Tag Archives: vulnerability

[ISN] 6 critical updates for January Patch Tuesday

www.computerworld.com/article/3022060/security/6-critical-updates-for-january-patch-tuesday.html By Greg Lambert Computerworld Jan 13, 2016 Microsoft has started the year with a truly unusual Patch Tuesday. There are nine updates for January, with six rated as critical and the remaining three rated as important (the reverse of the usual distribution in terms of severity). January has a couple of additional surprises. First, it looks like MS16-009 did not make this Patch Tuesday release at all and may only surface later this month. Secondly, we see what has been rated as an important update with MS16-008 may contain the most severe vulnerability and the most risky patch contents. Thanks to Shavlik this month for their very helpful summary infographic detailing this January Patch Tuesday. MS16-001 — Critical The first update rated as critical for the year 2016 is MS16-001, an update for Microsoft Internet Explorer that attempts to resolve two reported vulnerabilities, that at worst could lead to a remote code execution scenario. This update affects all supported versions of Windows and will require a system restart due to the complete re-release of all IE related executables and supporting libraries. Microsoft has offered some advice on how to mitigate the risk of this particular vulnerability. However, this advice requires changing the ownership (and subsequent security settings) of one of IE’s core system libraries (VBScript.dll) which in practice is usually difficult to do and almost impossible to manage in an enterprise scenario. This is a “Patch Now” Microsoft update. MS16-002 — Critical The next critical update for this January Patch Tuesday is MS16-002 which attempts to resolve two reported vulnerabilities in Microsoft’s latest browser




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/ By Kim Zetter Security Wired.com 01/13/16 ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don’t know about them, the exploits can remain undetected for years before they’re discovered. Until now, they’ve usually been uncovered only by chance. But researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it. And they did so by using only the faintest of clues to find it. The malware they found is a remote-code execution exploit that attacks a vulnerability in Microsoft’s widely used Silverlight software—a browser plug-in Netflix and other providers use to deliver streaming content to users. It’s also used in SCADA and other industrial control systems that are installed in critical infrastructure and industrial facilities. The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic

arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/ By Dan Goodin Ars Technica Dec 17, 2015 An operating system used to manage firewalls sold by Juniper Networks contains unauthorized code that surreptitiously decrypts traffic sent through virtual private networks, officials from the company warned Thursday. It’s not clear how the code got there or how long it has been there. An advisory published by the company said that NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. There’s no evidence right now that the backdoor was put in other Juniper OSes or devices. “During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper Chief Information officer Bob Worrall wrote. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.” A separate advisory from Juniper says there are two separate vulnerabilities, but stops short of describing either as “unauthorized code.” The first flaw allows unauthorized remote administrative access to an affected device over SSH or telnet. Exploits can lead to complete compromise. “The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic,” the advisory said. “It is independent of the first issue. There is no way to detect that this vulnerability was exploited.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] When a single e-mail gives hackers full access to your network

arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/ By Dan Goodin Ars Technica Dec 16, 2015 When you’re a Fortune 500 company that’s a favorite target of sophisticated hackers, it often makes sense to install security appliances at the outer edges of your network to stop attacks before they get far. Now, researchers say they have uncovered a vulnerability in such a product from security firm FireEye that can give attackers full network access. The vulnerability, which is on by default in the NX, EX, AX, FX series of FireEye products, was FireEye last week, after researchers from Google’s Project Zero privately reported it. It made it possible for attackers to penetrate a network by sending one of its members a single malicious e-mail, even if it’s never opened. It’s not uncommon for outsiders to find such critical flaws in a security product. Still, the proof-of-concept exploit underscores that such game-over threats often extend to some of a network’s most critical equipment. As Google employee Tavis Ormandy explained in a blog post published Tuesday: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Known Security Flaw Found In More Antivirus Products

www.darkreading.com/endpoint/known-security-flaw-found-in-more-antivirus-products/d/d-id/1323480 By Kelly Jackson Higgins Dark Reading 12/8/2015 Turns out a vulnerability discovered earlier this year in antivirus software from AVG also was present in AV software products from Intel McAfee and Kaspersky Lab. The security bug


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Failure to update software left Naperville computers vulnerable: report

www.chicagotribune.com/suburbs/naperville-sun/news/ct-nvs-naperville-computer-hack-st-1025-20151023-story.html By Geoff Ziezulewicz Naperville Sun October 24, 2015 Hackers were able to break into Naperville’s computer network in an unprecedented 2012 cyberattack because of a vulnerability in the city’s Web software that had not been patched, even though an alert and update had been released roughly a month earlier, according to a Naperville police report. While city hall has declined Freedom of Information requests for some records from the attack that crippled its computer system for weeks, the narrative in the police report offers previously undisclosed details. Investigating the incident and beefing up the town’s cyber defenses has cost Naperville about $760,000, though cyber security experts say the hack used very basic, off-the-shelf tools to infiltrate Naperville’s computer network. “It’s a type of attack that is very common,” said John Miller, a cybercrime analyst with iSIGHT Partners, a global cyberthreat intelligence firm. “Nonetheless, it still has the potential to be very damaging.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Brit infosec bod finds Kaseya ‘master admin’ remote code exec holes

http://www.theregister.co.uk/2015/09/24/brit_infosec_bod_finds_kaseya_master_admin_remote_code_exec_holes/ By Darren Pauli The Register 24 Sep 2015 Three remote code execution and privilege escalation flaws have been reported in the Kaseya IT management software which when chained enable unauthenticated attackers to gain ‘master admin’ status. The remote upload holes reported by British Agile Information Security bod Pedro Ribeiro and since patched allow attackers to upload arbitrary code to Kaseya Virtual System Administrator. Any net crim can exploit words one vulnerability (CVE-2015-6922) to upload and execute arbitrary code on the server under the context of IIS. That flaw rated a severity score of 7.5 exists within the uploader.aspx page which fails to enforce authentication and does not restrict destination file paths. A privilege escalation flaw in the same feature and also rated 7.5 uin severity will make attackers ‘master admins’. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researcher to FireEye: If you’re not paying, I’m not talking

http://www.csoonline.com/article/2981474/vulnerabilities/researcher-to-fireeye-if-youre-not-paying-im-not-talking.html By Steve Ragan Salted Hash CSO Online Sep 8, 2015 On Sunday, Kristian Erik Hermansen disclosed an unauthorized file disclosure vulnerability in FireEye’s core product. The zero-day disclosure quickly generated public attention, as did the discussion around three other vulnerabilities that haven’t been published and the $10,000 USD price tag on the flaws. But the disclosed vulnerability and the three other unpublished flaws are not the only thing FireEye has to be concerned about, there’s plenty more where that came from. Hermansen, along with researcher Ron Perris, has claimed the discovery of at least thirty additional flaws in FireEye’s products. Many of them are in the HX line, but plenty of others exist in various products too, Hermansen added. As word of Hermansen’s disclosure spread online, the opinions of those discussing the issue were split. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail