Aug 14

Microsoft Internet Explorer Memory Corruption (MS14-051; CVE-2014-4063)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4063) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Microsoft Internet Explorer Memory Corruption (MS14-051: CVE-2014-4063)

Article source: http://www.checkpoint.com/defense/advisories/public/2014/cpai-30-jul.html

Aug 15

Risk & Compliance

McAfee – Risk & Compliance

  • Tool Talk: Cracking the Code on XtremeRAT
    Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. Aside from the FROM: address, Read more…
  • Latest Yahoo Data Breach Restates Need for Basic Security
    News broke today of a large data breach against Yahoo Voices, resulting in more than 400,000 username/password combinations being posted in clear text. The compromise involved a basic SQL-injection attack against an exposed Yahoo server (dbb1.ac.bf1.yahoo.com).  Similar to other recent events, the account data was reportedly stored in an unencrypted state. We see this type of attack Read more…
  • RDP+RCE=Bad News (MS12-020)
    See March 15 and 16 updates at the end of this blog. —————————————————-   The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on Read more…
  • Urchins, LizaMoons, Tigers, and Bears
    In early April, I wrote about the famed “LizaMoon” SQL-injection attacks. I said it then, and I’ll say it again now: SQL-injection (SQLi) attacks are a constant. Some of these attacks are more visible than others.  Some adversaries find intelligent ways to hide their tracks so as not to splatter evidence of their misdeeds all over various search Read more…
  • McAfee to Acquire NitroSecurity
    I am excited to share that McAfee has officially announced its intent to acquire privately owned NitroSecurity.  NitroSecurity is a leading provider of security information and event management (SIEM) solutions that offers complete visibility and situational awareness to protect critical information and infrastructure. With NitroSecurity’s technology and talent, McAfee can expand its reach into the fast Read more…
  • Building an Arsenal of Best-in-Breed Database Security Solutions
    Visit any news site on the Web, and undoubtedly you’ll come across a barrage of articles publicizing the details of yet another data breach. With the prominence of SQL injection attacks, and malicious insiders and hackers exploiting sensitive data stored on unpatched and vulnerable databases, enterprise organizations have found themselves reevaluating their security strategies. Following Read more…
  • Hackers vs. Hackers: The New Frontier Of Embedded Devices
    If we look at the evolution of hacking, certain techniques never go out of style, but we’re at the beginning of a big shift in terms of the targets.  The threat landscape has evolved beyond PCs, tablets, and smartphones to a whole new battleground: connected devices all around us. According to Ericsson, there will be Read more…
  • Five Simple Steps SMBs Can Take To Prevent A Disastrous Data Breach
    Every week we see similar stories permeating the news – large enterprises falling victim to data breaches and finding themselves at the mercy of hackers looking to access and exploit sensitive customer data for personal or monetary gain. The impact of just one of these events can be devastating; for large enterprises, the short-term effect Read more…
  • Lockheed Martin, EMC, Sony: Design Inner Security Layer assuming Outer Layer is already breached.
    The recent security breach at Lockheed Martin confirmed that the attacks we saw with Operation Aurora, identified by McAfee, and Stuxnet are just the beginning of a new era of targeted attacks. Cybercriminals are now executing the perfect plan to get closer to their target without raising any red flags. In the case of Operation Read more…
Aug 14

Joomla Unauthorized File Upload Remote Code Execution

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Joomla Unauthorized File Upload Remote Code Execution protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Server Enforcement Violation
Attack Information: Joomla Unauthorized File Upload Remote Code Execution

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-14-aug.html

Aug 14

Canon Wireless Printer Denial Of Service (CVE-2013-4615)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Canon Wireless Printer Denial Of Service protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Application Servers Protection Violation
Attack Information: Canon Wireless Printer Denial Of Service

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug5.html

Aug 14

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3191)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug10.html

Aug 14

Microsoft .NET Framework Array Access Violation (MS13-052; CVE-2013-3131)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft .NET Framework Array Access Violation (MS13-052) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: Microsoft .NET Framework Array Access Violation (MS13-052)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-06-aug1.html

Aug 14

Cisco OSPF LSA Manipulation Denial of Service (CVE-2013-0149)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Cisco OSPF LSA Manipulation Denial of Service protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Cisco Protection Violation
Attack Information: Cisco OSPF LSA Manipulation Denial of Service

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-08-aug1.html

Aug 13

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3193)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-05-aug7.html

Aug 13

Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187)

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187) protection using the Search tool and Edit the protection’s settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Internet Explorer Memory Corruption (MS13-059: CVE-2013-3187)

Article source: http://www.checkpoint.com/defense/advisories/public/2013/cpai-06-aug2.html