What’s New
- Hacker Play Date v2.0 – The first Hacker PlayDate (HPD) ended up being a much bigger success than we expected and, as a result, we will be hosting the second Hacker PlayDate (HPDv2.0) on 12 September 2015. HPDv2.0 will be held in the meeting room at Primo’s Mexican Cocina (next door to Cyber Tech Cafe) so we won’t be quite as cramped. The format will be similar but we plan to have some additional booths (tables) setup for things like the lock-picking, Raspberry Pi, etc. (the lock picking table seemed to be a big hit at HPDv1.0). If you are interested or if you know someone else that would be interested in a demo (anything from lock picking to physical security to hacking a Raspberry Pi to setting up a network to building a gaming rig), let us know. We have a few demo’s / presentations scheduled so far but welcome more. More information is available on the new Hacker Playdate website here.
- Better Communication – As part of our 2015 Focus on Security, we are now available on Twitter @cyber_tech_cafe .
- Kaspersky Breach (June 2015) – In June we reported on the breach at Kaspersky Labs had left 400 +/- users open to attack but, since the initial report, news has been very quiet on that front.
- Hacking Team Breach – The big news so far this month has definitely been the Hacking Team breach and the subsequent release of data (appx 400GB), part of which were multiple Adobe Flash Player Zero Day vulnerabilities and a Java vulnerability that are being actively exploited in the wild. Additional information on the breach can be found here.
- Adobe Flash – Related to the Hacking Team Breach are multiple Adobe Flash Player zero day vulnerabilities that is are being actively exploited to spread the Cryptowall / Cryptolocker ransomware. Exploit code was released and a Metasploit module has been published to Exploit-DB today (I believe it was posted last night). Users are encouraged to install the Adobe Flash Player update as soon as testing permits.
- Java – Also related to the Hacking Team Breach is a zero day vulnerability in Java. As of the time of this email, exploits for this vulnerability have been highly targeted but, now that the proverbial cat’s out of the bag, expect these attacks to broaden until a patch is available.
- New Content – You’ll notice a new content section below titled ‘Security News, Sponsored by Piratica’. As many of you may already know, Cyber Tech Cafe has partnered with Piratica, LLC to focus on security from an offensive perspective. In addition to the vendor specific updates from Microsoft, Adobe and Oracle (Java), we will now also be bringing you more generalized security updates from the industry at large.
Updates
Executive Summary – The biggest news so far this month is the Hacking Team breach and the subsequent Adobe Flash Player and JavaZero Day vulnerabilities. The severity of the Adobe Flash vulnerability was significant enough that some industry heavy hitters (Facebook, to name one) are beginning to call for the end of Adobe Flash. The Java vulnerability was significant but, as of the time of this writing, was being used in very targeted attacks. All of the critical updates address problems that can allow a remote attacker full access to affected computers. Users and administrators are encouraged to review the details of the patches and, if possible, patch immediately.
Microsoft – Microsoft released 14 bulletins this month (MS15-058 through MS15-077, note that MS15-058 was included in this one [this was excluded last month]). Four of the bulletins are rated as critical by Microsoft and all 4 address vulnerabilities that could lead to remote code execution. The remaining 10 are rated by Microsoft as important and address vulnerabilities that could lead to remote code execution or elevation of privilege. It’s interesting to note that, although Microsoft has MS15-069, MS15-070 and MS15-075 listed as Important, SANS has them rated as critical. No offense to Redmond, but I’m going with SANS on this.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here and Here (SANS).
Adobe – Patch now, we’ll wait. That may seem a bit harsh but the reality is that Adobe got hit HARD as a result of the Hacking Team breach and, as a result, users with Adobe Flash Player installed have been getting hit hard as well. As of the time of this writing, there have been at least 3 zero day vulnerabilities for Adobe Flash Player. In addition to the Adobe Flash Player vulnerabilities, Adobe has also released updates to Adobe Shockwave player. It’s worth noting that, unless you *need* Adobe Flash Player or Adobe Shockwave player, it wouldn’t be a bad idea to simply uninstall them. Additional details on ths are available from Adobe here.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – A critical vulnerability as discovered in Java but, as of the time of this writing, the latest version available for download is Java 8 update 45. A Pre-Release Announcement is available here and a download is scheduled to be available today, but I haven’t seen it yet. Also, it’s worth checking to make certain that you do not have any older (vulnerable) versions of Java installed on your computer. In Windows, you can check this by going to Add / Remove Programs and looking for older versions.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
Security News, Sponsored by Piratica – Even though much of the security community is abuzz with Defcon 23 now less than a month away, everyone still has an eye on the ball. The Hacking Team breach is further confirmation that no one is immune from a security disaster (if a company whose primary business is selling tools to allow attackers to break into networks can get breached…) and underscores the need for organizations to understand what their golden egg is, where they’re vulnerable and what they can do to protect that golden egg from attackers looking to exploit their vulnerabilities. Attackers are focusing more on data, the customer list, the credit card info, the personal health information, the trade secrets, etc. Additionally, attackers have learned that it’s easier to attack a high value target via a smaller, less secure target. As a result, previously lower value targets are being targeted, breached and leveraged against the larger, high-value targets.
Piratica is an operational security company that works with client organizations to identify potential security vulnerabilities through vulnerability assessments, penetration tests and red / blue team exercises. Additional information is available on the website, Facebook and Twitter.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.