Weekly Infosec News Brief: 14-20 Dec

Major Vulnerability in Juniper Firewalls Found and Patched

Last Thursday it was revealed the Juniper's ScreenOS operating system, which runs Juniper's firewalls, had a section of "unauthorized code" added to it as far back as 2012. The added code allows an attacker to remotely gain administrative access to the firewall and to decrypt encrypted VPN traffic. The issue affects versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, and a patch is currently available. Juniper states that they found the code during an internal code review and do not know how it got there.
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554


Major Vulnerability in FireEye Devices Found and Patched

Google's "Project Zero" researchers uncovered a major flaw in the NX, EX, AX, FX series of FireEye products that could allow an attacker to take control of the devices merely by sending an email into the monitored network. The attack can succeed even if the email is never opened. The compromise of such a device, which generally is set up to passively monitor all traffic in and out of an organization's network, could enable an attacker to monitor all of an organization's Internet traffic. FireEye has a patch available; if you are an affected FireEye device, ensure you are on security release 427.334 or newer. Security devices and systems often have very broad access to a network, and security them properly is essential in order to ensure that your security system doesn't itself become the source of a breach.
http://arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/
https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/fireeye-rce-vulnerability.pdf


MacKeeper Customer Database Found Exposed to the Internet with No Security

A security researcher last week announced that he had found a database server storing customer information regarding the MacKeeper software, including customer names, licenses, and hashed passwords. The database was stored using the MongoDB database software. The researcher notified the company before publicizing his discovery, and the security issue has been fixed. Subsequent research shows that tens of thousands of MongoDB servers are similarly exposed to the Internet with no authentication required for access. What does your organization do to ensure that systems that should not be accessible from the Internet are not?
http://www.eweek.com/security/mackeeper-leak-highlights-danger-of-misconfigured-databases.html
http://www.computerworld.com/article/3016216/security/over-680tb-of-data-exposed-in-mongodb-databases.html
https://mackeeper.com/blog/post/173-mackeeper-security-advisory


Former IBM Employee Charged With Stealing Valuable Source Code

Jiaqiang Xu, a 29-year-old former IBM software engineer, was charged in federal court on December 8 with stealing source code from his former employer and attempting to re-sell it. An undercover agent posing as an investor in a new data storage company interviewed Xu, and Xu allegedly offered to sell the source code for the new company's use in developing their own storage solutions. Beyond trust, what can your organization do to prevent insiders from abusing your proprietary data? Digital watermarking and seeding of valuable data is one strategy. Anchor can help you with this and other data-loss prevention requirements.
http://www.reuters.com/article/us-ibm-crime-china-idUSKBN0TR2X820151208#5tJgL8o1cKYssGdI.97


Mozilla Releases Firefox 43, Featuring Security Fixes and Enhancements

Last Tuesday the Mozilla Foundation released version 43 of their Firefox browser. The most notable new development is an improved Tracking Protection feature, intended to prevent many types of user tracking used by advertisers and web analytics tools. The new release also fixes sixteen security vulnerabilities, including three that are rated as "critical." The new release is also notable as the first time a native 64-bit version is available for Windows.
http://www.eweek.com/security/mozilla-ups-security-tracking-protection-in-firefox-43.html

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Weekly Infosec News Brief: 22-28 February

Image
Ransomware Observed to Jump from One Device to Another via the Cloud Researchers described last week an incident where they observed malicious "ransomware" propagating from one device to another via cloud-based file synchronization. When the ransomware encrypted files on one machine that synchronized files to a specific folder, it spread to other PCs that synchronized to that same folder. This type of phenomenon is simply another reason for organizations to serious consider limiting or eliminating the use of such file-synchronizing software within their networks. http://www.scmagazine.com/researchers-confirm-cases-of-ransomware-encryption-jumping-devices-via-cloud-apps/article/479572/ New OpenSSL Patches Soon to Come The OpenSSL project team announced last Thursday that they are working on patches to fix at least two "high" severity vulnerabilities in OpenSSL. This is the software that powers the cryptographic security layer of many web servers, browser
Read more