Vim modelines Remote Command Execution (Dec 23, 2016)

/in /by

Vim (a contraction of Vi IMproved) is a clone of Bill Joy’s vi text editor program for Unix. It was written by Bram Moolenaar based on source for a port of the Stevie editor to the Amiga. Vim is designed for use both from a command-line interface and as a standalone application in a graphical user interface.

A remote code execution vulnerability exists in the modeline component of Vim. The vulnerability is due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote attacker can exploit this vulnerability by enticing a victim to open a file containing a malicious modeline in Vim. Successful exploitation can result in arbitrary command execution in the context of the current user.

The vulnerability has been assigned as CVE-2016-1248.

SonicWall provides protection against multiple versions of this threat via the following signatures:

  • IPS sid:12547 “Vim modelines Remote Command Execution 1”
  • IPS sid:12548 “Vim modelines Remote Command Execution 2”

Scale Out Network Security So You Don’t Have to Scale Down Business

/0 Comments/in , /by

In most organizations, the same issue is being felt – how can network security be increased without lowering performance within a budget? How much risk is acceptable? If your organization is not facing this issue, you should be looking at the growth of encrypted web traffic (https) and cloud computing and how your current firewall maintains performance and/or efficacy in this new environment. According to recent data, encrypted web traffic consists of up to ~60% of overall traffic with less than ~25% of organizations inspecting that traffic. And the move to cloud is upon us, with SMB and medium enterprise leading the way – how can we ensure security is maintained when legacy architectures can’t keep up? According to NSS Labs, the typical network firewall loses up to 81% of its performance when SSL (https) encryption is enabled – so many face the decision to lock the door and significantly less performance or leave it open and play the odds. Threats are increasingly arriving over secure channels and inspection of SSL traffic is quickly becoming mandatory to mitigate the threat and reduce the attack surface and risk exposure companies face – but at what cost?

Unlike competitors that force a forklift upgrade or move to ever larger and more expensive firewalls to keep up, SonicWall next-generation firewalls leverage a multicore network parallel processing architecture to help you keep security turned on and performance turned up. Not only is our architecture more efficient, but it’s more cost effective since we can easily scale from 1 processor in the smallest firewall to over 1152 processors in our SonicWall Firewall Sandwich of up to 16 firewalls – delivering up to 80Gbps of SSL inspection and among the highest efficacy rates in the industry according to NSS Labs. With our new Capture Advanced Threat Protection (ATP) service, SonicWall is the only vendor that can also provide the same level of multi-sandbox scaling – so security and performance can both be turned up to the max. Because SonicWall leverages cost-effective single U hardware, many organizations wont’ have to decide whether to turn up security or turn down business.

For more information on how the SonicWall Firewall Sandwich can help your business download an executive brief: Scaling Next-Generation Firewalls For Data Center Modernization.

DOWNLOAD EXECUTIVE BRIEF

SonicWall Survey Results Reveal Lack Of Preparedness for GDPR in EMEA

/0 Comments/in , /by

Designed to strengthen protection of personal information for all EU citizens, the General Data Protection Regulation – GDPR – goes into effect in May 2018 and may affect companies of all sizes, in all regions, and in all industries, who holds EU citizen personal information. Those who will be victim of a data breach when the GDPR goes into effect risk significant fine (up to Euros 20millions or 4% of their global revenues), and loss of reputation, that could bring the business to its knees.

In September 2016, SonicWall conducted a global survey on the European Union’s new General Data Protection Regulation (GDPR), revealing that organizations ‒ both SMBs and large enterprises ‒ lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes. Survey results show that 82% of global IT and business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliance. Although the majority of global IT and business professionals express compliance concerns, respondents lack general awareness of GDPR, and they are neither prepared for it now, nor expect to be when it goes into effect, which is very worrying.

These results are very concerning as we are just 18 months away from the new regulation being implemented.

Don’t wait until it is too late: listen to the recorded webinar that sheds some light on the ins and outs of the new GDPR requirements and how to increase your overall data security posture to minimise the cyber risks and potential financial fines.

