Moving Beyond EMET

November 3, 2016 – 6:27 PM

Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply too slow to respond quickly to emerging threats. Our commercial customers were particularly exposed since it often took years to deploy new OS versions in large scale environments. And thus, EMET was born as a stop-gap solution to deliver tactical mitigations against certain zero-day software vulnerabilities.

For Microsoft, EMET proved useful for a couple of reasons. First, it allowed us to interrupt and disrupt many of the common exploit kits employed by attackers at the time without waiting for the next Windows release, thus helping to protect our customers. Second, we were able to use EMET as a place to assess new features, which directly led to many security innovations in Windows 7, 8, 8.1, and 10.

But EMET has serious limits as well – precisely because it is not an integrated part of the operating system. First, many of EMET’s features were not developed as robust security solutions. As such, while they blocked techniques that exploits used in the past, they were not designed to offer real durable protection against exploits over time. Not surprisingly, one can find well-publicized, often trivial bypasses, readily available online to circumvent EMET.

Second, to accomplish its tasks, EMET hooks into low-level areas of the operating system in ways they weren’t originally designed. This has caused serious side-effects in both performance and reliability of the system and the applications running on it. And this presents an ongoing problem for customers since every OS or application update can trigger performance and reliability issues due to incompatibility with EMET.

Finally, while the OS has evolved beneath it, EMET hasn’t kept pace. While EMET 5.5x was verified to run on Windows 10, its effectiveness against modern exploit kits has not been demonstrated, especially in comparison to the many security innovations built-in to Windows 10.

Source:
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/

Google warns of actively exploited Windows zero-day

November 1, 2016 – 5:40 AM

Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild.

According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”

The same vulnerability has been shared with bith Microsoft and Adobe on October 21st, as it also affected Flash Player. But while Adobe has already pushed out an update with the patch, Microsoft has not been so quick.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10,” Adobe said in the security bulletin accompanying the release.

Google has made public the flaw before Microsoft has had the chance to fix it because it is a critical vulnerability that could lead to system compromise, and it is being actively exploited.

They have advised users to update Flash and implement the Microsoft patch as soon as it is made available.

In the meantime, Windows 10 users can use Google Chrome to protect themselves against possible attacks leveraging the flaw.

Source:
https://www.helpnetsecurity.com/2016/11/01/google-warns-actively-exploited-windows-zero-day/

IoT Scanner Checks for Vulnerabilities In Your Connected Devices

October 24, 2016 – 4:17 PM

Last week’s DDoS attack on Dyn that shut down portions of the internet was fueled by bots created from hacked connected devices, like internet-connected cameras and DVRs, but can also theoretically include connected routers, printers, and more. While there’s not exactly a fix for this problem, IoT Scanner is a tool that can at least tell you if a device in your house is creating a vulnerability.

In the case of last week’s attacks, the botnet was created by taking control of a bunch of different connected cameras that still had the default passwords in use. To scan if you have such devices in your network, Bullguard Security created IoT Scanner. Head to the site, click the scan button, and IoT Scanner looks for open ports on your network.

If IoT Scanner comes back saying that your network can be breached, that means some device that’s connected to your Wi-Fi network has an open port that makes it accessible from the internet. This could be on purpose if you’re running a server or have some other device that you can access from outside your home network. If you’re not doing that and IoT Scanner says your network can be breached, then it’s a good idea to dig in and see which device has that open port.

Like most tools of this ilk, take the results with a grain of salt and use them as a starting point to really secure your network. IoT Scanner’s results are vague, but they’ll at least give you a place to start your search.

Source:
http://lifehacker.com/iot-scanner-checks-for-vulnerabilities-in-your-connecte-1788154835

Easy-to-exploit rooting flaw puts Linux computers at risk

October 21, 2016 – 1:15 PM

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that’s already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.

The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.

The Red Hat security team describes the flaw as a “race” condition, “in the way the Linux kernel’s memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.” This allows an attacker who gains access to a limited user account to obtain root privileges and therefore take complete control over the system.

The vulnerability was fixed this week by the Linux kernel developers and patches for Linux distributions, including Red Hat, Debian, Ubuntu, Gentoo and Suse, have been released or are in the process of being released.

The vulnerability, which has been dubbed Dirty COW by the security community, was discovered by security researcher Phil Oester when it was reportedly used in an attack against one of his servers. This suggests that attackers have known about the vulnerability and have exploited it in the wild for some time.

Source:
http://www.csoonline.com/article/3133965/security/easy-to-exploit-rooting-flaw-puts-linux-computers-at-risk.html

Remove ransomware infections from your PC using these free tools

October 7, 2016 – 4:36 PM

Ransomware, a variety of malware which encrypts user files and demands payment in return for a key, has become a major threat to businesses and the average user alike.

Coming in a variety of forms, ransomware most often compromises PCs through phishing campaigns and fraudulent emails. Once a PC is infected, the malware will encrypt, move, and potentially delete files, before throwing up a landing page demanding a ransom in Bitcoin.

Demands for payment can range from a few to thousands of dollars. However, giving in and paying the fee not only further funds the development and use of this malware, but there is no guarantee any decryption keys given in return will work.

It is estimated that ransomware attacks cost more than $1 billion per year.

The No More Ransom Project, launched by the National High Tech Crime Unit of the Netherlands’ police, Europol, Kaspersky, and Intel Security, is a hub for victims to find out how to remove infections — and how to prevent themselves becoming infected in the future.

Unfortunately, not every type of ransomware has been cracked by research teams. Time and vulnerabilities which can be exploited by cybersecurity experts are required, and so some ransomware families do not have a solution beyond wiping your system clean and using backup data.

However, researchers are cracking more types of ransomware every month and there are a number of tools available which give victims some hope to retrieve their files.

Source:
http://www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools/

Page 9 of 351« First...7891011...203040...Last »