Saturday, March 7, 2015

Weekly Infosec News Summary - 02-08 Mar 2015

This isn't ALL the news, just the news that is most critical to small and medium organizations and which calls for action.

Law Firms Create Industry System for Sharing Data on Cyber Threats The banking, defense, and energy industries all have created systems for sharing cyber threat data, clearinghouses where organizations dealing with attacks or breaches can share information to help their peer organizations detect and deal with similar threats. Now a group of large, international law firms is doing the same for their industry. http://thehill.com/policy/cybersecurity/234722-law-firms-to-share-info-about-cyber-threats

Federal Cybersecurity Incidents up 15% in FY 2014 An OMB report released February 27th shows federal cybersecurity incidents at over 70,000 in fiscal year 2014. The total number may due as much (or more) to improved detection as to increased attacks. The most interesting aspect was the fact that the report says nearly half of the incidents could have been prevented by the use of stronger authentication methods, such as two-factor authentication. Is your organization using two-factor authentication? http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_fisma_report_02_27_2015.pdf http://thehill.com/policy/cybersecurity/234601-cyberattacks-on-government-hit-record-high

"Domain Shadowing" on the Rise as it is Leveraged by Angler Exploit Kit The phenomenon of "domain shadowing" refers to the malicious practice of breaking into organization's hosted DNS settings and adding subdomains to point to malicious sites. This can happen with your organization's domain and can easily go undetected for a long time if you're not checking frequently. SANS' Internet Storm Center has an old post from 2011 on the phenomenon with good suggestions on avoiding it and monitoring if it's happening. http://blogs.cisco.com/security/talos/angler-domain-shadowing

New Chrome Release, Chrome 41, Fixes 51 Vulnerabilities A new release of Google Chrome was released last Tuesday. The new release fixes fifty-one security flaws, many of them serious. Chrome has a robust and highly automated update mechanism, so your Chrome installations have most likely already updated themselves. If your organization runs a centrally-managed deployment of Chrome, be sure to test and release this update if you haven't already. http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://www.scmagazine.com/chrome-41-update-includes-51-security-fixes/article/401937/

D-Link Releases Firmware Updates for a Number of Vulnerable Routers A major vulnerability in D-Link router/firewalls was publicized last Monday, and an update is now available. Like most router/firewall vulnerabilities, this one is most dangerous when administration is allowed from outside the protected network. These routers are most often used in homes and very small organizations, but may be in use in some branch offices as well. Also, the threat is significant enough to pass the information off to your users if they work from home at all. This vulnerability also highlights the danger of disallowing remote administration of your firewall; THIS is an issue that affects many organizations' enterprise-class firewalls as well as many home firewalls. http://www.scmagazine.com/d-link-issues-firmware-updates-to-address-router-vulnerabilities/article/401707/

Monday, March 2, 2015

Weekly Infosec News Summary – 23 Feb - 01 Mar, 2015

Nearly Half of Breaches Due to Vulnerabilities that are Two to Four Years Old
Old vulnerabilities, for which patches have long been available, are to blame for a large number of breaches according to a report from Hewlett-Packard’s security team. Many enterprises are far enough behind in patching that vulnerabilities in software such as Java from as long ago as 2011 are still leading to significant malware infections and data breaches. As always, a good vulnerability management and patching strategy is essential for all organizations.
http://www.eweek.com/security/lack-of-patching-remains-a-top-security-risk-hp-report-finds.html

Bad Norton Anti-Virus Update Crippled Internet Explorer on Some Computers
An anti-virus update released by Symantec for several Norton and Symantec security products caused conflicts or complete failure of Internet Explorer for many customers. Symantec issued a new update the next day to fix the issue. In many cases, a manual update was required to resolve the problem. Updates for security software are a tricky issue; installing them regularly and quickly is important, but problems have not been uncommon in the past. If possible, a quick test on a sample computer is a good practice before authorizing an organization-wide update of any software.
http://www.scmagazine.com/faulty-norton-security-update-leads-to-internet-explorer-crash/article/399692/
https://support.norton.com/sp/en/us/home/current/solutions/v108623038_EndUserProfile_en_us?inid=hho_supp_supp_iecrashes

Google Expands Warnings on Potentially Unwanted or Malicious Downloads in Chrome
Google’s Chrome web browser has had built-in warnings for the past couple of years when users attempt to download software that is known or suspected of being malicious or “potentially unwanted” (a catch-all for adware and other nuisance programs that are not explicitly malicious). Last week Google expanded these warnings to warn users when they visit websites which are known to host such downloads, even before the user attempts to actually download such files.
http://www.computerworld.com/article/2887972/chrome-warns-users-of-devious-software-that-could-impact-googles-business.html

Firefox Update Released; Version 36 Fixes a Number of Critical Vulnerabilities
Last Tuesday Mozilla released an updated version of their Firefox web browser which fixes a total of 17 security flaws, six of which are rated “high” and three of which are rated “critical.” This is a regularly-scheduled Firefox update.
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
http://www.eweek.com/enterprise-apps/firefox-36-gains-http2-support-fixes-critical-vulnerabilities.html