Tag Archives: patch

June Apple Patch Day – Daily Security Byte EP.107

If you use Apple productson Mac or PCknow that today is Apple Patch Day. The popular software company released six security advisories (originally five, but they had a late breaking advisory) fixing many security flaws in most of their most popular products. Watch today’s video to learn which products are affected, and what you should patch (or check the Reference section for a link to the page with all the details).

As an aside: Sorry about the bad links yesterday, and thanks for those that informed me. If you go to the blog, the link for yesterday’s video is corrected there.

(Episode Runtime: 1:24)

Direct YouTube Link: https://www.youtube.com/watch?v=KwyHlFUPga4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Spam Spreads 0day Flash Exploit – Daily Security Byte EP.102

Adobe released an emergency patch today to fix a zero day Flash vulnerability, which a security company found attackers exploiting in the wild. Watch today’s short video to learn how these alleged Chinese attackers delivered this exploit, and what you can do to protect yourself from it.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=mSXb6N1k-ok

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Lenovo Security Fail – Daily Security Byte EP.78

A few months ago, some of Lenovo’s preinstalled adware got them into security hot water. Looks like their pre-installed software has struck again. Watch today’s video to learn about the latest Lenovo vulnerabilities and what you can do about them.

 

(Episode Runtime: 1:54)

Direct YouTube Link: https://www.youtube.com/watch?v=2jU2b42iVY4

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

0Day WordPress XSS – Daily Security Byte EP.71

A really, really long comment could allow an attacker to hijack your WordPress blog. Watch today’s quick video to learn about the zero day XSS flaw reported by a Finnish security researcher, and what you can do about it.

 

(Episode Runtime: 1:48)

Direct YouTube Link: https://www.youtube.com/watch?v=H2XR2tnm0yQ

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Cisco Routers Need Patching – Daily Security Byte EP.54

This week, Cisco released an advisory telling IOS device users to patch. The latest IOS update fixes three vulnerabilities, which specifically affect administrators who use Cisco’s Autonomic Networking Infrastructure (ANI). Watch today’s video to learn more about these flaws, especially if you have ANI enabled.

 

(Episode Runtime: 1:21)

Direct YouTube Link: https://www.youtube.com/watch?v=PMOESrmT8qU

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

OpenSSL DoS – Daily Security Byte EP.48

This week the information security (InfoSec) community was abuzz about an upcoming critical OpenSSL update. Would it fix the next FREAK or Heartbleed? Nope. It was much less severe than expected. Nonetheless, watch today’s video to learn how quickly you should patch.

 

(Episode Runtime: 1:55)

Direct YouTube Link: https://www.youtube.com/watch?v=UkehIk0KDaw

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

#OpKKK – WSWiR Episode 130

Emergency Windows Patch, Malware Vs. Passwords, and #OpKKK

Nowadays, researchers, hackers, and the media bombard us with tons of information security (InfoSec) news each week. There’s so much, it’s hard to keep upespecially when it’s not your primary job. However, I believe everyone needs to be aware of the latest InfoSec threats. If you want to protect your network, follow our weekly video so I can quickly get you up to speed every Friday.

Today’s episode covers a critical out-of-cycle Microsoft patch, talks about the latest updates to a nasty piece of mobile malware, and explores the ethical issues surrounding a recent Anonymous attack campaign, Operation KKK. Press play for the details, and see the references below for more stories.

As an aside, after shooting this week’s video, I learned attackers may have stolen a bunch of passwords from many popular online services. It may be a hoax, but if you use Windows Live, PSN, or 2K Games, you should probably change you password… just to be safe. Have a great weekend!

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=XUsqxsHvVZc

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

Grab Microsoft’s Out-of-Cycle Kerberos Patch

During last week’s Microsoft Patch Day, I pointed out that Microsoft had delayed two of the expected bulletins. This week, they released one of those delayed updates, and rate it as a Critical issue.

According to the MS14-068 Security Bulletin, Kerberos suffers from a local privilege elevation flaw that could allow attackers to gain full control of your entire domain. Kerberos is one of the authentication protocols used by Windows Servers. Kerberos Key Distribution Center (KDC) is the network service that supplies kerberos “tickets.” Unfortunately, Windows Servers suffers from a KDC vulnerability that allows local users to gain full domain administrator privileges simply by sending maliciously forged tickets to your KDC server. The good news is, an attacker needs valid domain login credentials, and local network access to leverage this flaw. The bad news is, if they can exploit the flaw, they basically gain access to ALL your Windows machines easily. This is a great flaw for advanced attackers. If they can pwn even one of your least privileged users, they can leverage it to gain full control of Windows networks, and easily move laterally throughout your network. I consider this a pretty serious issue.

