Tag Archives: zero day

Syrian Honey Trap – Daily Security Byte EP.16

Bad actors have always tried to lure us into doing things we shouldn’t by appealing to our base, carnal instincts. Today’s daily infosec video shares why you might want to avoid “hot girls” in general online.

(Episode Runtime: 1:38)

Direct YouTube Link: https://www.youtube.com/watch?v=TyivxEiCuKM

EPISODE REFERENCES:

— Corey Nachreiner, CISSP (@SecAdept)

Lots of 0day – WSWiR Episode 136

Every network admin I know is buried under a list of tasks, and has little time to spend learning about the latest information security news. If that sounds like you, check out our weekly news recap video.

This episode, from the third week of January, covers rumors the NSA hacked North Korea, a warning about attackers exploiting an zero day Flash flaw, Oracle’s quarterly critical patch day, and more. Watch the video for more details, and check out the References section below for all the links.

(Episode Runtime: 4:45)

Direct YouTube Link: https://www.youtube.com/watch?v=_4i6zGmXyRg

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

DarkHotel & iOS Masque – WSWiR Episode 129

MS Patch Day, DarkHotel, and iOS Masque

Too much Information Security (InfoSec) news, too little time? I sometimes feel the same way. If you don’t have time to keep up yourself, why not watch our weekly InfoSec video to catch the highlights.

This week, I share the highlights from Microsoft Patch Day, talk about a targeted attack preying on executives in hotels, and warn of a new vulnerability that affects anyone with an iPhone or iPad. Click play below to learn all about it, and check out other stories from the week in the Extras section below.

Stay vigilant online and enjoy your weekend!

(Episode Runtime: 12:39)

Direct YouTube Link: https://www.youtube.com/watch?v=MwxEksw3j-Q

EPISODE REFERENCES:

EXTRAS:

— Corey Nachreiner, CISSP (@SecAdept)

May Brings Eight Microsoft Bulletins and One Adobe Update

Patch Day is coming, Patch Day is coming.

In their advanced notification yesterday, Microsoft announced they’d release eight security bulletins next Tuesday to fix security vulnerabilities in a number of their products. The bulletins will include updates for Internet Explorer (IE), Windows, Office, and a yet unnamed Microsoft Server product. They give two of the bulletins a Critical rating, and the rest listed as Important. See the chart below for complete details.

As usual, Adobe shares the same Patch Day and plans to released one update as well. According to their prenotification post, Adobe plans to released a patch for Adobe Reader and Acrobat, which will fix a serious vulnerabilities in the popular PDF reader. They’ve assigned it a priority of 1 (their highest), so you should plan to apply the patch quickly if you use Reader.

In short, if you’re a Microsoft administrator, or you use Adobe products, be ready to test and deploy a number of updates next week. As always, you should start with the critical updates, and work your way down through the less severe ones. I’ll post details about all these bulletins next week, so stay tuned. — Corey Nachreiner, CISSP (@SecAdept)

MS Patch Day, May 2014

IE & Flash 0day – WSWiR Episode 105

White House Cyber Disclosure, Traffic Light Hacking, and Zero Day Exploits

There was a ton of Information Security news this week. More than most people can keep up with; especially busy IT administrators who are already putting out other fires. If you have little time to read the latest news, but want a quick recap of the most important infosec stories each week, this is the vlog for you.

In this episode, I react to the White House talking about their zero day disclosure policy, I share news about a researcher hijacking traffic lights across the US, and I warn you about two critical zero day flaws in very popular software products. If you want to stay informed and get the latest security advice, watch the video below. You can also explore the Reference section for links to more stories.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 8:04)

Direct YouTube Link: https://www.youtube.com/watch?v=UxQoInvMBcw

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Heartbleed Bug- WSWiR Episode 102

April Patch Day, Raided Pen-Tester, and OpenSSL Heartbleed

Information security news never stops, even if I have to post it from a Changi Airport lounge. If you need to learn the latest cyber security news, including what to do about the biggest vulnerability of the year (so far), you’ve found the right weekly video blog.

This week’s “on-the-road” episode covers Adobe and Microsoft’s Patch Day, an allegory on why you should avoid greyhat pen-testing, but most important of all, information and advice about the major OpenSSL Heartbleed vulnerability. If you use the Internet, you need to know about the Heartbleed flaw, so click play below to watch this week’s video. Finally, make sure to check the Reference section for links to the stories and some extras; especially if you are interested in all the WatchGuard Heartbleed information.

