Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-09-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday Analysis

Published: 2016-09-13
Last Updated: 2016-09-13 18:05:09 UTC
by Rob VandenBrink (Version: 1)
2 comment(s)

The Microsoft Patch Tuesday updates are out, our analysis is here:
https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13

If you consume these using an API, the link for that is here:  https://isc.sans.edu/api/getmspatchday/2016-09-13
(or if you prefer json https://isc.sans.edu/api/getmspatchday/2016-09-13?json )

===============
Rob VandenBrink
Compugen

2 comment(s)

Apple iOS 10 and 10.0.1 Released

Published: 2016-09-13
Last Updated: 2016-09-13 18:03:22 UTC
by Rob VandenBrink (Version: 1)
1 comment(s)

On top of today being Patch Tuesday, Apple has released IOS 10 sometime today as well.  They also released 10.0.1, with not a lot of detail behind that release (maybe something was missed?)

Security details for 10.0 : https://support.apple.com/en-ca/HT207143
Security details for 10.0.1: https://support.apple.com/en-ca/HT207145 (an almost empty page)

Highlights are:

MiTM attacks on Apple Updates
Autocorrect pulling sensitive data from cache (again)
Issues with Certificate Trust in Mail app allows MiTM
Airprint Temp file sanitization
SMS directory exposed to malicious apps

 

None of these Apple or Microsoft updates are what you'd call "small" - let's hope we don't break the internet today (just kidding, I think).

Happy Patching everyone!

===============

Rob VandenBrink
Compugen

Keywords: adobe apple Updates
1 comment(s)
Adobe security updates for AIR SDK and Compiler: https://helpx.adobe.com/security/products/air/apsb16-31.html
ISC Stormcast For Tuesday, September 13th 2016 https://isc.sans.edu/podcastdetail.html?id=5163

If it's Free, YOU are the Product

Published: 2016-09-13
Last Updated: 2016-09-13 00:28:10 UTC
by Rob VandenBrink (Version: 1)
5 comment(s)

This is a commonly used phrase, usually when describing free products on the internet (often social media sites).

When my wife asked me to convert a PDF to a DOCX file, I thought I'd test this proverb in a slightly different way.  I googled "convert PDF DOC", and tried the first group of "free" online converters.

Of the ones that are actually free, I took the resultant DOC file and pulled it apart, first just by unzipping it, then in much more detail using some of the tools on Lenny Zeltser's cheat sheet page on analyzing malicious documents: https://zeltser.com/analyzing-malicious-documents/.  At this point I think you know where I'm going.

Yes, 3 of the first 5 on the list converted to doc files that contained <gasp> malware - Angler variants all of them.  So an "older" kit, but an exploit all the same. 

So I guess it's true, you are the product! 

Oh, and my wife's request?  I just opened the PDF in Word 2013 and did a "save as".  Some of the graphics were lost, but everything she needed came through just fine!

===============
Rob VandenBrink
Compugen

5 comment(s)
Diary Archives