Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

(credit: Fortinet)

Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company's NetScreen line of firewalls, researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.

The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol. Researchers were able to unearth a hard-coded password of "FGTAbc11*xy+Qqz27" (not including the quotation marks) after reviewing this exploit code posted online on Saturday. On Tuesday, a researcher posted this screenshot purporting to show someone using the exploit to gain remote access to a server running Fortinet's FortiOS software.

This partially redacted screenshot purports to show the exploit in action. (credit: @dailydavedavids)

Ralf-Philipp Weinmann, a security researcher who helped uncover the innerworkings of the Juniper backdoor, took to Twitter on Tuesday and repeatedly referred to the custom SSH authentication as a "backdoor." In one specific post, he confirmed he was able to make it work as reported on older versions of Fortinet's FortiOS.

Read 4 remaining paragraphs | Comments

 

Overview of the January 2016 Microsoft patches and their status.

 
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems
 
# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS16-001 Cumulative Security Update for Internet Explorer (Replaces MS15-124 )
Internet Explorer
CVE-2016-0002,">Critical: Anything that needs little to become interesting">Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
  • --
    Alex Stanford - GIAC GWEB GSEC,
    Research Operations Manager,
    SANS Internet Storm Center
    /in/alexstanford

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

    83% of InfoSec Pros Think (Another) Successful Cyberattack On Critical ...
    Dark Reading
    83% of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016. ISACA survey finds that a majority of cybersecurity professionals feel privacy is being compromised in effort to create stronger security regulation ...

    and more »
     
    Internet Storm Center Infocon Status