Information Security News
Go ahead and poo poo the overdone marketing of the Badlock vulnerability. With its fire-engine-red logo and a dedicated website that went live more than a month before the release of any patches, claims the risk was shamelessly hyped are justified. That said, Badlock represents a real and critical threat to virtually any organization that maintains a Microsoft network. Administrators who don't patch right away fail to do so at their own peril.
In a nutshell, Badlock refers to a defect in a security component contained in just about every version of the Windows and Linux operating systems. Known as the Distributed Computing Environment/Remote Procedure Call (DCE/RPC), it's used by administrators around the world to access the most valuable asset on any Windows network—the Active Directory, which acts as a network's digital security guard, allowing, for instance, an organization's CFO to log in to an accounting server, while locking out the janitor or the groundskeeper. Because Active Directories enforce security policies and contain password data and other crucial credentials, they are almost always the first asset hackers access once they gain a limited foothold into a targeted network.
By design, DCE/RPC is able to use a cryptographic system to protect connections between an admin's remote computer and the server running the Active Directory. In many ways, the system is analogous to the transport layer security protocol that protects connections between end users and the websites they visit. DCE/RPC ensures that parties are who they claim to be. It can also encrypt the data traveling between the parties. That way, anyone who happens to have access to the same corporate network—say, a rogue janitor or groundskeeper employed by the same organization—can't monitor or modify the crucial information inside the Active Directory.
That 'Badlock' Bug Is More Hype Than Hurt
Like a trailer for a blockbuster film, a PR campaign advertising the mysterious “Badlock” bug three weeks ago had computer security experts alternately mocking the company behind the campaign, as well as marking the date on their calendars for when the ...
As if political campaigns, shady telemarketers hawking home security systems, and the rest of the usual suspects aren't generating enough automated phone calls, three separate groups have used April tax paranoia to fuel fraudulent robocalls claiming to be affiliated with the Internal Revenue Service. Using calls masked by US phone numbers, these fraud campaigns seek to get anxious taxpayers to fall for their schemes by claiming to be directly from the IRS or from organizations seeking to collect on the IRS' behalf. The scams hit millions of phone numbers over the past few weeks.
Thanks to voice-over-IP technologies and cheap robocall systems, fly-by-night telemarketing operators are able to flaunt "Do Not Call" list laws and saturate blocks of numbers with calls that push products both real and fake. Ars hunted down one scam last year that used an outbound voice response system that attempted to convince call recipients that they were talking to an actual person, funneling them toward a fake magazine sweepstakes scam.
The Federal Trade Commission has been searching for technology to help fight robocalls for years. There have been some promising technologies developed to help fight them, such as Robokiller—a cloud service that won last year's FTC "Robocalls: Humanity Strikes Back" contest—but those technologies have thus far failed to materialize in a form that can help the average consumer. Robokiller's development went on hiatus late last year as the team behind it was pulled into other projects.
Among todays Patches, here is my personal patch ranking by order of urgency:
No strong preferences on the rest. Did anybody else notice that MS14-043 is missing?
Full patch summary:https://isc.sans.edu/mspatchdays.html?viewday=2016-04-12
If you dont like the layout, here is the API to make your own:https://isc.sans.edu/api/getmspatchday/2016-04-12
(or if you prefer jsonhttps://isc.sans.edu/api/getmspatchday/2016-04-12?json )
Today, Microsoft and the SAMBA team jointly released a fix for CVE-2016-2118 , a vulnerability also known as BadLock. While a man in the middle and DoS vulnerability may not quite be the type of vulnerability everybody was waiting for, it should still be taken seriously and patched.
You are of course the most at risk if you are allowing SMB traffic over un-trusted networks, which has always been a bad idea. Exploitation of a man-in-the-middle vulnerability does require that the attacker is able to intercept traffic. The use of a VPN would prevent exploitation.
Due to the hype associated with this vulnerability, you will likely get a lot of questions about it. Overall, nothing fundamentally changed:
LockPath Announces Expansion of Patented Dynamic Content Framework in Keylight 4.4
EIN News (press release)
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to ...
Confer Opens New Office to Accommodate Rapid Growth
PR Newswire (press release)
Confer was recognized as a Leader in Endpoint Security at RSA Conference by Cyber Defense Magazine Infosec Awards, and won Gold and Silver Product and Startup of the Year Awards at the 2016 Info Security Product Guide's Global Excellence Awards®.
Security Intelligence (blog)
Critically Overconfident? Execs Double Down on Total Threat Detection
Security Intelligence (blog)
Solving this problem requires a two-fold effort: InfoSec professionals need to get better at clearly articulating threats to non-IT staff, and C-suite members need to ask for the gritty details rather than spit-polished overviews. The bottom line for ...
Adobe Releases Emergency Flash Update to Combat Ransomware Attacks
The bug in Flash Player was discovered by the researchers at Infosec and Trend Micro Inc. The vulnerability affected Flash Player versions for all the platforms – Windows, Mac, Chrome and even Linux – leaving more than a billion customers of Adobe ...