Tag Archives: Update

Grounded Airline, Snowden Leak, and Mr. Robot – WSWiR Episode 158

If you’re feeling behind on critical information security news, you’re not alone. There are so many new InfoSec stories each week that only a dedicated few can keep up with the latest. If you need a little help following what’s important, let our weekly security news summary video keep you informed.

Last Friday’s episode covered an 0day Flash flaw, the latest Snowden leak, my review of a cool new infosec related show, and more. Watch the video below for the details, and check out the References section for other stories.

(Episode Runtime: 11:20)

Direct YouTube Link: https://www.youtube.com/watch?v=cvZCDHCc4ec



— Corey Nachreiner, CISSP (@SecAdept)

Spam Spreads 0day Flash Exploit – Daily Security Byte EP.102

Adobe released an emergency patch today to fix a zero day Flash vulnerability, which a security company found attackers exploiting in the wild. Watch today’s short video to learn how these alleged Chinese attackers delivered this exploit, and what you can do to protect yourself from it.

(Episode Runtime: 2:31)

Direct YouTube Link: https://www.youtube.com/watch?v=mSXb6N1k-ok


— Corey Nachreiner, CISSP (@SecAdept)

VM Venom, MS Patches, & GTA V Malware – WSWiR Episode 152

Last week was full of a wide range of information security news; from the latest critical Microsoft updates, to a new virtualization system vulnerability, and finishing off with malware targeting a popular video game. If you find yourself falling behind with the latest security intelligence, you’re not alone. Don’t worry though, we’re here to pick up the slack.

Press play below to hear the highlights from last week, and subscribe to our YouTube Channel to get regular updates. If you’re hungry for more security news, also check out our References section for links to other stories.

(Episode Runtime: 8:37)

Direct YouTube Link: https://www.youtube.com/watch?v=sLIL0Yxnkn8



— Corey Nachreiner, CISSP (@SecAdept)

Lenovo Security Fail – Daily Security Byte EP.78

A few months ago, some of Lenovo’s preinstalled adware got them into security hot water. Looks like their pre-installed software has struck again. Watch today’s video to learn about the latest Lenovo vulnerabilities and what you can do about them.


(Episode Runtime: 1:54)

Direct YouTube Link: https://www.youtube.com/watch?v=2jU2b42iVY4


— Corey Nachreiner, CISSP (@SecAdept)

Bye Bye Patch Day – Daily Security Byte EP.77

On October 2003almost twelve years ago, Microsoft launched their monthly Patch Day. This week, at the their Ignite Conference, they announced that they plan to stop doing monthly patches with Windows 10. If you’re a Microsoft administrator, watch our vlog to learn what this means to you.


(Episode Runtime: 2:26)

Direct YouTube Link: https://youtu.be/I1fOZeyFYI0


— Corey Nachreiner, CISSP (@SecAdept)

0Day WordPress XSS – Daily Security Byte EP.71

A really, really long comment could allow an attacker to hijack your WordPress blog. Watch today’s quick video to learn about the zero day XSS flaw reported by a Finnish security researcher, and what you can do about it.


(Episode Runtime: 1:48)

Direct YouTube Link: https://www.youtube.com/watch?v=H2XR2tnm0yQ


— Corey Nachreiner, CISSP (@SecAdept)

Cisco Routers Need Patching – Daily Security Byte EP.54

This week, Cisco released an advisory telling IOS device users to patch. The latest IOS update fixes three vulnerabilities, which specifically affect administrators who use Cisco’s Autonomic Networking Infrastructure (ANI). Watch today’s video to learn more about these flaws, especially if you have ANI enabled.


(Episode Runtime: 1:21)

Direct YouTube Link: https://www.youtube.com/watch?v=PMOESrmT8qU


— Corey Nachreiner, CISSP (@SecAdept)

OpenSSL DoS – Daily Security Byte EP.48

This week the information security (InfoSec) community was abuzz about an upcoming critical OpenSSL update. Would it fix the next FREAK or Heartbleed? Nope. It was much less severe than expected. Nonetheless, watch today’s video to learn how quickly you should patch.


(Episode Runtime: 1:55)

Direct YouTube Link: https://www.youtube.com/watch?v=UkehIk0KDaw


— Corey Nachreiner, CISSP (@SecAdept)

New Releases: Fireware and WSM version 11.9.5

red-wedge_smart-securityWatchGuard is pleased to announce the release of Fireware 11.9.5 and WSM 11.9.5. These maintenance releases provide many bug fixes, with full details outlined in the Release Notes and the  What’s New in 11.9.5 presentation.

Dimension 1.3 Update 2

Application Control information was not correctly logged from proxy policies in version 11.9.4. Along with the new Fireware release, we have also released Dimension 1.3 Update 2, which is also required to correct this issue.

Does This Release Pertain to Me?

The Fireware release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.

Software Download Center

Firebox and XTM appliance owners with active LiveSecurity can obtain this update without additional charge by downloading the applicable packages from the new and improved WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved. Known Issues are now listed in the Knowledge Base when logged in at the WatchGuard website. Note that there is also a Beta version of 11.10 available to try out at the software download center.

