Computer & Network Security>Microsoft|Computer & Network Security>Microsoft Security Bulletin|Computer & Network Security>Patches|Computer & Network Security>Zero-day

Microsoft Word Zero Day – Confirmed Attacks

Microsoft released a zero-day advisory for Microsoft Word.  According to Microsoft, “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.”

A patch should be released on April 8th, Patch Tuesday. For now, an immediate mitigation is to Disable opening RTF content in Microsoft Word, which prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.


Computer & Network Security|Social Engineering>Phishing

Highly effective social engineering using Google Drive

Researchers at Symantec have identified an attack on Google Documents users using highly effective social engineering methods. This attack is so successful because the redirect page is hosted on Google’s servers and comes in over SSL. The criminals used Google Drive’s preview function to get public facing URL’s. The sign in page is pictured below. Take a second and see if you can spot the flaw.


If you were sent an email request and directed here would have missed the Sign in to continue to Google Drive? My son’s school uses Google Doc’s for students and I know he would have missed it and entered his Login credentials. The moral of this story is to be conscious of how much personal information you store in any service with this much access to your life.



News Brief – 03/13/14

Critical crypto flaw in Facebook’s WhatsApp for Android exposes chats

Tread carefully when allowing apps access to features on your phone like access to the SD card.

The Android version of WhatsApp, the cross-platform instant messaging app purchased by Facebook for $16 billion, has a loophole that leaves chat histories wide open to other apps installed on the same smartphone, a security consultant says.

162,000 WordPress instances abused for DDoS attack

Security researchers have uncovered a recent distributed denial-of-service (DDoS) attack that used at least 162,000 WordPress-powered websites to knock another site offline.Source

If you use wordpress, it must be updated as soon as updates are released.  Standard security practices should be followed including:

  1. Using logins other than the admin account and disabling or reducing privileges of that account.
  2. If possible changing the default wp- prefix to a different prefix for virtual directories.
  3. Installing logging plugins to monitor logins.
  4. Keeping plugins up to date.
  5. If possible, putting a web application firewall in front of the WordPress installation.

Security updates available for Adobe Flash Player

Today’s release does not include critical updates, but Adobe should be updated as soon as updates are released.  Adobe is often the target of phishing attacks.

Release date: March 11, 2014

Vulnerability identifier: APSB14-08

CVE number: CVE-2014-0503, CVE-2014-0504

Platform: All Platforms

290k+ users possibly affected in North Dakota University breach

The affected server contained the name, Social Security number, and other student information for 291,465 current and former students including some Fall 2014 applicants, as well as the SS number and employee ID number for 784 faculty and staff members. 

Apparently, the compromised dates back to October 2013.

Again, as another breach has been reported we find out that it has been ongoing for a significant amount of time.  Logging alone is no longer a viable option for discovering and preventing attacks.  SIEM solutions that can analyze and interpret logs and correlate them from many systems are necessary in today’s data driven, fast paced environments.


Computer & Network Security>Microsoft|Computer & Network Security>Microsoft Security Bulletin

March 2014 Microsoft Security Bulletin Release

For this month’s round of patches Microsoft has released five new security bulletins, two of which are for critical vulnerabilities.  The first critical update is a cumulative security update which resolves numerous vulnerabilities that could allow remote code execution in both workstation and server operating systems.  The second update is an update specifically for Microsoft DirectShow which could also allow remote code execution in both workstation and server operating systems.

In addition to the security bulletins, Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool, and re-released a security advisory update for vulnerabilities in Adobe Flash Player running in Internet Explorer.

Microsoft recommends that customers apply these updates immediately using update management software, or by checking for updates using the Microsoft Update service.