info@qualityplusconsulting.com l +1 262-553-6510

QPC podcasts have moved

Please forgive our old content here while we reorganize and redo our old website.

All new QPC podcasts are hosted on a more convenient platform for all of us.

Please visit https://qpcsecurity.podbean.com where you can use the Podbean mobile app, stream directly from the site, and sign up for the RSS feed.

Breakfast Bytes - Malvertising Exploits and FTC Security Tips

3/18/2016

Malvertising exploits get worse

MP3 - Malvertising Exploits and FTC Security Tips

 
 

 

Malvertising exploits get worse

Malvertising is redirecting endpoints to the Angler exploit kit. If you don't have APT and ransomware protection, you are wide open.
Patch your systems, of course.
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/

https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/

Once the advertisement loads, the ad automatically redirects to exploit servers. The only mitigation is to block the advertisements all together.
The malvertisements are often coming through Flash, Java, and Silverlight, which is why you have to AV scan that code at the perimeter with your Firebox.
This is why you have to proxy traffic including https traffic because you do not have the ability to block the stuff or filter it out otherwise.

Trend Worry-Free Business Security and Deep Security have active protections against kits like Angler assuming that the product is configured properly and fully updated.

Hacksplaining

Learn about web application security so that you can protect against the risks.
https://www.hacksplaining.com/
http://i-programmer.info/news/149-security/9545-hacksplaining-learn-through-hacking.html?

FTC Security Tips

https://www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf
http://www.techrepublic.com/article/10-security-tips-from-the-ftc-on-how-to-protect-consumer-data/?
Linkedin