Anchor's blog focuses not primarily on the "big news" items that make headlines, but on the items that can help improve your own security posture. If you have questions about how these items apply to your business or what you need to do to protect your information and your systems, please feel free to contact us.
Microsoft Issues Updates for 19 Critical Vulnerabilities on Patch Tuesday
This month's Patch Tuesday saw Microsoft issue updates for 55 vulnerabilities in all, 19 of which were classified as critical. Several of the critical patches are for Internet Explorer 11, including some that could allow an attacker to remotely execute code against a vulnerable machine. An Office vulnerability (CVE-2017-8570) was also patched; the vulnerability could allow a malicious document to run arbitrary malicious code when a user opens a specially-crafted document. Another vulnerability (CVE-2017-8563), this one is the NTLM authentication protocol has engendered a lot of discussion. The key here is not just to patch, but also to ensure that SMB signing is enabled in your domain, and that Kerberos, rather than NTLM, is your primary authentication mechanism. SANS/ISC Summary of July 2017 Microsoft Updates Microsoft July 2017 Security Update Summary
Adobe Releases New Version of Flash Player to Fix Multip…
Three Million Customers' Data Left Exposed on Web by WWE
WWE (World Wide Wrestling Entertainment) was found last week to have left personal data on over three million customers openly exposed on an AWS (Amazon Web Services) server. The data included customer names, addresses, earnings range, educational background, and birthdates, as well as the names, ages, and sexes of their children. This is far from the first such incident in the recent past; it is essential that organizations storing proprietary, personal, or sensitive data on AWS or other cloud-based platform ensure that they are storing the data in a secure fashion. Many seem to be assuming that such storage is secure by default, but this is far from true.
Security Week: "WWE Exposes Details of 3 Million Customers on AWS"
Windows 10 Creators Update to Include New EMET-Like Security Capability
The Enhanced Mitigation Experience Toolkit (EMET) is a security add-on from Microsoft that provides powerful exploit preve…
Microsoft Patches Another Critical Vulnerability in Windows Defender
For the second time this year, Microsoft has pushed out an update to Windows Defender to patch a highly-exploitable vulnerability. Like the previous instance, this one was found by Google's Project Zero team, and again Microsoft pushed out the patch via the vulnerability via Windows Defender's built-in patching capability (which is independent of standard Windows updates). The good news is that the vulnerability is not believed to have been exploited by any real-world attackers, and Microsoft was able to release a patch within a few weeks of learning of the issue. The bad news is that Windows Defender is built into Windows, and if there are more similar vulnerabilities lurking in it there is little we can do to avoid them other than ensuring the automatic updates are enabled. http://www.csoonline.com/article/3203932/security/microsoft-plugs-another-critical-hole-in-windows-defender.html https://arstechnica.com…
Technologies, Inc. Peter Dietrich (410) 295-7601
Technologies, Inc. Launches a Cyber Academy Delivering real-world cyber education from seasoned
experts providing a quick and affordable path for IT professionals. COLUMBIA, MD, June 28, 2017 – Anchor Technologies, Inc.
(Anchor), a cybersecurity consulting firm headquartered in Columbia, Maryland,
announced today that it is expanding its services offerings to include
cybersecurity education and training.With over fifteen years focused on cybersecurity, Anchor has leveraged
that experience to launch a cyber academy, the Anchor Center for Cyber Skill
(ACCS) designed to fill a gap in the market for real-world cyber education and
skillsets. “This is not
your typical training program”, said Anchor President and CEO, Peter
Dietrich.“The classes will be led by
our seasoned team members, each with over a decade of active, real-world cyber
experience.” The ACCS
training program will focus on thr…
OneLogin Breach -- Attackers May Be Able to Decrypt Data
A consistent recommendation of most security professionals has been for users and organizations to adopt single sign-on and secure password management programs. These programs, many of them cloud-based, reduce the need for users to remember a host of different passwords, thus making it easier for them to choose strong, unique passwords. While this is generally good advice, it is crucial to choose a provider with a strong security track record of their own. OneLogin, a single sign-on provider popular with corporate users, was compromised two weeks ago, and revealed last week that the attackers also obtained keys that may allow them to decrypt the stolen data. In the past, major breaches of password managers (such as LastPass) have apparently led to no true data loss, because the stolen data was strongly encrypted, and the keys were securely stored separately from the data. OneLogin users are advised to update their master passwo…
End of WannaCry Panic Should Result in Vigilance, not Relief, Experts Warn
The massive WannaCry ransomware worm that spread with frightening speed the week more last fizzled out as quickly as it began. However, the story should be taken as a wake-up call for US organizations, not as cause to breathe a sigh of relief. In many ways, the WannaCry malware was amateurish and simple; the only impressive part was the use of the ETERNALBLUE exploit to enable its quick spread. It was easily disabled, and incorporated little in the way of anti-analysis and anti-detection techniques. If more determined and skillful folks leverage that same exploit (as it appears some may already be doing), we could see much more devastating results. Please ensure that all your Windows machines are fully-patched, particularly with the MS17-010 patch from March. Also, check your external network to see if you have any SMB services exposed (TCP port 445) and seek to block access from the Internet to that service (o…