ANCHOR CYBER FEED

Recently-Patched Flash Vulnerability Being Actively Exploited A vulnerability in Adobe Flash (CVE-2015-0336) that was fixed on March 12 is now being actively exploited in drive-by download attacks as part of the Nuclear exploit kit. The recent trend has been that exploits for Flash vulnerabilities are being used in the wild within a shorter timeframe of the flaws being publicly announced and fixes being made available, sometimes before. The need to install Flash updates as soon as possible after they are released has never been more clear. http://www.computerworld.com/article/2899702/new-attacks-suggest-timeline-for-patching-flash-player-is-shrinking.html New Jersey School District Recovering from Ransomware Attack The Swedesboro-Woolwich School District in New Jersey had to take many of their systems offline for an extended period after many files were encrypted by a ransomware infection. The district was able, after several days’ work, to clean malware from their servers an

New OpenSSL Vulnerabilities Revealed; Patches Available The OpenSSL Project released a security advisory on Thursday the 19th detailing a number of newly-discovered vulnerabilities. Only one of these is rated as high severity, and primarily leads to a risk of server crashes or temporary loss of service, not compromise of communications confidentiality. OpenSSL does not believe that anyone is actively exploiting any of these vulnerabilities at this time. The appropriate patches should be available as update packages in most Linux distributions. OpenSSL is incorporated into many products, so look for vendor updates coming soon for firewalls, VPN devices, and anything with a web-based interface. https://www.openssl.org/news/secadv_20150319.txt http://www.computerworld.com/article/2899482/openssl-fixes-serious-denial-of-service-bug-11-other-flaws.html Password-Only Authentication Still the Norm  Despite the many risks associated with the use, re-use, loss, and resetting of passwor

Microsoft Releases Fourteen Patches, Five Critical, on Patch Tuesday Last Tuesday, on this month’s “Patch Tuesday,” Microsoft released security bulletins on fourteen new vulnerabilities, five of which can lead to critical remote code execution exploits. The Office update (MS15-022) is particularly important, as it is the first new remotely-exploitable Office document vulnerability announced in some time. The other four critical bulletins are all remotely exploitable via malicious websites viewed using Internet Explorer, or possibly even other browsers in the case of MS15-021. https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx https://isc.sans.edu/forums/diary/Microsoft+March+Patch+Tuesday/19445/ One March Microsoft Update Causing Problems on Some PCs On some Windows 7 computers, the KB3033929 update released last week has been causing continuous reboot loops. The update provides important new security capabilities, but does not patch a serious vulnerability. Th

Law Firms Create Industry System for Sharing Data on Cyber Threats The banking, defense, and energy industries all have created systems for sharing cyber threat data, clearinghouses where organizations dealing with attacks or breaches can share information to help their peer organizations detect and deal with similar threats. Now a group of large, international law firms is doing the same for their industry. http://thehill.com/policy/cybersecurity/234722-law-firms-to-share-info-about-cyber-threats Federal Cybersecurity Incidents up 15% in FY 2014 An OMB report released February 27th shows federal cybersecurity incidents at over 70,000 in fiscal year 2014. The total number may due as much (or more) to improved detection as to increased attacks. The most interesting aspect was the fact that the report says nearly half of the incidents could have been prevented by the use of stronger authentication methods, such as two-factor authentication. Is your organization using two-factor a