Category: Security

Security Now 573: Memory & Micro Kernels

Steve Gibson of GRC discusses the latest in security issues. He talking about the Microsoft “Golden Key”, AdBlock, unblock, counter-unblock and counter-counter-unblock. Leo talks about Avast A/V. Steve talks about a mistake with the Internet IP Protocol, a change to Microsoft Windows Update Policies, a cool way for developers to decrypt and inspect local TLS traffic, trouble with the Windows Identity leak mitigation, micro kernels and Intel’s memory breakthrough.

Details of this episode with links and more information are found in the Security Now #573 show notes. A transcript and audio versions of the show are also available.

Steve talks about how there has been a lot of misreported hack of Microsoft’s golden key. The hack was about the Microsoft Secure Boot and how it affects older Microsoft Operating systems. Facebook is trying to bypass Adblock. Adblock has defeated Facebook’s bypass.

Steve reviews the Linux TCP side channel attack that is part of RFC 5691 from a third-party which could allow hijacking of traffic and data injection.

Microsoft simplifies Windows Update by rolling all updates into large updates. However it will no longer allow individual selection of individual updates. It is and all or nothing approach. Microsoft will now support Skylake for all security updates, which previously were not.

Wireshark will not allow the ability to decrypt TSL traffic.

EFS Network Management encourages administrators and users to check the latest video podcast of Security Now.

If you need tech support with a security issue please open a EFS Network Management Support Request and we will take a look at the issue or you can contact us for help.

August 8 Weekly DHS US-CERT Security Summary

The Department of Homeland Security’s division of US-CERT (United States Computer Emergency Readiness Team) has released the latest weekly security notices for software that has new known security issues. SB16-228: Vulnerability Summary for the Week of August 8, 2016 Cyber Security Bulletin listed all the details.

EFS Network Management encourages users and administrators to check the DHS US-Cert Security Bulletin for software vulnerabilities that might affect their business.

dhs

The security bulletin this week’s covers the following software: Cisco, Android, Linux, Microsoft Operating Systems, Browser and Office, PHP, Adobe products, Google Chrome, VMWare, Wireshark, WordPress, Apache, SAP, IBM software and many other products.

Please expect that there maybe issues with the updates. There are no known issues at the release of this security notice from DHS US-CERT.

It is important to check this list of products to decide if your organization is using them. If so, please update the affected software to address known security issues. These security vulnerabilities may allow remote code execution with full system privileges.

If issues do arise, please reboot the system to see if it will self-heal and recover. If it does not recover please open a EFS Network Management Support Request and we will take a look at the issues or you can contact us for help.

Security Now 572: Defcon & Blackhat, Part 1

Steve Gibson of GRC discusses the latest in security issues with Windows 10 AU (Anniversary Update), Apple’s Bug Bounty policy change, new Android takeover flaws, another way of tracking web visitors, hackers spoof Tesla auto sensors, Firefox, LastPass, and issues HTTP.

Details of this episode with links and more information are found in the Security Now #572 show notes. A transcript and audio versions of the show are also available.

There are known issues with the Windows Anniversary Update with McAfee and Avast antivirus software. Edge browser is hanging on websites that have lots of ads. There are reports of damages to Dual boot partitions. The update also comes with a new bundle of crapware such as Solitaire, Candy Crush Soda Saga, Pandora, Asphalt 8, Age of Empires Castle Siege, FarmVille 2, and Minecraft.

Windows 10 AU re-enables all privacy related features if previously disabled by users. Group Policy editor and certain policies were removed from Window 10 Pro AU and the corresponding registry keys no longer work either. So Pro users have no ability to make Group Policy changes. Examples of changes are users are no longer able to disable, crapware installs from third parties, cannot disable Cloud Content features, turn off Windows Tips, no longer customize logon screen, or disable the Windows Store.

Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products.

There is lots of security news from Defcon and Black.

There are four newly disclosed ‘Quadrooter’ flaws affect over 900 million Android phones.

EFS Network Management encourages administrators and users to check the latest video podcast of Security Now.

If you need tech support with a security issue please open a EFS Network Management Support Request and we will take a look at the issue or you can contact us for help.

August 2016 Microsoft Security Updates

SUMMARY OF August 2016 SECURITY UPDATES

Microsoft has released 9 updates for the August monthly Security Update addressing vulnerabilities in Microsoft desktop and server operating systems, Office versions and other Microsoft software. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

These updates address issues with Internet Explorer, Microsoft Edge, Windows Kernel mode drivers, Graphic components, Microsoft Office, Secure Boot, Windows authentication, Windows PDF library and ActiveSync that could all remote code execution with full system privileges.

EFS Network Management encourages users and administrators to check the Microsoft Security Bulletins MS16-095 through MS16-103.

Microsoft was late releasing the notice on this Tuesday. We have noticed that updates have already been auto downloaded and installed on some desktops and servers. Microsoft releases the latest security updates at a random time after the second Tuesday of the month which is August 9, 2016. These Microsoft security updates will patch issues that might allow an attacker or malicious code remote access to the system with full privileges.

These updates will auto installed at a random time by Microsoft if the computer has been setup for auto updating. These update  usually take place late at night to the servers and desktops and will occur over the next few days.

Please expect that there maybe issues with the updates. There are no known issues at the release of this notice from Microsoft.

If issues do arise, please reboot the system to see if it will self-heal and recover. If it does not recover please open a EFS Network Management Support Request and we will take a look at the issues or you can contact us for help.

August 2016 Apple IOS Security Update

August 2016 Apple IOS Security Update

The Department of Homeland Security’s division of US-CERT (United States Computer Emergency Readiness Team) has released a security vulnerability notice for Apple’s IOS. 

This vulnerability may allow a remote attacker to take control of an affected system. The update is for iPhone 4s and later, iPad 2 and later, and iPod touch (5th generation) and later.

EFS Network Management encourages users and administrators to check the DHS US-CERT Security Bulletin on Apple IOS Security Update for August 2016  or Apple’s IOS Security Update 9.3.4.

DHS-US-CERT

 

EFS Network Management recommends users and administrators to apply the necessary updates.

If issues arise after applying the updates, please open a EFS Network Management Support Request We will take a look at the issue or you can contact us for help.