Security Bulletin #98
Brands increasingly targeted by false websites and phishing
DomainTools released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals creating look-alike domains for phishing. The research surfaced multiple malicious domains each day spoofing Amazon, Apple, Gap, Nike, and Walmart. Top brands such as Amazon and Apple are typically targeted because of the amount of traffic going to those sites. In addition, they are highly reputable companies, making it easier for consumers to fall victim. Using PhishEye, we are able to identify the look-alike domains that are spoofing these top brands on the day that they are created, said Kyle Wilhoit, senior security researcher at DomainTools. A brand with this information could block the spoofed domain and investigate the perpetrator behind it – potentially saving millions of dollars. The more we profile this malicious behavior, the better we can defend against it.
No more pointless password requirements
As of May 1, the new Digital Identity Guidelines drafted by NIST (the US National Institute for Standards and Technology) are closed for public comment and ready to be finalized. The guidelines will bring new and improved password requirements, changing most of what we’ve known as a “necessary evil” needed to secure our accounts. As many of the previously utilized rules have proven ineffective or even counterproductive, NIST now recommends administrators leave out any measures that put a burden on users but don’t significantly improve their security. Doing so is expected to lead to increasingly secure authentication, as users won’t be compelled to find easy (and insecure) ways around overly complicated requirements. The major changes are: No more enforced composition rules, No more periodic password expiration, No more hints and knowledge-based authentication, Blacklist of unacceptable passwords, Broader variety of characters, Minimum length of eight characters,
Don't click that Google Docs link!
If you get an email today sharing a Google Docs file with you, don't click it – you may accidentally hand over your Gmail inbox and your contacts to a mystery attacker. The malicious email contains what appears to be a link to a Google Doc file. This leads to a legit Google.com page asking you to authorize ``Google Docs`` to access to your Gmail account. Except it's not actually the official Google Docs requesting access: it's a rogue web app with the same name that, if given the green light by unsuspecting marks, then ransacks contact lists and sends out more spam. It also gains control over the webmail account, including the ability to read victims' messages and send new ones on their behalf. If the permissions are granted, the software will immediately spam out the same message to all the people on your contacts list, bypassing two-factor authentication if you have that set up on your account. The emails do have some distinguishing characteristics. They are all addressed to the same email@example.com address, with the victims BCC'd, and sent from the last person to accidentally authorize the malicious app.
CERTFR-2017-ALE-008 : Vulnérabilité dans RDP pour Microsoft Windows XP et Windows Server 2003 (14 avril 2017)
CERTFR-2017-ALE-006 : Multiples vulnérabilités dans Siemens RUGGEDCOM ROX I (29 mars 2017)
CERTFR-2017-ALE-005 : Vulnérabilité dans les commutateurs Cisco (20 mars 2017)
CERTFR-2017-AVI-138 : Multiples vulnérabilités dans Google Chrome (03 mai 2017)
CERTFR-2017-AVI-137 : Multiples vulnérabilités dans Citrix XenServer (03 mai 2017)
CERTFR-2017-AVI-136 : Vulnérabilité dans les micrologiciels Intel (02 mai 2017)
CERTFR-2017-AVI-135 : Multiples vulnérabilités dans Google Android (Nexus) (02 mai 2017)
CERTFR-2017-AVI-134 : Multiples vulnérabilités dans Mozilla Thunderbird (02 mai 2017)