I also invite you to engage with a local legal firm who specialises in data security compliance and regulations, like Cordery in the UK, whose GDPR FAQs document is also very informative. Jonathan Armstrong, Partner at Cordery, recently told me:

“GDPR will be a game-changer for corporations.  It will mean greater visibility for mistakes, more questions from the board and higher fines.  There’s less than 18 months to go – that’s not a lot of time for the fundamental changes some business have to make to the way in which they deal with vendors, they way they train their employees and the technology they use. The time to get ready is now.”

This new regulation provides uniform data protection rights across the EU, and, to be in compliance, both European organizations and those outside of Europe that deal with European citizen personal information must adopt an adaptive, user-centric, layered security model approach around the tenets of prevent, detect, respond and predict.

To be GDPR-compliant and maintain it, you will need to carry regular audits and deploy network security solutions that will enable you to:

Protect the perimeter. Deploy next-generation firewalls to reduce the network’s exposure to cyber threats, mitigate the risk of data leaks that could lead to a data breach resulting in stiff penalties assessed under GDPR, and deliver the forensic insight required to prove compliance and execute appropriate remediation following a breach. The SonicWall next-generation firewalls protect against emerging threats and feature deep packet inspection; real-time decryption and inspection of SSL sessions; adaptive, multi-engine sandboxing; and full control and visualization of applications.

Facilitate secure mobile access. Foster the secure flow of covered data while enabling employees to access the corporate applications and data they need in the way they prefer, and with the devices they choose. Enhance data security (while removing access obstructions) by combining identity components, device variables and temporal factors (time, location, etc.) to deliver an adaptive, risk-based approach that ensures the right access all the time, every time, while concurrently improving data protection and GDPR compliance.

Ensure email security. To fulfill GDPR requirements, achieve full control and visibility over email activity to mitigate the threat of phishing and other email-based attacks on protected information, while enabling the secure and compliant exchange of sensitive and confidential data.

IDC is advising companies to not put off early consideration of GDPR. The scale, complexity, cost and business criticality of GDPR means that it will take (at least) two years for most companies to achieve full compliance. Most companies of all sizes need to start now.

Playing Media Files Can Lead to Remote Code Execution in Linux

/in /by

A new 0-day vulnerability in Linux desktops was recently reported. This is due to a flaw in game-music-emu. Game-music-emu is a plugin that allows emulation of various CPU and audio processors, thereby letting a user play different kind of music files. The flaw is in the way game-music-emu emulates the SNES CPU and audio processor. A specially crafted SNES music file allows an attacker to execute remote code onto the system.

An analysis of the available POC samples is as follows:

By itself, the above code has been shown to cause the emulator to crash. This is caused by attempting to write to a location outside of the available memory.

The problem shown in the POCs is that the emulator does not have out-of-bounds checking for very large or negative values.

An attacker can thus create a specially crafted SNES music file and rename it either as .flac or .mp3 to entice an unsuspecting user to load the file onto a player that uses the gstreamer framework. Game-music-emu is part of a plugin that can be added to the gstreamer framework.

SonicWALL Threat Research Team has written the following signature to help protect our customers from this attack:

  • SPY 1074: Malformed-File spc.OT.1

Three Tough Questions You Must Ask About HTTPS to Avoid Cyber Attacks

/0 Comments/in , /by

Preventing your organization from being the victim of an inevitable cyber-attack is paramount so it is important for us to kick off this blog with an important risk question.

Do you know whether or not your organization‘s firewall is inspecting HTTPS traffic traversing its networks?

I have polled this question on numerous webinars I have conducted over the past year. The results consistently showed the majority of organizations have yet to perform HTTPS inspection as part of their defense strategy. With HTTPS on the rise, accounting for nearly two-third of your organization’s internet traffic today, hackers have expanded their craft to use the protocol to obfuscate their attacks and malware from security systems. Your timely response to this new threat could mean the difference between experiencing a material breach versus successfully averting one. Of course, the latter would be desirable. So, should you have the slightest doubt about your organization’s security posture to deal with encrypted threats, I want you to immediately pause and resume reading this post after you have spoken to your IT security leaders. I’d like you to raise your concerns about the potential millions of intrusions and tens of thousands of malware attacks launched against your organization each and every hour – many of which are likely new versions of ransomware delivered inside of HTTPS sessions. If the firewall is not inspecting this traffic, it would not have the ability to understand what is inside that traffic – whether a file is benign or malicious, credit cards being stolen or financial and health records were being shared with an external system. I hope you return to this blog with a sigh of relief that your organization is not among the majority of respondents that do not.

You got the good news that your organization is inspecting HTTPS traffic. The next logical question is:

“Has your organization experienced frequent network service disruptions or downtime as a result of a total collapse of your firewall performance when inspecting HTTPS traffic?”

Inspecting encrypted traffic is not without its set of big challenges. There are two key components of HTTPS inspection that severely impact firewall performance – establishing a secure connection and decrypting and later re-encrypting packets for secured data exchange. Unlike inspecting internet traffic in plain text, encrypted traffic introduces six additional compute processes that must occur before data is sent back and forth between a client’s browser and the web server over an HTTPS connection. Each process is highly complex and compute-intensive. Most firewall designs today don’t provide the right combination of inspection technology and hardware processing power to handle HTTPS traffic efficiently. They often collapses under the load and subsequently disrupt business-critical operations. According to NSS Labs, the performance penalty on a firewall when HTTPS inspection is enabled can be as high as 81 percent. In other words, your firewall performance is degraded to a level that it is no longer usable.

This leads us to the final and most important question:

“How can you scale firewall protection to prevent performance degradation, lag and latency of your network when inspecting HTTPS traffic?”

The right answer begins with the right inspection architecture as the foundation. Most modern firewalls today have deep packet inspection (DPI) capability claiming to solve many of the above security and performance challenges. However, not all firewalls perform equally or as advertised in the real world. In fact, many of them have inherent design inefficiencies that reduce their ability to handle today’s massive shift towards an all-encrypted Internet. You have one of two choices when it comes to inspection technology. These are Reassembly-Free Deep Packet Inspection (RFDPI) and Packet Assembly-based. Each uses different inspection method to scan and analyze data packets as they pass the firewall. You will quickly discover the performance of most firewalls will collapse under heavy HTTPS load. To avoid a post-deployment surprise, my recommendation is to do your due diligence. Thoroughly qualify and measure all firewalls under consideration and select one that meets both your desire level of performance and security effectiveness without hidden limitations. These are fundamental metrics that you want to heavily scrutinize when selecting a firewall to perform HTTPS inspection. Establishing the right firewall foundation will give you the agility to scale your security layer and solve the performance burden of inspecting HTTPS traffic inside your data center operations.

Uncovering evasive threats hiding inside encrypted network traffic is central to the success of your network defense. For more detail information, read our Executive Brief titled, “The Dark Side of Encryption – Why your network security needs to decrypt traffic to stop hidden threats.”

Read Executive Brief

Ransomware Can Cost You Millions; Is Your Network Secure?

/0 Comments/in /by

Recently it was reported that in April 2016 an employee at Michigan-based utility company BWL opened an email and clicked on a malicious attachment laden with ransomware. The result? It shut down accounting and email systems as well as phone lines, which lead to a costly and laborious week of recovery.

The cost? $2.4 million.

Let That Sink in for a Second.

In a separate case, the $800K ransom heaped upon the City of Detroit by hackers in 2014 served as an anecdotal warning of the potential for this class of malware.  But in the BWL case, only $25K was actually paid to the attackers with 99 percent of the costs related to technology upgrades and people responding to the attack.  To save you on the mental math, the actual ransom was about 1 percent of the total costs. This could be the setting for a modern proverb based on For Want of a Nail.  The silver lining is the improvement of the utility’s security and the overhaul of its IT communication policy.

What Does This Teach Us?

For all the talk of cost of the ransoms levied upon victims, the impact is much greater.  In this example, it cost the organization in lost business, impact to the customer experience, and even more on the human resources side. It also serves as a poster child for ineffective spam management and phishing prevention.  Ultimately this problem is happening around the world and despite the best intentions at stopping ransomware, it still persists.

What Do You Do If You Are Hit?

First of all, don’t panic.  By default, you need to consider not paying the ransom and find a way to restore systems and data without giving in.  Otherwise, it’s like feeding a feral cat; hackers will be found on your doorstep the next day. Simultaneously, you need to restore systems, discover the point of origin, and stop follow-on attacks.  This is where the backup and security stories combine.

In the case of BWL, it took a lot of human resources and two weeks’ worth of time, most likely because the utility was not prepared for this type of attack.  In your case, find the point of origin and restore a backup from before that event.

But What About Stopping Follow on Attacks?

Before the Firewall

I would like to say that out there is a single solution that will solve this but that isn’t completely true.  In short, the answer is education, security and backup.  The first thing to do is to build the human firewall; teach your employees not to click on attachments or links in suspicious emails, especially if you deal with payments.  This is just the first step; a recent Barkly study stated that in their data set, 33 percent of ransomware victims had already undergone security awareness training.

Additionally, think long and hard before hanging “blamable” employees out to dry.  It may be shortsighted to fire or reprimand an employee for unleashing malware unless they were clearly going outside the boundaries of ethical/lawful internet usage (e.g. browsing adult sites, downloading pirated material, etc.). In many cases, ransomware comes through a cleverly crafted phishing email, and given the fact that BWL’s accounting and email systems were taken offline, I’m assuming an accounts payable person opened an attachment from a hacker with an “unpaid invoice.”

When it comes to technology, you need to have a multi-layered approach to eliminate malware as it approaches your environment.  Look at the image below and you can see how SonicWall stops ransomware via web and device traffic.  In the case of watering hole attacks (e.g., downloading malware from a website), SonicWall Content Filtering Service (CFS) blocks millions of known malicious sites to help remove major sources of pulled malware from the equations.  After this, deploy SSL/TLS decryption to help you see all traffic.  Four years ago, the percentage of traffic being encrypted was very low by comparison today.  Forget the advertised malware-catch-rate of a vendor’s firewall and sandbox; if they can’t inspect 50 percent of traffic, it’s like locking and guarding the front door while leaving the backdoor open.

The Firewall and Capture ATP

If you are using SSL decryption, now all of the traffic coming into your organization can be viewed by your firewall.  Hopefully, this is a modern device that can inspect every byte of every packet to look for threats and approve files quickly.  In the case of device traffic, it hits the firewall and should be directed to your mobile access or VPN appliance to decrypt data and control access to only approved device IDs.  This traffic should be sent back to the firewall to begin its journey along with web traffic, through a gauntlet of rapid security measures.

The firewall and VPN appliances are the hardware portion of the equation with the firewall being the keystone of it all.  Firewalls are defined by their services because they do a lot of the work at removing malware from your internet traffic.  Traditionally, gateway security and anti-virus follow the firewall looking for malware based on a set of signatures; meaning this is how you eliminate known malware.  Point in case, SonicWall eliminated nearly 90 million ransomware attempts in the month of May 2016 using this same technology. Malware is used over and over again and may be seen thousands of times within an hour of its release.  Leveraging a cloud-based signature engine will enable you to have better protection against newer threats.

After going through gateway security, many networks leverage a network sandbox, which is an isolated environment to run suspicious code to see what it does.  This is where a lot of unknown malware is discovered and stopped.  Network sandboxes have been around for a few years now but hackers have found ways to design malicious code to evade their detection, which is why some analysts recommend leveraging multiple sandboxes from multiple vendors to see as much as you can.  I recommend using SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox that combines virtualized sandboxing, hypervisor level analysis and full-system emulation to help see what potential malware wants to do from the application, to the OS, to the software running on the hardware.  Since ransomware variants are redeveloped throughout their lifecycle, it is important for sandboxes to create cloud-based sharable hashes for every version possible to block follow-on attacks and shorten the lifespan of ransomware. Through this process a lot of malware is scrubbed out from the point of origin to the server.

Endpoints and Backup

Although this setup is highly effective, you will need to maintain a healthy endpoint protection strategy.  Anti-virus for endpoints is still important, but today it is easier to manage than before.  Leverage an enforced anti-virus technology that doesn’t allow employees to access the internet through a web browser without up-to-date endpoint protection.  In these cases, employees are directed to a download page to update their anti-virus software before they can go and click on that suspicious link in email.

Lastly: back up, back up, and back up some more.  Ransomware exists because organizations keep paying the attackers for their data.  If a ransomware attack evades the common sense of people and the fortifications of your security infrastructure, you can simply wipe the device or server clean and refresh from your back up.

Download our solution brief: How to protect against ransomware.

DOWNLOAD SOLUTION BRIEF

Floki Bot a Zeus based banking Trojan actively spreading in the wild (Dec 15, 2016)

/in /by

The SonicWALL Threats Research team observed reports of a new variant family of Floki [GAV: Floki.A] actively spreading in the wild.

The Floki bot is a banking Trojan based on Zeus that has been sold on cybercrime underground.

This time attackers implemented new feature such as DLL Injection into Explorer.exe to avoid detection by Anti-Virus programs.

Infection Cycle:

The Malware adds the following files to the system:

  • Malware.exe

    • %Userprofile%Application Data nyobubezral.exe

The Trojan adds the following Startup key to the Windows registry to ensure persistence upon reboot:

    • %Userprofile%Start MenuProgramsStartupubezral.lnk

Once the computer is compromised, the malware copies its own executable file to %Userprofile%Local SettingsApplication Data folder With Random name and then injects Explorer.exe to collects information from target system.

Here is an example of the Malware injection:

Command and Control (C&C) Traffic

The Malware performs C&C communication over 80 ports. The malware contains features such as memory scrapping functions like popular Point-of-Sale Trojan BlackPOS and since now it’s Christmas time, the best period for cyber criminals that attempt to steal credit card data.

The malware sends your system information to its own C&C server via following format, here are some examples:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Floki.A (Trojan)

Beware of Email Scams and Ransomware This Holiday Shopping Season

/0 Comments/in , /by

The 2016 Holiday shopping season is well underway, and we are poised for a record-setting year.

The National Retail Federation reports that over 154 million consumers shopped over the Thanksgiving weekend, up nearly 2% from 2015. A very telling statistic highlights the brick-and-mortar vs. online shopping trend: the survey found that 44% of shoppers went online, whereas 40% shopped in-store. And, the large concentration of retail commerce over the weekend was heavily influenced by which day it was. For those consumers that skipped the in-store crowds and opted to shop online,

  • 74% shopped on Black Friday (up 1.3% from 2015)
  • 49% on Saturday
  • 36% percent on Thanksgiving
  • 34% on Sunday

The mad rush to shop online these final weeks of the year is a financial boon to online retailers hoping to close a strong year – and to spammers and cybercriminals hoping to cash in as well with ransomware, phishing, and malware traps. Earlier this month our President and CEO, Bill Conner, wrote a blog with some great guidelines to protect yourself and your organization from emerging threats.

HOLIDAY RUSH
The holidays can be a frenzied time for anyone – whether it be last minute shopping, arranging or attending parties, or making last-minute travel plans. It’s equally busy at work, as you try to wrap up projects or complete financial planning, all before the holidays. The holidays are a time to sit back and relax, but only after necessities are taken care of – the calm after the storm. But if you’re not careful online, cyber-criminals are ready, and waiting.

OH, YOU BETTER WATCH OUT…
Employees and consumers can take a variety of precautions to protect their personal and corporate assets when shopping online. One of the simplest ways to protect yourself is to use separate work and personal email addresses for your online transactions. Avoid using the same email address for both work and personal items. Additionally, make sure your password is unique and difficult to guess – making things more difficult for cyber-criminals.

According to Google, an ever-increasing number of online shoppers used their smartphones to make purchases. And, this increased usage is accompanied by an increased online time – on Black Friday shoppers typically spent between 35 – 90 minutes visiting online electronics stores.

But in addition to online shopping, users continue sending and receiving emails at a record pace. According to the Radicati Group, the number of emails sent and received per day exceeds over 205 billion, and this volume is expected to reach over 246 billion by 2019. This confluence of accessing email or online shopping anytime, anywhere, is incredibly appealing. And corporations are now susceptible to an emerging threat: Ransomware attacks, where cybercriminals access confidential information, and extract payment to return this data. Even though ‘tis the season, you should still proceed with the utmost caution!

