Tag Archives: mac

WatchGuard Security Week in Review: Episode 18

May 18, 2012 by Corey Nachreiner 0 Comments

AusCERT 2012, QuickTime Updates, and a New Zeus Variant

This week’s “on the road” edition of WatchGuard Security Week in Review comes to you from the sunny Gold Coast of Australia, where I’ve spent the week learning about the latest mobile attacks, cloud threats, and SCADA security issues with the vibrant Australian security community. In this week’s video podcast, I quickly summarize a few of the presentations I saw at AusCERT this year.

Of course, normal security news continued marching along despite my little jaunt to the land down under. So I also cover this week’s important software updates, some new malware variants, and a potentially catastrophic antivirus update mistake. If you’re ready to catch up on the week’s most interesting security stories, check out the video below.

If you’d like to read the original sources for many of these stories, be sure to check out the Reference section. Also, make sure to post any feedback or questions in the comments section below, and share this podcast with your friends if you like it. Cheers!

(Episode Runtime: 5:35)

Direct YouTube Link: http://www.youtube.com/watch?v=KI9astTaRjU

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 17

May 11, 2012 by Corey Nachreiner 0 Comments

Twitter Hacks, Gas Pipeline Cyber Attacks, and FBI Wiretaps

Though the primary theme for this week was, “patch, patch, patch,” I saw many other interesting, non-update related security stories in the news as well. This week’s vlog packs all those stories into a brisk eight and a half minutes. Topics include:

  • Highlights on Microsoft, Adobe, and Apple security updates
  • FBI lobbying for online wiretaps
  • Warnings of Gas Pipeline Cyber Attacks
  • Some new Geo-aware malware
  • A seemingly big Twitter breach
  • Some hacker arrests

For details on all these stories, and a few security tips along the way, check out the latest WatchGuard Security Week in Review video below.

As always, if you don’t have time for a video but want to check out individual stories later, you can find links to all the issues I cover in the ”Reference” section at the end of this post. You can also let us know what you think about this video series in the comments section.

Finally, I’m attending AusCERT next week; a security conference in Australia. Though I plan to release an episode next week, I will either post it significantly earlier or later than normal, due to the time zone difference. So keep your eyes peeled for next week’s episode, but don’t expect it at the regular time.

(Episode Runtime: 8:31)

Direct YouTube Link: http://www.youtube.com/watch?v=guqTuUatEwc

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 16

May 4, 2012 by Corey Nachreiner 1 Comment

Lots of New Malware, Microsoft Patch Day, and Oracle Updates

This week’s security summary podcast includes information about Microsoft’s upcoming Patch Day, stories about three interesting new malware variants, and updates to a few stories from previous episodes. Watch the video below for the details.

If you’d prefer to read, see the “Reference” section for links to all these security stories. I’ve seen a few late-breaking stories since I shot this week’s video, so be sure to check out those updates below. Also, don’t forget to share your thoughts or feedback in the comments section. (Episode Runtime: 8:37)

Direct YouTube Link: http://www.youtube.com/watch?v=guqTuUatEwc

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 15

April 27, 2012 by Corey Nachreiner 1 Comment

Major US Cyber Legislation, VMware Source Code Leak, and Hotmail Hacks

This week’s security news round-up video is full of scary Cyber legislation, major network and organization breaches, and a couple of important security updates. If you’re too busy to follow the barrage of security news every day, let WatchGuard’s Security Week in review video summarize it for you.

Would you rather read? No problem. You’ll find links to all these stories in the reference section.

By the way, this week’s stories continued to develop as I produced this episode. Unfortunately, I had to sneak in a quick video update about the CISPA bill during production. I won’t give it all away, but I can say CISPA is one step closer to reality. Watch below for details. (Episode Runtime: 6:54)

Direct YouTube Link: http://www.youtube.com/watch?v=euZUKfEvZvY

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 14

April 19, 2012 by Corey Nachreiner 2 Comments

Oracle CPU Update, Another Mac Trojan, and 20,000 Infected Websites

This week I’ve been traveling in Denmark and Finland, speaking at various security events, which make this week’s WatchGuard Security Week in Review an “on the road” edition. In this very short episode, I quickly cover this week’s big Oracle Critical Patch Update (CPU), yet another mac trojan, and a story about Google warning web administrators about web site infections. Check out the video below for the quick highlights

You’ll find links to the stories in this episode below. Feel free to share thoughts and suggestions in the comments section, and share these videos with your friends. I’ll be back next week with a more regular length episode. (Episode Runtime: 3:50)

Direct YouTube Link: http://www.youtube.com/watch?v=Ss1wKkWqRDI

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 13

April 13, 2012 by Corey Nachreiner 3 Comments

Flashback Follow-up, Lots of Patches, and MBR Ransomware

In this week’s video, I follow up on Flashback developments, cover the various security updates that came out this week, and warn you about two new interesting malware variants that change their targets or techniques. There’s a lot to learn, so check out this week’s WatchGuard Security Week in Review video below.

For those not interested in video, I share links to all this week’s stories in the Reference section. I had originally intended to cover a few government-related news items in this week’s video, too. However, I decided to cut them due to time. If you’re interested in the new U.S. cyber security act and an interesting new Stuxnet development, I’ve included extra links to those stories as well.

As always, I’d love to hear how to improve these videos, so feel free to leave comments and pass these videos on to your friends and co-workers. (Episode Runtime: 5:57)

Direct YouTube Link: http://www.youtube.com/watch?v=4AXyWowjmeg

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , ,

WatchGuard Security Week in Review: Episode 12

April 6, 2012 by Corey Nachreiner 2 Comments

April Brings a Major Data Breach, a Mac Botnet, and New Mobile Malware

This week’s video podcast covers a major credit card data breach, a spreading Mac botnet, new Android malware, and much more. If you use a Mac, run Microsoft software, or have a mobile device, don’t miss this episode of WatchGuard Security Week in Review.

If you’re a reader, or just don’t want to listen to little ol’ me, check out the links to all these stories below. Don’t forget, I’m always looking for your suggestions or feedback to make this podcast better. Don’t be shy about leaving your thoughts in the comments section of this post, and feel free to share these videos with your friends and coworkers. (Episode Runtime: 8:52)

Direct YouTube Link: http://www.youtube.com/watch?v=ITrUELOftVA

Episode References:

— Corey Nachreiner, CISSP (@SecAdept)

Editorial Articles, Security Updates
, , , , , , , , , , , , , ,

Windows zero day and small Snow Leopard update start off the new year

January 7, 2011 by Corey Nachreiner 1 Comment

A fresh new year has begun and we already have security vulnerabilities in two of the most popular operating systems; Windows and OS X. Let’s start with the more worrisome one – Windows.

According to a recent Microsoft Security Advisory, the Graphics Rendering Engine that ships with most versions of Windows (one of the components that helps display graphics on your screen) suffers from a zero day vulnerability. Specifically, a flaw in how the Graphics Rendering engine parses specially crafted thumbnail images could result in a buffer overflow. By enticing you to preview a thumbnail image, perhaps hosted on a website or sent within an email, an attacker could exploit this flaw to execute code on your computer, with your privileges. If you’re a local administrator, the attacker gets the keys to your castle.

Microsoft doesn’t have a patch for this vulnerability, but they do describe a workaround that will mitigate some attacks. See the “Mitigating Factors and Suggested Actions” section of their advisory for more details. Unfortunately, they don’t say whether or not attackers are exploiting this zero day in the wild. Though Patch Day is coming up next week, I doubt Microsoft will get this fix out by then, so be sure to be careful handling thumbnail images.

Next up is Apple. Late yesterday, Apple released a security update for OS X 10.6.x (Snow Leopard). The update only seems to fix one marginally severe vulnerability. Apple’s alert doesn’t describe the flaw in much technical detail. They only say that a format string flaw in PackageKit could allow an attacker to execute code on your Mac. In order to exploit this flaw, the attacker would need to deliver a malicious package via Apple’s Software Update, which means he would need to complete a Man-in-the-Middle attack to gain control of where Software Update gets its package from. In short, attackers will have a hard time leveraging this flaw without local access to your network. Nonetheless, Snow Leopard users should download the 10.6.6 update or let Software Update do it for them.

In summary, if you’re a Windows user, be careful with thumbnails, and look for updates next Tuesday, and if you’re a Snow Leopard user, upgrade as soon as you can.

