WatchGuard Security Center | Category Archive

WatchGuard Security Week in Review: Episode 60 – Oracle CPU

April 19, 2013 by Corey Nachreiner 1 Comment

Router Hacks, WordPress Attack, and Huge Oracle Update

During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.

In this week’s InfoSec news summary, I cover Oracle’s quarterly Critical Patch Update (CPU), a research project that uncovered vulnerabilities in consumer routers, a WordPress password cracking botnet, and how scammers are exploiting this week’s tragedies in their spam campaigns. Watch the video below for the highlights and some defensive tips.

As an aside, I will be traveling next week so I may not post the weekly video at its normal time.

(Episode Runtime: 7:38)

Direct YouTube Link: http://www.youtube.com/watch?v=Mvikhwg12k8

Episode References:

WordPress password cracking campaign - Softpedia
One of Microsoft’s April patches broken - CRN
Oracle Critical Patch Update April 2013
- Oracle April 2013 CPU alert – Oracle
- Oracle April 2013 Java SE update - Oracle
- Apple Java update associated with Oracle CPU - Apple
- Article on Oracle CPU for April - ZDNet
Research on exploiting SOHO routers - Security Evaluators
Spammers exploit news of Boston Bombing – Information Week
Spammers exploit news of accidental fertilizer plant explosion - Naked Security blog

Extras:

House passes the latest version of CISPA – InfoWorld
“Badnews” android botnet found on Google Play - TechWorld
Reddit suffers DDoS attack - Express
Syrian Electronic Army hacks NPR - Huffington Post
Password security hits primetime (on Ellen Degeneres Show) - Softpedia
New “magic code” trojan - Seculert
US and China create cyber security working group - IT News
LulzSec hacker gets a year in prison - The Inquirer

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

WatchGuard Security Week in Review: Episode 59 – Android PlaneSploit

April 12, 2013 by Corey Nachreiner 1 Comment

CISPA, Game Dev Breaches, and Android Plane Hack

Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.

By the way, I apologize for the shaky camera. I forgot my tripod on this trip and shooting video with a busy schedule has its challenges. Don’t forget to check out the Reference section if you want to learn more.

(Episode Runtime: 7:53)

Direct YouTube Link: http://www.youtube.com/watch?v=8tke-MEdmtA

Episode References:

Skype phishing leads to bitcoin mining trojan - Securelist Blog
House Intelligence panel says OK to CISPA - Computer World
Winnti Game Dev attack details – Securelist Blog
uPlay hack allows criminals to steal Ubisoft games – Techspot
Researcher shows how to hack an airplane with an Android smartphone - The Register
Airplane hacking presentation by Hugo Teso [PDF] - HITB.org
Extras:
- FBI gets Verizon to track an aircard - Wired
- Security experts don’t like Facebook Home - PC World
- Bitcoin hacker hunted - SC Magazine
- Brainwave passwords? - Techcrunch

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

android, Bitcoin, Bitcoin mining trojan, CISPA, Hack, Hacked, Hacking Airplanes, infosec, malware, PlaneSploit, security, SIMON, Update, uplay hack, vlog, vulnerability, WatchGuard Security Week in Review, Winnti

Adobe Patch Day: Patches for Flash, Shockwave, and ColdFusion

April 9, 2013 by Corey Nachreiner 0 Comments

Severity: High

Summary:

These vulnerabilities affect: Adobe Flash Player, Shockwave Player, and ColdFusion
How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
Impact: Various results; in the worst case, an attacker can gain complete control of your computer
What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

APSB13-11: Four Flash Player Memory Corruption Flaws

Adobe’s bulletin describes four vulnerabilities in Flash Player running on all platforms. More specifically, the flaws consist of various memory corruption and integer overflow flaws. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

They assign these flaws their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.

Adobe Priority Rating: 1 for Windows (Patch within 72 hours)

APSB13-12: Four Shockwave Player Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin describes four security vulnerabilities that affect Shockwave Player running on Windows and Macintosh computers. All of the flaws consist of memory corruption issues (one being a buffer overflow) that share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

Adobe Priority Rating: 1 (Patch within 72 hours)

APSB13-10: Two Unspecified ColdFusion Vulnerabilities

Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities that Adobe does not describe in much technical detail. They describe one flaw as a vulnerability that allows an attacker to impersonate an authenticated user (CVE-2013-1387), and the other as a flaw that could allow an unauthenticated attacker to gain access to the administrative console. Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. They rate both vulnerabilities as Priority 2 issues, which is essentially their medium severity rating.

Adobe Priority Rating: 2 (Patch within 30 days)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

APSB13-10: Apply the corresponding ColdFusion hotfix. More details in this Adobe technote.
APSB13-11: Upgrade to the latest Flash Player (11.7.700.169 for Windows)
APSB13-12: Upgrade to the latest Shockwave Player (12.0.2.122)

Keep in mind, if you use Google Chrome you’ll have to update it separately.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.

Status:

Adobe has released patches correcting these issues.

References:

Adobe Security Update APSB13-10
Adobe Security Update APSB13-11
Adobe Security Update APSB13-12

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Security Updates

adobe, Flash Player, patch, shockwave, updates

SharePoint Suffers from XSS and Information Disclosure Flaws

April 9, 2013 by Corey Nachreiner 1 Comment

Summary:

These vulnerabilities affect: SharePoint Server, Groove Server, Office Web Apps, and InfoPath 2010, which are all part of Microsoft’s Office family products
How an attacker exploits them: Multiple vectors of attack, including luring your users to a malicious link, or by visiting a specific address on a vulnerable server
Impact: In the worst case, an attacker can elevate their privileges, gaining the ability to do anything the victim can on the affected server.
What to do: Install the appropriate updates as soon as you can, or let Windows Update do it for you.

Exposure:

Today, Microsoft released two Office-related security bulletins describing vulnerabilities found in SharePoint, SharePoint Foundation, Groove, Office Web Apps, and InfoPath — all part of Microsoft’s Office family of products. Microsoft rates both bulletins as Important. We summarize them below:

MS13-030: SharePoint Information Disclosure Flaw

SharePoint Server is Microsoft’s web and document collaboration and management platform. SharePoint Server 2013 does not apply the proper access controls to a SharePoint list, which means any SharePoint user can gain access to items in the list, even if the list owner did not intend that user to have access. However, in order to exploit this flaw, the attacker needs valid credentials on your SharePoint Server, and needs to know the specific URL address for the Sharepoint list in question. These factors significantly mitigate this vulnerability, limiting it primarily to an internal risk

Microsoft rating: Important.

MS13-035: SharePoint and Office server XSS Vulnerability

SharePoint (and other Office-related servers like InfoPack and Groove) also suffer from an unspecified Cross-Site Scripting vulnerability (XSS) that could allow an attacker to elevate his privileges. By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to gain that user’s privilege on your SharePoint server. This means the attacker could view or change all the documents which that user could. These flaws only affect the 2010 versions of these Office servers.

Microsoft rating: Important

Solution Path

Microsoft has released patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate ones as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.

The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:

For All WatchGuard Users:

WatchGuard’s Intrusion Prevention services can sometimes prevent web application attacks like the XSS one described today. For instance, our IPS signature team has developed a new signature that can detect and block the “HTML Sanitizarion” XSS attack affecting Sharepoint and other Office-related servers:

WEB-CLIENT Microsoft IE HTML Sanitization Vulnerability (CVE-2013-1289)

Your XTM appliance should get this new IPS update shortly. Nonetheless, attackers can still exploit these flaws locally, so we still recommend you install Microsoft’s updates.

Status:

Microsoft has released SharePoint and Visio updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Security Updates

Groove, InfoPath, microsoft office, Office Web Apps, sharepoint

Windows Updates Fix Critical RDC Flaw, and More

April 9, 2013 by Corey Nachreiner 1 Comment

Severity: High

Summary:

These vulnerabilities affect: All current versions of Windows and some of the components that ship with it
How an attacker exploits them: Multiple vectors of attack, including luring users to web sites with malicious code or sending specially crafted network packets
Impact: In the worst case, an attacker can gain complete control of your Windows computer.
What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Update do it for you.

Exposure:

Today, Microsoft released six security bulletins that describe around ten vulnerabilities affecting Windows or components related to it, such as Remote Desktop Client, Active Directory, and the Antimalware client (part of Windows Defender in Windows 8). Each of these vulnerabilities affect different versions of Windows to varying degrees. A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates – especially the critical ones – as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

MS13-029: Remote Desktop Client Code Execution Vulnerability

Remote Desktop Protocol (RDP) is a Microsoft networking protocol that allows you to view and control the desktop of one Windows computer from another networked computer. Windows ships with the Remote Desktop Client to support this functionality. According to Microsoft, an ActiveX control the Remote Desktop Client uses suffers from a “use after free” vulnerability, which remote attackers can exploit to execute arbitrary code on your system. The attacker would simply have to entice you to a web site containing malicious code to trigger the flaw. As is typical with Windows vulnerabilities, the attacker would gain your privileges, and if you’re a local administrator that means full control of your system.

Microsoft rating: Critical

MS13-031: Two Kernel Elevation of Privilege Vulnerabilities

The kernel is the core component of any computer operating system. The Windows kernel suffers from two race condition vulnerabilities, which attackers can leverage to elevate their privilege. Though the flaws differ technically, the share the same scope and impact. By running a specially crafted program, a local attacker could exploit this flaw to gain complete control of your PC. However, the attacker would first need to gain local access to your Windows computer using valid credentials. This factor significantly reduces the severity of the issue

Microsoft rating: Important

MS13-032: Active Directory Memory Consumption Flaw

Active Directory (AD) provides central authentication and authorization services for Windows computers and ships with server versions of Windows. AD suffers from a memory consumption vulnerability having to do with it’s inability to properly handle specially crafted LDAP queries. By sending a malicious LDAP query to an AD server, an attacker can exploit this flaw to force the server’s LDAP service to stop responding, putting it into a Denial of Service (DoS) state. However, administrators typically limit LDAP access to their local network, so this vulnerability primarily poses an internal threat.

Microsoft rating: Important

MS13-033: CSRSS Elevation of Privilege Vulnerability

The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from a local privilege elevation issue. By running a specially crafted application, an attacker can leverage this flaw to execute code with full system privileges, regardless of his actual user privilege. However, in order to run his special program, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.

Microsoft rating: Important

MS13-034: Antimalware Client Elevation of Privilege Vulnerability

The Antimalware Client is a free host-based security program that does just what you’d expect; protects Windows systems from malicious software (viruses, worms, trojans, etc.) loosely known as malware. It ships with Windows Defender, which comes with Windows 8. It also suffers from a local privilege elevation issue having to do with its inability to handle improper pathnames. By running a specially crafted application, an attacker can leverage this flaw to execute code with full system privileges, regardless of his actual user privilege. However, in order to run his special program, the attacker would first need to gain local access to your Windows computers using valid credentials, which significantly reduces the risk of this flaw. This issue primarily affects Windows 8 computers.

Microsoft rating: Important

MS13-036: Multiple Kernel-Mode Driver Vulnerabilities

As mentioned above, the kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers five different privilege elevation vulnerabilities. The vulnerabilities differ technically but share the same scope and impact. By running a specially crafted program, a local attacker can leverage any of these flaws to gain complete control of your Windows computers. However, in order to run his malicious program, the attacker would first need to gain local access to your computer or trick you into running the program yourself, which significantly lessens the severity of these issues.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed a new signature that can detect and block the Remote Desktop Client vulnerability described above:

WEB-ACTIVEX Microsoft RDC ActiveX Control Remote Code Execution Vulnerability (CVE-2013-1296)

Your XTM appliance should get this new IPS update shortly.

Nonetheless, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

Microsoft Security Bulletin MS13-029
Microsoft Security Bulletin MS13-031
Microsoft Security Bulletin MS13-032
Microsoft Security Bulletin MS13-033
Microsoft Security Bulletin MS13-034
Microsoft Security Bulletin MS13-036

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Security Updates

Active Directory, Antimalware, elevation of Privilege, IPS, Kernel-mode drivers, microsoft patch day, RDC, RDP, updates, windows, Windows 8, Windows Defender

“Use After Free” Flaws: A New Theme for IE Vulnerability

April 9, 2013 by Corey Nachreiner 2 Comments

Severity: High

Summary:

These vulnerabilities affect: Most current versions of Internet Explorer (IE)
How an attacker exploits them: By enticing one of your users to visit a malicious web page
Impact: An attacker can execute code on your user’s computer, often gaining complete control of it
What to do: Install Microsoft’s IE updates immediately, or let Windows Automatic Update do it for you

Exposure:

As part of today’s Patch Day, Microsoft released a security bulletin describing two new security vulnerabilities affecting Internet Explorer (IE). Similar to the flaws in last month’s update, both of these vulnerabilities are what developers call “use after free” vulnerabilities – a type of memory corruption flaw that attackers can leverage to execute arbitrary code. This class of vulnerability seems to be a theme for IE lately, since Microsoft has been fixing IE use after free flaws quite a bit over the last few months.

In any case, if an attacker can lure one of your users to a web page containing maliciously crafted HTML, she could exploit either of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker can exploit these flaws to gain complete control of the victim’s computer.

If you’d like more technical detail about either of these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technicalities aside, both of these remote code execution flaws pose significant risk to IE users, and allow attackers to launch drive-by download attacks. Attackers often hijack legitimate web sites and force them to serve this kind of malicious web code. So these types of flaws may affect you even when visiting legitimate, trusted web sites.

If you use IE, you should download and install Microsoft’s cumulative update immediately.

Solution Path:

You should download, test, and deploy the appropriate IE updates immediately, or let Windows Automatic Update do it for you. You can find links to the various IE updates in the “Affected and Non-Affected Software” section of Microsoft’s IE security bulletin.

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus services can often prevent the malware that drive-by download attacks try to force onto your computer. Furthermore, our Reputation Enabled Defense (RED) and WebBlocker service can often prevent your users from accidentally visiting malicious sites. Nonetheless, we still recommend you install Microsoft’s IE update to completely protect yourself from these vulnerabilities.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

MS Security Bulletin MS13-028

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Security Updates

drive-by download, ie, IE10, internet explorer, microsoft, remote code execution

Remote Desktop and IE Updates Top April’s Patch Day List

April 9, 2013 by Corey Nachreiner 0 Comments

Unless you’re new to IT, you’re probably aware that today—the second Tuesday of the month—is Microsoft Patch Day.

As expected, Microsoft released nine security bulletins today, fixing 13 vulnerabilities across products like Internet Explorer (IE), Windows and its components, Sharepoint Server, and a few other Office server products. The worst two, Critical-rated updates fix security problems in IE and the Remote Desktop Client (RDC) that ships with Windows (specifically, its ActiveX control). The vulnerabilities in both these products could help remote attackers launch drive-by download attacks. If an attacker can get your IE or RDC users to visit a specially crafted web site (or a legitimate, hijacked web site), they could leverage these flaws to execute arbitrary code with those users’ privileges. You should download, test, and apply these Critical updates as soon as you can, or let Windows’ automatic updater do it for you.

As an aside, some experts had expected today’s IE update to fix some publicly disclosed vulnerabilities from the recent Pwn2Own contest at a Canadian security conference. In their IE alert, Microsoft credits two Google security researchers for discovering the flaws they fixed today. However, the Pwn2Own IE 10 flaws were disclosed by different researchers from VUPEN. So it appears the Pwn2Own IE flaws are still open issues.

Microsoft also released seven other updates, which they rate as Important. While not as serious as the ones mentioned above, they all fix some relatively risky issues too. In general, I recommend you always install all of Microsoft’s monthly patches as quickly as you can. That said, be sure to at least try and test the server updates before deploying them to your production network.

I’ll post more detailed alerts about these security bulletins as the day progresses. Stay tuned. — Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

Black Tuesday, ie, internet explorer, microsoft, patch day, RDP, windows

WatchGuard Security Week in Review: Episode 58 – Darkleech Apache Attack

April 5, 2013 by Corey Nachreiner 6 Comments

Telephony DoS, OpFreeKorea, and Darkleech

What do zombie video games, North Korea, and emergency telephone systems have in common? They’ve all been compromised by cyber attackers this week.

If you’re too busy dousing IT fires to keep up with InfoSec news on your own, give our weekly security news summary a try. In this short video, I quickly highlight the biggest security stories from the week, and give some practical defense tips along the way.

This week’s episode covers a new telephony denial of service (TDos) extortion scheme , a serious flaw in a common database system, the latest Anonymous operation, and a mysterious Apache hijacking campaign that has affected over 20,000 web servers. Watch the video below for the full scoop, and check out the Reference section for additional stories.

(Episode Runtime: 9:03)

Direct YouTube Link: http://www.youtube.com/watch?v=K18Snt0Lrm0

Episode References:

DHS warns of TDoS attacks - Krebs on Security
DHS’s PDF document on TDoS attacks - DHS
Microsoft Patch Day to include nine security bulletins - WGSC
PostgreSQL update fixes serious security vulnerability – WGSC
Anonymous launches OpFreeKorea campaign against North Korea – The Register
Attackers steal credentials from War Z video game servers - Kotaku
Ars Technica uncovers mysterious Apache server hijack campaign – Ars Technica
Extras:
- New advanced malware monitors for mouse clicks – Information World
- Great PBS video on the positive origin of the term “hacker” - YouTube
- Carberp (Zeus variant) gang taken down – Ars Technica
- Krebs thinks he’s identified the Flashback malware author - Krebs on Security
- Japanese portal hacks affects 100,000 users - Computer World
- Scribd compromised and passwords stolen – The H Security

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

WatchGuard Security Week in Review: Episode 57 – 300Gb DDoS

March 29, 2013 by Corey Nachreiner 2 Comments

POS Trojans, Android Spear Phishing, and Record DDoS

Extra, Extra, the Internet almost broke (no it didn’t). ~~Read…~~ View all about it!

Too much security news, and too little time? Let me summarize the highlights for you in my weekly InfoSec recap video. This week I cover two trojans targeting point-of-sale (POS) computers, a few software updates, a targeted spear phishing campaign spreading Android malware, and the record-breaking SpamHaus DDoS attack, which didn’t really break the Internet despite some reports. Click play for the details

There were also a ton of other interesting Infosec tidbits this week, beyond what’s in the video. If you’re interested, check out the Reference section below. Stay frosty out there, and have a Happy Easter weekend.

(Episode Runtime: 9:47)

Direct YouTube Link: http://www.youtube.com/watch?v=sC1zLvbjzI4

Episode References:

vSkimmer point-of-sale (POS) trojan - SC Magazine
BlackPOS point-of-sale (POS) trojan - PCWorld
Authorities bust a big credit card and POS cyber fraud ring - Computer World
Cisco IOS DoS Vulnerabilities Alerts – WGSC
Chrome 26 fixes 11 security flaws – Threat Post
Tibetian activist spear phishing campaign spreads Android malware – Forbes
SpamHaus DDoS attacks break record (300Gbps) – NYT
CloudFlare post details SpamHaus DDoS - Cloudflare blog
TIP: Check your network for open DNS resolvers - openresolverproject.org
Extras:
- “Skript Kiddie” journalist shows how easy password cracking is - Ars Technica
- Teenager charges with smart phone hacking - IB Times
- Adware malware plagues OS X machines – Digital Trends
- Vulnerability found in Battlefield video game - Tech News Daily
- Pirated software often carries malware (no duh!) - Tech World
- Employees ignore security rules - Computer Weekly
- Cool, yet scary, DSLR camera hacks - Network World
- Did Stuxnet break international laws? - Help Net Security
- New cyber legislation proposes harsher penalties - SC Magazine
- Wisconsin man charges with Anonymous-related LOIC DoS - The Register
- Microsoft Metro App security updates will not follow Patch Day - Microsoft
- Linkedin fixes some web application flaws on their site - Tech News Daily

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates

Cisco Patch Day: Multiple DoS Flaws in IOS

March 27, 2013 by Corey Nachreiner 1 Comment

As part of their semiannual patch day, Cisco released seven security advisories describing different Denial of Service (DoS) vulnerabilities affecting the IOS software that primarily ships with their routers. The seven flaws differ technically, and lie within various IOS components, including NAT, IKE, RSVP, etc. However, most of them share the same essential scope and impact. If a remote, unauthenticated attacker can send specially crafted packets to your IOS device, he can exploit many of these flaws to cause the device to fill up memory, or crash and restart. Attackers can repeatedly leverage these flaws to knock your router offline for as long as they can carry out the attack.

DoS vulnerabilities in your gateway router pose a fairly significant risk, since attackers can leverage them to essentially knock you offline. Right now, DoS attacks are in vogue among Hacktivists and other attackers. Over the past week, Spamhaus has suffered the largest DDoS attacks in recorded cyber history, and big banks have suffered from politically motivated DDoS attacks for months now. Though today’s IOS DoS flaws are not likely what contribute to these huge DDoS attacks, they could make a DDoS attackers life even easier. If you manage any Cisco IOS gear, I highly recommend you check out today’s Cisco IOS alerts and apply the corresponding updates and workarounds. — Corey Nachreiner, CISSP (@SecAdept)

Security Updates

cisco, cisco ios, DoS

Router Hacks, WordPress Attack, and Huge Oracle Update

Episode References:

Share this:

Like this:

CISPA, Game Dev Breaches, and Android Plane Hack

Episode References:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Summary:

Exposure:

Solution Path

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Severity: High

Summary:

Exposure:

Solution Path:

For All WatchGuard Users:

Status:

References:

Share this:

Like this:

Share this:

Like this:

Telephony DoS, OpFreeKorea, and Darkleech

Episode References:

Share this:

Like this:

POS Trojans, Android Spear Phishing, and Record DDoS

Episode References:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Links

Tags

Top Posts

Archives

Follow “WatchGuard Security Center”