Federal Friday - 11.8.13 - Zero Day, Phishing and Mobile

Last updated at Mon, 24 Jul 2017 14:29:51 GMT

Happy Friday to my fed friends, especially with a long 3 day weekend ahead! (I still get to work on Monday so call me, maybe?) I'll keep this week's edition short and sweet so we can wrap up and get our weekends started.

Another week, another Zero-Day; this weeks present comes to us from Microsoft Office. The good news is there are workarounds described by Microsoft involve disabling the TIFF codec and using the Enhanced Mitigation Experience Toolkit (EMET) to block execution in the application. EMET can also be deployed through Group Policy, which is nice. Below is a list of the impacted products, if they are running in your environment currently I would begin remediation steps ASAP.

• Windows Vista x86, x64
• Windows Server 2008 x86, x64, Itanium, Server Core
• Microsoft Office 2003
• Microsoft Office 2007
• Microsoft Office 2010 x86, x64
• Microsoft Office Compatibility Pack
• Microsoft Lync 2010 x86, x64
• Microsoft Lync 2010 Attendee
• Microsoft Lync 2013 x86, x64
• Microsoft Lync Basic 2013 x86, x64

According to a GCN article this week, DHS and the FBI have begun to warn agencies about vulnerabilities that exist in out of date Android operating systems. They do specifically highlight the Gingerbread OS which had a number of know flaws associated with it. While the official advisory was released in July it has not become more widely distributed as there continues to be a large number of these devices still running versions 2.3.3. through 2.3.7. You can view the full report from July here.

There were also reports this week regarding some Phishing activity utilizing fake LinkedIn accounts. LinkedIn profiles can provide a lot of information for potential attackers out in the wild and by infiltrating trusted circles. By appearing to be trusted contacts and colleagues, users unknowingly welcome in the enemy. It's like inviting a vampire into your house; if you are vigilant against their charms they can't get in. Still, if they do manage to get in they can be very destructive. While this is hard to combat, it plays off of last week's blog regarding enabling your users. Remember almost 50% of attacks come from breaking the user, not the network.  You can go here to read more about this most recent campaign.