Tag Archives: zero day

Only Four Microsoft Security Bulletins in April

Yesterday, Microsoft released their advanced notification, warning that they plan to release four security bulletins next Tuesday. The bulletins will include patches for Windows, Office, and Internet Explorer, and two have received Microsoft’s Critical severity rating. I suspect the Office updates will include a fix for the recent zero day Word flaw I mentioned in an earlier post.

Also note, April’s Patch Day marks the last time Microsoft will release Windows XP updates. They’ve been warning about XP’s End-of-Life for awhile now, and it’s finally upon us. Though some people think Microsoft’s using the opportunity to force people to upgrade, I believe XP has hung around longer than any operating system before it (13 years), and frankly it’s about time you update. I suspect hackers are holding onto an XP zero day or two, so it may be dangerous to keep it around much longer. That said, WatchGuard will continue to release IPS signatures for any future XP network flaws and AV signatures for XP malware.

In any case, I’ll post details about Microsoft bulletins next week, and if Adobe releases any updates you’ll hear about them here too. — Corey Nachreiner, CISSP (@SecAdept)

Paranoia 2014 – WSWiR Episode 100

Word 0day, Cisco DoS, and Bricked Androids

My weekly InfoSec summary arrives bit late this time due to business travel. Last week, I spoke at Watchcom’s Paranoia conference in Oslo Norway, so I couldn’t post my security news summary until the weekend. Nonetheless, why not start your week off by quickly catching up on last week’s news.

This week’s episode includes a quick summary of the Paranoia show, news of a new Word zero day flaw, information about Cisco IOS updates, and a story about a new android vulnerability attackers can use to brick phones. Check out the video for the details, and scroll down to the Reference section for a few extra stories.

As an aside, I’ll be traveling the next two weeks as well, so my weekly video may show up either earlier or later than normal, due to travel.

(Episode Runtime: 5:27)

Direct YouTube Link: https://www.youtube.com/watch?v=BNiCOytV5sg

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Operation Windigo – WSWiR Episode 99

MH370 Scams, Google Play DDoSed, and Operation Windigo

Each week I summarize the biggest information security news in a short video, so you don’t have to go searching for it yourself. If you’re interested in the latest infosec updates, be sure to watch each Friday. 

Today’s late episode covers a few cyber security stories around the disappeared MH370 flight, news about a penetration tester downing Google Play, and a report about a cyber attack campaign that hijacked 25,000 Linux servers. Watch the video for the full scoops, and check the Reference section below for more info.

Have a great weekend.

(Episode Runtime: 8:41)

Direct YouTube Link: http://www.youtube.com/watch?v=YJ3Ei1WDyIY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

NSA’s Turbine – WSWiR Episode 98

Patch Day, Missed Logs, and Snowden’s Latest

What to learn about the latest information security (infosec) news in under eight minutes? You’ve found the right place. Check out my weekly security news summary video below.

This week’s episode covers all the big updates from this month’s Adobe & Microsoft Patch Day, the latest news suggesting Target’s breach could have been averted, and another top secret document leak, detailing how the NSA hacks its targets. Check out the video below for the details, and don’t forget the Reference section for links to other stories. 

Enjoy your weekend, and stay safe!

(Episode Runtime: 8:21)

Direct YouTube Link: http://www.youtube.com/watch?v=h87aqWmaCtQ

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Latest IE Update Patches Zero Day Hole and 17 Others

Summary:

  • This vulnerability affects: All current versions of Internet Explorer
  • How an attacker exploits it: By enticing one of your users to visit a web page containing malicious content
  • Impact: Various, in the worst case an attacker can execute code on your user’s computer, potentially gaining complete control of it
  • What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you

Exposure:

In a security bulletin released today as part of Patch Day, Microsoft describes 18 new vulnerabilities that affect all current versions of Internet Explorer (IE). Microsoft rates the aggregate severity of these new flaws as Critical.

Though many of these vulnerabilities differ technically, the majority of them share the same general scope and impact, and involve various memory corruption flaws having to do with how IE handles certain HTML objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit any one of these memory corruption vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim’s computer.

Most importantly, attackers have been exploiting one of these memory corruption corruption flaws in the wild. Recently, security researchers have discovered attackers exploiting this particular IE flaw in two watering hole attacks, where they hijack legitimate websites and inject them with malicious code, hoping to infect the people who visit those sites. Since attackers are already exploiting at least one of these issues in the wild, we highly recommend you apply this IE update immediately

Solution Path:

You should download, test, and deploy the appropriate IE updates immediately, or let Windows Automatic Update do it for you. You can find links to the various IE updates in the “Affected and Non-Affected Software” section of Microsoft’s December IE security bulletin.

For All WatchGuard Users:

Good News! WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed signatures that can detect and block many of the memory corruption vulnerabilities described in Microsoft’s alert:

  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0297)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0298)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0299)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0302)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0303)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0304)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0305)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0306)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0309)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0311)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0312)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0313)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0324)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0322)
  • WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0314)

Your XTM appliance should get this new IPS update shortly.

Furthermore, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from all of these flaws.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Uroburos APT- WSWiR Episode 97

SOHO Pharming, Trio of Data Breaches, and Russian APT

I still remember ten years ago, when I used to wish more people would realize the dangers of the Internet and the sad state of cyber security. Back then, it seemed like I had to work to convince someone that there was any computer security problem at all. Boy has that changed… Now I feel overwhelmed by the amount of information security news that breaks each week. If you’re interested in computer security news, but feel overwhelmed yourself, let my short video summarize the important news for you.

Today’s episode covers a SOHO pharming campaign that’s hijacking routers in Europe and Asia, another trio of big network and data breaches, and a new advanced, nataion-state level attack that allegedly comes from Russia. Watch the video for my quick summary, and/or check out the links below for more details, and some extra security stories to boot.

Enjoy your weekend, and keep safe out there.

(Episode Runtime: 11:24)

Direct YouTube Link: http://www.youtube.com/watch?v=IQch3fdbzAk

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

March’s Patch Day Includes an IE Zero Day Fix

It’s almost that time of the month again. Next week is Microsoft Patch day, and here’s what you can expect.

MS Patch Notification: March 2014According to Microsoft’s advanced notification, next week’s Patch Day should be fairly light, and relatively simple. The Redmond-based software company plans to release five security bulletins, fixing flaws in Windows, Internet Explorer (IE), and Silverlight. They rate two updates as Critical and the rest as Important. The biggest news about these updates is that the IE one will completely fix the zero day flaw that attackers have been exploiting in the wild, in watering hole attacks. So at the very least, you should prepare to install the IE update as soon as you can next week.

In related news, Adobe also shares Microsoft’s Patch Day. They haven’t announced if they will release any updates yet (they just recently released that emergency Flash one), but I would keep an eye on their security page next Tuesday. In any case, I’ll post details about Microsoft bulletins next week, and if Adobe releases any updates you’ll hear about them here. — Corey Nachreiner, CISSP (@SecAdept)

0day Watering Holes – WSWiR Episode 96

Flash and IE 0day, Watering Holes, and Router Worms

It’s Friday, Friday, gotta get your InfoSec on Friday….

Seriously though. If you are looking for a quick round-up of this week’s biggest security news, this is your show. In it, I cover what I think are the top three information and network security stories of the week, vlog style. If that sounds good, keep reading.

This week’s episode covers an advanced watering hole attack that leverages two zero day vulnerabilities, a worm that’s infecting a popular brand consumer router, and new vulnerabilities that affect devices which fall under “the Internet of things” category. If you’d like all the details, including how to protect yourself, watch the video below. Or if you prefer to read, check out the Reference section for links to those stories and more.

Quick show note. Next week I’ll be attending the annual RSA Security Conference. Though I still hope to produce a video on the road, I may have to settle for a text version of our weekly Infosec news if I get too busy. Keep an eye on the blog for the latest, and have a great weekend.

(Episode Runtime: 8:57)

Direct YouTube Link: http://www.youtube.com/watch?v=NbxXXLov6Ek

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

The Mask APT Campaign – WSWiR Episode 95

400Gb DDoS, More Bitcoin Attacks, and The Mask APT

If you’re looking for a quick synopsis of the latest information security news and advisories, our quick weekly video can provide it for you. This week’s episode was shot literally right before I had to run out to catch a plane, so please excuse the low quality webcam footage. 

Today’s episode includes a quick rundown of the week’s Microsoft and Adobe patches, news about the latest world record-breaking DDoS attack, some Bitcoin hijinks, and the details around a new cross-platform advanced attack campaign discovered by Kaspersky. Check out the video for all the details, and give the Reference section a peek for links to other infosec stories, including last minute news of a new Internet Explorer (IE) zero day attack.

Have a great weekend (and President’s Day for US readers), and be careful online.

(Episode Runtime: 8:20)

Direct YouTube Link: http://www.youtube.com/watch?v=W4JItAGJynY

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Target Chain of Trust Attack – WSWiR Episode 94

Flash 0day, DailyMotion Watering Hole, and New POS Malware

With Seattle celebrating our Super Bowl victory (Sea-Hawks!), it’s hard for locals to keep their minds on Information Security (Infosec), but criminal hackers don’t stop for American football. If you’ve been too busy to follow security news this week, let WatchGuard’s Friday video fill you in on the details, and help you with your defenses.

In today’s video, I cover an Adobe Flash 0day exploit that advanced attackers are leveraging in the wild, warn about a popular video site that has been turned into a FakeAV watering hole, give you the latest breaking update on the Target breach, and more. Watch the video below to learn the latest security news, and check out the Reference section if you’d like links to other security stories from the week.

Quick show note; I’ll be traveling in the UK next week, so will have to produce the next episode from the road. This also means the video may go live either early or later in the week than it normally does.

Enjoy your weekend, and stay safe out there.

(Episode Runtime: 10:04)

Direct YouTube Link: https://www.youtube.com/watch?v=aJMAyKpTaYI

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Follow

Get every new post delivered to your Inbox.

Join 7,900 other followers

%d bloggers like this: