Return-Path: <1921889-479-1022@be1.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id ia3THnM6nFkIWQAAInt2oQ for ; Tue, 22 Aug 2017 07:06:43 -0700 Return-path: <1921889-479-1022@be1.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Tue, 22 Aug 2017 07:06:43 -0700 Received: from mpmta4.knowbe4.com ([168.235.226.74]:19315) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-479-1022@be1.maropost.com>) id 1dk9p6-00067o-7m for edward@transocean.com; Tue, 22 Aug 2017 07:06:43 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1503410787; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=RwO3/vEL2gRZ28MtBqVJd3sKJ5MgtAmrbkJ1FBtHtjNbVhqTvHHjLTH7SBe2L8pDCFcpZR d3BHEQceoI+/VRq56Z0wTJ6y4f7xP2DUVpixu709M5aidlKNZ7RUDnTbh8a6sq5V8MVq2g eJDYsz2u0yJ5q1Bjzr9lrc5vaYoyQU8= Received: from [<1921889-479-1022@be1.maropost.com>] ([<1921889-479-1022@be1.maropost.com>] helo=) by 771414-mailer6.maropost.com (envelope-from 1921889-479-1022@be1.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Tue Aug 22 10:04:24 EDT 2017 Date: Tue, 22 Aug 2017 10:04:22 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: Subject: This Is a First: Compromised PowerPoint Slide Deck Bypasses Antivirus Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_599c39e6bd5fc_5c547ad93943974369ad"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 479 X-Campaign-ID: 479 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 168.235.226.74 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 479:Maropost X-Spam-Status: No, score=-0.1 X-Spam-Score: 0 X-Spam-Bar: / X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/479/1921889/805f31c0e4f28eb54e5c68e77eef10292ed7ae33 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/479/1921889/805f31c0e4f28eb54e5c68e77eef10292ed7ae33 [...] Content analysis details: (-0.1 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: hubspot.net] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40% [score: 0.2893] 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 LOTS_OF_MONEY Huge... sums of money 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_MONEY_PERCENT X% of a lot of money for you X-Spam-Flag: NO ----==_mimepart_599c39e6bd5fc_5c547ad93943974369ad Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/479/1921889/805f31c0e4f28eb54e5c68e77eef10292ed7ae33 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/479/1921889/805f31c0e4f28eb54e5c68e77eef10292ed7ae33 ----==_mimepart_599c39e6bd5fc_5c547ad93943974369ad Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This Is a First: Compromised PowerPoint Slide Deck Bypasses = Antivirus
3D""
=
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #33 =C2=A0 | =C2=A0 Au= g. 22nd., 2017


Bad guys are exploiting the CVE-2017-0199 vulnerability to bypass endpoin= t security software and deliver the Remcos remote access Trojan via Micro= soft PowerPoint decks.

This particular flaw in the Windows Object Linking and Embedding (OLE) in= terface is normally used to deliver infected RTF documents, but researche= rs at Trend Micro have spotted cyber criminals using it to compromise Pow= erPoint slide show files for the first time.

Critically, since most methods of detecting the CVE-2017-0199 vulnerabili= ty focus on the RTF attack method, the use of the PPSX PowerPoint as an a= ttack vector means attackers can code the malware to avoid antivirus dete= ction.

More at the KnowBe4 blog, with links and screenshots:
https://blog.knowbe4.com/this-is-a-first-spear-phishing-attack-uses-compr= omised-powerpoint-slide-deck
If you ever needed ammo to convince budget= holders that you need more IT security resources, this is the link to se= nd them. It is a great discussion-starter how an attack like this would p= lay out in your own organization.

On Monday August 18th, "CBSN: On Assignment" did a special, visiting an u= pstate New York hospital, the Erie County Medical Center. Criminal hacker= s took down the level one trauma center's computer systems for six weeks = by encrypting all machines with a ransomware strain and demanding a whopp= ing ransom. Here is the article and video:
https://www.cbsnews.com/news/cbsn-on-assignment-hackers-targeting-medical= -industry-hospitals/
KnowBe4=E2=80=99s updated, complimentary R= ansomware Simulator "RanSim" gives you an instant look at the effectivene= ss of your existing network protection.

RanSim will simulate 10 ransomware infection scenarios and show you if a = typical workstation is vulnerable to infection. Here's how RanSim works: =
  • 100% harmless simulation of a real ra= nsomware infection
  • Does not use any of your own files
  • Tests 10 types of infection scenarios=
  • Just download the install and run it<= /span>
  • Results in a few minutes!
    • =
How will your endpoint protection softwar= e perform in these scenarios?
Download RanSim Now: https://info.knowbe4.com/ransomware-simulator-tool-1= chn
After the NIST passwords bombshell, we sur= veyed 2,600 IT professionals to find out how they were managing passwords= . The answers show that IT pros are generally receptive to the proposed p= ass phrase concept suggested by NIST.

NIST Special Publication 800-63B, =E2=80=9CDigital Identity Guidelines,=E2= =80=9D states: =E2=80=9CMany attacks associated with the use of passwords= are not affected by password complexity and length. Keystroke logging, p= hishing, and social engineering attacks are equally effective on lengthy,= complex passwords as simple ones. This means that password complexity= has failed in practice."

KnowBe4=E2=80=99s survey showed that 44% of respondents overall, (large o= rganizations with 1,000+ employees and small to mid-size businesses), thi= nk a roughly 25-character pass phrase could work versus 35% who don=E2=80= =99t believe it to be a viable option for their organization.

The highlights from the survey are:
  • Nearly 97% of large organizations hav= e an enforced password policy compared to almost 88% in small to mid-size= organizations.

  • A majority (63%) of organizations do = not allow password re-use, however this does not prevent employees from u= sing the same password on multiple sites.

  • Almost half (49%) of large organizati= ons believe their current password policy is insufficient, while 48% of s= mall to mid-size organizations believe their password policy is good enou= gh.

  • Enterprise-size organizations (1,000+= users) prefer multi-factor authentication (MFA) with only 38 % stating t= hey do.
Here are the full survey results (PDF): https://blog.knowbe4.com/survey-of-2600-it-pros-password-procedures-still= -are-a-cyber-security-fail
The new 2017 SANS Threat Landscape survey = from the well-known research and education specialist finds that security= professionals rate phishing at 72 percent, spyware at 50 percent, ransom= ware at 49 percent, and Trojans at 47 percent as being the top threats to= day. We strongly recommend you download the whole study and read it top t= o bottom. There is also an on-demand webcast you should watch.

From the new study's Executive Summary: "Endpoints=E2=80=94and the users = behind them=E2=80=94are on the front lines of the battle: Together they r= epresent the most significant entry points for attackers obtaining a toeh= old into the corporate network. Users are also the best detection tool or= ganizations have against real threats."

"Users and their endpoints are still in the cross hairs," says Lee Neely,= SANS analyst, mentor instructor and author of the survey report. "Tradit= ional and malware-less threats keep popping up at every corner, making ou= r jobs as defenders resemble an ongoing game of Whack-a-Mole to keep them= at bay."

Full story, graphs, and links to the PDF and the webcast at the KnowBe4 B= log:
https://blog.knowbe4.com/new-study-phishing-is-still-the-top-threat-faced= -by-organizations
Despite all the spectacular news stories a= bout advanced persistent threats and targeted hacks from nation-states, t= he most common security challenge facing organizations today continues to= be social engineering.

Successful hackers understand that the user is the weakest link in the se= curity chain. Email phishing campaigns have proven to be the path of leas= t resistance to get unsuspecting individuals to download and install thei= r malicious software.

Getting users to identify phishing attacks and training them not to click= on links in email messages has been challenging until recently.

In this 30-minute webinar, you=E2=80=99ll learn the strategies and techni= ques that social engineers are finding success with. You=E2=80=99ll also = learn how to implement these techniques using KnowBe4=E2=80=99s simulated= phishing platform and easily create a real-world phishing email to test = your employees and see how phish-prone they really are.

