Ha Ha Tonka Castle

MOREnet Security News Review -- January 20 - 24, 2014

Friday, January 24, 2014

CURRENT THREAT ACTIVITY REPORT

Over the last few weeks MOREnet Security has received numerous complaints for IP Addresses of devices on the MOREnet Network that are Open Recursive DNS Resolvers and are being used in Denial of Service attacks. Open Recursive DNS Resolvers provide recursive name resolution for clients outside of their organizations’ administrative domain. This provides attackers an easily exploitable attack vector to launch DoS or Amplification attacks against intended targets. One of the advantages of this type of attack is that it’s extremely hard to identify the source of the attack. As a best practice, MOREnet Security recommends that if you are running a DNS Server, review the configuration and determine if Open Recursion is necessary or if it can be disabled. NOTE: It would also be a good time to review all of the enabled services on the server. Other protocols can be exploited in similar manners. There are current news articles about recent attacks using Network Time Protocol (NTP). The following links provide additional information about the risks associated with Open Recursive DNS Resolvers and NTP and ways you can make them more secure. Don’t hesitate to contact us if you have questions or would like assistance verifying your configuration.
 
US-CERT Alert (TA13-088A) DNS Amplification Attacks
Open DNS Recursive Resolvers, DNS Amplification Attacks, and BCP38: What Are They, and Why Should You Care?
Anatomy of a DNS DDoS Amplification Attack
Using RRL to Prevent DNS Amplification Attacks
DNS Amplification Attacks on the Rise
Disable Recursion on Windows DNS Server
No Easy Solution to Stop Amplification Attacks
Don’t be a DDoS dummy: Patch your NTP servers, plead infosec bods
US-CERT Alert (TA14-013A) NTP Amplification Attacks Using CVE-2013-5211
 

WEEKLY THREAT RESOURCE SITES

Open Resolver Project
Open NTP Project
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Watering Hole Attacks – A Watering Hole Attack is used to target specific users or organizations by compromising a carefully selected legitimate website. The attackers insert a drive-by exploit on the website which will in turn compromise the intended target. Check out the following links for additional information.
 
Watering Hole 101
Cyber Security Term: “Watering Hole Attack”
Microsoft Addresses New Watering Hole Attack in the November, 2013 Security Bulletin Release
Espionage Hackers Target ‘Watering Hole’ Sites
Watering hole attacks are becoming increasingly popular, says study
Watering Hole Attacks an Attractive Alternative to Spear Phishing
 

TOP HEADLINES THIS WEEK  

WhatsApp for Windows? Naaa.. Hackers are spamming Malware as WhatsApp Software
As Target breach unfolds, information vanishes from Web
How to Disappear Online
17-year-old teenage is the author of BlackPOS/Kaptoxa malware
Security Considerations for Retail Networks
Why aren’t we learning long-term lessons from security disasters?
Security suites jockey for position on Windows 8.1
China Blames Massive Internet Blackout On Hackers
Consumer Watchdog files Google+ complaint with FTC
New Android Malware Intercepts Calls and Texts
Startup Tackles Security Through Microsoft Active Directory
 

VULNERABILITIES AND PATCHES

US-CERT Vulnerability Summary for the Week of January 13, 2014
Details on Patched Microsoft Office 365 XSS Vulnerability Disclosed
Chrome Eavesdropping Exploit Published
XSS Filter Bypass Bug Found in Chrome and Safari
Starbucks Patches Vulnerable iOS App
 

SECURITY TOOLBOX

DNSCrypt
Adblock Plus add-on now available for every major browser
10 Free or Low-Cost Network Discovery and Mapping Tools
NYC Department of Education Student Social Media Guidelines
Spotting the Adversary with Windows Event Log Monitoring
 

 FEATURED SERVICE

Google Apps for Missouri  – MOREnet has entered into an agreement with Google to provide training and support to K-12 schools, that are MOREnet members, in the use of Google Apps for Education. Google Apps Education Edition allows schools to give Google's communication and collaboration applications to their entire organization. All services are hosted by Google and are available to users via any Internet-connected computer and many mobile devices. Check out the following link for more information on features, technical requirements, and support. http://www.more.net/services/google-apps-missouri
 

UPCOMING TRAINING AND EVENTS 

  1.  Introduction to Windows 2008 Server Administration – Tuesday, February 4, – February 5, 2014 – MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned. Click here to register for this event
  2. Social Media Series Part 1, Risks of Social Media – Wednesday, February 5, 2014 – Online Webinar – Does your staff or students understand the risks they take when posting comments or pictures to social media sites?  Join us for a discussion of the unseen risks to innocent posts. Click here to register for this event.
  3.  Introduction to Windows 2008 DNS, DHCP and CSVde – Thursday, February 6, 2014 – MOREnet, Columbia, MO -- This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend. Click here to register for this event
  4.  Windows 2008 Group Policy – Friday February 7, 2014 – MOREnet, Columbia, MO -- This class is designed to allow students to centrally manage workstations and servers with Group Policy Objects (GPOs) within a Windows Active Directory domain. In class we will start at the beginning with defining what Group Policy is and what can be accomplished by using Group Policies within your organization. We will create simple group policies and test their effectiveness on a windows 7machine. We will explore some advanced Group Policy subjects such as redirecting user data and folders, deploying software and finish with using Group Policy Preferences to Map Drives and clean out folders. Click here to register for this event
  5. Social Media Series Part 2, Understanding the Privacy Settings of Popular Social Media Sites– Wednesday February 19, 2014 – Online Webinar.  Even if you understand the risks associated with social media, which settings are best and how do you find them on each site?  This webinar will focus primarily on Facebook privacy settings, but will include references to many other social media sites. Click here to register for this event..
  6. SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education – Tuesday, February 25 – Wednesday, February 26, 2014, MOREnet, Columbia, MO -- This educational program gives IT admins the tools and techniques to illuminate evidence of potentially malicious activity on their systems and to look deeper to determine whether the problems they see are real. It allows them to become the hacker guards for malicious activity in their organization. It uses hands-on exercises to ensure they are comfortable using the tools. MOREnet members are eligible for a price of $1200Last day to register is Friday, 2/14/2014. Click here for registration information
  7. Social Media Series Part 3, Understanding the Privacy Settings of Popular Devices Media – Wednesday March 5, 2014 – Online Webinar – So your social media websites are locked down, but are all settings enforced the same if the device isn’t secured?  Join us for a discussion of device settings to review to protect yourself from social media and other apps.  Click here to register for this event.

 Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter! 
 

SECURITY AWARENESS TIP OF THE WEEK

Did you know that last year (2013) “password” was finally dethroned as the most-used unsecure password? Check out the following links to find out what the 25 Worst Passwords were and ways you can ensure that your passwords are secure.
 
No sixth sense: ‘123456’ is worst password of 2013
“Password” unseated by “123456” on SplashData’s annual “Worst passwords” list
Emsisoft Explores the Worst Passwords of the Year 2013
The Evolution of the Password – And Why It’s Still Far From Safe
5 Password Generators for Maximum Online Security
5 Tools for Keeping Track of Your Passwords