Closing the books on the threats of 2015
It is hard to believe that the year is already coming to an end, and we are preparing to face the challenges that 2016 will surely bring. 2015 was a big year in cyber security (think OPM, Ashley Madison, countless out-of-cycle zero day patches). Instead of reliving all the incidents of 2015, let’s look at what we can do to make our environments more secure and better prepared for the challenges ahead.
Managing risk and mitigating impact to your organization should be your number one goal for the upcoming year. Here is the Solutionary 2016 security planning checklist that’ll help reach this goal:
- Prepare for and schedule your annual risk assessment. If you’re already doing this, great! If not, now is the best time to start.
- Review your existing incident response procedures, identify gaps, and make it a goal to fill those gaps in 2016.
- Update your network architecture, data flow, and storage architecture diagrams. Keeping...
On December 28, Adobe published a new version of Flash Player to secure 19 flaws in its code, updating a version of Flash which Adobe released earlier this month. Today’s release patches these 19 flaws, including multiple zero day vulnerabilities. Of these, CVE-2015-8561 is being actively exploited in the wild.
Adobe states this vulnerability “is being used in limited, targeted attacks” and described it as “an integer overflow vulnerability that could lead to code execution.” The only observed exploitation to date has been via a phishing campaign.
On December 17, Juniper Networks published an out-of-cycle security announcement regarding a severe vulnerability their own security researchers had discovered in ScreenOS. These vulnerabilities affect any products and platforms running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, covered under CVE-2015-7755.
Security researchers discovered the vulnerability during an internal code review and identified two specific issues. The first could allow unauthorized remote administrative access to an affected NetScreen firewall via Telnet or SSH, possibly leading to compromise of the affected system. The second issue, per the Juniper Networks... read more >
It’s hard for me to get enthusiastic about predictions. Let’s face it, anyone at the end of 2014 could have predicted that in 2015 that there would have been mega data breaches, such as those that hit the Office of Personnel Management and Ashley Madison. And in the year ahead, there will be a number of major breaches, shocking vulnerabilities, and surprising gaffes at the hand of the IT department at a number of enterprises and government agencies.
That said, it’s important that security teams always keep an eye on the major trends in the industry so that they can adjust their programs accordingly. With that in mind, here are a handful of key things we can expect to see in 2016 and likely beyond:Citizen developers increase enterprise data risks
If enterprise application security teams think that they have a challenge now regarding keeping applications secure as they’re developed, deployed, and maintained in production,... read more >
FireEye acted quickly to close a serious vulnerability in some appliances
On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.
Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.
Affected... read more >
The Office of Personnel Management (OPM) has finished notifying affected individuals
In June of 2015, the Office of Personnel Management (OPM) announced a massive data breach due to attackers breaching their networks and stealing sensitive data. By the time the OPM completed the investigation, they revealed that the attackers had made away with a significant amount of personal and private data, including data for many people who applied for government clearances as far back as 2000, and in some cases, even earlier. The official count is about 21.5 million affected individuals, but that number may be misleading since the forms can include details on people listed on an applicant’s form, such as a spouse, ex-spouse and others. In the end, if you consider the total number of people affected and the quality of the stolen data, the OPM breach was one of the worst breaches ever witnessed. In fact, the OPM breach may actually have been THE worst. Solutionary discussed the OPM breach in detail in the... read more >
Finding Moments of Inspiration in Information Security
Over the past few weeks, I have been entrenched in analyzing a particular type of malware. During my analysis, something peculiar caught my attention regarding the network traffic. In my usual fashion, I started analyzing the traffic, working to identify the anomaly as something related to the underlying protocol, or something specific for the malware.
As you may have guessed, Request for Comment (RFC) and protocol specification guides began to work their way off the bookshelf. I was in protocol heaven, entrenched in the mass of one’s and zeroes. This must have been what Neo felt like in the Matrix. There is no spoon. During my trip into Wonderland, I made a tactical error, one that was not discovered until another colleague, intrigued by my curiosity, also decided to follow the white rabbit.
After completing our respective journeys and comparing Wonderland experiences, it... read more >