Tag Archives: updates

POODLE Bites SSL – WSWiR Episode 125

October Patch Bonanze, Leaky Apps, and POODLE

Cyber security has gone main stream, which means we’re getting a lot more security news each week than we used to. This week was even busier than usual, with updates fixing hundreds and hundreds of security vulnerabilities, as well as a significant vulnerabilities in a encryption standards. If you’re having trouble keeping track of the most important security info on your own, let our week video summary do it for you.

Today’s episode covers a ton of updates for October’s Patch Day, data leaks affecting SnapChat and DropBox, and a relatively serious SSL vulnerability called POODLE. The video is a bit longer than usual in order to better describe the POODLE flaw. Press play to learn more, and check the references for other interesting stories.

Enjoy your weekend, and beware what you click online.

(Episode Runtime: 16:37)

Direct YouTube Link: https://www.youtube.com/watch?v=AFX9DXDizu4

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

ATM Trojan – WSWiR Episode 124

Nine MS Bulletins, Sneaky DRM, and ATM Trojan

Every week, the security community learns about new attacks, exploits, breaches, security patches, and more. However, keeping track of all this fresh information security (infosec) news can be challenging for most IT practitioners. If you need a little help separating the security wheat from the chaff, this weekly video podcast is for you.

Today’s episode warns you about next week’s upcoming Microsoft patch, covers how Adobe DRM snoops on your reading habits, and shares details about an ATM trojan that has helped its creators steal millions in cold hard cash. Watch the video for details, and check out the reference section for most interesting infosec stories.

(Episode Runtime: 5:45)

Direct YouTube Link: https://www.youtube.com/watch?v=5xi3vtc5bAQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard Security Week in Review in Writing (Oct.3, 2014)

iOS Trojan, BadUSB PoC, and Gamer Hackers Charged

Normally, I post a weekly video that summarizes the three biggest information and network security stories every Friday. However, due to a busy travel and work schedule I couldn’t find a convenient time to shoot. But fear not… Instead, I’ll post a written summary this week, and continue with the video posts next week. Read on for the latest security news:

  1. “First” iOS Trojan released in the wild – A mobile security company, Lacoon, claims they have found the “first” iOS trojan being used in the wild. They call the malware Xsser mRAT, and it’s related to a similar Android trojan called Xsser. If it infects your mobile device, it’s capable of stealing all kinds of information including texts, emails, passwords, and so forth. Allegedly, the malware comes from Chinese government actors targeting the Occupy Central protesters in Hong Kong. However, the trojan can only infect jailbroken iPhones.
  2. BadUSB malware exploit is now available to the public – In previous videos, I told you about the extremely dangerous new threat against USB devices. At Black Hat this year, Karsten Nohl of SRlabs showed how you could exploit flaws in USB controller firmware to create malicious USB devices that are almost impossible to detect. Thankfully, Nohl did not release Proof-0f-Concept (PoC) code for the attack, since USB manufacturers did not yet have a solution to the problem. However, this week some of his co-researchers decided to release PoC on Github during DerbyCON; apparently in hopes of pressuring USB vendors into figuring out a fix. Personally, I think this was a major mistake. While I think “full disclosure” is a good thing, I believe it should be done responsibly, after giving vendors time to protect their customers. While historically researchers have used early disclosure as a way to pressure companies to do the right thing, this is an industry-wide, standards-level vulnerability with no easy solution. All these researchers have done is make it easier for the bad guys to start exploiting this issue (IMHO).
  3. Four hacker’s charged with stealing millions in IP from Microsoft, Epic, Valve, and the military – This week, legal documents came out detailing the charges against four hackers who stole data and games from many gaming companies, and even the military. The alleged hackers are from the US, Canada, and Australia. According to documents, this group used mostly SQL injection (SQLi) techniques to steal a ton of data. They stole Xbox ONE and Xbox Live information, games like Gears of War 3, and they even stole a military Apache simulator. This case is related to the SuperDAE hacker I mentioned in a video months ago.

Thanks for following our weekly summary, and be sure to join us next week when I resume the video. Also, don’t forget to check out references to many other interesting security stories below.

Extras Story References:

— Corey Nachreiner, CISSP (@SecAdept)

Shellshock – WSWiR Episode 123

Serious Bash Flaw affects *nix, Mac OS X, and IoT

Normally, my weekly video covers a number of important information and network security stories, in order to keep you informed of the latest threats. However, this week one story is so important I give it the primary focus.

Today’s show covers the critical “Shellshock” vulnerability in Bash. If you use Unix, Linux, or Mac systems, or any other embedded device that might run Linux, you’ll want to watch this episode to learn how this flaw affects you. Click play for more details.

Oh, and don’t forget WatchGuard appliances aren’t affected, and our IPS can protect you. Enjoy your weekend!

(Episode Runtime: 9:23)

Direct YouTube Link: https://www.youtube.com/watch?v=f6X5-bxj-Mw

Episode References:

Extras:

I’m skipping the extra stories this week so you focus on taking care of the Bash flaw.

— Corey Nachreiner, CISSP (@SecAdept)

Printer Doom Hack – WSWiR Episode 122

Apple Patches, Kindle XSS, and Doom Printer Hack

If you want to stay current with the Internet “threatscape,” our weekly video can help. It summarizes each week’s top information and network security news in one convenient place. Subscribe today!

Today’s episode covers, Apple and Adobe security updates, a cross-site scripting flaw that affects Kindle users, and an interesting printer hack that allowed an attacker to run doom on a printer. Watch the video for details and see the Reference section below for more info.

Enjoy your weekend!

(Episode Runtime: 5:39

Direct YouTube Link: https://www.youtube.com/watch?v=aZ7-LdlMYHc

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Old Gmail Leak – WSWiR Episode 121

Patch Day, Home Depot Update, and Gmail Leak

Why go searching for all the week’s information security (infosec) news when you can find it in one convenient place. This weekly vlog summarizes the important security updates, hacks, and threats so you can protect yourself.

This week’s episode arrives a bit late due to my business travel in Europe. Today’s show covers the week’s Microsoft and Adobe patches, the latest news on the Home Depot breach, and a story about a potentially new (but likely old) Gmail credential leak. Watch the video for the details, and check the references below for more info and some extra stories.

I will be continuing my business travel next week as well. So my weekly post may arrive earlier or later than normal. Have a great day!

(Episode Runtime: 4:53)

Direct YouTube Link: https://www.youtube.com/watch?v=I1GZpvQV6dQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Microsoft Corrects Lync Server and .NET Framework DoS Flaws

Severity: Medium

Summary:

  • These vulnerabilities affect: Lync Server and .NET Framework
  • How an attacker exploits them: Various, including by sending maliciously crafted packets or launching specially crafted calls
  • Impact: An attacker could slow down or disrupt connections to the server, or stop it from responding at all.
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released two security bulletins that fix a pair of Denial of Service (DoS) vulnerabilities in two of their products; Lync Server and the .NET Framework. If you used either of these products, you should update them as soon as you can. We summarize the two DoS bulletins below:

  • MS13-053: .NET Framework DoS Vulnerability

The .NET Framework is a software framework used by developers to create custom Windows and web applications. Though it only ships by default with Windows Vista, you’ll find it on many Windows computers. It suffers from a DoS vulnerability involving the way it handles communications that are hashed. In short, if a remote attacker sends a small amount of specially crafted packets to a server that uses .NET Framework ASP applications, he can cause the server to slow down, and eventually stop responding. If you have any public servers or web applications that use .NET, you should download and install the update as soon as possible.

Microsoft rating: Important

 Lync is a unified communications tool that combines voice, IM, audio, video, and web-based communication into one interface. It’s essentially the replacement for Microsoft Communicator. It suffers from three vulnerabilities, including a DoS flaw involving the way it handles specially crafted calls. By sending a malicious call to your Lync server, a remote attacker can exploit the DoS flaw to cause the Lync Server to stop responding. If you rely on Lync for communications, you should patch your servers as soon as you can.

Microsoft rating: Important

Solution Path:

Microsoft has released patches that correct both these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find all of Microsoft’s update links:

For All WatchGuard Users:

Though you can use your XTM appliance to block the ports necessary for Lync, or use application control to restrict it, this would prevent you from using it externally at all. Right now, Microsoft’s patch are your best solution to these issues.

Status:

Microsoft has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Microsoft Black Tuesday: Windows, IE, Lync, and .NET Patches

As you may know, today was Microsoft Patch Day. If you manage a Windows-based network, it’s time to get the latest updates.

According to Microsoft’s summary post, the Redmond-based software company released four security bulletins fixing 41 vulnerabilities in many of their popular products. The affected software includes, Windows, Internet Explorer (IE), Lync Server, and the .NET Framework. Microsoft rates the IE update as Critical, and the rest as Important.

As you might guess from the severity ratings, the IE update is the most important. It fixes over 37 security flaws in the popular browser, many of which attackers could use in drive-by download attacks (where just visiting a web site results in malware on your computer). Furthermore, one of the fixes closes a zero day vulnerability that attackers have exploited in the wild. If you use IE, I recommend you apply its update as quickly as your can. You should also install the other updates as well, however, their mitigating factors lessen their risk, so you can install them at your convenience.

In summary, if you use any of the affected products, download, test, and deploy these updates as quickly as you can or let Windows’ Automatic Update do it for you. For the server related updates, I highly recommend you test them before installing them on production servers, as Microsoft has released a few problem causing updates recently. You can find more information about these bulletins and updates in Microsoft’s September Summary advisory.

Also note today is Adobe’s Patch Day as well, and they released one security update fixing 12 vulnerabilities in Flash Player. If you use Flash, you should update it quickly. Adobe also pre-announced a Reader update earlier this month. However, it appears they have had to delay the update for some reason.

I’ll share more details about today’s patches on the blog throughout the day. However, I am traveling internationally, so the updates may not arrive as regularly as usual. If you are in a hurry to patch, I recommend you visit the links above, and start now.  — Corey Nachreiner, CISSP (@SecAdept).

Celeb Selfie Hack – WSWiR Episode 120

Software Patches, Home Depot Breach, and Celebrity Selfie Hack

If you need a quick source for all your information security (infosec) news, you’ve come to the right place. I summarize the most important infosec news in this weekly video, and provide links to other security stories as well.

Unfortunately, today’s episode includes a pretty creepy hack. The show covers next week’s upcoming software patches, another credit card leak that seems to come from Home Depot, and a gross story about hackers stealing hundreds of celebrities’ most private pictures. Find the details in the video below and see what you can learn from these unfortunate cyber attacks.

As always, check the Reference section if you are interested in other stories that I didn’t cover in the video. Also, I will be traveling the next few weeks, which means I may not be able to post this video as regularly as usual. Expect the video to turn up at irregular times, otherwise I may post a written version of the weekly summary instead. Have a great weekend, and stay safe online!

(Episode Runtime: 13:17)

Direct YouTube Link: https://www.youtube.com/watch?v=-mRjltM-tc0&

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Avoid MS14-045; Windows Kernel-mode Drivers Patch

Last week, I covered Microsoft Patch Day and recommend you install all the latest Windows, IE, Office, and server updates. This week, I need to warn you against one of those updates.

According to recent reports, the Windows kernel-mode driver update (MS14-045) is causing some computers to have blue screens of death (BSOD). If you haven’t installed this update yet, I recommend you avoid it until further notice. If you have installed it, and have suffered issues, Microsoft has shared instructions on how to remove it.

In the past, I’ve argued that Microsoft’s QA has gotten better, with fewer crash inducing updates. I guess they’re still not perfect. In general, this is a great example of why you should always test updates before pushing them into production. You can do this by maintaining a virtual version of your infrastructure and testing updates there.  — Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,664 other followers

%d bloggers like this: