Great Lakes IT Services

For all you Edge Haters. (Full disclosure: I was just getting used to it!) https://www.laptopmag.com//windows-10-update-will-finally-

A new SATNews story has been added to the feed. FBI warns of Vishing Attacks targeting corporate credentials *** Executive Summary ***... The Federal Bureau of Investigation issued a warning regarding vishing attacks that are targeting U.S. and international-based employees in an attempt to harvest corporate account credentials for network access and privilege escalation. Attackers are leading the employees to phishing pages to have them "log in" allowing the attackers to harvest the credentials acting as a trusted entity. This is the second warning issued by the FBI regarding vishing attacks within the past year. The attackers motives appear to be financial and they have been witnessed crafting websites themed after the targeted organization's VPN login pages. *** Recommendations *** - Ensure MFA (Multi-Factor Authentication) is configured for accessing employee accounts. - Actively Audit account logs for suspicious activity or unauthorized access. - Verify account permissions and permit only the lowest level of privilege needed to accomplish one's duties. - Issue Administrators two accounts. One for administrative changes and one with lower privileges for e-mail, generating reports, and standard business. - Utilize user awareness training on phishing/vishing techniques and establish reporting procedures for suspicious activity.

Dridex Malware uses Amazon Gift Card Phishing Lures in new malspam campaign *** Executive Summary *** A new spam campaign from the Dridex Malware gang has been witnessed using Amazon Gift Cards as phishing lures using holiday theming. Dridex is a banking trojan that can steal login information, perform keylogging, take screenshots of the victim machine, and download additional payloads such as ransomware. Dridex has in the past been utilized to specifically provide access to ...DoppelPaymer and BitPaymer ransomware. Phishing e-mails in this campaign use the holiday season to lure victims into interacting with their malicious payloads by stating the victim received a $100 Amazon Gift Card and to "click here" to download the card. Once clicked, a malicious macro-embedded Word document is downloaded with a name similar to "Amazon_Gift_Card", "Order_Gift_Card", and "Amazon_eGift-Card." Once the Word document is opened, it has a picture stating the document was created in an online version of Microsoft Office and to view the document you must enable content. If the victim enables content, malicious macros are executed that download the Dridex Payload and infect the victim's machine. *** Recommendations *** Organizations should provide their end-users phishing awareness training on a regular basis and ensure they have procedures in place for reporting suspected phishing in their environment. Remind end-users that malicious actors often theme phishing e-mails around current media events and holidays, often utilizing something with a sense of urgency attached to it. Users should also understand the dangers of macro-embedded office files and to be extremely cautious around them. Additionally, if you receive an unexpected digital gift card, contact the original sender to verify the legitimacy of the card (not by replying to the received gift card e-mail, but another channel) before interacting with it.

Chrome Users - FYI https://www.techradar.com//google-is-finally-fixing-one-of

A new SATNews story has been added to the feed. CISA releases emergency directive regarding active exploitation of SolarWinds Software *** Executive Summary ***... The Cybersecurity and Infrastructure Agency (CISA) has released an emergency directive regarding the active exploitation of the SolarWinds Orion Platform, versions 2019.4 through 2020.2.1, released between March 2020 and June 2020. SolarWinds has released a security advisory here: https://www.solarwinds.com/securityadvisory This exploitation has been attributed to a highly sophisticated, manual supply chain attack by an assumed Nation-state actor. Users of SolarWinds Orion should immediately upgrade their platform to Orion Platform version 2020.2.1 HF 1. If you are unable to upgrade immediately, SolarWinds has provided mitigation recommendations by installing Orion behind your firewall, disabling internet access to the platform, and limiting ports and connections to only what is necessary. In this situation, organizations should make updating the platform a top priority. Organizations utilizing Orion should also be on the lookout for an additional patch, 2020.2.1 HF2 anticipated to be released tomorrow December 15th, 2020. This release replaces the compromised component and provides several additional security enhancements. Originally brought to the attention of SolarWinds by FireEye, FireEye has released intelligence regarding this attack and attributing the activity to the threat actors of UNC2452. The attack utilizes a trojanized version of SolarWinds.Orion.Core.BusinessLayer.dll dubbed SUNBURST that contains a backdoor to connect to threat actors’ servers. FireEye’s blog post on SUNBURST and the SolarWinds attack can be found here: https://www.fireeye.com//evasive-attacker-leverages-solarw Additionally, they have released signatures to detect this threat actor on their GitHub page found here: https://www.fireeye.com//evasive-attacker-leverages-solarw *** Recommendations *** Organizations utilizing SolarWinds Orion should immediately update to 2020.2.1 HF1 and anticipate updating to 2020.2.1 HF 2 tomorrow: https://www.solarwinds.com/securityadvisory Utilize FireEye signatures to threat hunt in your environment found here: https://www.fireeye.com//evasive-attacker-leverages-solarw