Security Bulletin 10/07/19


Hard To Block Spam

There has been a lot of Email recently that is not, in itself, malicious and is very hard to block. The Emails are are designed to get the reader to reply out of curiosity. The goal is to target “low hanging fruit.” The spammers gain two things if a response is made to one of these Emails: 1) The person replying is considered “low hanging fruit”. If they will reply to a marginal Email, then it is likely that they will reply to a targeted Email which improves the odds for the hacker. 2) Replying will confirm that there is someone at the Email address. In most instances, the spammer/hacker already has “some” information about the individual as they will reference something or someone that the receiver knows. The second Email from the hacker will then be a targeted attack that will be hard to spot. Please use caution responding to any Email and remember that these Emails could appear to come from someone you know. If there is anything that sends up a red flag, check with IT before responding. Following are just two examples of Emails received last week that fall into the above category.

Mike, hello!
Are you near Camphill?

===============================================================================

Hello,

Wellcome to Adventure Park

Description
Adventure Park USA is a small theme park in Monrovia, Maryland, east of
Frederick, Maryland, which opened in 2005.

The “Wild Cat” roller coaster came from Williams Grove Amusement Park
in Pennsylvania

===============================================================================

Potential Help for Government Agencies
The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks.

New Ransomware Attack
A new set of ransomware attacks is originating from websites. Basically, you visit a page that has been hacked in some way and you are redirected to a page or a popup that reads something like this:

Any popups or pages that “originate” from a website, are probably not legitimate and should be suspect. Pop ups that occur from your system tray in Windows are fine, however, if you have any doubt, please check with IT before clicking or responding. Again, these fake messages are generated from a web page. So, if you visit a page, you will be redirected to another website, page or popup and those, most likely, will contain malware if you click or respond in any way.

PDF Encryption Broken
Hackers have now broken PDF encryption. This means that a document that is encrypted with Adobe’s encryption from within acrobat is no longer secure. Also, someone could send you a secure document that has been intercepted by a third party and tampered with. The bottom line is that PDF encryption, at least for now, is no longer valid and should be considered suspect. If you have any questions, please open a ticket for IT.

New Trend for Cookies
This does not affect the U.S. yet, however, it is expected to impact the U.S. in the near future. A European court has ruled that it is not legal to pre-fill cookie acceptance. We have all gone to websites where there is a cookie policy that pops up. Normally, the policy asks the user to accept the statement and the “I accept” box it pre-filled. Under GDPR, that is no longer legal. The user must actually agree to the terms. We are sure that several states in the U.S., at a minimum, will be adopting this policy, so it is something that needs to be on our radar.

Ready to get started?



"Your passport to all things web."

CourseVector
1 Abbey Lane
Camp Hill, PA 17011
Phone: (717) 516-6955

CourseVector Terms & Conditions
Design and hosting by CourseVector. All rights reserved. Copyright 2019.
Sitemap

To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.