EthicalHat

Adobe releases 87 patches for vulnerabilities in Acrobat, Reader, Flash Player, Media Encoder

No comments

In a massive patch update on Tuesday, Adobe released security patches for 87 vulnerabilities in four of its products – Adobe Acrobat, Adobe Reader, Adobe Flash Player, and Adobe Media Encoder. As many as 84 of the 87 patches address vulnerabilities in Acrobat and Reader. Of these, 36 fall in the “information disclosure” category (rated important) while 48 are critical “arbitrary code execution” vulnerabilities. The critical flaws include 36 use-after-free vulnerabilities, 6 out-of-bounds write flaws, 1 type-confusion flaw, 2 heap-overflow flaws, 1 buffer-error bug, 1 double-free vulnerability and 1 security-bypass flaw. The remaining 3 of the 87 patches cover vulnerabilities in Flash Player and Media Encoder. Users of the affected products have been urged to update to the latest versions, with a priority update rating of “2”. A priority rating of “2” indicates that the given update resolves vulnerabilities in a product that has historically been at elevated risk and that there are currently no known exploits.

For more information on the security patches head to Adobe’s website.

Adobe Security Bulletin for Acrobat and Reader:-

https://helpx.adobe.com/security/products/acrobat/apsb19-18.html

Adobe Security Bulletin for Flash Player:-

https://helpx.adobe.com/security/products/flash-player/apsb19-26.html

Adobe Security Bulletin for Media Encoder:-

https://helpx.adobe.com/security/products/media-encoder/apsb19-29.html

EthicalHatAdobe releases 87 patches for vulnerabilities in Acrobat, Reader, Flash Player, Media Encoder
read more

A few tips to find out if that suspicious-seeming email you received is really malicious

No comments

We all receive malicious or spammy emails from time to time, and while most are easy to tell apart from legitimate mail, there are some that require greater attention to detect. An Unsolicited Commercial Email (UCE), more commonly known as spam, may be an irritant, but it is not a threat to you. Malicious emails, on the other hand, are intended to swindle or steal, and are far more dangerous.

In their book, “Detecting and Combating Malicious Email”, Julie JCH Ryan and Cade Kamachi put malicious emails into two main categories:

  1. Messages that link to malware either as attached executable programs, or as links within the text of the email that link to malicious software downloads.
  2. Messages that induce the reader into acting against their best interests (aka phishing emails), either by adopting a frantic tone that scares the reader into thinking that her system or information has been compromised; or by pretending to seek help for someone in grave distress.

In this post, we put together a simple checklist to help you determine if the email you’re examining is malicious or legit.

Malicious email detection checklist:

Things to observe:

The grammar

  • Check the grammar. An official email will be carefully crafted and error-free. If you notice multiple mistakes, or sentences than sound like gibberish, it’s probably a malicious email.

The tone of the email

  • Does the email have a frantic tone? Phishing emails will often pretend to seek help for someone in distress or warn of suspicious activity on your account. Don’t fall for such tricks.

The domain name

  • Look at the sender’s email address. Is it from a public (like gmail or yahoo) or a company domain? An official email should have been sent using the company email address.

The raw header

  • If the email content or sender information seem suspicious, check the complete, raw header. There is a ton of information in the raw header that will tell you things that the default version you see will not.
  1. To do this on gmail, click on the 3 dots next to the reply button, and select “show original”. On Yahoo, click the gear icon above the message pane and select “View Raw Message”. On Outlook 2016, double click the email to view it in a full window, and select “File” > “Properties”. In the “Internet Headers” field at the bottom of the window, view the ‘message header’.
  2. Check the sender’s domain name and IP address.
  3. Look up the age of the domain name on Google. Malicious emails are often sent from recently created domains.
  4. Check if the email in the “Return path:” field is the same as the one in the “From:” field.

Attachments

Malicious email attachments can be tricky to detect. As a general rule, you should avoid downloading ANY file you haven’t been expecting. If you know the sender and have reason to believe that the file may be important but still have doubts, contact the sender using an alternative email address or on the phone, and ask for more information.

Links embedded in the text

  • Bad actors will often use appearance coding to make a link look like it will point to something other than its actual destination. If the email content includes links, always hover over the links to check the actual URLs. If you see a trusted domain name that is slightly misspelled or a completely unknown domain name, it’s a malicious email.
  • There may also be cases where the email contains shortened links (think tinyurl, bit.ly, goo,gl), making it impossible for you to hover over the link to view the original URL. In such cases, use free services online like http://www.getlinkinfo.com/ or http://checkshorturl.com/ to check the full URL before clicking on the link.

Most importantly, when looking at an unexpected email from an unknown sender, use common sense and caution. Do you really need to open the email, or click on a link, or open that attachment? Proceed only if the answer to all those questions is ‘yes’. For all other cases, use either the “Report as spam” or “Delete” or both options.

EthicalHatA few tips to find out if that suspicious-seeming email you received is really malicious
read more

CISA releases BOD 19-02 setting out Vulnerability Remediation Requirements for Federal Agencies

No comments

The Cybersecurity and Infrastructure Security Agency (CISA) released its latest Binding Operational Directive (BOD 19-02), “Vulnerability Remediation Requirements for Internet-Accessible Systems”, this week. The directive supersedes BOD 15-01, “Critical Vulnerability Mitigation Requirement for Federal Civilian Executive Branch Departments and Agencies’ Internet-Accessible Systems”, which came out in 2015. BOD 15-01 required federal agencies to remediate critical infosec vulnerabilities within 30 days of detection, in addition to initiating ongoing tracking and monitoring, and led to a significant improvement in the federal government’s security posture.

The new directive has reduced the number of days for review and remediation to 15 days for critical vulnerabilities and 30 days for high vulnerabilities. In case agencies take longer than the given timeframe to fix the vulnerabilities, CISA will send them a partially populated remediation plan. The agencies will then have 3 days to complete the form and return it to CISA. CISA will also provide regular Cyber Hygiene reports to federal agencies.

Read more at the Department of Homeland Security’s Website.

EthicalHatCISA releases BOD 19-02 setting out Vulnerability Remediation Requirements for Federal Agencies
read more

What do you do when you hear about a large-scale data breach?

No comments

According to a survey conducted by Lexington Law, most Americans either do not know what to do when they become aware of serious data breaches in the country, or don’t care enough to check if their own data is secure. Especially cavalier about such breaches is the 18 to 24-year-old age group. According to the survey, 69 percent of 18 to 24-year-olds have never checked to see their data was ever breached. The 55-plus age group fares better than other age groups, with only 46 percent saying they had never tried to find out if they were data-breach victims. Overall, 56 percent of the survey respondents had never checked to see if they had been affected by a large-scale breach.

The report also mentions a few easy ways to check if your information has been compromised. To find out if your email address is secure, go to haveibeenpwned.com. You should also check your bank statements and credit history from time to time for any unusual activity.

Read more at Lexington Law.

EthicalHatWhat do you do when you hear about a large-scale data breach?
read more