Key topics covered in this webinar:
  • Latest phishing attacks strategies an= d techniques
  • Some of the top-clicked phishing emai= ls from Q2-2017
  • How to create a simulated phishing at= tack in minutes with KnowBe4=E2=80=99s platform
Register Now! Wed, Aug 23, 2017 2:00 P= M - 2:30 PM EDT
https://attendee.gotowebinar.com/register/7818773804792726019

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"A dream you dream alone is only a dream= . A dream you dream together is reality." - John Lennon

"A dream doesn't become reality through magic; it takes sweat, determi= nation
and hard work." - Colin Powell
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-33-new-study-phishing-is-st= ill-the-top-threat-faced-by-organizations
Security News
Large Insurance Company Settles for $5.5 Million over "Failed to = Patch" Data Breach

A large insurance company (Nationwide) agreed to pay a total of 5.5 milli= on dollars to settle charges brought by 32 states resulting from the loss= of critical consumer information attributable to a criminal data breach.=

According to the Settlement Agreement, the respondent lost the data for 1= .27 million customer across the country when hackers exploited a security= breach created when the respondent failed to implement a security patch.=

As part of the settlement, the insurance company agreed to appoint a secu= rity patch supervisor, implement security patch policies and procedures, = and perform internal assessments.

The New York State Attorney General criticized the respondent for its =E2= =80=9Ctrue carelessness while collecting and retaining information from p= rospective customers, needlessly exposing their personal data in the proc= ess.=E2=80=9D

Here is the blog post with more detail and the PDF from the NY Attorney G= eneral site:
https://blog.knowbe4.com/large-insurance-company-settles-for-5.5-million-= over-failed-to-patch-data-breach
Make the Training Stick: How to Engage Users in Cybersecurity Pra= ctices

Riverside HealthCare achieved a 99 percent compliance rate with phishing = campaigns after it educated (and perhaps scared) its staff into being cau= tious.

Cyberattackers count on untrained computer users to react to electronic b= ait a certain way, and when they succeed it is because employees are not = as engaged with cybersecurity practices as they should be. And that can i= nclude those who have already been through training.

Even though employees attend cybersecurity training programs, for instanc= e, many come back afterward and do not apply what they just learned, acco= rding to Erik Devine, chief information security officer at Riverside Hea= lthCare in Illinois.

Five years ago, Riverside had an 85 percent compliance rate when conducti= ng phishing campaigns among its 3,000 employees, Devine said, and most di= d not know who to contact if they received a suspicious email.

=E2=80=9COur current rate is 97 to 99 percent compliance, depending on th= e type of test given,=E2=80=9D he said. =E2=80=9CIt=E2=80=99s my job to e= ngage the organization because without employees trained and engaged in i= nformation security, the landscape is just too large to protect.=E2=80=9D=

What can other hospitals learn from Riverside=E2=80=99s success? Devine s= hared what has worked during the training as well as what to look for onc= e the employees go back to their jobs. Article at HealthCareITnews:
http://www.healthcareitnews.com/news/make-training-stick-how-engage-users= -cybersecurity-practices
Los Angeles Health Care Provider Potentially Breached by Ransomwa= re Attack

Pacific Alliance Medical Center=E2=80=99s servers were hit by a ransomwar= e attack in June, and officials said the investigation couldn=E2=80=99t r= ule out whether patient data was accessed.

However, the notice to patients did not mention whether PAMC paid the ran= som. Further, officials said the investigation couldn't rule out whether = the patient data were viewed or stolen by the ransomware attack, although= the organization didn't uncover evidence to suggest the data was stolen.=

As you can see, ransomware infections are highly likely going to be seen = as a data breach with reporting requirements. More:
http://www.healthcareitnews.com/news/los-angeles-provider-potentially-bre= ached-ransomware-attack
Cybersecurity: The Hottest New Major in College

Large numbers of US colleges have added undergraduate cybersecurity major= s, cybersecurity concentrations to other majors, and master's degree prog= rams in cybersecurity. Most colleges, however, do not know what to teach,= and many are teaching students only how to admire the cybersecurity prob= lem, but not how to fix it.

