US-CERT Current Activity

U.S. Tax Season Phishing Scams and Malware Campaigns

2012-02-08T11:10:01-05:00

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:

information that refers to a tax refund,
warnings about unreported or under-reported income,
offers to assist in filing for a refund, and
details about fake e-file websites.

These messages, which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:

Do not follow unsolicited web links in email messages.
Maintain up-to-date antivirus software.
Refer to the IRS website related to phishing, email, and bogus website scams for scam samples and reporting information.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Forward suspected phishing emails to phishing@irs.gov.

Microsoft Releases Advance Notification for February Security Bulletin

2012-02-09T16:06:17-05:00

Microsoft has issued a Security Bulletin Advance Notification indicating that its February releases will contain nine bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, Microsoft Silverlight, Microsoft Server Software, Microsoft Office, and Microsoft .NET Framework. These bulletins are scheduled to be released on Tuesday, February 14, 2012.

US-CERT will provide additional information as it becomes available.

Google Releases Chrome 17.0.963.46

2012-02-08T15:16:54-05:00

Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 17.0.963.46.

Apple Releases Multiple Security Updates

2012-02-02T12:15:36-05:00

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review Apple Support Article HT5130 and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2011-3449 can be found in US-CERT Vulnerability Note VU#410281.

Additional information regarding CVE-2011-3446 can be found in US-CERT Vulnerability Note VU#403593.

Mozilla Releases Firefox 10 and 3.6.26

2012-02-01T09:50:28-05:00

The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisories for Firefox 10 and Firefox 3.6.26 and apply any necessary updates to help mitigate the risk.

Denial-of-Service Malware Campaign

2012-01-24T17:35:42-05:00

US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous.

US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:

Do not open attachments in email messages from unknown sources.
Install anti-virus software and keep virus signatures files up to date.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
Refer to the Recovering from Viruses, Worms, and Trojan Horses document for additional information on how to recover from malware.
Refer to the Continuing Denial of Service Threats Posed by DNS recursion (v2.0) (pdf) document and Understanding Denial-of-Service Attacks document for additional information on denial-of-service attacks.

US-CERT will provide additional information as it becomes available.

Google Releases Chrome 16.0.912.77

2012-01-24T13:03:34-05:00

Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 16.0.912.77

Symantec pcAnywhere Hotfix

2012-01-24T11:30:37-05:00

Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows:

pcAnywhere 12.5 SP3
pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and apply any necessary updates to help mitigate the risk.

US-CERT will provide additional information as it becomes available.

Best Practices for Recovery from the Malicious Erasure of Files

2012-01-19T16:12:18-05:00

There are many ways in which cyber criminals can damage computer systems and data, including changing or deleting files, wiping hard drives, and erasing backups to hide their malicious activity.

Hard drives are wiped, or "zeroed out," when the original data is overwritten with zeros or different characters. This allows malicious actors to alter or even erase existing data. In addition to impeding the restoration of the original data, this type of criminal activity makes it difficult to determine whether criminals merely accessed the network, stole information, or altered network access and configuration files. Restoring networks and assessing the damage to a business can be hindered when the full extent of malicious activity is unclear.

DHS and the FBI encourage businesses and individuals to employ mitigation strategies and best practices to effectively recover maliciously erased files, such as:

Implementing a data backup and recovery plan. A copy of the sensitive data should be kept in a separate and secure location. Make sure this backup copy is not readily accessible from local networks.
Regularly mirroring and maintaining an image of critical system files.
Encrypting and securing sensitive information.
Using strong passwords, implementing a frequent schedule for changing passwords, and making sure passwords are not reused for multiple accounts.
Enabling network monitoring and logging (when feasible).
Being on guard against social engineering tactics aimed at obtaining sensitive information, such as phishing.
Ensuring that sensitive files are securely eliminated from hard drives when no longer needed or required.

There are many resources available on the US-CERT website to protect users from this type of malicious activity, including these suggested readings from the National Cyber Alert System:

Cyber Security Tip ST04-002: Choosing and protecting Passwords
Cyber Security Tip ST04-014: Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip ST05-011: Effectively Erasing Files

Oracle Releases Critical Patch Update for January 2012

2012-01-18T10:58:17-05:00

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes:

2 for Oracle Database Server
1 for Oracle Fusion Middleware
3 for Oracle E-Business Suite
1 for Oracle Supply Chain Products Suite
6 for Oracle PeopleSoft Products
8 for Oracle JD Edwards Products
17 for Oracle Sun Products Suite
3 for Oracle Virtualization
27 for Oracle MySQL

US-CERT encourages users and administrators to review the January 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2012-0110 can be found in US-CERT Vulnerability Note VU#738961.