Eze Castle Integration

Alerts for Eze Castle Integration Clients

August 24, 2014: San Francisco Earthquake Update

A 6.0 magnitude earthquake struck Northern California Sunday morning.  There was no damage reported to the business office in San Francisco and no damage reported at Sacramento colocation facility.  We do expect it will be business as usual for our San Francisco business operations on Monday morning.  If you have any questions, pleasehttp://eci.com/support/index.html contact our Global Support Help Desk.

 

July 31, 2014:  Phishing Campaign

Recently, eSentire became aware of a new phishing campaign utilizing Google drive to obfuscate the redirect to the malicious content.  This delivery mechanism has been detected across our client base and as such we are releasing this update to provide further information on this social engineering trend. Please be advised that any site that allows someone to host a file may be used for malicious purposes.

Examples of content seen in wild:

Fax Example:
Content:
“FAX” <fax@qcom.co.uk>
You have received fax from EPS76185555 at victimdomain
Scan date: Thu, 31 Jul 2014 16:53:10 +0700
Number of page(s): 2
Resolution: 400x400 DPI

Malicious Link: (goo[.]gl/t8jteIxx – hxxp://autoescuelajoaquinp[.]com/images/Document-95722[.]zip)

ADP Example:
Content:
"ADP Payroll" <Luis_Carlton@adp.com>

Attached is a summary of Origination activity for 07/31/2014
Download it from Google Disk Drive Inc.:
Malicious link (goo[.]gl/1rBYjxx – hxxp://pinkfeatherproductions[.]com/wp-content/uploads/2014/06/Document-95722[.]zip)


Examples of links that are malicious in email:
Displayed Link - Real destination of link
goo[.]gl/1rBYjxx – hxxp://pinkfeatherproductions[.]com/wp-content/uploads/2014/06/Document-95722[.]zip
goo[.]gl/t8jteIxx – hxxp://autoescuelajoaquinp[.]com/images/Document-95722[.]zip
goo[.]gl/RmGnbxx – hxxp://esys-comm[.]ro/images/Document-95722[.]zip

eSentire as always recommends that you communicate with your users to not open attachments or click on links within emails of any type from an unknown source. Even if the email appears to be legitimate, encourage your users to scrutinize the content.
 
We will continue to monitor for changes in the malware that is being used and will adjust our blacklist in AMP as appropriate.  As well, the second phase of this attack (downloading executables) is blocked when the EXEcutioner functionality is enabled. This will block the infection from ever happening.
 


May 1, 2014: Vulnerability in Internet Explorer Could Allow Remote Code Execution

On May 1, 2014, Microsoft released a security update that resolves the publicly disclosed vulnerability that allows targeted attacks against Internet Explorer versions 6, 7, 8, 9, 10, and 11. The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. 

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

RECOMMENDED ACTION: Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. As an added precaution, customers should check for updates using the the Microsoft Update service

Reference: https://technet.microsoft.com/en-US/library/security/2963983


April 28, 2014: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

On April 28, 2014, Microsoft announced the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11. Read the complete Microsoft Security Advisory HERE.

RECOMMENDED ACTION: Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Alternatively, you can directly download with the links below:

Also, Eze Castle Integration advises clients to be careful when browsing websites for personal use and to be wary of links sent via Instant Messaging and email. Read guidance for Safe Internet Use HERE.