SEASON’S GREETINGS
Following are some recent trends and spam messages the SonicWALL Threat Research Team has identified this season:

  1. A personal letter from Santa to a loved one (phishing emails attempting soliciting your personal info) is the most common email threat detected this year.
    Phishing Email Scam
  2. Holiday deals from unknown sources, leading you to survey sites in hopes of getting you to divulge your personal info.
    Phishing Email Scam
  3. Year-end tasks including annual health-care enrollment, renewal of insurance, etc.
    Phishing Email Scam
  4. Gift cards are one of the fastest growing categories this year and we see similar growth in first card related spam and phishing emails.
    Phishing Email Scam

These examples are a small sample of what you might experience over the next few weeks. To help you this holiday online shopping season, below is a refresher on what you can do to not fall prey to these grinches:

  • Don’t click on URLs in emails [especially on Mobile devices] without checking its full path and understanding where it is leading to. This is especially important when connected to a public Wi-Fi. Staysafeonline.org has issued an infographic  on mobile security and elaborated this topic further.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • Be wary of enticing online offers – especially if you’ve never heard of the business
  • Last minute upgrade requests from IT – upgrades are usually done with advance notice and communication

To test your knowledge, take this quick SonicWall Phishing IQ Test and avoid the holiday blues!

Take the Phishing Test

Microsoft Security Bulletin Coverage (Dec 13, 2016)

/in /by

SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2016. A list of issues reported, along with SonicWALL coverage information are as follows:

MS16-144 Cumulative Security Update for Internet Explorer

  • CVE-2016-7202 Scripting Engine Memory Corruption Vulnerability
    IPS:12521 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 1”
    IPS:12522 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 2”
    IPS:12523 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 3”
  • CVE-2016-7278 Windows Hyperlink Object Library Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7283 Internet Explorer Memory Corruption Vulnerability
    IPS:12527 “Internet Explorer Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7284 Internet Explorer Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”

MS16-145 Cumulative Security Update for Microsoft Edge

  • CVE-2016-7181 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7206 Microsoft Edge Information Disclosure Vulnerability
    IPS:12524 “Microsoft Edge Information Disclosure Vulnerability (MS16-145)”
  • CVE-2016-7279 Microsoft Browser Memory Corruption Vulnerability
    IPS:12525 “Microsoft Browser Memory Corruption Vulnerability (MS16-144)”
  • CVE-2016-7280 Microsoft Edge Information Disclosure Vulnerability
    IPS:12529 “Microsoft Edge Information Disclosure Vulnerability (MS16-145) 2”
  • CVE-2016-7281 Microsoft Browser Security Feature Bypass
    There are no known exploits in the wild.
  • CVE-2016-7282 Microsoft Browser Information Disclosure Vulnerability
    IPS:12526 “Microsoft Browser Information Disclosure Vulnerability (MS16-144)”
  • CVE-2016-7286 Scripting Engine Memory Corruption Vulnerability
    IPS:12530 “Scripting Engine Memory Corruption Vulnerability (MS16-145)”
  • CVE-2016-7287 Scripting Engine Memory Corruption Vulnerability
    IPS:12528 “Scripting Engine Memory Corruption Vulnerability (MS16-144) 4”
  • CVE-2016-7288 Scripting Engine Memory Corruption Vulnerability
    IPS:12531 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 2”
  • CVE-2016-7296 Scripting Engine Memory Corruption Vulnerability
    IPS:12532 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 3”
  • CVE-2016-7297 Scripting Engine Memory Corruption Vulnerability
    IPS:12533 “Scripting Engine Memory Corruption Vulnerability (MS16-145) 4”

MS16-146 Security Update for Microsoft Graphics Component

  • CVE-2016-7257 Windows GDI Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7272 Windows Graphics Remote Code Execution Vulnerability
    SPY:2034 “Malformed-File ico.MP_3”
    SPY:2035 “Malformed-File ico.MP.2_2”
  • CVE-2016-7273 Windows Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS16-147 Security Update for Microsoft Uniscribe

  • CVE-2016-7274 Windows Uniscribe Remote Code Execution Vulnerability
    SPY:2032 “Malformed-File ttf.MP.8”

MS16-148 Security Update for Microsoft Office

  • CVE-2016-7262 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7264 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7265 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7266 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7267 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7268 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7275 Microsoft Office OLE DLL Side Loading Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7276 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7277 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7289 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7290 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7291 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7298 Microsoft Office Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-149 Security Update for Microsoft Windows

  • CVE-2016-7219 Windows Crypto Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7292 Windows Installer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-150 Security Update for Windows Secure Kernel Mode

  • CVE-2016-7271 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-151 Security Update for Windows Kernel-Mode Drivers

  • CVE-2016-7259 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-7260 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-152 Security Update for Windows Kernel

  • CVE-2016-7258 Windows Kernel Memory Address Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-153 Security Update for Common Log File System Driver

  • CVE-2016-7295 Windows Common Log File System Driver Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-155 Security Update for .NET Framework

  • CVE-2016-7270 .NET Information Disclosure Vulnerability
    There are no known exploits in the wild.

Do You Trust Endpoints That Go Shopping?

/0 Comments/in , /by

We are midway through the shopping season this year and already online retail shopping is having record sales. According to Adobe, final numbers indicate that Black Friday surpassed estimates, with $3.34 billion – 21.6 percent growth, year-over-year. Mobile accounted for $1.2 billion, a 33 percent increase from the year before.

Gartner predicts that 70 percent of mobile employees will use their personal smart devices to conduct work by 2018.

These are two seemingly disparate trends but what do they mean for organizations and their cyber security posture?

In another blog, my colleague Scott Grebe explored the security risks that arise when employees are shopping online at work within the corporate network. In this blog, we’ll explore the security risks that arise when employees shop online outside the corporate network.

Organizations are increasingly embracing BYOD for its obvious advantages, but this gives rise to a key gap in the security posture: How do you secure smartphones, tablets and laptops when they leave the confines of your corporate cyber security infrastructure? CSOs must make sure that the right security solutions and policies are implemented to close this gap.

Recent high profile data breaches have put cyber security under the spotlight and organizations have invested in best-of-breed solutions and deployed their defense-in-depth strategy to mitigate today’s advanced threats. Solutions such as next-generation firewall, Intrusion Prevention Systems (IPS), sandboxing and email security are in place to protect against zero-day malware and ransomware, thus making it significantly difficult for the majority of hackers to penetrate. No points for guessing where these threat actors will target next – smartphones, tablets, laptops or even home computers that employees use for remote work. According to McAfee Labs 2016 Threats Predictions report: If attackers really want to get at your data, but find themselves blocked at every attempt against the corporate data center, then the relatively insecure home systems of the employees become the next logical target.”

Employees are spending more time shopping online using a work-supplied or personal device. The next time an employee connects to a public Wi-Fi network to do a price check on a deal, or just uses his/her relatively insecure home network to shop, it could expose the organization’s network. Just last week, it was revealed that 1 million Google accounts were compromised by Android malware. Hundreds of counterfeit retail apps were discovered in Apple’s App Store. A seemingly innocuous app or even a rogue SMS text would suffice to comprise the device and, just like the trojan horse, the device would be given entry into the corporate network.

It is difficult to control the shopping mania that infects everyone around this time of the year, but organizations can leverage the security solutions that are already deployed to better protect the endpoints even when they are remote. SonicWall’s Secure Mobile Access (SMA) solution provides access security to complement your network security, by delivering secure access to users from anywhere and from any device. With SMA, organizations can protect their corporate network every time employees go online by following certain best practices:

  • For trusted laptops and desktops, use the redirect-all mode on the SSL-VPN solution to drive all traffic through the corporate security infrastructure.
  • For untrusted BYO devices, educate employees to use features such as browser-based clientless access to remote desktops for secure browsing.
  • For mobile devices, configure policies to allow access only to whitelisted apps.

Further, when these endpoint re-enter the corporate network, SMA interrogates the device and performs health checks to permit access or to quarantine for remediation. By implementing these best practices, organizations can leverage their corporate infrastructure such as next-gen firewall with SonicWall Capture sandboxing technology, bringing security anywhere employees’ devices go. Ready or not, mobile workers and BYOD are here to stay.

To learn more on how SMA can protect the corporate networks from “trusted” and “untrusted” endpoints, download and read our executive brief.

Download Executive Brief