Weekly Infosec News Brief 11-17 May

Microsoft Issues Thirteen Security Bulletins, Three of Them Critical

Last Tuesday was "Patch Tuesday" for the month of May, and Microsoft had a significant number of patches for their products. Three of the patches were rated as "critical," including one for Internet Explorer, one for Windows font drivers that affects both Windows and Office products, and one for the Windows Journal. Even though there are only three critical patches, each patches multiple vulnerabilities (there are over 30 vulnerabilities fixed by these three patches). The MS15-044 bulletin for the font drivers is probably the most critical, as it may allow for remote code execution when any user simply visits a web page or opens a document with a font that exploits the flaw.
https://technet.microsoft.com/en-us/library/security/MS15-MAY
https://technet.microsoft.com/library/security/MS15-044
http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-may-2015


Adobe Announces Critical Security Updates for Flash, Reader, Acrobat, and AIR

On Tuesday Adobe released updates for their Flash and Reader/Acrobat products to fix critical (Adobe's level "1" rating) vulnerabilities." Google Chrome updates its Flash version automatically, as does Internet Explorer on Windows 8.x. The new version of Flash for Mac and Windows is 17.0.0.188. You can check the version of Flash you are running by visiting the following link: https://www.adobe.com/software/flash/about/ Adobe AIR is also affected by the same vulnerability as was announced for Acrobat/Reader, but for AIR it is rated as less risky. Flash and Reader have been two of the most frequently-exploited programs over the past several years, so it is advisable to patch them as quickly as possible.
Flash Bulletin: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
Reader/Acrobat Bulletin: https://helpx.adobe.com/security/products/reader/apsb15-10.html


"VENOM" Vulnerability Puts Some Virtualization Platforms at Risk

A vulnerability announced last week represents a serious potential risk to many virtualized server environments. Vulnerable products may allow an attacker who gains access to a single virtual machine running on a server to "escape" from the guest machine and gain control of the virtual host server (and thereby possibly all of the other guest machines). The "VENOM" vulnerability is a programming flaw in the QEMU (Quick Emulator) open source project, which forms much of the core of the Xen, VirtualBox, and KVM virtualization platforms. Microsoft Hyper-V and VMWare do not utilize the QEMU code, and are not affected. The flaw is in the code which handles virtualized floppy drives, but is present regardless of whether a virtual floppy drive is equipped or not. Patches for the vulnerability are available from the affected vendors.
https://nakedsecurity.sophos.com/2015/05/14/the-venom-virtual-machine-escape-bug-what-you-need-to-know/


Firefox 38 Released; Fixes 13 Security Issues, Five of Them Critical

Mozilla released Firefox 38 last Tuesday, and updating to the new version should be a priority for any organization running Firefox. The new version fixes five critical security vulnerabilities, including buffer overflows in the code for rendering XML files and SVG graphics.
http://www.eweek.com/security/mozilla-firefox-38-gets-a-bakers-dozen-security-updates.html


MacKeeper Security Software for Macs Created A Critical Security Hole

MacKeeper is a controversial security program for Macs, and is well known to most Mac users for their aggressive popup advertising. Last Monday the company announced that a serious flaw was present in the software that made it possible for an attacker to issue arbitrary command with root privileges if a user visited a malicious website using the Safari web browser. A new version is available which fixes the problem.
http://www.computerworld.com/article/2921115/malware-vulnerabilities/mackeeper-security-program-opens-critical-hole-on-macs.html

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more