Tag Archives: adobe

Printer Doom Hack – WSWiR Episode 122

Apple Patches, Kindle XSS, and Doom Printer Hack

If you want to stay current with the Internet “threatscape,” our weekly video can help. It summarizes each week’s top information and network security news in one convenient place. Subscribe today!

Today’s episode covers, Apple and Adobe security updates, a cross-site scripting flaw that affects Kindle users, and an interesting printer hack that allowed an attacker to run doom on a printer. Watch the video for details and see the Reference section below for more info.

Enjoy your weekend!

(Episode Runtime: 5:39

Direct YouTube Link: https://www.youtube.com/watch?v=aZ7-LdlMYHc

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Old Gmail Leak – WSWiR Episode 121

Patch Day, Home Depot Update, and Gmail Leak

Why go searching for all the week’s information security (infosec) news when you can find it in one convenient place. This weekly vlog summarizes the important security updates, hacks, and threats so you can protect yourself.

This week’s episode arrives a bit late due to my business travel in Europe. Today’s show covers the week’s Microsoft and Adobe patches, the latest news on the Home Depot breach, and a story about a potentially new (but likely old) Gmail credential leak. Watch the video for the details, and check the references below for more info and some extra stories.

I will be continuing my business travel next week as well. So my weekly post may arrive earlier or later than normal. Have a great day!

(Episode Runtime: 4:53)

Direct YouTube Link: https://www.youtube.com/watch?v=I1GZpvQV6dQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Adobe Patches Flash but Delays Reader Update

Summary:

  • This vulnerability affects: Adobe Flash Player running on all platforms and Adobe Air
  • How an attacker exploits it: By enticing users to visit a website containing malicious Flash content
  • Impact: In the worst case, an attacker can execute code on the user’s computer, potentially gaining control of it
  • What to do: Download and install the latest version of Adobe Flash Player for your platform

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released this week during Patch Day, Adobe released an update that fixes a dozen security vulnerabilities affecting Flash Player running on any platform. The bulletin doesn’t describe the flaws in much technical detail, but does say most of them consist of various types of memory corruption flaws. If an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PCs.

Though attackers aren’t exploiting these flaws in the wild yet, Adobe rates them as a “Priority 1” issues for Windows, Mac, and Linux users, and recommends you apply the updates within 72 hours. These vulnerabilities also affect other platforms as well, though not as severely. I recommend you update any Flash capable device as soon as you can.

As an aside, though Adobe promised a Reader update this month, they seem to have delayed it for some reason. You may want to keep an eye on Adobe’s Security page for more updates.

Solution Path

Adobe has released new versions of Flash Player to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

You can download Flash for your computer at the link provided below. See the bulletin’s “Affected Software” section for more details on getting Flash updates for other platforms:

Keep in mind, if you use Google Chrome or Internet Explorer 10 or 11 you’ll have to update it separately.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

Our proxies offer many ways for you to block files and content, including by file extensionMIME type, or by using very specific hexidecimal patterns found in the body of a message – a technique sometimes referred to as Magic Byte detection. Below I list the various ways you can identify various Flash files:

File Extension:

  • .flv –  Adobe Flash file (file typically used on websites)
  • .fla – Flash movie file
  • .f4v – Flash video file
  • .f4p – Protected Flash video file
  • .f4a – Flash audio file
  • .f4b – Flash audiobook file

MIME types:

  • video/x-flv
  • video/mp4 (used for more than just Flash)
  • audio/mp4 (used for more than just Flash)

FILExt.com reported Magic Byte Pattern:

  • Hex FLV: 46 4C 56 01
  • ASCII FLV: FLV
  • Hex FLA:  D0 CF 11 E0 A1 B1 1A E1 00

(Keep in mind, not all the Hex and ASCII patterns shared here are appropriate for content blocking. If the pattern is too short, or not unique enough, blocking with them could result in many false positives) 

If you decide you want to block Flash files, the links below contain instructions that will help you configure your Firebox proxy’s content blocking features using the file and MIME information listed above.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Microsoft Black Tuesday: Windows, IE, Lync, and .NET Patches

As you may know, today was Microsoft Patch Day. If you manage a Windows-based network, it’s time to get the latest updates.

