Warren Alford.com

2017 Archive

Is Your Home Cyber Secure?

The SANS Securing The Human Creating a Cyber-Secure Home poster walks families through the five key steps on how to create a cyber secure home. What makes this poster so powerful is these are the same secure behaviors that most organizations want employees to exhibit at work. SANS Securing The Human, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. Cyber-Secure Home
tags: SANS Creating a Cyber Secure Home, Securing The Human, security awareness

Windows 10 Freezes After Anniversary Update

The ‘Anniversary Update’ is the largest Windows 10 upgrade so far. It is compulsory, but as it began rolling out, reports followed that the mega update is causing PCs to freeze, delivering the Microsoft Blue Screen of Death (BSOD).
tags: Windows 10 Anniversary Update, Microsoft, BSOD Read More

Apple OS X and Safari Patches for Trident

Apple has issued OS X security updates to fix critical zero-day vulnerabilities in El Capitan (2016-001) and Yosemite (2016-005) desktop operating systems and Safari web browser. The vulnerabilities were revealed in a troubling report that also detailed how a shadowy firm named the NSO Group had been exploiting the vulnerabilities to spy on targeted individuals.
tags: Apple OS X, Trident, El Capitan, Yosemite, Safari, CVE-2016-4655, CVE-2016-4656 Read More

Google Patches Android for 74 Vulnerabilities

Google announced its last regularly scheduled security patch update for Android in 2016 on Dec. 5, patching no less than 74 different vulnerabilities in the mobile operating system. The December vulnerability patch count is an improvement over the 83 vulnerabilities patched by Google in the November Android security update. Read More
tags: Google, Android, Google Patches Android

Malware Alerts

This is a list of malware alerts to help in prioritization remediation activities.
• Typical Filename:PrinterInstallerClientUpdater.exe, Claimed Product: Printer Logic Client Updater, Detection Name: W32.AE7327F36A-95.SBX.TG
• Typical Filename: Michael_Harney_Resignation.xls, Claimed Product: N/A, Detection Name: W32.AA2E15AD89-100.SBX.TG
• Typical Filename: FedEx.doc, Claimed Product: N/A, Detection Name: W32.A1CF9698DC-100.SBX.TG
• Typical Filename: Fedex.doc, Claimed Product: N/A, Detection Name: W32.BCBE3DA40F-100.SBX.TG
tags: Malware Alerts, Printer Logic Client Updater, Michael Harney Resignation, FedEx

Critical Vulnerabilities

This is a list of critical vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities.
ID: CVE-2016-5195; Title: Linux Kernel "MAP_PRIVATE COW" Privilege Escalation Vulnerability
ID: CVE-2016-0752; Title: Ruby on Rails Input Validation Remote Code Execution Vulnerability
ID: CVE-2016-6366; Title: Cisco Adaptive Security Appliance SNMP Buffer Overflow Code Execution Vulnerability
ID: CVE-2016-1017; Title: Adobe Flash Player "AS2 LoadVars" Use-after-free Code Execution Vulnerability (APSA16-10)
ID: CVE-2016-1287; Title: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
tags: Critical Vulnerabilities, CVE-2016-5195, CVE-2016-0752, CVE-2016-6366, CVE-2016-1017, CVE-2016-1287

NSA Allegedly Hacked

Hackers claim to have stolen attack code from a team of sophisticated cyber spies known as the Equation Group, widely believed to be associated with the National Security Agency. The hackers have offered to sell the exploits to the highest bidder in an online Bitcoin auction. The teaser files appear to date back to June 2013 and the file names, such as “BANANAGLEE”, “EPICBANANA”, and “JETPLOW” are consistent with NSA programs leaked by whistleblower Edward Snowden. Read More
tags: NSA Allegedly Hacked, National Security Agency NSA, Bitcoin, Edward Snowden, BANANAGLEE, EPICBANANA, JETPLOW

Android Code Execution AirDroid Attacks

AirDroid, which has been downloaded over 10 million times from the official Google Play Store, uses a static and easily detectable encryption key when transmitting update files and sensitive user data. Read More
tags: Android, AirDroid Attacks, Android Code Execution, AirDroid

Apple Mac Owners Infected?

