Duke ITSO Alerts
Microsoft has released 6 updates addressing 29 vulnerabilities (25 for Internet Explorer). Two of these updates are rated Critical by Microsoft due to the potential for remote code execution:
Cumulative Security Update for Internet Explorer (MS14-037)
Vulnerability in Windows Journal Could Allow Remote Code Execution (MS14-038)
The updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
Microsoft Security Bulletin Summary: https://technet.microsoft.com/library/security/ms14-jul
Wordpress 3.8.2 has been released, addressing 5 security issues and 9 bugs. Wordpress is advising to update sites immediately. From the release:
This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.
It also contains a fix to prevent a user with the Contributor role from improperly publishing posts. Reported by edik.
This release also fixes nine bugs and contains three other security hardening changes:
Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.
Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw.
Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki.
A new phishing attack has been reported this afternoon:
The "click here" link takes the recipient to a Yolasite hosted form:
Please be advised, this is a phishing attack. This is not a legitimate communication from Duke. The purported virus alert if false. Anyone who has received the message, clicked the link, and provided information should contact the OIT Service Desk at 919.684.2200 immediately.
We've recieved reports of another phishing attack taking place. The email users recieve looks like:
Your school has successfully posted an article which has been saved in the School Library.
Click here to review the article now<hxxp://acc.msu.ac.th/eng/home/media/school-library.edu.htm>
Note: Your information has been mentioned in the article, comments and notifications will be sent directly to you.
Which leads to a login page that looks like:
If you know of anyone who followed the link and may have submitted their credentials to the form, please advise them to contact the service desk to change their password as soon as possible.
A new report of a phishing attack this afternoon:
The attachment in this message pulls up the following form:
Please be advised, submitting the information does not go to a Bank of America owned site.
The following phishing attack from earlier this week, purportedly related to a secure web upgrade, was reported to the ITSO:
The "CLICK HERE" link in the above message redirects the user to a wix.com hosted form:
We ask that anyone who received the message, clicked the link, and supplied Duke credentials to the form seen above to please notify the OIT Service Desk immediately at 919.684.2200
A new report of a phishing attack this morning, while not specifically targetting Duke credentials the hosted form attempts to fool the recipient into supplying banking and other sensitive info including DoB and SSN.
The original email message:
The phishing form (not an Amazon hosted page):
Adobe has released an update addressing vulnerabilities in Adobe Flash:
The ITSO advises users and administrators to udpate these applications quickly. The vulnerabilities in Flash allow for remote code execution.
Microsoft has released 7 updates addressing a whopping 66 vulnerabilities (59 for Internet Explorer). Two of these updates are rated Critical by Microsoft due to the potential for remote code execution, one of which involves Internet Explorer (MS14-035), fixing a vulnerability that attackers are actively exploiting:
Cumulative Security Update for Internet Explorer (MS14-035)
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (MS14-036)
SANS has released their analysis of the patches, and of course the updates are now available via Microsoft and Windows Update. We recommend that these patches be deployed as soon as possible.
SANS ISC Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+June+2014/18233
Microsoft Security Bulletin Summary: https://technet.microsoft.com/library/security/ms14-jun
A report of the following phishing attack was sent to the ITSO in the past few minutes.
Clicking the URL (as shown in the above screenshot) redirects to a compromised site that is hosting a falsified scraping of a Goggle Docs sign on screen (see below):
Please consider the account compromised if you've received this message and clicked the link and supplied any of the potential accounts (Yahoo!, Google, Microsoft, AOL, etc.) and promptly work to change those credentials immediately. Anyone supplying Duke credentials should contact the OIT Service Desk at 919.684.2200 immediately.