The threat of short-lived malware

New article:

Recently, security software vendor AVG Technologies asserted that Web-based malware attacks are now so prevalent that attackers craft them to be “secretive, short-lived and fast-moving. It’s an acceptable premise, but why the sudden shift? Is it because more active and open attacks aren’t as successful or noteworthy? Well, not quite. Let’s explore why attackers do this, how they do it, and how enterprises can defend against short-lived Web malware.

Read the rest of my article here

IE 8, will you try?

Microsoft has recently released Internet Explorer 8, boasting that it’s faster, easier, and safer.  Some of their latest features include:

• Quick links to Live Maps
• InPrivate Browsing
• Web slices
• SmartScreen Filter
• History Searching
• History Sorting
• etc….

You can download it here. As with any new software, expect a patch or two in the near future.

Cisco Security Manager Vulnerability

Cisco recently released an out-of-band patch for their enterprise security manager application, Cisco Security Manager. This application is used to manage Cisco security devices such as firewalls, intrusion prevention systems (IPSs), or a VPN.

The vulnerability is within the Cisco IPS event viewer, which by default, is installed with the security manager application. When the IPS event viewer is launched, several remotely available TCP ports are open on the Cisco Security Manager server.

For more information on this vulnerability and to install the patch, read the Cisco Security Advisory.

Directory traversal prevention

I was recently reviewing a case study about a company that was targeted and compromised with a directory traversal exploit. A directory traversal exploit allows an attacker to access unauthorized directories on a system. This is normally the result of sloppy programming that lacks input validation.

In this particular case, the attacker was able to use the “GET” command to access root level files in the directory. The lack of input validation allowed the attacker to combine the “GET” command, with arbitrary strings that allowed access to the application files. Basically, they then had access to configuration files on a backend application where authorization was clearly only supposed to be granted to administrators.

To prevent the compromise of this system, security managers should’ve ensured that their server validated input, thus, preventing arbitrary input that allowed the directory traversal. In addition, there was a patch for this vulnerability that was released six months prior. By not having an efficient patch management program in place when vulnerabilities are found, organizations may patch or become aware when it’s too late. Therefore, security bulletins from vendors and organizations such as CERT should be read and applied when relevant.

98% of all PCs have vulnerabilities!

According to research conducted by Secunia, 98% of all PCs connected to the Internet have unsecured programs installed. This means that the vendors of the installed applications have released an updated version that patches more than one vulnerability. Nearly half of the systems involved in the assessment had eleven or more insecure programs installed. Secunia’s free tool, Secunia PSI, checks installed programs for updates and patches. This tool helps users keep their systems patched, helping to mitigate potential exploits of vulnerable software.

For more information, visit Secunia here.

Adobe Reader and Acrobat 8 Vulnerabilities

Adobe has released security updates to address vulnerabilities in Adobe Reader 8 and Acrobat 8. These vulnerabilities could allow an attacker to launch a denial of service or remotely execute arbitrary code.

The security bulletin with patches can be found here.