Apple Mac owners using the Google search engine may have been infected via malicious ads at the tip-top of their search results last week after attackers launched a malvertising campaign against Google Adwords. In an act of gumption or plain cheek, the attackers' malicious lure of choice was a phony ad for one of Google's own products, Google Chrome. Read More
tags: Google Chrome, Apple, Mac, Google

Buffer Overflow Exploits iPads Running iOS 10.1.1

A new exploit uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1. Read More
tags: Apple iPad, Apple, iOS 10.1.1, buffer overflow exploit

Four Steps to Staying Secure

SANS Security Awareness Newsletter offers four helpful tips for staying secure. Read More
tags: SANS Security Awareness Newsletter, Securing the Human

Samsung Galaxy Note 7 Recall - Exploding Batteries

Samsung will recall Galaxy Note 7 because of exploding batteries. This recall affects over 2.5 million units. Samsung issued the following statement.
In response to recently reported cases of the new Galaxy Note 7, we conducted a thorough investigation and found a battery cell issue. To date (as of September 1) there have been 35 cases that have been reported globally and we are currently conducting a thorough inspection with our suppliers to identify possible affected batteries in the market. However, because our customers’ safety is an absolute priority at Samsung, we have stopped sales of the Galaxy Note 7. For customers who already have Galaxy Note 7 devices, we will voluntarily replace their current device with a new one over the coming weeks.
tags: Samsung Galaxy Note 7 Recall, Galaxy Note 7 exploding batteries, Samsung Read More

Brigadier General Gregory J. Touhill first Federal Chief Information Security Officer

President Obama has announced the first Chief Information Security Officer to drive cybersecurity policy, planning, and implementation across the Government. Brigadier General Gregory J. Touhill is currently the Deputy Assistant Secretary for Cybersecurity and Communications in the Office of Cybersecurity and Communications (CS&C) at the Department of Homeland Security (DHS). In his new role as Federal CISO, Greg will leverage his considerable experience in managing a range of complex and diverse technical solutions at scale with his strong knowledge of both civilian and military best practices, capabilities, and human capital training, development and retention strategies. Read More.
tags: Federal Chief Information Security Officer, CISO, Brigadier General Gregory J. Touhill

Obama to Separate Cyber Command from NSA

Under a plan being considered at the White House, officials said U.S. Cyber Command would become what the military calls a "unified command" equal to combat branches of the military. Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, providing Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. Read More
tags: President Barack Obama, National Security Agency NSA, U.S. Cyber Command plan

ISO 9001:2015 Certification

The new version of ISO 9001 follows a new, higher level structure to make it easier to use in conjunction with other management system standards, with increased importance given to risk. ISO 9000:2015, which defines the concepts and language used throughout the ISO 9000 family of standards, is also released. ISO certification bodies have three years to migrate certificates to the new ISO 9001:2015 version. These Quality Management Training Courses can help you manage and improve your business.

Apple announces Bug Bounty Program at Black Hat

Apple announced it will opening a bug bounty program, inviting security researchers to test a number of its systems and find vulnerabilities. The company will pay bug hunters upwards of $200,000 for certain critical flaws. Apple will officially launch the program in September 2016.

The program will have five categories of risk and reward.
• Vulnerabilities in secure boot firmware components: Up to $200,000
• Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
• Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
• Access to iCloud account data on Apple servers: Up to $50,000
• Access from a sandboxed process to user data outside the sandbox: Up to $25,000
Apple Bug Bounty
tags: Apple, Apple Bug Bounty, Black Hat, iOS

VMware updates address Windows-based DLL hijacking

A DLL hijacking vulnerability is present in the VMware Tools Shared Folders (HGFS) feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. There are no known workarounds for this issue.
tags: VMware Tools, Windows, vCenter Server, ESXi, HTTP header injection Read More

Cisco Talos Reports Ranscam Crypto-ransomware

Ranscam deletes computer files and then demands ransom to restore them or it will delete them. Yes, in that order. Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy.
tags: Ranscam, Cisco Talos, Crypto-ransomware, malware, ransomware Read More

Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS Critical Vulnerabilities

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks.
tags: Adobe, Flash Player critical vulnerabilities, CVE-2016-4171, APSB16-18, Windows, Macintosh, Linux, ChromeOS Read More

Symantec Anti-Virus Memory Access Violation

Symantec Anti-Virus Engine susceptible to memory access violation. The most common symptom of a successful attack would result in a Blue Screen of Death (BSOD).
tags: Symantec, Symantec Anti-Virus Engine, 20151.1.0.32, CVE-2016-2208 Read More

FDIC was hacked by China; CIO covered it up

A report published by the House Committee on Science, Space and Technology found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015. Full Story
tags: FDIC, Federal Deposit Insurance Corporation, House Committee on Science, Space and Technology, hacking, backdoor malware

Omni Hotels Data Breach

On May 30, 2016, Omni Hotels and Resorts discovered they were the victim of malware attacks on their network affecting specific point of sale systems on-site at some Omni properties. The malware was designed to collect certain payment card information, including cardholder name, credit/debit card number, security code and expiration date. Full Story
tags: Omni Hotels and Resorts, data breach, credit/debit card numbers, malware

Chinese Man to Serve U.S. Prison Term for Military Hacking

A Chinese businessman who pleaded guilty in March to conspiring to hack into the computer networks of Boeing and other major U.S. defense contractors was sentenced to nearly four years in prison. The offender worked in conjunction with Chinese military hackers from the People’s Liberation Army Air Force to steal designs for cutting-edge military aircraft that are indispensable to our national defense. Full Story
tags: Chinese hacker, C-17 military transport plane, F-22 and F-35 fighter jets, Boeing

Viking Horde Malware Found In Google Play Apps

Apps on Google Play carry Viking Horde, a new malware family that makes Android devices send out spam, sends SMS messages to premium-rate numbers, downloads additional malicious apps, and participates in DDoS attacks as part of a botnet that uses proxied IP addresses. Viking Horde has passed through Google Play scans undetected.
tags: Google, Google Play Apps, Viking Horde Malware, Viking Jump Botnet Read More

Adobe PDF Reader, Cold Fusion, and Flash Player Critical Vulnerabilities

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
tags: Adobe, Adobe Flash Player, Adobe PDF Reader, Adobe Cold Fusion, APSB16-15, CVE-2016-4117 Read More

Wendy’s Credit Card Breach

Wendy’s investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the 5,500 franchised stores.
tags: Wendys credit card breach Read More

Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability
(Vulnerability: CVE-2016-0111)

Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. The following products are vulnerable: Internet Explorer 9, 10, and 11 Edge. Author: Google Security Research (MS16-023)

• Run all software as a nonprivileged user with minimal access rights.
• To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
• Deploy network intrusion detection systems to monitor network traffic for malicious activity.
• Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.
• Do not follow links provided by unknown or untrusted sources.
• Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources.
• Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.
• Implement multiple redundant layers of security.
Note: Memory-protection schemes (such as non-executable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

View the Exploit Database CVE-2016-0111 Vulnerability.

tags: Microsoft, Microsoft Internet Explorer Vulnerability, Microsoft Edge, CVE-2016-0111, MS16-023

Microsoft Internet Explorer and Edge VulnerabilityApr 7, 2016

Adobe Flash Player Lets Remote Users Execute Arbitrary Code
(Vulnerability: CVE-2016-1019)

Adobe Flash Player remote user can cause arbitrary code to be executed on the target system. Adobe categorizes this as a critical vulnerability. Platforms: Windows, Macintosh, Linux and Chrome OS. A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.This vulnerability is being actively exploited against Windows 7 and Windows XP systems running version and prior versions. Adobe is planning to provide a security update to address this vulnerability on April 7, 2016.
(Adobe Flash Player Vulnerability: APSA16-01)

View the Adobe Flash Player CVE-2016-1019 Vulnerability.

tags: Adobe, Adobe Flash Player Vulnerability, CVE-2016-1019,, APSA16-01

Adobe Flash Player VulnerabilityApr 6, 2016

Security Update for Apple TV Vulnerabilities

Apple has released a security update for Apple TV to address multiple vulnerabilities. Apple has released a security update for Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected device. Users and administrators should review the Apple security update for Apple TV 7.2.1 (3rd generation) and apply the necessary update.

