Tag Archives: adobe

Celeb Selfie Hack – WSWiR Episode 120

Software Patches, Home Depot Breach, and Celebrity Selfie Hack

If you need a quick source for all your information security (infosec) news, you’ve come to the right place. I summarize the most important infosec news in this weekly video, and provide links to other security stories as well.

Unfortunately, today’s episode includes a pretty creepy hack. The show covers next week’s upcoming software patches, another credit card leak that seems to come from Home Depot, and a gross story about hackers stealing hundreds of celebrities’ most private pictures. Find the details in the video below and see what you can learn from these unfortunate cyber attacks.

As always, check the Reference section if you are interested in other stories that I didn’t cover in the video. Also, I will be traveling the next few weeks, which means I may not be able to post this video as regularly as usual. Expect the video to turn up at irregular times, otherwise I may post a written version of the weekly summary instead. Have a great weekend, and stay safe online!

(Episode Runtime: 13:17)

Direct YouTube Link: https://www.youtube.com/watch?v=-mRjltM-tc0&

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Blackhat and More – WSWiR Episode 116

Blackhat Summary,Lots of Patches, and MonsterMind

Times have changed. Cyber attacks have increased 10-fold, causing a ton of information security (infosec) news each week. Can’t keep up with it all? Let me help out. In this weekly video summary, I highlight the biggest information and security news every week.

Last week, I had meant to post a Black Hat video summary, but simply couldn’t find the time during my two week travel schedule. I try to make up for it in this week’s episode. In today’s video, I share a bit about Black Hat, cover the latest security patches, comment on the alleged huge password theft, and highlight Snowden’s latest interview and disclosures. Watch the video for the details.

Also, don’t forget to check out the big reference section below for two weeks of security news links, and some videos from Black Hat. Have a great weekend.

(Episode Runtime: 9:09)

Direct YouTube Link: https://www.youtube.com/watch?v=Xv1fUT15AP8

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Hardware Malware – WSWiR Episode 112

Tons of Patches, Facebook Botnets, and Infected Hand Scanners

After a couple weeks of hiatus, we’re finally back with our weekly security news summary video. If you want to learn about all the week’s important security news from one convenience resource, this is the place to get it.

This episode covers the latest popular software security updates from the last two weeks, and interesting Litecoin mining botnet that Facebook helped eradicate, and an advanced attack campaign that leverages pre-infected hardware products. Watch the video for the details, and check out the Reference’s for more information, and links to many other interesting InfoSec stories.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=oAHYUW1KkM0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Microsoft Service Bus DoS Mostly Affects Enterprise Web Developers.

Among this week’s Microsoft security bulletins is one that likely only affects a small subset of Microsoft customers, and thus not worth a full security alert.

Microsoft Service Bus is a messaging component that ships with server versions of Windows, providing enterprise developers with the means to create message-driven applications. According to Microsoft’s bulletin, Service Bus suffers from a denial of service (DoS) vulnerability involving it’s inability to properly handle a sequence of specially crafted messages. If you have created an application that uses Service Bus, an attacker who could send specially crafted messages to your application could exploit this flaw to prevent the application from responding to further messages. You’d have to restart the service to regain functionality.

Windows itself doesn’t really use Service Bus for anything, but if you have internal applications that do, this vulnerability may be significant to you. If you use Service Bus, be sure to check out the bulletin to get your updates. — Corey Nachreiner, CISSP (@SecAdept)

Adobe Patches Rosetta Flash Vulnerability

Summary:

  • This vulnerability affects: Adobe Flash Player  14.0.0.125 and earlier, running on all platforms (and Air)
  • How an attacker exploits it: By enticing you to run specially crafted Flash content (often delivered as a .SWF file)
  • Impact: Varies, but in one case an attacker can leverage this flaw to gain access to sensitive content from other web domains you visit.
  • What to do: Download and install the latest version of Adobe Flash Player (version 14.0.0.145 for computers)

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released this week, Adobe announced a patch that fixes three vulnerabilities in Adobe Flash Player 14.0.0.125 and earlier, running on all platforms.

Adobe characterizes two of the vulnerabilities as “security bypass” flaws, and states that attackers could exploit at least one of them to take control of the affected system. However, it’s the third vulnerability that is most interesting and is getting media attention.

A security researcher, Michele Spagnuolo, posted a blog article describing a complex, multi-layered vulnerability called the Rosetta Flash flaw, which involves both the Flash vulnerability, but also depends on JSONP-based web applications. If you’re interested in the intricate technical details of the attack, I recommend you check out the Spagnuolo’s blog post, or presentation. The scope of the vulnerability is a little easier to understand. If an attacker can trick your users into running specially crafted Flash content, he can potentially take advantage of this flaw to steal your user’s information from certain third party domains that use JSONP-based applications. When first discovered, this included domains like Ebay, Tumblr, and some Google applications However, these big companies have since modified their web applications to prevent this flaw.

In any case, Adobe rates these issues as a “Priority 1” issues for Windows and Mac, and recommends you apply the updates as soon as possible (within 72 hours).   However, the vulnerability technically affects other platforms as well, so I recommend you update any Flash capable device as soon as you can.

Solution Path

Adobe has released new versions of Flash Player (14.0.0.145 for computers) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

  • Download Flash Player for your computer:
NOTE: Chrome and newer versions of IE ship with their own versions of Flash, built-in. If you use them as you web browser, you will also have to update them separately, though both often receive their updates automatically.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash (and Shockwave) content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

Finally, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Adobe’s Flash update to completely protect yourself from all of these flaws.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

TweetDeck XSS – WSWiR Episode 111

Patch Day, P.F. Changs Hack, and TweetDeck XSS

This week delivered a lot of infosec news and a ton of software security updates. If you didn’t have time to follow it all, check out our weekly computer security video to fill in the blanks.

During today’s episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. restaurant chain, and talk about the cross-site scripting worm spreading via TweetDeck. Click play below to learn more, and check out the References for other interesting infosec stories.

Before wishing you a great weekend, here are a couple of quick show notes. First, I’m starting a vacation during the middle of next week, so I won’t be publishing this weekly video for the next two weeks. It will return in July.

Second, if you are a WatchGuard customer curious about our OpenSSL updates, we are in the process of posting new versions of software for many of our products. Keep your eye on this blog, as those will likely start coming out early next week.

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=hbGqdrxvOyA

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Latest Flash Update Mends Code Execution and XSS Flaws

Summary:

  • This vulnerability affects: Adobe Flash Player  13.0.0.214 and earlier, running on all platforms (and Air)
  • How an attacker exploits it: By enticing users to visit a website containing malicious Flash content
  • Impact: In the worst case, an attacker can execute code on the user’s computer, potentially gaining control of it
  • What to do: Download and install the latest version of Adobe Flash Player (version 14.0.0.125 for computers)

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released today, Adobe announced a patch that fixes six critical vulnerabilities in Adobe Flash Player 13.0.0.214 and earlier, running on all platforms.

The six vulnerabilities differ technically, and in scope and impact, but one flaw stands out as the worst. Specifically, Flash Player suffers from an unspecified memory corruption vulnerability that attackers could exploit to execute arbitrary code. Adobe doesn’t share the details, but we assume if an attacker can entice you to a site containing maliciously crafted Flash content, he could exploit this flaw to execute any code with your privileges. If you are a local administrator, or have root access, the attacker gains complete control of your computer. The remaining flaws include three cross-site scripting (XSS) vulnerabilities and two unspecified security bypass flaws.

Adobe rates these issues as a “Priority 1” issue for Windows and Mac, and recommend you apply the updates as soon as possible (within 72 hours).   However, the vulnerability technically affects other platforms as well, so I recommend you update any Flash capable device as soon as you can.

Solution Path

Adobe has released new versions of Flash Player (14.0.0.125 for computers) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

  • Download Flash Player for your computer:
NOTE: Chrome and newer versions of IE ship with their own versions of Flash, built-in. If you use them as you web browser, you will also have to update them separately, though both often receive their updates automatically.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

More importantly, WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has already developed a signature that can detect and block one of the Flash flaws:

  • EXPLOIT Adobe Flash Player security bypass vulnerability (CVE-2014-0520)

Your XTM appliance should get this new IPS signature update shortly.

Finally, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Adobe’s Flash update to completely protect yourself from all of these flaws.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Microsoft Black Tuesday: Seven Security Bulletins Include a Huge IE Update

If there is one day of the month you should really focus on software patching, this is the day. The second Tuesday of the month is both Microsoft and Adobe patch day. If you run a Windows shop, or you use Adobe products on any platform, it’s time for you to get patching!

As they promised, Microsoft released seven bulletins today to fix a wide range of security vulnerabilities in a number of their products, including:

  • Windows and its components,
  • Office (Word),
  • Internet Explorer (IE),
  • and Lync Server.

Microsoft rates two of the bulletins as Critical.

The big news here is the major Internet Explorer (IE) update. Not only does it fix a zero day vulnerability I discussed a few weeks ago, but it corrects a whooping total of 59 security flaws in the popular web browser. If you have Windows computers in your network, you need to patch IE immediately. The second Critical update fixes a Windows graphics component (GDI+) flaw, which attackers can leverage simply by tricking your users into viewing maliciously crafted images.

In short, if you use any of the affected Microsoft products, you should download, test, and deploy these updates as quickly as you can or you can also let Windows’ Automatic Update do it for you. You can find more information about these bulletins and updates in Microsoft’s June Summary advisory.

Adobe’s Patch Day, on the other hand, seems a bit lighter than Microsoft’s. They only released one security update fixing six security flaws in Flash Player. That said, the update fixes some pretty serious vulnerabilities that attackers could exploit just by enticing you to the wrong web site. Be sure to update Flash as well.

I’ll share more details about today’s patches on the blog throughout the day, so stay tuned.  — Corey Nachreiner, CISSP (@SecAdept).

GOZeus Down – WSWiR Episode 110

NSA Facial Recognition, OpenSSL Patch, and Zeus Takedown

It’s that time again. If you have a hankering for the latest InfoSec news, this is the place to get it. You can watch me summarize all of the week’s biggest security stories in one short video.

Today I talk about the NSA scanning the Internet for our pictures, a big OpenSSL security update, and the latest botnet takedown that puts a damper on GOZeus and Cryptolocker. Watch the video for the scoop, and check out the Extras below for other news.

Hope you have a great weekend, and stay safe out there.

(Episode Runtime: 8:33)

Direct YouTube Link: https://www.youtube.com/watch?v=gp46hzT6G1E

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

iPhone Ransom Message – WSWiR Episode 109

Iranian Social Hackers, XP Patch Hack, and iPhone Ransom Notes

Did you have time to follow security mailings lists, check out infosec news sites, or find that latest patches this week? If not, don’t worry. This weekly video blog will cover the top three computer security news items each Friday for you. Subscribe to this blog or the YouTube channel to stay informed.

This episode covers an Iranian hacking campaign where attackers pose journalists on social media sites, shares a tip about a Windows XP registry hack that could give you security updates until 2019, and highlights a recent iCloud attack that attackers are using to hold iPhones for ransom. Click play for the details, and check out the reference section for other stories.

(Episode Runtime: 7:38)

Direct YouTube Link: https://www.youtube.com/watch?v=sa-2RLe_sr4

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: