers may redirect you to a
malicious website that looks identical to a legitimate one. They then
convince you to submit your personal and financial information, which
they use for their own gain. Check the website’s certificate to make
sure it is legitimate (see Understanding Web Site Certificates for more
information).
* Monitor your investments – Regularly check your accounts for any unusual
activity. Report unauthorized transactions immediately.
* Use  strong passwords – Protect your computer, mobile devices, and
accounts with passwords that cannot easily be guessed (see Choosing and
Protecting Passwords for more information). Use different passwords for
each account.
* Use and maintain anti-virus software – Anti-virus software recognizes
and protects your computer against most known viruses. However, because
attackers are continually writing new viruses, it is important to keep
your virus definitions current (see Understanding Anti-Virus Software
for more information).
* Use anti-spyware tools – Spyware is a common source of viruses, and
attackers may use it to access information on your computer. You can
minimize the number of infections by using a legitimate program that
identifies and removes spyware (see Recognizing and Avoiding Spyware for
more information).
* Keep software up to date – Install software updates so that attackers
can’t  take  advantage  of  known problems or vulnerabilities (see
Understanding Patches for more information). Enable automatic updates if
the option is available.
* Evaluate your security settings – By adjusting the security settings in
your browser, you may limit your risk of certain attacks (see Evaluating
Your Web Browser’s Security Settings for more information).

The following sites offer additional information and guidance:
* U.S.      Securities      and      Exchange      Commission      -

http://www.sec.gov/investor/pubs/cyberfraud.htm

* National Consumers League -

http://www.fraud.org/tips/internet/investment.htm

_________________________________________________________________

Author: Mindi McDowell