Weekly Infosec News Brief: 10-16 July 2017

Microsoft Issues Updates for 19 Critical Vulnerabilities on Patch Tuesday This month's Patch Tuesday saw Microsoft issue updates for 55 vulnerabilities in all, 19 of which were classified as critical. Several of the critical patches are for Internet Explorer 11, including some that could allow an attacker to remotely execute code against a vulnerable machine. An Office vulnerability (CVE-2017-8570) was also patched; the vulnerability could allow a malicious document to run arbitrary malicious code when a user opens a specially-crafted document. Another vulnerability (CVE-2017-8563), this one is the NTLM authentication protocol has engendered a lot of discussion. The key here is not just to patch, but also to ensure that SMB signing is enabled in your domain, and that Kerberos, rather than NTLM, is your primary authentication mechanism.
SANS/ISC Summary of July 2017 Microsoft Updates
Microsoft July 2017 Security Update Summary

Adobe Releases New Version of Flash Player to Fix Multip…

Weekly Infosec News Brief: 3-9 July 2017

Three Million Customers' Data Left Exposed on Web by WWE WWE (World Wide Wrestling Entertainment) was found last week to have left personal data on over three million customers openly exposed on an AWS (Amazon Web Services) server. The data included customer names, addresses, earnings range, educational background, and birthdates, as well as the names, ages, and sexes of their children. This is far from the first such incident in the recent past; it is essential that organizations storing proprietary, personal, or sensitive data on AWS or other cloud-based platform ensure that they are storing the data in a secure fashion. Many seem to be assuming that such storage is secure by default, but this is far from true. Security Week: "WWE Exposes Details of 3 Million Customers on AWS" Windows 10 Creators Update to Include New EMET-Like Security Capability The Enhanced Mitigation Experience Toolkit (EMET) is a security add-on from Microsoft that provides powerful exploit preve…

Weekly Infosec News Brief: 26 June - 02 July 2017

Microsoft Patches Another Critical Vulnerability in Windows Defender For the second time this year, Microsoft has pushed out an update to Windows Defender to patch a highly-exploitable vulnerability. Like the previous instance, this one was found by Google's Project Zero team, and again Microsoft pushed out the patch via the vulnerability via Windows Defender's built-in patching capability (which is independent of standard Windows updates). The good news is that the vulnerability is not believed to have been exploited by any real-world attackers, and Microsoft was able to release a patch within a few weeks of learning of the issue. The bad news is that Windows Defender is built into Windows, and if there are more similar vulnerabilities lurking in it there is little we can do to avoid them other than ensuring the automatic updates are enabled.…

Contact: Anchor Technologies, Inc. Peter Dietrich (410) 295-7601

Anchor Technologies, Inc. Launches a Cyber Academy Delivering real-world cyber education from seasoned experts providing a quick and affordable path for IT professionals.
COLUMBIA, MD, June 28, 2017 – Anchor Technologies, Inc. (Anchor), a cybersecurity consulting firm headquartered in Columbia, Maryland, announced today that it is expanding its services offerings to include cybersecurity education and training.With over fifteen years focused on cybersecurity, Anchor has leveraged that experience to launch a cyber academy, the Anchor Center for Cyber Skill (ACCS) designed to fill a gap in the market for real-world cyber education and skillsets. “This is not your typical training program”, said Anchor President and CEO, Peter Dietrich.“The classes will be led by our seasoned team members, each with over a decade of active, real-world cyber experience.” The ACCS training program will focus on thr…

Weekly Infosec News Brief: 11-18 June 2017

Microsoft Patch Tuesday Fixes Massive Batch of Vulnerabilities, Including One Being Actively Exploited Microsoft's "Patch Tuesday" this month fixes 94 vulnerabilities, 27 of which involve potential remote code execution (generally the worst type of vulnerability). The most concerning vulnerability is CVE-2017-8543, a vulnerability in the Windows Search service that Microsoft says is already being actively exploited by malicious parties in the wild. The Search service is remotely accessed via Server Message Block (SMB), the same service that the ETERNALBLUE exploit (abused by WannaCry) abused -- organizations should ensure that the SMB protocol is not exposed outside their firewall.…

Weekly Infosec News Brief: 5-11 June 2017

OneLogin Breach -- Attackers May Be Able to Decrypt Data A consistent recommendation of most security professionals has been for users and organizations to adopt single sign-on and secure password management programs. These programs, many of them cloud-based, reduce the need for users to remember a host of different passwords, thus making it easier for them to choose strong, unique passwords. While this is generally good advice, it is crucial to choose a provider with a strong security track record of their own. OneLogin, a single sign-on provider popular with corporate users, was compromised two weeks ago, and revealed last week that the attackers also obtained keys that may allow them to decrypt the stolen data. In the past, major breaches of password managers (such as LastPass) have apparently led to no true data loss, because the stolen data was strongly encrypted, and the keys were securely stored separately from the data. OneLogin users are advised to update their master passwo…

Weekly Infosec News Brief: 15-21 May 2017

End of WannaCry Panic Should Result in Vigilance, not Relief, Experts Warn
The massive WannaCry ransomware worm that spread with frightening speed the week more last fizzled out as quickly as it began. However, the story should be taken as a wake-up call for US organizations, not as cause to breathe a sigh of relief. In many ways, the WannaCry malware was amateurish and simple; the only impressive part was the use of the ETERNALBLUE exploit to enable its quick spread. It was easily disabled, and incorporated little in the way of anti-analysis and anti-detection techniques. If more determined and skillful folks leverage that same exploit (as it appears some may already be doing), we could see much more devastating results. Please ensure that all your Windows machines are fully-patched, particularly with the MS17-010 patch from March. Also, check your external network to see if you have any SMB services exposed (TCP port 445) and seek to block access from the Internet to that service (o…