This security update addresses multiple CVE numbers. View the Apple TV 7.2.1 CVE Details.

tags: Apple TV, Apple, Apple TV 7.2.1, 3rd Generation Apple TV

Apple TV VulnerabilitiesFeb 25, 2016

Mozilla Firefox and Firefox ESR Security Vulnerabilities
(Vulnerability: CVE-2016-1949)

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Same origin policy violation found when using Service Workers with plugins. Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. Plugins which make security decisions based on the content of network requests can have these decisions subverted if a service worker forges responses to those requests.

The Mozilla Foundation has released security updates to address vulnerabilities. View the CVE Details.

tags: Mozilla, Firefox, CVE-2016-1949, Firefox ESR

Cyber Attack Security InformationFeb 13, 2016

Apple Recalls AC Power Adapters

Two-pronged wall plugs may break and cause an electric shock.

Apple has determined that, in very rare cases, the two prong Apple AC wall plug adapters designed for use in Continental Europe, Australia, New Zealand, Korea, Argentina and Brazil may break and create a risk of electrical shock if touched. These wall plug adapters shipped from 2003 to 2015 with Mac and certain iOS devices, and were also included in the Apple World Travel Adapter Kit.

Other wall plug adapters, including those designed for Canada, China, Hong Kong, Japan, United Kingdom, and United States and Apple USB power adapters are not affected by this program. Learn more by visiting .

For any additional questions, you may also schedule a call with Apple Support.

tags: apple recall, apple ac wall plug adapters, mac, ipad, iphone, ipod

Warren Alford Product RecallsJan 29, 2016

Toyota Motor Sales Recalls Lexus RX350 and RX450h

Toyota Motor Sales, USA, Inc. today announced that it is conducting a safety recall of approximately 5,000 Model Year 2016 Lexus RX 350 and RX 450h vehicles.

The involved vehicles are equipped with a driver’s knee airbag module that may not have been properly manufactured. This could affect the performance of the airbag and increase the risk of injury in a crash. Owners of the involved Lexus vehicles will be notified by first class mail. Lexus dealers will inspect and if necessary replace the driver’s knee airbag assembly free of charge. Customers should check their vehicle’s status by visiting Toyota Recalls and entering the Vehicle Identification Number (VIN).

For any additional questions, customer support is also available by calling Lexus Customer Service at 1-800-255-3987 or 1-800-331-4331. Read more at Toyota Newsroom.

tags: lexus recall, 2016 lexus rx 350, 2016 lexus rx hybrid

Warren Alford Product RecallsJan 27, 2016

Cisco Web Security Appliance Security Bypass Vulnerability
(Vulnerability: CVE-2016-1296)

Vulnerability could allow an unauthenticated, remote attacker to bypass security restrictions. A vulnerability in the proxy engine of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an improper HTTP method.

A successful exploit could allow the attacker to circumvent WSA functionality that prevents proxied network traffic. Cisco released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. View the CVE Details.

tags: Cisco, Web Security Appliance (wsa), CVE-2016-1296, malformed http

Cyber Attack Security InformationJan 22, 2016

Office Depot and OfficeMax recall Crawley II Chairs
(Recall number: 16-069)

Office Depot recalls approximately 300,000 executive chairs due to fall hazard

This recall involves Crawley II Executive High-Back Chairs (Office Depot SKU #493822 or OfficeMax item #23324118) sold on or before September 4, 2015. The seat plate weld at the gas lift mounting hole can break, posing a potential fall hazard to consumers. CPSC Posting

Customers should stop using the chair immediately and contact the Office Depot Recall Hotline at (855) 743-7701 Monday through Friday, 8 a.m. to 8 p.m. EST to obtain a free replacement seat plate that consumers can install at home. Read more at Office Depot.

tags: office depot recall, officemax recall, crawley II executive high-back chairs, #16-069, #493822, #23324118

Warren Alford Product RecallsJan 7, 2016

Google Android Lets Remote Users Execute Arbitrary Code
(Vulnerability: 1034592)

Multiple vulnerabilities were reported in Google Android. A remote user can create a specially crafted file that, when loaded by the media server, will trigger a memory corruption error and execute arbitrary code [CVE-2015-6636]. The code will run the privileges of the mediaserver process. An application can cause denial of service conditions on the target system, remote user can obtain potentially sensitive information, obtain elevated privileges, and execute arbitrary code on the target system.

tags: Google Android, Google Android vulnerabilities, CVE-2015-6636, Google

Cyber Attack Security InformationJan 6, 2016