Potential Increase in Malware Delivered by PDF Attachments

The Information Security Office wants to make you aware that a number of vulnerabilities affecting Microsoft Office and Adobe Acrobat were disclosed this week. Furthermore, we have been made aware that savvy criminals are launching phishing campaigns to deliver malware (such as viruses, Trojans, worms, etc.) by sending specially crafted documents (like pdf, PowerPoint) attached [...]

New Phishing Campaign Discovered.

A CIS Cyber Alert (see below) has been published detailing a Phishing campaign that utilizes a weaponized PDF document that exploits a vulnerability in Adobe Reader(CVE-2013-2729). This campaign attempts to entice users to open the attached file by referring to an “Unpaid invoic”(sic)
This campaign is utilizing the Dyre Banking Trojan, focused on stealing banking credentials.
Recommendations:

Run [...]

New SSLv3 Vulnerability

Also known as “Poodle”, this vulnerability could allow an attacker to steal web site login information or payment data.
“A vulnerability exists within the SSL version 3.0 protocol… allowing an attacker to hijack and decrypt session cookies that are utilized between a user’s web browser and the web site. This could lead to attackers obtaining enough [...]

Multiple Vulnerabilities Released Today.

Several important vulnerabilities in Microsoft products, including Windows, Office, .NET, Internet Explorer, were released today along with patch information. They are:

Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)
Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)
Cumulative Security Update for [...]

“BadUSB” Exploit

There is a new exploit that has hit the internet called BadUSB that poses a Security threat based on USB devices.  Instructions and applications to create infected USB devices are available on the internet.  The exploit allows installation into the USB’s firmware where it is run automatically when plugged into a computer system.  The firmware [...]