Malware Distributed via .slk Files, (Tue, May 22nd)

Attackers are always trying to find new ways to infect computers by luring not only potential victims but also security controls like anti-virus products. Do you know what SYLK files are? SYmbolic LinK files (they use the .slk extension) are Microsoft files used to exchange data between applications, specifically spreadsheets[1]. In Windows environments, there are represented with an icon similar to Excel:

Here is a sample I found (SHA256: a08c4235b6d93a463df543bd915407b56f4efd00f30497723fca54dccac580ad) with a very low VT store (2/59)[2]. Being a simple text file, it does not look suspicious:

$ file Payment_Invoice#287718.slk Payment_Invoice#287718.slk: ASCII text, with very long lines, with CRLF line terminators, with escape sequences

22 essential security commands for Linux

There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.

sudo

Running privileged commands with sudo  – instead of switching user to root  – is one essential good practice as it helps to ensure that you only use root privilege when needed and limits the impact of mistakes. Your access to the sudo command depends on settings in the /etc/sudoers and /etc/group files.

CompTIA Cyber Roundtable, NYC

This past week Matthew Pascucci, Cybersecurity Practice Manager at CCSI participated in a Cyber Roundtable. Check out this article about the roundtable discussion by Teresa Varela-Lauper.

Will Two-Factor Authentication Ever Get Its Time in the Sun?

Decades into the campaign, the effort to wean users off simple password protection hasn’t gone very well. Fingerprints, iris scans, tokens… these methods have all been tried and met with only limited success. The security industry’s best chance yet? It’s a sort of half-measure that lets users keep their passwords but adds a second element (or “factor”) to logins.

Europe Hit with 80 Million Fraud Attempts in Q1 2018 as Merchants Favor Low-Friction Experiences over Security

The onset of 2018 has seen European businesses bombarded with cyberattacks, including a staggering 80 million pure fraud attempts. With a 30% increase in cybercrime year-over-year and strict new laws coming into effect this month, digital businesses in Europe – and indeed everywhere – need to make cyber-security a priority now more than ever.

Malware Distributed via .sylk Files, (Tue, May 22nd)

Attackers are always trying to find new ways to infect computers by luring not only potential victims but also security controls like anti-virus products. Do you know what SYLK files are? SYmbolic LinK files (they use the .slk extension) are Microsoft files used to exchange data between applications, specifically spreadsheets[1]. In Windows environments, there are represented with an icon similar to Excel:

Here is a sample I found (SHA256: a08c4235b6d93a463df543bd915407b56f4efd00f30497723fca54dccac580ad) with a very low VT store (2/59)[2]. Being a simple text file, it does not look suspicious:

$ file Payment_Invoice#287718.slk Payment_Invoice#287718.slk: ASCII text, with very long lines, with CRLF line terminators, with escape sequences

GDPR Is Here: Achieve the Superior Data Breach Prevention and Detection Required with Qualys

Turned into law in 2016, the EU’s General Data Protection Regulation (GDPR) finally goes into effect this week, slapping strict requirements on millions of businesses and subjecting violators to severe penalties. The complex regulation applies to any organization worldwide — not just in Europe — that controls and processes personal data of EU residents, whose security and privacy GDPR fiercely protects.

Google Sued For ‘Clandestine Tracking’ of 4.4 Million UK iPhone Users’ Browsing Data

Google is being sued in the high court for as much as $4.3 billion for the alleged “clandestine tracking and collation” of personal information from 4.4 million iPhone users in the UK. From a report: The collective action is being led by former Which? director Richard Lloyd over claims Google bypassed the privacy settings of Apple’s Safari browser on iPhones between August 2011 and February 2012 in order to divide people into categories for advertisers. At the opening of an expected two-day hearing in London on Monday, lawyers for Lloyd’s campaign group Google You Owe Us told the court information collected by Google included race, physical and mental heath, political leanings, sexuality, social class, financial, shopping habits and location data.

Hugh Tomlinson QC, representing Lloyd, said information was then “aggregated” and users were put into groups such as “football lovers” or “current affairs enthusiasts” for the targeting of advertising. Tomlinson said the data was gathered through “clandestine tracking and collation” of browsing on the iPhone, known as the “Safari Workaround” — an activity he said was exposed by a PhD researcher in 2012. Tomlinson said Google has already paid $39.5m to settle claims in the US relating to the practice. Google was fined $22.5m for the practice by the US Federal Trade Commission in 2012 and forced to pay $17m to 37 US states.