Corey Nachreiner, CISSP

Editorial Articles
, , ,

Pictures and Videos Pose a Threat to Quicktime for Windows and Mac

December 8, 2010 by WatchGuard Technologies 0 Comments

Summary:

  • These vulnerabilities affect: QuickTime 7.6.8 and earlier for Windows and Mac
  • How an attacker exploits them: By enticing your user into viewing a maliciously crafted movie or image file
  • Impact: An attacker could execute code on your user’s computer, potentially gaining control of it
  • What to do: Download and install QuickTime 7.6.9 as quickly as possible, or let Apple’s Software Update tool do it for you

Exposure:

Late Yesterday, Apple released a security update to fix 15 media handling vulnerabilities that affect both the Windows and Mac version of QuickTime, their popular media player.

The flaws vary quite a bit technically, but most of them share the same general scope and impact. If an attacker can lure one of your users into viewing malicious media, such as an image or video file, he can exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. Since most Windows users have local administrative privileges, attackers could often leverage this flaw to gain complete control of Windows machines. Macs, on the other hand, separate your user privileges from the superuser account. So an attacker could only leverage these flaws to gain limited privileges on a Mac (though still enough privilege to do significant damage).

If you use Quicktime within your network, we highly recommend you download and install Apple’s update as quickly as you can.

Solution Path:

Apple has released QuickTime 7.6.9 to fix this security issue. Administrators who allow QuickTime in their network should download, test, and deploy the updated version at their earliest convenience. By default, Apple’s download bundles iTunes with QuickTime, but because iTunes often has security issues of its own, we recommend that you select the option of downloading QuickTime alone (unless you need iTunes). If you like, you can also let Apple’s Software Update tool download and install the update for you.

For WatchGuard Users:

You can mitigate the risk of this flaw by blocking media files with your WatchGuard appliance. According to Apple’s advisory, attackers could potentially leverage these flaws using the following media files (listed by extension):

 

If you like, you can use the HTTP, SMTP, and FTP proxy on some WatchGuard appliances to block these files by their extension. That said, many administrators prefer to allow this type of media into their network, in order to visit media rich websites. Blocking this media, especially image files, could significantly hamper your web browsing experience. Therefore, we recommend you apply Apple’s Quicktime update instead.

That said, if you really want to block QuickTime media files, the links below contain video instructions showing how to block them by extension. Keep in mind, this technique also blocks legitimate media as well.

 

Status:

Apple has released updates to fix these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

 

Got feedback? Leave it in the comments!

 

Security Updates
, ,

Two Office Security Bulletins Fix Seven Vulnerabilities

November 10, 2010 by WatchGuard Technologies 0 Comments

Summary:

  • These vulnerabilities affect: Most current versions of Microsoft Office, and the components that ship with it
  • How an attacker exploits it: Typically by enticing one of your users to open a malicious Office document
  • Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it
  • What to do: Install Microsoft Office updates as soon as possible, or let Microsoft’s automatic update do it for you

Exposure:

As part of today’s Patch Day, Microsoft released two security bulletins describing seven vulnerabilities found in components that ship with most current versions of Microsoft Office for Windows and Mac.

The vulnerabilities affect different versions of Office to varying degrees. Though the seven vulnerabilities differ technically, and affect different Office components, they share the same general scope and impact. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

According to Microsoft’s bulletins, an attacker can exploit these flaws using many different types of Office documents. In one bulletin, Microsoft specifically states PowerPoint documents are vulnerable. However, they also mention any “Office files” in their other alert. Therefore, we recommend you beware of all unexpected Office documents.

If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:

  • MS10-087: Five Office Code Execution Vulnerabilities, rated Critical
  • MS10-088: Two PowerPoint Code Execution Vulnerabilities, rated Important

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.

MS10-087:

Note: Office 2004 and 2008 for Mac are also vulnerable to these flaws, however, Microsoft has not created a updates for these Mac versions yet.

MS10-088:

PowerPoint update for:

Note: Office 2004 for Mac is vulnerable to these flaws, however, Microsoft has not created an update for this Mac version yet.

For All WatchGuard Users:

While you can configure certain WatchGuard Firebox models to block Microsoft Office documents, some organizations need to allow them in order to conduct business. Therefore, these patches are your best recourse.

If you want to block Office documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features by file extensions. Some of the file extensions you’d want to block include, .DOC, .XLS, .PPT, and many more (including the newer Office extensions that end with “X”). Keep in mind, blocking files by extension blocks both malicious and legitimate documents.

Status:

Microsoft has released Office updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

 

Security Updates
, , , ,
Older Entries

Follow

Get every new post delivered to your Inbox.

Join 6,939 other followers