ANCHOR CYBER FEED

IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There ar...

Microsoft Releases Massive Amount of Updates, Fixing 135 Vulnerabilities in 17 Security Bulletins ​After February's abortive Patch Tuesday, March's Patch Tuesday is predictably larger than usual. Nine of the bulletins are marked as critical. The Windows updates are bundled together per Microsoft's new patch distribution method, though the updates for the IE and Edge browsers are available separately. Several of the critical vulnerabilities fixed here are already publicly-known, and some are already being actively exploited. These include the GDI vulnerability fixed by MS17-013 and two of the browser vulnerabilities fixed in MS17-006/007. We recommend that organizations test and deploy these updates as quickly as possible. https://technet.microsoft.com/en-us/library/security/MS17-MAR http://www.computerworld.com/article/3180996/security/largest-ever-patch-tuesday-from-microsoft.html http://www.csoonline.com/article/3181411/security/microsoft-fixes-record-number-of-fla...

The broad adoption and use of cryptography throughout modern enterprises is an important innovation and a key tool to improve the security of organizational systems and data. However, cryptography creates some complexities and dependencies that are often not well accounted-for and can lead to system downtime as a result. The use of cryptographic certificates for encryption and authentication is a key source of such downtime. In a recent survey , 79% of responding organizations said they had suffered at least one certificate-related system outage during 2016; 38% suffered six or more such outages! This is something that we see from time-to-time in our business. Even when an outage is not directly attributable to a certificate problem, it is common to see a system or service restore be significantly delayed due to a difficulty in restoring a certificate or a need to generate or obtain new certificates. A recent incident at the Department of Homeland Security underscores the risk h...

As the Internet of Things (IoT) market progresses, the number of malware threats targeting the sector is rising as well. The ultimate goal for many of these IoT threats is to build solid botnets in order to launch distributed denial of service (DDoS) attacks. Some of the threats that lack DDoS capabilities might still install DDoS-capable malware, researchers say. “DDoS attacks remain the main purpose of IoT malware. With the rapid growth of IoT, increased processing power in devices may prompt a change of procedures in the future, with attackers branching out into cryptocurrency mining, information stealing, and network reconnaissance,” Symantec concludes. http://www.securityweek.com/ddos-attacks-are-primary-purpose-iot-malware ​ http://www.securityweek.com/linux-xor-ddos-botnet-flexes-muscles-150-gbps-attacks

A few weeks ago a vulnerability was publicized in the VPN functionality of Cisco PIX firewalls, along with a tool to exploit it. This exploit was part of the Shadow Brokers dump of tools allegedly stolen from the NSA; in this case it was the BENIGNCERTAIN tool. This exploit was viewed as being of limited impact, since Cisco discontinued support for the PIX firewall years ago in favor or their newer ASA firewall line. This weekend it was announced that the same vulnerability exists in the IOS software that powers the vast majority of Cisco devices. This means that Cisco routers and routing switches with VPN functionality can be exploited with the BENIGNCERTAIN tool as well, rendering their VPN sessions subject to snooping. The vulnerability affects all versions of IOS going back to 12.2, as well as most versions IOS XR and IOS XE. Cisco has not yet released updated software to fix this issue, and they say there are no work-arounds; they have, however, published intrusion detectio...

Last week, former Secretary of State General Colin Powell became the latest public figure to have his personal email account hacked and his messages exposed publicly, to great embarrassment to himself and others. He joins a long list of political, government, and entertainment figures who have endured this same fate. Organizations cannot ignore the potential impact of such an incident occurring to one of their personnel, especially senior management in highly visible roles. The good news is that this type of incident is avoidable. The majority of these incidents have happened when a user's password was guessed, obtained via keystroke monitoring or other snooping, or reset via social engineering. The social engineering method that has been used against many prominent people, including the Director of the CIA and the Director of National Intelligence, was to contact their Internet provider or phone company and request a password reset. These methods can be largely defeated using ...

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . If anti-virus is the most basic control people think of in securing a computer, then firewalls serve the same role in network security. To many laypersons, “firewall” is synonymous with network security. But it was not until the late 1980s that practical network packet filters were introduced, allowing organizations to connect two networks while controlling what types of traffic were allowed, to which endpoints, and in which directions. Firewalls these days have evolved into “next-generation firewalls” or even “unified threat management devices.” These names denote two trends in the evolution of firewalls: the ability to filter traffic based on more detailed traffic properties, and the incorporation of other security functions (such as intrusio detection/prevention) that were traditionally provided by other devices. The f...