According to Microsoft’s summary post, the Redmond-based software company released four security bulletins fixing 41 vulnerabilities in many of their popular products. The affected software includes, Windows, Internet Explorer (IE), Lync Server, and the .NET Framework. Microsoft rates the IE update as Critical, and the rest as Important.

As you might guess from the severity ratings, the IE update is the most important. It fixes over 37 security flaws in the popular browser, many of which attackers could use in drive-by download attacks (where just visiting a web site results in malware on your computer). Furthermore, one of the fixes closes a zero day vulnerability that attackers have exploited in the wild. If you use IE, I recommend you apply its update as quickly as your can. You should also install the other updates as well, however, their mitigating factors lessen their risk, so you can install them at your convenience.

In summary, if you use any of the affected products, download, test, and deploy these updates as quickly as you can or let Windows’ Automatic Update do it for you. For the server related updates, I highly recommend you test them before installing them on production servers, as Microsoft has released a few problem causing updates recently. You can find more information about these bulletins and updates in Microsoft’s September Summary advisory.

Also note today is Adobe’s Patch Day as well, and they released one security update fixing 12 vulnerabilities in Flash Player. If you use Flash, you should update it quickly. Adobe also pre-announced a Reader update earlier this month. However, it appears they have had to delay the update for some reason.

I’ll share more details about today’s patches on the blog throughout the day. However, I am traveling internationally, so the updates may not arrive as regularly as usual. If you are in a hurry to patch, I recommend you visit the links above, and start now.  — Corey Nachreiner, CISSP (@SecAdept).

Celeb Selfie Hack – WSWiR Episode 120

Software Patches, Home Depot Breach, and Celebrity Selfie Hack

If you need a quick source for all your information security (infosec) news, you’ve come to the right place. I summarize the most important infosec news in this weekly video, and provide links to other security stories as well.

Unfortunately, today’s episode includes a pretty creepy hack. The show covers next week’s upcoming software patches, another credit card leak that seems to come from Home Depot, and a gross story about hackers stealing hundreds of celebrities’ most private pictures. Find the details in the video below and see what you can learn from these unfortunate cyber attacks.

As always, check the Reference section if you are interested in other stories that I didn’t cover in the video. Also, I will be traveling the next few weeks, which means I may not be able to post this video as regularly as usual. Expect the video to turn up at irregular times, otherwise I may post a written version of the weekly summary instead. Have a great weekend, and stay safe online!

(Episode Runtime: 13:17)

Direct YouTube Link: https://www.youtube.com/watch?v=-mRjltM-tc0&

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Blackhat and More – WSWiR Episode 116

Blackhat Summary,Lots of Patches, and MonsterMind

Times have changed. Cyber attacks have increased 10-fold, causing a ton of information security (infosec) news each week. Can’t keep up with it all? Let me help out. In this weekly video summary, I highlight the biggest information and security news every week.

Last week, I had meant to post a Black Hat video summary, but simply couldn’t find the time during my two week travel schedule. I try to make up for it in this week’s episode. In today’s video, I share a bit about Black Hat, cover the latest security patches, comment on the alleged huge password theft, and highlight Snowden’s latest interview and disclosures. Watch the video for the details.

Also, don’t forget to check out the big reference section below for two weeks of security news links, and some videos from Black Hat. Have a great weekend.

(Episode Runtime: 9:09)

Direct YouTube Link: https://www.youtube.com/watch?v=Xv1fUT15AP8

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Hardware Malware – WSWiR Episode 112

Tons of Patches, Facebook Botnets, and Infected Hand Scanners

After a couple weeks of hiatus, we’re finally back with our weekly security news summary video. If you want to learn about all the week’s important security news from one convenience resource, this is the place to get it.

This episode covers the latest popular software security updates from the last two weeks, and interesting Litecoin mining botnet that Facebook helped eradicate, and an advanced attack campaign that leverages pre-infected hardware products. Watch the video for the details, and check out the Reference’s for more information, and links to many other interesting InfoSec stories.

Enjoy your summer weekend, and stay safe!