(Episode Runtime: 8:05)

Direct YouTube Link: http://www.youtube.com/watch?v=gEw-o2GQd1U

Episode References:

Extras:

Heartbleed described by XKCD

— Corey Nachreiner, CISSP (@SecAdept)

Office Updates Fix Word 0day and Publisher Flaw

Severity: High

Summary:

  • These vulnerabilities affect: Microsoft Word, Publisher, and Office Web Apps
  • How an attacker exploits them: Typically by luring your users into opening malicious Office documents
  • Impact: In the worst case, an attacker can execute code, potentially gaining complete control of your computer
  • What to do: Install the appropriate Microsoft updates as soon as you can, or let Windows Update do it for you.

Exposure:

Today, Microsoft released two Office-related security bulletins describing four vulnerabilities found in various Office and Office-related packages including the Word (for Windows and Mac), Publisher, and Office Web Apps. We summarize the bulletins below:

  • MS14-017: Multiple Word Code Execution Vulnerabilities

Word is the popular word processor that ships with Office.  It suffers from three remote code execution vulnerabilities having to do with how it handles malformed Word and RTF files. They all differ technically, but share the same scope and impact. By luring one of your users into downloading and opening a malicious document, an attacker can exploit any of these flaws to execute code on that user’s computer, with that user’s privileges. If your users have local administrator privileges, the attacker gains complete control of their PCs. This update includes the final fix for a zero day Word RTF vulnerability we mentioned in a previous alert. Since attackers have been exploiting that vulnerability in the wild, Microsoft assigns this a critical severity rating.

Microsoft rating: Critical

  • MS14-020: Multiple SharePoint Vulnerabilities

Publisher is Microsoft’s basic desktop publishing and layout program, and part of the Office suite. It suffers from a memory corruption vulnerability that attackers can leverage to execute code. By luring one of your users into downloading and opening a malicious Publisher document, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. Again, if your users have local administrator privileges, the attacker gains complete control of their PCs. However, the flaw only affects Publisher 2003 and 2007 (not 2010 or 2013)

Microsoft rating: Important

Solution Path

Microsoft has released updates that correct these vulnerabilities. You should download, test, and deploy the appropriate patches as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.

The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. You can also leverage WatchGuard’s proxy policies to block certain types of documents, such as Publisher files or RTF documents. Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

APT Blocker – WSWiR Episode 101

April Patch Day, NSA Encryption Backdoors, and APT Blocker

Ready for your weekly summary of InfoSec news? Well here it is.

This week’s episode covers what you need to know about next week’s Microsoft patch day, shares details about the latest NSA/RSA encryption scandal, and unveils WatchGuard’s latest security service, which can protect you from zero day malware. Watch the video for the whole scoop, and scope out the references for links to other news.

I continue my travels in Asia next week, so the video may continue to post at unusual times. We’ll be back to our normal scheduling soon.

(Episode Runtime: 5:23)

Direct YouTube Link: https://www.youtube.com/watch?v=JkFmxEVveRY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Only Four Microsoft Security Bulletins in April

Yesterday, Microsoft released their advanced notification, warning that they plan to release four security bulletins next Tuesday. The bulletins will include patches for Windows, Office, and Internet Explorer, and two have received Microsoft’s Critical severity rating. I suspect the Office updates will include a fix for the recent zero day Word flaw I mentioned in an earlier post.

Also note, April’s Patch Day marks the last time Microsoft will release Windows XP updates. They’ve been warning about XP’s End-of-Life for awhile now, and it’s finally upon us. Though some people think Microsoft’s using the opportunity to force people to upgrade, I believe XP has hung around longer than any operating system before it (13 years), and frankly it’s about time you update. I suspect hackers are holding onto an XP zero day or two, so it may be dangerous to keep it around much longer. That said, WatchGuard will continue to release IPS signatures for any future XP network flaws and AV signatures for XP malware.

In any case, I’ll post details about Microsoft bulletins next week, and if Adobe releases any updates you’ll hear about them here too. — Corey Nachreiner, CISSP (@SecAdept)

Paranoia 2014 – WSWiR Episode 100

Word 0day, Cisco DoS, and Bricked Androids

My weekly InfoSec summary arrives bit late this time due to business travel. Last week, I spoke at Watchcom’s Paranoia conference in Oslo Norway, so I couldn’t post my security news summary until the weekend. Nonetheless, why not start your week off by quickly catching up on last week’s news.

This week’s episode includes a quick summary of the Paranoia show, news of a new Word zero day flaw, information about Cisco IOS updates, and a story about a new android vulnerability attackers can use to brick phones. Check out the video for the details, and scroll down to the Reference section for a few extra stories.

As an aside, I’ll be traveling the next two weeks as well, so my weekly video may show up either earlier or later than normal, due to travel.

(Episode Runtime: 5:27)

Direct YouTube Link: https://www.youtube.com/watch?v=BNiCOytV5sg

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,971 other followers

%d bloggers like this: