Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution.

Read Time:44 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution.

Acrobat and Reader is a family of application software and Web services mainly used to create, view, and edit PDF documents.
Illustrator is a vector graphics editor and design program.
Bridge is a digital asset management application.
Adobe InCopy is a professional word processor.
InDesign is an industry-leading layout and page design software for print and digital media.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

A Vulnerability in Citrix Workspace App for Linux Could Allow for Local Privilege Escalation

Read Time:18 Second

A vulnerability has been discovered in Citrix Workspace App for Linux, a virtual desktop application. Successful exploitation of this vulnerability could allow for local privilege escalation. A privilege escalation enables the attacker to obtain root privileges within the system which will enable them to install programs; view, change, or delete data; or create new accounts with full user rights.

Read More

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Read Time:3 Minute, 55 Second

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user.

By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “HTTP Protocol Stack.” Microsoft says the flaw affects Windows 10 and Windows 11, as well as Server 2019 and Server 2022.

“While this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “Test and deploy this patch quickly.”

Quickly indeed. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online.

Microsoft also fixed three more remote code execution flaws in Exchange Server, a technology that hundreds of thousands of organizations worldwide use to manage their email. Exchange flaws are a major target of malicious hackers. Almost a year ago, hundreds of thousands of Exchange servers worldwide were compromised by malware after attackers started mass-exploiting four zero-day flaws in Exchange.

Microsoft says the limiting factor with these three newly found Exchange flaws is that an attacker would need to be tied to the target’s network somehow to exploit them. But Satnam Narang at Tenable notes Microsoft has labeled all three Exchange flaws as “exploitation more likely.”

“One of the flaws, CVE-2022-21846, was disclosed to Microsoft by the National Security Agency,” Narang said. “Despite the rating, Microsoft notes the attack vector is adjacent, meaning exploitation will require more legwork for an attacker, unlike the ProxyLogon and ProxyShell vulnerabilities which were remotely exploitable.”

Security firm Rapid7 points out that roughly a quarter of the security updates this month address vulnerabilities in Microsoft’s Edge browser via Chromium.

“None of these have yet been seen exploited in the wild, though six were publicly disclosed prior to today,” Rapid7’s Greg Wiseman said. “This includes two Remote Code Execution vulnerabilities affecting open source libraries that are bundled with more recent versions of Windows: CVE-2021-22947, which affects the curl library, and CVE-2021-36976 which affects libarchive.”

Wiseman said slightly less scary than the HTTP Protocol Stack vulnerability is CVE-2022-21840, which affects all supported versions of Office, as well as Sharepoint Server.

“Exploitation would require social engineering to entice a victim to open an attachment or visit a malicious website,” he said. “Thankfully the Windows preview pane is not a vector for this attack.”

Other patches include fixes for .NET Framework, Microsoft Dynamics, Windows Hyper-V, Windows Defender, and the Windows Remote Desktop Protocol (RDP). As usual, the SANS Internet Storm Center has a per-patch breakdown by severity and impact.

Standard disclaimer: Before you update Windows, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.

Update, Jan. 12, 9:02 a.m.: Apparently some of the updates Microsoft released yesterday — KB5009557 (2019) and KB5009555 (2022) — are causing something to fail on domain controllers, which then keep rebooting every few minutes. That’s according to this growing thread on Reddit (hat tip to @campuscodi).

Read More

Critical Patches Issued for Microsoft Products, January 11, 2022

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

Read Time:38 Second

Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in WordPress Could Allow for SQL Injection

Read Time:29 Second

Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. WordPress is an open source content management system (CMS) which assist in the creation and hosting of web applications. Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.

Read More

Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases

Read Time:5 Minute, 12 Second

Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation. Next-generation firewalls from Palo Alto Networks with AT&T Multi-Access Edge Computing (MEC) solutions are designed to help protect enterprises while optimizing security performance for these new use cases.

Prime time for innovation

AT&T MEC in combination with 5G/4G LTE create a private network solution that enables businesses to localize cellular data to improve their operations. The solution supports edge computing by routing application-specific traffic in a highly effective way. Built on a software-defined network, AT&T MEC enables direct access to cellular data for highly reliable local processing. This technology helps create new outcomes and capabilities by allowing applications to process data right where it’s needed. In addition, MEC enables customers to control their traffic flow, restrict devices and select application access for local business content, all while enabling macro cellular access when desired.

This means that businesses can locally process and transfer data-intensive files in near-real time, scale robotic operations, and offer highly immersive customer experiences. Some on-premises use cases for this include video AI, synchronous media collaboration and industrial manufacturing. These are just a few examples of how businesses are being transformed through edge computing technologies. And these use cases can span many industries – manufacturing, public sector, healthcare, education, stadiums, retail and more. AT&T MEC is leading the way in the rapidly evolving private cellular space driving the right innovation today and tomorrow. CRN has named AT&T to its 2021 Edge Computing 100 list – with recognition as one of those driving innovation in the IoT and 5G Edge Services Category.  The AT&T Multi-Access Edge Computing offering ties together cellular network architecture for real-time high bandwidth, low-latency access to latency-sensitive mobile applications. This is great news.  AT&T is helping businesses connect – harnessing LTE and 5G at the network edge.

Protection at every layer 

AT&T MEC not only helps to enable these business use cases but also provides additional privacy and control beyond the inherent security of AT&T’s 5G/4G LTE cellular network. With AT&T MEC your data is in your control so you can determine the location, cloud, local data center or somewhere else to route it. Data you consider sensitive or proprietary can be kept locally within your internal network, significantly mitigating the risk of it being illegally accessed or stolen. This helps give enterprise control and privacy of their data.

In addition to these privacy measures, security teams must also consider mobile devices that could inadvertently introduce threats. For example, a user accidentally downloads malicious software. Or, an IoT device becomes subject to a supply chain attack. In any environment, but especially in edge environments built for business-critical applications, businesses need to respond to these security events as fast as possible, identify malicious events, and act in real time. Therefore, defenses are needed to inspect the application flows to protect mobile devices and business-critical data in transit and at rest within your network. Adding this layer of security allows consistently enforced policies across all network environments, including private cellular networks like MEC network.

Proven, reliable technology and services

To protect against these advanced threats, AT&T now offers a managed next-generation premises-based firewall optimized to work with AT&T MEC. It starts with proven, reliable technology utilizing Palo Alto Networks ML-Powered Next-Generation Firewall platform based on a scalable, modular design that enables you to increase performance as your needs increase. This state-of-the-art firewall technology brings advanced capabilities to prevent known and unknown threats such as vulnerability exploits, ransomware, malware, phishing and data theft. It also includes unique technology from Palo Alto Networks called WildFire® which automatically detects and helps prevent unknown malware and taps into crowdsourced intelligence from more than 43,000 customers. Palo Alto Networks has been recognized by NSS Labs for having high security effectiveness and by Forrester Consulting for strong Return on Investment . Savings are possible  across many categories, but key areas are  in efficiency gains for IT and security and the reduced risk of a data breach.

Furthermore, this next-generation firewall is managed by AT&T’s state-of-the-art Security Network Operations Center (S/NOC) 24/7. The S/NOC team of security professionals use this highly secure, fully redundant site and its advanced intrusion detection capabilities to further analyze and respond to threats. They also help reduce complexity by assisting the customer with ongoing configuration changes to their firewall policies. 

Visibility and control

This next-generation firewall offering provides fully managed, end-to-end firewall protection for your mobile network data traffic including traffic routed through AT&T MEC. The firewall provides visibility of applications and mobile services including those using AT&T MEC Local Content Offload connectivity. In addition, it provides application layer protection by enabling application centric policies that could be used to block as many or all malicious applications or only certain types of malicious activities.

This offering can further help prevent malicious activity that could be concealed in encrypted traffic. Already without decrypting, it provides visibility into TLS traffic, such as the amount of encrypted traffic, TLS/SSL versions, cipher suites, and more. If an instance warrants decryption, the business has the flexibility to gain that additional insight for forensics, historical purposes, or data loss prevention (DLP) needs.

Conclusion

AT&T helps make it safer for you to innovate with leading edge technologies and the security elements to help protect this dynamic environment. Gain fully managed, end-to-end firewall protection for your private cellular network including traffic routed through AT&T MEC with next-generation firewalls provided by Palo Alto Networks.  To learn more- visit us at AT&T Cybersecurity Advanced 5G security solutions | AT&T Cybersecurity (att.com).

Read More

Protecting Your Privacy This Year

Read Time:5 Minute, 9 Second

If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. 

In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first three quarters of 2021, we can see that the number of identity theft cases reported to the U.S. Federal Trade Commission (FTC)are up. Moreover, fraud connected with government documents and benefits has jumped by nearly 100,000 reported cases. Likewise, bank fraud saw a jump as well with a solid 30% increase. 

Figure-1-2021-FTC-Fraud-Reports-Q1-Q3

 

Figure 2- 2020 Fraud Reports, Q1-Q3

Likewise, compare 2021 to the same period in 2019 and the contrast is yet more striking: well over double the number of reports of identity theft. Also note the massive bump in fraud across the board as well—notably in government documents and benefits, which went from nearly 18,000 reported cases to more than a quarter-million cases. 

Figure 3- 2019 Fraud Reports, Q1-Q3

And that’s just what’s been reported in the U.S. Far more crime goes unreported, and it is estimated that the cost of identity theft and fraud goes well into the billions of dollars.

Yet behind each stat is a person, a family, and a household that dealt with anything from a financial headache to a major life event no thanks to identity theft and fraud. Accordingly, we’re seeing to it that each and every person has the tools to prevent this from happening to them.

Here’s a little bit about our approach. We looked at some of the key areas where people’s private information can be vulnerable and designed a tool that offers easy-to-use, intelligent protection for Windows, Android, and iOS devices, with a consistent feel on whichever device you’re using it.

Connect safely a VPN

Unsecured networks can leave us vulnerable, like when we use public Wi-Fi. What’s at issue is that a cybercriminal can potentially capture your login credentials and other personal information as you use a public network in a hotel, airport, coffee shop, library, and so forth.

So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily by detecting when you’re on a public network and automatically turning on on your VPN. The VPN then scrambles or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.

Dark Web Monitoring

Given that data breaches large and small continue to occur with more regularity than any of us would like, always-on monitoring of your private information is key.

Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.

To detect these dangerous leaks, we included dark web monitoring, which alerts you if your log-in credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.

Identity theft insurance and recovery support

Should the unfortunate happen to you, we have your back. In several ways.

Recovering from identity fraud or theft can be expensive. We’ll help relieve the burden with $1M coverage for lawyer fees, travel expenses, lost wages, and more. If money was stolen directly from a bank account, we’ll also reimburse up to $10,000 stolen funds.

No question about it, recovery can be time-consuming, confusing, and even frustrating. With that, we offer licensed recovery experts who can work with you any time, around the clock, all year long. These pros can use a limited power of attorney to do the heavy lifting for identity recovery, taking all necessary steps to repair identity and credit.

In all, we protect your time and your money as part of protecting your identity too.

New: Identity Protection Score

Knowing your safe and staying that way just got far simpler. With a colorful view, you can see exactly what your Identity Protection Score is at a glance, which compiles your overall levels of security, privacy, and identity theft protection. Better yet, if it spots gaps in your protection, it guides you through straightforward fixes that can make you safer than before.

It’s an industry first, and something we all deserve—the ability to clearly see exactly how secure you are and to quickly shore up your protection whenever it’s needed.

Ease of Use

Also on our list, we wanted to make personal protection easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or at home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.

It’s about enjoying the internet

Ultimately, that’s what any of us want—to enjoy the internet with confidence, knowing that whatever it is we’re doing online is secure.

The way we use the internet continues to evolve. After all, it wasn’t long ago that the idea of using a phone to see who’s at the front door may have seemed a bit odd. Let alone having a little chat with the speaker on your kitchen counter. Yet that’s where we are today. And as the internet evolves, so will we. The protection we offer will cover your increasingly connected life in whatever shape that takes.

No question about it. We’re committed to protecting you, your privacy, identity, and certainly your devices too—and making all of it simple.

Here’s to a happy and secure year!

 

The post Protecting Your Privacy This Year appeared first on McAfee Blogs.

Read More