I recommend you patch your Windows Servers, especially your Active Directory controller, as soon as possible. Check out the Affected Software section of Microsoft’s bulletin for patch details. Though I recommend you update quickly, your Authentication server is a critical network component. I highly recommend you test this update on a non-production server first, to make sure it doesn’t cause and unexpected problems. — Corey Nachreiner, CISSP (@SecAdept)

Latest Flash Update Plugs 18 Security Holes

Do you watch a lot of online video or play interactive web games? Perhaps your organization uses rich, interactive web-based business applications? In either case, you’ve probably installed Adobe Flash, along with the  500 million other device holders who use it. In this case, you better update Flash as soon as you can.

During Microsoft Patch day, Adobe released a security bulletin describing 18 vulnerabilities in the popular rich media web plug-in. There’s no point in covering the flaws individually, as the majority of them share the same scope and impact. In short, most of the flaws involve memory corruption issues that a smart attacker could leverage to execute code on your PC. The attacker would only have to entice you to a web site containing malicious code. In other words, most of them help attackers setup drive-by download attacks.

Though it doesn’t appear attackers are exploiting any of these flaws in the wild yet, Adobe rates there severity a “Priority 1″ for Windows and Mac users. This means you should patch within 72 hours. If you use Flash, go get the latest version, and check out Adobe’s security bulletin if you’d like more details. — Corey Nachreiner, CISSP (@SecAdept)

Adobe Patches Flash but Delays Reader Update

Summary:

  • This vulnerability affects: Adobe Flash Player running on all platforms and Adobe Air
  • How an attacker exploits it: By enticing users to visit a website containing malicious Flash content
  • Impact: In the worst case, an attacker can execute code on the user’s computer, potentially gaining control of it
  • What to do: Download and install the latest version of Adobe Flash Player for your platform

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released this week during Patch Day, Adobe released an update that fixes a dozen security vulnerabilities affecting Flash Player running on any platform. The bulletin doesn’t describe the flaws in much technical detail, but does say most of them consist of various types of memory corruption flaws. If an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PCs.

Though attackers aren’t exploiting these flaws in the wild yet, Adobe rates them as a “Priority 1” issues for Windows, Mac, and Linux users, and recommends you apply the updates within 72 hours. These vulnerabilities also affect other platforms as well, though not as severely. I recommend you update any Flash capable device as soon as you can.

As an aside, though Adobe promised a Reader update this month, they seem to have delayed it for some reason. You may want to keep an eye on Adobe’s Security page for more updates.

Solution Path

Adobe has released new versions of Flash Player to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

You can download Flash for your computer at the link provided below. See the bulletin’s “Affected Software” section for more details on getting Flash updates for other platforms:

Keep in mind, if you use Google Chrome or Internet Explorer 10 or 11 you’ll have to update it separately.

For All WatchGuard Users:

If you choose, you can configure the HTTP proxy on your XTM appliance to block Flash content. Keep in mind, doing so blocks all Flash content, whether legitimate or malicious.

Our proxies offer many ways for you to block files and content, including by file extensionMIME type, or by using very specific hexidecimal patterns found in the body of a message – a technique sometimes referred to as Magic Byte detection. Below I list the various ways you can identify various Flash files:

File Extension:

  • .flv –  Adobe Flash file (file typically used on websites)
  • .fla – Flash movie file
  • .f4v – Flash video file
  • .f4p – Protected Flash video file
  • .f4a – Flash audio file
  • .f4b – Flash audiobook file

MIME types:

  • video/x-flv
  • video/mp4 (used for more than just Flash)
  • audio/mp4 (used for more than just Flash)

FILExt.com reported Magic Byte Pattern:

  • Hex FLV: 46 4C 56 01
  • ASCII FLV: FLV
  • Hex FLA:  D0 CF 11 E0 A1 B1 1A E1 00

(Keep in mind, not all the Hex and ASCII patterns shared here are appropriate for content blocking. If the pattern is too short, or not unique enough, blocking with them could result in many false positives) 

If you decide you want to block Flash files, the links below contain instructions that will help you configure your Firebox proxy’s content blocking features using the file and MIME information listed above.

Status:

Adobe has released updates to fix these Flash vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,971 other followers

%d bloggers like this: