Weekly Infosec News Brief: 10-16 July 2017


Microsoft Issues Updates for 19 Critical Vulnerabilities on Patch Tuesday

This month's Patch Tuesday saw Microsoft issue updates for 55 vulnerabilities in all, 19 of which were classified as critical. Several of the critical patches are for Internet Explorer 11, including some that could allow an attacker to remotely execute code against a vulnerable machine. An Office vulnerability (CVE-2017-8570) was also patched; the vulnerability could allow a malicious document to run arbitrary malicious code when a user opens a specially-crafted document. Another vulnerability (CVE-2017-8563), this one is the NTLM authentication protocol has engendered a lot of discussion. The key here is not just to patch, but also to ensure that SMB signing is enabled in your domain, and that Kerberos, rather than NTLM, is your primary authentication mechanism.
SANS/ISC Summary of July 2017 Microsoft Updates
Microsoft July 2017 Security Update Summary

Adobe Releases New Version of Flash Player to Fix Multiple Vulnerabilities

Last Tuesday, Adobe released a new version of their Flash Player (26.0.0.137) to fix a number of critical vulnerabilities. Several of these could allow for remote code execution by a malicious website or similar means. Organizations should definitely update as soon as possible; if relying on Flash to automatically update itself, consider how you can verify this is occurring successfully on all affected machines. For the long term, organizations are urged to consider how they can move away from allowing Flash at all. Removing Flash entirely, or enabling it as "click-to-play" only, is highly advised.
Adobe Security Bulletin on July 2017 Flash Update
Center for Internet Security Advisory on July 2017 Flash Update

Millions of Verizon Customers' Account Info Inadvertently Exposed on Cloud Server

A firm hired by Verizon to help analyze customer service data was found last week to have left a large amount of such data exposed on an Amazon Web Services (AWS) S3 cloud server. The data on approximately six million Verizon customers was stored in an S3 data bucket and had no authentication required, meaning anyone with the URL could access the data. The dataset included customer names, phone numbers, home addresses, email addresses, customer service records, and, in some cases, PINs that are used to verify customer identities. Some data, including PINs, was asked in some records, but not in others. The exposure of PINs is especially concerning, as it could allow a malicious individual to take over an exposed user's account. This is just the latest in a series of large unintentional data exposures involving web services, and particularly Amazon S3. It is vital for organizations using these services to ensure that security is properly configured.

Former Employee Convicted of Post-Employment Revenge Hacking Rampage

A former employee of a security firm was convicted last month in connection with a weeks-long campaign of attacks against the firm. The actions took place from December 2012 to January 2013, leveraging a free, cloud-based remote access software he installed on an employee's PC before his departure. The employee, Jonathan Eubanks, had been an employee for twenty years. After departing the firm, he used the remote access software to log in to an employee's PC and installed a number of other freely-available hacking tools. Eubanks harvested and cracked passwords, accessed internal databases, sent defaming emails, and disabled the firm's website (later redirecting it to a competitor's). This type of situation is a strong argument for why organizations need to control the software installed on organizational PCs, and have strong controls in place regarding the use of remote access software such as LogMeIn and GoToMyPC.

Comments

Popular posts from this blog

Weekly Infosec News Brief 20-26 July

Weekly Infosec News Brief: 14-20 March

Critical Vulnerability Discovered in IIS 6.0 Web Services