Posts

Showing posts from 2017

Weekly Infosec News Brief: 10-16 July 2017

Image
Microsoft Issues Updates for 19 Critical Vulnerabilities on Patch Tuesday This month's Patch Tuesday saw Microsoft issue updates for 55 vulnerabilities in all, 19 of which were classified as critical. Several of the critical patches are for Internet Explorer 11, including some that could allow an attacker to remotely execute code against a vulnerable machine. An Office vulnerability (CVE-2017-8570) was also patched; the vulnerability could allow a malicious document to run arbitrary malicious code when a user opens a specially-crafted document. Another vulnerability (CVE-2017-8563), this one is the NTLM authentication protocol has engendered a lot of discussion. The key here is not just to patch, but also to ensure that SMB signing is enabled in your domain, and that Kerberos, rather than NTLM, is your primary authentication mechanism. SANS/ISC Summary of July 2017 Microsoft Updates Microsoft July 2017 Security Update Summary Adobe Releases New Version of Flash Player to

Weekly Infosec News Brief: 3-9 July 2017

Image
Three Million Customers' Data Left Exposed on Web by WWE WWE (World Wide Wrestling Entertainment) was found last week to have left personal data on over three million customers openly exposed on an AWS (Amazon Web Services) server. The data included customer names, addresses, earnings range, educational background, and birthdates, as well as the names, ages, and sexes of their children. This is far from the first such incident in the recent past; it is essential that organizations storing proprietary, personal, or sensitive data on AWS or other cloud-based platform ensure that they are storing the data in a secure fashion. Many seem to be assuming that such storage is secure by default, but this is far from true. Security Week: " WWE Exposes Details of 3 Million Customers on AWS " Windows 10 Creators Update to Include New EMET-Like Security Capability The Enhanced Mitigation Experience Toolkit (EMET) is a security add-on from Microsoft that provides powerful exp

Weekly Infosec News Brief: 26 June - 02 July 2017

Image
Microsoft Patches Another Critical Vulnerability in Windows Defender For the second time this year, Microsoft has pushed out an update to Windows Defender to patch a highly-exploitable vulnerability. Like the previous instance, this one was found by Google's Project Zero team, and again Microsoft pushed out the patch via the vulnerability via Windows Defender's built-in patching capability (which is independent of standard Windows updates). The good news is that the vulnerability is not believed to have been exploited by any real-world attackers, and Microsoft was able to release a patch within a few weeks of learning of the issue. The bad news is that Windows Defender is built into Windows, and if there are more similar vulnerabilities lurking in it there is little we can do to avoid them other than ensuring the automatic updates are enabled. http://www.csoonline.com/article/3203932/security/microsoft-plugs-another-critical-hole-in-windows-defender.html https://arstech
Image
                                   FOR IMMEDIATE RELEASE: JUNE 28, 2017 Contact: Anchor Technologies, Inc. Peter Dietrich (410) 295-7601 Anchor Technologies, Inc. Launches a Cyber Academy Delivering real-world cyber education from seasoned experts providing a quick and affordable path for IT professionals. COLUMBIA, MD,   June 28, 2017 – Anchor Technologies, Inc. (Anchor), a cybersecurity consulting firm headquartered in Columbia, Maryland, announced today that it is expanding its services offerings to include cybersecurity education and training.   With over fifteen years focused on cybersecurity, Anchor has leveraged that experience to launch a cyber academy, the Anchor Center for Cyber Skill (ACCS) designed to fill a gap in the market for real-world cyber education and skillsets. “This is not your typical training program”, said Anchor President and CEO, Peter Dietrich.   “The classes will be led b

Weekly Infosec News Brief: 11-18 June 2017

Image
Microsoft Patch Tuesday Fixes Massive Batch of Vulnerabilities, Including One Being Actively Exploited Microsoft's "Patch Tuesday" this month fixes 94 vulnerabilities, 27 of which involve potential remote code execution (generally the worst type of vulnerability). The most concerning vulnerability is CVE-2017-8543, a vulnerability in the Windows Search service that Microsoft says is already being actively exploited by malicious parties in the wild. The Search service is remotely accessed via Server Message Block (SMB), the same service that the ETERNALBLUE exploit (abused by WannaCry) abused -- organizations should ensure that the SMB protocol is not exposed outside their firewall. https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/ https://blog.qualys.com/laws-of-vulnerabilities/2017/06/13/microsoft-fixes-94-security-issues-in-massive-june-update https://www.scmagazine.com/microsoft-releases-patch-tuesday-fixes-including-wannacry

Weekly Infosec News Brief: 5-11 June 2017

Image
OneLogin Breach -- Attackers May Be Able to Decrypt Data A consistent recommendation of most security professionals has been for users and organizations to adopt single sign-on and secure password management programs. These programs, many of them cloud-based, reduce the need for users to remember a host of different passwords, thus making it easier for them to choose strong, unique passwords. While this is generally good advice, it is crucial to choose a provider with a strong security track record of their own. OneLogin, a single sign-on provider popular with corporate users, was compromised two weeks ago, and revealed last week that the attackers also obtained keys that may allow them to decrypt the stolen data. In the past, major breaches of password managers (such as LastPass) have apparently led to no true data loss, because the stolen data was strongly encrypted, and the keys were securely stored separately from the data. OneLogin users are advised to update their master pa

Weekly Infosec News Brief: 15-21 May 2017

Image
End of WannaCry Panic Should Result in Vigilance, not Relief, Experts Warn The massive WannaCry ransomware worm that spread with frightening speed the week more last fizzled out as quickly as it began. However, the story should be taken as a wake-up call for US organizations, not as cause to breathe a sigh of relief. In many ways, the WannaCry malware was amateurish and simple; the only impressive part was the use of the ETERNALBLUE exploit to enable its quick spread. It was easily disabled, and incorporated little in the way of anti-analysis and anti-detection techniques. If more determined and skillful folks leverage that same exploit (as it appears some may already be doing), we could see much more devastating results. Please ensure that all your Windows machines are fully-patched, particularly with the MS17-010 patch from March . Also, check your external network to see if you have any SMB services exposed (TCP port 445) and seek to block access from the Internet to that servic

Weekly Infosec News Brief: 01-07 May 2017

Image
Clever and Widespread Google Phishing Campaign Raises Concerns Last week a new worm spread rapidly through the Internet. It used a very convincing (because it was partly genuine) Google Docs invitation to lure Google users into giving access to their Gmail accounts, then copied itself to addresses in the victim's contacts. Repeating this process led to a rapid storm of emails. Google took action within an hour to remove the rogue app from users' account permissions and stem the tide of emails, but the success of the tactic shows the risk inherent in cloud-based accounts like this -- a quieter version of the same tactic could easily compromise a handful of people without attracting much attention. Selecting and authorizing specific file-sharing services for your organizational data is a good idea, as is ensuring users are trained in how to use them (and what NOT to do). https://arstechnica.com/security/2017/05/dont-trust-oauth-why-the-google-docs-worm-was-so-convincing/

World Password Day?

In honor of "World Password Day," we're providing some thoughts and tips to improving the security of the passwords you use. For better or worse (and in many cases it's definitely worse), passwords are still the primary authentication mechanism we use to control access to most computing resources. While multi-factor authentication is becoming more common (and it's a great thing to use if you can), much of our digital life still depends on the humble password. Really I don't even like the name, "World Password Day," because I'm trying to get people to think of them as "passphrases" -- as in multiple words separated by spaces, meaning quite a bit longer than we are used to using. A natural-languge phrase is easy to type, easy to remember, and (if it's long enough) very difficult to guess or crack. When I say long, you should be thinking at least 15 characters long. Remember, spaces are characters, too! Here are our key tips to

Weekly Infosec News Brief: 27 Mar-2 Apr 2017

Unpatched Vulnerability in Microsoft IIS 6.0 Web Services Announced A serious vulnerability in Microsoft Internet Information Server (IIS) 6.0 was publicized last week when someone posted proof-of-concept exploit code to GitHub. The vulnerability was apparently known to some hacker groups previously, and has been exploited in attacks since last summer, but its existence was not well-known and the ability to exploit it was not widespread. IIS 6.0 runs on Windows 2003 Server, which is no longer supported by Microsoft, so no patch for this flaw is expected to be released. Still, there are hundreds of thousands of publicly-accessible websites still running on IIS 6.0, so this is a serious issue. Critical Vulnerability Discovered in IIS 6.0 Web Services VMWare Issues Patches for Critical VM-Escape Flaws in Multiple Products Since virtual computing technology was popularized in the 2000s, the greatest security concern has been the possibility of "virtual machine escape," or

Critical Vulnerability Discovered in IIS 6.0 Web Services

Image
IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There are an