ANCHOR CYBER FEED

Major Vulnerability in Juniper Firewalls Found and Patched Last Thursday it was revealed the Juniper's ScreenOS operating system, which runs Juniper's firewalls, had a section of "unauthorized code" added to it as far back as 2012. The added code allows an attacker to remotely gain administrative access to the firewall and to decrypt encrypted VPN traffic. The issue affects versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, and a patch is currently available. Juniper states that they found the code during an internal code review and do not know how it got there. http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/ ​ http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/ http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554 Major Vulnerability in FireEye Devices Found and Patched ...

Microsoft "Patch Tuesday" Includes Eight Critical and Four Important Fixes The last big batch of Microsoft patches for 2015 is indeed a big one. Eight of the patches are marked as "Critical" and allow for potential remote code execution. MS12-128 fixes a graphics vulnerability in all supported versions of Windows, as well as many versions of .NET Framework, Skype, Lync, and Office that could allow an attacker to execute arbitrary code. MS15-124 fixes a number of critical vulnerabilities in Internet Explorer (all supported versions) that could allow a malicious web page to run arbitrary code on the vulnerable machine. MS15-131 affects MS Office 2007 and newer, and fixes six vulnerabilities that could allow a malicious Office document to run arbitrary code on a vulnerable machine. These three are the ones the affect the most widely-deployed software and are most easily exploitable, and they should be tested and deployed as soon as possible. MS15-127 affects DN...

US Department of the Interior Inspector General Report Details 19 Major Incidents at the Agency The Department of the Interior experienced nineteen major cyber incidents over the past several years that had been previously undisclosed. A large amount of sensitive data with economic value is believed to have been stolen. The report explains how several of the incidents were not detected for some time as well as the fact the the extent of some of the intrusions is still not fully known. A key lesson is that cyber incidents are often not readily apparent; it is not wise to assume you have not been compromised simply because you are not aware of a compromise. http://www.nextgov.com/cybersecurity/2015/11/interior-department-hacked-china-others-19-times/123990/?oref=ng-channelriver Microsoft Re-Issues Windows 10 Fix the Reset Some Users' Privacy Settings On November 24th, Microsoft re-issued a major Windows 10 update that was causing many users' privacy settings to reset t...

Dell Laptops Shipped with Unsecure Certificate Authority Installed Dell laptops shipped since this August included, pre-installed, a root certificate authority from Dell called "eDellRoot" that also included the authority's own private key. Even deleting the root certificate does not solve the problem, as the "Dell Foundation Services" Windows service will re-install the certificate if it is deleted. The Dell System Detect service has also been found to install its own root certificate, including the private key. Because these certificates include their own private keys and are installed as root certificate authorities in the OS, an attacker could create their own certificates signed by these and the relevant computers would see them as legitimate signed certificates for websites, drivers, and other software. Lenovo was found last year to similarly install their own root certificates for pre-installed software. Because of the difficulty of avoiding these typ...

Growing Concern About Java Deserialization Bug as a Working Exploit is Demonstrated A long-standing concern about how Java handles serialized objects is drawing increased concern because of a practical exploit demonstrated by Foxglove Security last week. The exploit potentially affects a large number of Java web applications (Java Server Pages), and has been proven to affect common middleware layers including JBoss, WebSphere, and WebLogic. The flaw's exploitability is highly dependent on how applications are developed; if your enterprise has any externally-exposed Java-based web applications, you should ensure your developers are checking for this flaw. http://www.darkreading.com/informationweek-home/why-the-java-deserialization-bug-is-a-big-deal/d/d-id/1323237 http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thevulnerability Dell Laptops Shipped with Unsecure Certificate Autho...

Microsoft Issues Twelve Updates, Including Four to Fix Critical IE and Windows Vulnerabilities Last week, on “Patch Tuesday,” Microsoft issued a new batch of updates for its products. Four of these are classified as “critical,” including one for Internet Explorer, one for their new Edge browser (part of Windows 10), and one for the Windows kernel. The Internet Explorer vulnerability, MS15-112, is the most likely to be exploited in the wild, and should be a priority for organizations to patch as quickly as possible. The Windows patch, MS15-115, was modified and re-released on Wednesday after some users experienced problems following its installation. If you have not installed security update 3097877 yet, ensure you have the version from November 11th before installing. https://support.microsoft.com/en-us/kb/3097877 http://www.computerworld.com/article/3004464/application-security/four-critical-patches-for-november-patch-tuesday-update-core-windows-and-office-components.html http:/...

Microsoft to Start Blocking SHA-1 Certificates Earlier than Planned Following the announcement last month that the SHA-1 hashing algorithm is even easier to defeat than previously believed, tech companies are moving up their timetables to stop using certificates based on the outdated algorithm. Microsoft is now following Google (with Chrome) and Mozilla (with Firefox) in announcing that their products will stop accepting SHA-1 certificates in June of 2016, rather than at the end of 2016 as originally planned. Websites and applications still using SHA-1 certificates will soon be causing users to receive security warnings from most popular browsers. You can check your site’s certificate (or others sites’ certificates) at Qualys’ SSL Labs . http://www.computerworld.com/article/3001681/security/microsoft-follows-mozilla-in-considering-early-ban-on-sha-1-certificates.html Flaw in TrueCrypt Software Allows for Potential Full System Compromise TrueCrypt is a popular tool available ...