• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 23

June 22, 2012 By Corey Nachreiner

Wild Exploit, AutoCAD Malware, and a Hacking Demo

Did you apply Microsoft’s patches and Fixit last week? If not, this week’s news (and attack demo) ought to convince you to jump on those important updates right away.

Today’s episode warns of attackers actively targeting two of Microsoft’s vulnerabilities from last week, a new malware sample that specifically steals AutoCAD diagrams and blueprints, and a trio of Cisco security advisories fixing vulnerabilities in their security and VPN products. For the curious and technically inclined, I’ve even included an attack demo showing how easy it is for script kiddies to exploit the Microsoft XML Core Services vulnerability using Metasploit. If you want to see a drive-by download in action, and get a few Metasploit tips along the way, check out this week’s episode below.

If video’s not your thing, you can also find links to all this week’s stories in the Reference section. Don’t forget to leave feedback, suggestions, or questions in the comment section if you have anything to share. See you next week and have a great weekend.

(Episode Runtime: 13:00)

Direct YouTube Link: http://www.youtube.com/watch?v=rWGE7i-AIU4

Episode References:

  • Attackers exploit XML Core Services and IE SameID flaws – PCWorld
  • Malware targets AutoCAD  – The Register
  • Cisco Security Advisories
    • AnyConnect Advisory
    • ASA 5500 Series Advisory
    • Cisco ACE Advisory
  • Tool Tip: Microsoft EMET

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, Apple, Father's Day, Flame, Flamer, Hacking, Malware, Microsoft, Oracle, Updates and patches, VMware

Comments

  1. Rob Collins says

    June 24, 2012 at 5:33 pm

    Does the WatchGuard IPS protect against the XML vulnerability?

    Reply
    • Corey Nachreiner says

      June 26, 2012 at 1:37 pm

      Rob,

      Yes. We have signatures for both the XML Core Services vulns, and for the IE Same_ID vuln. We got the signatures shortly after Patch Day. If you have updated to signature set 4.208, you can go to FSM, and show signatures, then search for MSXML or for “Same ID”, and you will find the signatures in question.

      Also, though I didn’t have time before the weekly video, I have since done that same Metasploit attack with an XTMv appliance between the attacker and victim. Our XTM appliance blocks the attack multiple ways. First we catch the malicious Javascript metasploit uses with GAV. But also, our IPS triggers for Malicious Javascript too… We don’t even really need the XML signature necessarily, since we detect the evel Javascript used to launch this web-based attack.

      Reply
  2. μετακομισεις εντος Αττικης says

    March 6, 2014 at 5:14 pm

    When I originally commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get several emails with
    the same comment. Is there any way you can remove people from that service?

    Thanks a lot!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use