Contact Information

For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

Don’t have an active LiveSecurity subscription for your appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a Partner.

— Brendan Patterson 

Don’t Be ‘fraid of No GHOST; Glibc Vulnerability

GHOST VulnerabilityDuring the blog downtime, observant security practitioners probably read about a serious new vulnerabilities called GHOST, which affects all Linux-based systems to some extent. I actually covered GHOST already, in one of my Daily Security Bytes, but you may have missed it during the downtime. Let me recap the issue here.

GHOST is the name Qualys gave to a newly reported security vulnerability in the very common glibc component that ships with almost all Linux-based software and hardware. If you haven’t heard of glibc, it’s the common GNU C library which contains functions that many Linux program rely on to do common task (such as looking up IP addresses). In a routine audit, Qualys researchers found that part of the gethostbyname() function suffers from a buffer overflow flaw that attackers can use to execute code on your Linux systems.

Because many different Linux application may (or may not) use this glibc function to look up IP addresses, this flaw might get exposed through almost any network service or package. Qualys specifically designed a Proof-of-Concept (PoC) exploit against the Exim email server, which attackers can exploit just by sending email, but they warn that many other Linux packages use the vulnerable function. Some potentially affected packages include:

  • apache
  • cups
  • dovecot
  • gnupg
  • isc-dhcp
  • lighttpd
  • mariadb/mysql
  • nfs-utils
  • nginx
  • nodejs
  • openldap
  • openssh
  • postfix
  • proftpd
  • pure-ftpd
  • rsyslog
  • samba
  • sendmail
  • sysklogd
  • syslog-ng
  • tcp_wrappers
  • vsftpd
  • xinetd
  • WordPress

That said, the  size of the buffer being overwritten is very limited; at only four to eight bytes. This makes it very challenging to actually exploit this flaw in many cases. So while quite a few packages may use the vulnerable function, not all of them actually pose a real-world risk.

It turns out that this particular glibc flaw was discovered and patched over two years ago. If you have glibc 2.18 or higher, you’re not affected. However, at the time it was patched the flaw was considered a bug rather than a security vulnerability, so many Linux distributions didn’t port the glibc update to their distro.

A quick way to check the glibc version on your Linux systems is to type the following command:

ldd --version

If that reports a version lower than 2.18, you need to upgrade. If you’re interested, this blog post has a lot more good information about testing for the flaw. The good news is every major Linux distribution has since updated. If you run Linux systems (especially public servers), I recommend you get your distro’s latest updates to fix this vulnerability.

Also, keep in mind that many hardware devices (often known as the Internet of Things) are actually embedded linux systems, which may need updates as well. Not to mention, some administrators may run Linux software ports on Windows and OS X systems as well. In these cases, it’s possible you might have vulnerable versions of glibc on those non-Linux systems.

Does GHOST Affect WatchGuard Products?

You may know that many WatchGuard product are Linux-based systems, and wonder how this flaw affects them. For the most part, this flaw has little to no impact to most of our products, with a few exceptions. Here are the details:

  • WatchGuard XCS appliances – Not Affected.
  • WatchGuard Wireless Access Points – Not Affected.
  • Dimension v1.3 and higher – Not Affected.
  • Dimension v1.2 and lower – Affected, but Dimension should have already auto-updated. The version of Ubuntu shipping with Dimension v1.2 does use a vulnerable glibc package. However, Dimension auto-updates, and downloads Ubuntu’s latest patches. Since Ubuntu released a patch long ago, your Dimension server should already be patched (as long as you didn’t disable auto-updates).
  • WatchGuard XTM appliances – Affected, but not likely exploitable. XTM Fireware does contain the vulnerable version of glibc. HOWEVER, you are only vulnerable to this issue if a Linux service uses the gethostbyname() funtion. For better security, and IPv6 interoperability, our engineers use the newer getaddrinfo() to resolve hostnames, which is not affected by this vulnerability. We have not found any packages using the vulnerable function, so we believe this flaw has little to no real-world impact on our XTM devices. That said, we have already patched our glibc library, and XTM owners will receive this update in the next scheduled Fireware release. If you’d like to know more about the difference between these functions, I recommend you read this post.
  • WatchGuard SSL VPN appliances – AffectedOur SSL VPN appliance does use the vulnerable library, and is affected by this flaw. We have already patched the flaw internally, and are currently scheduling a release vehicle for the update. I’ll update this post when we know a solid date.

So to summarize. If you use Linux systems, be sure to patch them as soon as you can. Most WatchGuard products aren’t really impacted by this flaw, but we recommend you install firmware updates when we release them. If you want to know more about this interesting and wide-spread issue, I’ve included a few references below. — Corey Nachreiner, CISSP (@SecAdept)

GHOST Vulnerability References:


Get every new post delivered to your Inbox.

Join 7,966 other followers

%d bloggers like this: