• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 9

March 16, 2012 By Corey Nachreiner

Lots of Software Updates, a Few Breaches, and One Anonymous Story

Missed this week’s security news? No problem. WatchGuard’s Security Week in Review video will fill you in. This week I talk about all the Microsoft Patch Day updates, a few significant network attacks, and a booby-trapped Anonymous Linux distribution. Watch below to learn more.

By the way, in the video I talk about a serious Windows RDP flaw, and the rumor that someone had released a  public exploit targeting this flaw. This morning, right after I produced this week’s video, I learned that the exploit has indeed gone public. So far, the researcher has only released a “proof-of-concept” exploit, which will crash the RDP service. No one has released a “weaponized” exploit yet. However, with this code available it’s only a matter of time. While I’ve said this quite a few times this week, I highly suggest you apply Microsoft’s RDP patch now!

As always, I include an Episode Reference guide below, where you can read more about each of these stories. As an aside, thanks for your comments and suggestions last week — keep them coming. I have noted that many people would like a shorter intro to the video. I wasn’t able to change it this week, but I will soon. (Video Runtime: 7:46)

Episode References:

  • Updates and Patches:
    • Microsoft Patch Day summary – WatchGuard Security Center
    • Windows updates – WatchGuard Security Center
    • Visual and Expression Studio – WatchGuard Security Center
    • ColdFusion security update – WatchGuard Security Center
    • Safari patches 83 vulnerabilities – MSN
  • Cyber attacks and breaches:
    • BBC cyber attack – BBC
    • XSS flaw on PayPal – E Hacking News
    • Ancestry.com breach – MSN
      • Teamhavok PasteBin dump
  • AnonymousOS pulled due to trojans

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Anonymous, Apple, Apple TV, Chrome, FBI, Internet Explorer, itunes, lulzsec, pwn2own, Pwnium

Comments

  1. Joseph says

    March 16, 2012 at 9:29 pm

    Don’t bother with using AnonymousOS in your test hacking environment. Get yourself a copy of BackTrack, Backbox, Network Security Toolkit, Knoppix or Pentoo. (Personally recommended in that order. With BT being the main recommendation.) And again, make sure that you are only doing penetration testing or exploitation on either your own network or a network where you have expressed authorization to do such activities. (Again, I personally recommend getting a cheap computer and setting that up as your vulnerability assessment machine. That way you don’t have to worry about he said she said games if the authorities do get involved for some reason.)

    Reply
    • Corey Nachreiner says

      March 19, 2012 at 2:34 pm

      Joseph,

      Thanks for the advice. I’ve been using Backtrack for years, love it. Also, want to make sure people didn’t interpret my mention of Anonymous OS as a recommendation to get it. In fact, knowing that the OS is infected, and not nearly as good a tool as Backtrack, I recommend avoiding it.

      Reply
  2. andria says

    March 27, 2012 at 12:21 am

    good to know about the WatchGuard Security Week in Review for Episode 9

    Reply
  3. Yiddish says

    April 3, 2012 at 3:26 am

    I am using Comodo security products, it’s nice.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use