Monthly Archives: October 2014

Adobe Flash and Air Vulnerability

Posted by Clayton Bellot on October 24, 2014
Uncategorized / No Comments

On October 14th, Adobe released security fixes for an issue in Adobe Flash Player version 15.0.0.167 and earlier (the current Mac and Windows version as of this posting is 15.0.0.189 and version 11.2.202.411 for Linux users). The impact of this vulnerability could allow an attacker to take control of an affected system and be exploited during a drive-by download attack. This type of attack can happen by visiting a malicious website viewing an email message with embedded multimedia or clicking on a deceptive pop-up window.

Please visit http://helpx.adobe.com/flash-player.html to check to see if your computer is impacted. If you need to take action, you will be prompted to update your version of Flash.

For Google Chrome users, patches for Adobe Flash have been incorporated into the latest release of the browser and will be updated automatically.

As for Adobe Air, users are able to check their version by following the instructions provided on Adobe’s website at http://helpx.adobe.com/air/kb/determine-version-air-runtime.html. If you are unable to verify the version trough this method, double-check to see if to see if the software is even installed via the Control Panel in Windows or in the Application/Utilities folder on a Mac. If Adobe Air isn’t present in either of these instances, you will still need to verify your version of Adobe Flash.

Microsoft releases patch to fix “Sandworm”

Posted by Clayton Bellot on October 15, 2014
Uncategorized / No Comments

Microsoft released patch KB300869 to address CVE-2014-4114 which allows an attacker who successfully exploits this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Windows users are asked to update their there systems immediately:

Windows 7
http://windows.microsoft.com/en-us/windows7/install-windows-updates

Windows8 and 8.1
http://windows.microsoft.com/en-us/windows-8/windows-update-faq

Once the latest patches have been installed, system owners can verify that the patch has been applied by pasting the following line into a command line window (Start; goto Run; and type: cmd.exe; hit Enter)

wmic qfe list brief | find “KB3000689”

The expected output should look like:

Capture

For more information about this vulnerability:

http://www.isightpartners.com/2014/10/cve-2014-4114/

 

 

Yahoo Confirms Infected Servers Unrelated to Shellshock

Posted by Clayton Bellot on October 07, 2014
Uncategorized / No Comments

Yahoo CISO Alex Stamos refuted claims made by a Louisiana security company that a number of Yahoo servers had been compromised by Romanian hackers using Shellshock exploits against the vulnerability in Bash.

Stamos said three Yahoo Sports API servers were infected with malware by hackers looking for webservers vulnerable to the Shellshock vulnerability, but the exploits were not related to Shellshock. Those servers, which provide live game streaming, do not store user data and were isolated upon discovery of malware, Stamos said.

http://threatpost.com/yahoo-confirms-infected-servers-unrelated-to-shellshock/108726

Internet2 Shellshock Update

Posted by Clayton Bellot on October 07, 2014
Uncategorized / No Comments

Internet2 is actively monitoring and assessing shellshock’s impact on the Internet2 community and working with its partners to rapidly update open source development packages it supports.

https://www.internet2.edu/products-services/support/internet2-shellshock-update/