Further, computer science graduates don't learn secure coding or other te= chnical cybersecurity topics. None of the Top 10 undergraduate computer s= cience and engineering programs at American universities (as ranked by th= e U.S. News & World Report) required its students to take a cybersecu= rity course in order to graduate. More:
https://www.villagevoice.com/2017/08/15/how-cybersecurity-became-2017s-ho= t-new-major/
Interesting News Items This Week

Ex-NSA Analyst Raises 10 Million to Stop Hackers Destroying Power Grids:<= br> https://www.forbes.com/sites/thomasbrewster/2017/08/14/dragos-funding-to-= stop-hacker-blackouts/#1cce01484f6f

Under the Radar: Three Ransomware Stories You Probably Didn=E2=80=99t See= :
http://techspective.net/2017/08/14/radar-three-ransomware-stories-probabl= y-didnt-see/

One Nigerian man's simple phishing campaign drains thousands from corpora= te coffers:
https://www.cyberscoop.com/phishing-get-rich-or-die-trying-nigeria-checkp= oint-bec-attacks/

Seven More Chrome Extensions Compromised:
https://threatpost.com/seven-more-chrome-extensions-compromised/127458/
New Windows flaw could allow a WannaCry-like attack if not patched:
https://www.scmagazine.com/new-windows-flaw-could-allow-a-wannacry-like-a= ttack-if-not-patched/article/681698/

Vaccine discovered for Cerber ransomware - based on its own evasion:
https://www.scmagazineuk.com/vaccine-discovered-for-cerber-ransomware--ba= sed-on-its-own-evasion/article/682120/

Rent the Latest Exploit Toolkit for $80 Per Day:
https://www.bankinfosecurity.com/rent-latest-exploit-toolkit-for-80-per-d= ay-a-10201

HBO's Twitter accounts hacked in latest cyberattack:
http://www.foxnews.com/entertainment/2017/08/17/hbos-twitter-accounts-hac= ked-in-latest-cyberattack.html

The Hardest Working Office Design in America Encrypts Your Data=E2=80=93W= ith Lava Lamps:
https://www.fastcodesign.com/90137157/the-hardest-working-office-design-i= n-america-encrypts-your-data-with-lava-lamps

U.S. Worried North Korea Will Unleash Cyberattacks:
http://www.nbcnews.com/news/north-korea/u-s-worried-north-korea-will-unle= ash-cyberattacks-n790831

FBI pushes private sector to cut ties with Kaspersky:
https://www.cyberscoop.com/fbi-kaspersky-private-sector-briefings-yarovay= a-laws/

WannaCry Ransomware Chill Spurs China Interest in Purchasing Gobs of Cybe= r Insurance:
https://www.reuters.com/article/us-aig-china-cyber-idUSKBN1AP12E <= /div>
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • OK, Who -Is- This Stu Guy Anyway? [VID= EO] I had a freelance video PR crew follow me one day at Black Hat, to gi= ve you an idea of who the heck I am:
    https://blog.knowbe4.com/ok-who-is-this-stu-sjouwerman-guy-anyway-video<= /span>

  • This is a great remix of the GENESIS s= ong "I Can't Dance" and the dancers are awesome:
    https://www.youtube.com/watch?v=3DnYIbUakguIE

  • RIOT: Two very mischievous monkeys joy= -riding a wild boar in the African country of Mozambique:
    http://www.flixxy.com/two-monkeys-riding-a-wild-boar.htm?utm_source=3D4<= /span>

  • Watch a new World Yo-Yo Champion in ac= tion:
    http://boingboing.net/2017/08/17/watch-the-new-world-yo-yo-cham.html

  • Comedic Daredevil Bello Nock amazes th= e judges and audience of America's Got Talent 2017 with this hair-raising= stunt:
    http://www.flixxy.com/comedic-daredevil-bello-nock-takes-on-wheel-of-dea= th.htm?utm_source=3D4

  • Mercedes-Maybach just unveiled a stunn= ing convertible concept car to rival Tesla
    http://www.businessinsider.com/mercedes-maybach-vision-6-cabriolet-conve= rtible-pebble-beach-2017-8

  • Kevin Mitnick, KnowBe4's Chief Hacking= Officer retweeted a link to well-executed infographic about Social Engin= eering, and here it is!:
    https://blog.knowbe4.com/here-is-a-cool-and-useful-infographic-about-soc= ial-engineering
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>
=C2=A0
=C2=A0
=C2=A0 This email was sent= to edward@transocean.com by feedback@knowbe4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA
=C2=A0 		=C2=A0
----==_mimepart_599c39e6bd5fc_5c547ad93943974369ad--