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=oAHYUW1KkM0

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Microsoft Service Bus DoS Mostly Affects Enterprise Web Developers.

Among this week’s Microsoft security bulletins is one that likely only affects a small subset of Microsoft customers, and thus not worth a full security alert.

Microsoft Service Bus is a messaging component that ships with server versions of Windows, providing enterprise developers with the means to create message-driven applications. According to Microsoft’s bulletin, Service Bus suffers from a denial of service (DoS) vulnerability involving it’s inability to properly handle a sequence of specially crafted messages. If you have created an application that uses Service Bus, an attacker who could send specially crafted messages to your application could exploit this flaw to prevent the application from responding to further messages. You’d have to restart the service to regain functionality.

Windows itself doesn’t really use Service Bus for anything, but if you have internal applications that do, this vulnerability may be significant to you. If you use Service Bus, be sure to check out the bulletin to get your updates. — Corey Nachreiner, CISSP (@SecAdept)

Adobe Patches Rosetta Flash Vulnerability

Summary:

  • This vulnerability affects: Adobe Flash Player  14.0.0.125 and earlier, running on all platforms (and Air)
  • How an attacker exploits it: By enticing you to run specially crafted Flash content (often delivered as a .SWF file)
  • Impact: Varies, but in one case an attacker can leverage this flaw to gain access to sensitive content from other web domains you visit.
  • What to do: Download and install the latest version of Adobe Flash Player (version 14.0.0.145 for computers)

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released this week, Adobe announced a patch that fixes three vulnerabilities in Adobe Flash Player 14.0.0.125 and earlier, running on all platforms.

Adobe characterizes two of the vulnerabilities as “security bypass” flaws, and states that attackers could exploit at least one of them to take control of the affected system. However, it’s the third vulnerability that is most interesting and is getting media attention.

A security researcher, Michele Spagnuolo, posted a blog article describing a complex, multi-layered vulnerability called the Rosetta Flash flaw, which involves both the Flash vulnerability, but also depends on JSONP-based web applications. If you’re interested in the intricate technical details of the attack, I recommend you check out the Spagnuolo’s blog post, or presentation. The scope of the vulnerability is a little easier to understand. If an attacker can trick your users into running specially crafted Flash content, he can potentially take advantage of this flaw to steal your user’s information from certain third party domains that use JSONP-based applications. When first discovered, this included domains like Ebay, Tumblr, and some Google applications However, these big companies have since modified their web applications to prevent this flaw.

In any case, Adobe rates these issues as a “Priority 1” issues for Windows and Mac, and recommends you apply the updates as soon as possible (within 72 hours).   However, the vulnerability technically affects other platforms as well, so I recommend you update any Flash capable device as soon as you can.

Solution Path

Adobe has released new versions of Flash Player (14.0.0.145 for computers) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

  • Download Flash Player for your computer:
NOTE: Chrome and newer versions of IE ship with their own versions of Flash, built-in. If you use them as you web browser, you will also have to update them separately, though both often receive their updates automatically.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash (and Shockwave) content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

Finally, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Adobe’s Flash update to completely protect yourself from all of these flaws.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

TweetDeck XSS – WSWiR Episode 111

Patch Day, P.F. Changs Hack, and TweetDeck XSS

This week delivered a lot of infosec news and a ton of software security updates. If you didn’t have time to follow it all, check out our weekly computer security video to fill in the blanks.

During today’s episode, I cover the critical patches from Microsoft, Adobe and Mozilla, mention the latest credit card breach against a U.S. restaurant chain, and talk about the cross-site scripting worm spreading via TweetDeck. Click play below to learn more, and check out the References for other interesting infosec stories.

Before wishing you a great weekend, here are a couple of quick show notes. First, I’m starting a vacation during the middle of next week, so I won’t be publishing this weekly video for the next two weeks. It will return in July.

Second, if you are a WatchGuard customer curious about our OpenSSL updates, we are in the process of posting new versions of software for many of our products. Keep your eye on this blog, as those will likely start coming out early next week.

(Episode Runtime: 7:37)

Direct YouTube Link: https://www.youtube.com/watch?v=hbGqdrxvOyA

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,867 other followers

%d bloggers like this: