It’s Patch Tuesday again. This month is busier than most because on top of Microsoft’s security bulletins, Adobe is also releasing updates for Reader and Acrobat.
Let’s start with Microsoft. There are nine new security bulletins for August, which resolve 26 different vulnerabilities. There are five rated as Critical—including a patch for Internet Explorer for the third consecutive month--and four Important.
Tyler Reguly, director of security research and development for nCircle, says, “The most interesting thing this month is the release of patches for two wormable issues, MS12-053 and MS12-054. These only affect the oldest-supported Windows platforms and really speaks well of the improvements Microsoft has made to their security efforts over the years.”
Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data.
Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”.
Gauss has been flying under the radar and evading detection since the fall of 2011. Ironically, it was discovered during operations initiated by the International Telecommunications Union (ITU) in the wake of Flame in an effort to detect and mitigate any other stealthy cyber threats. Mission accomplished.
The hackers that hijacked Mat Honan’s online life, took over his Twitter account(s), and wiped out his iPhone, iPad, MacBook, and Google accounts in one fell swoop showed some perseverance in achieving that goal. Not all attackers are quite that determined, but the hack still demonstrates some serious flaws in Apple’s iCloud and the iCloud security model.
My iPhone, iPad, and MacBook Air are all synced through Apple’s iCloud--just like Mat Honan. I appreciate the convenience and simplicity of the fact that I can add a contact on my iPad, and it will automatically sync to the other two devices. I can take a picture with my iPhone, and the photo will be available from the iPhone and MacBook as well. It just works.
The Mat Honan hack is a poignant illustration of how “it just works” can be a double-edged sword. If it “just works” for you, it also “just works” for an attacker who manages to gain access to your iCloud account.
The Internet is abuzz this weekend as a result of the Gizmodo Twitter account getting hijacked. That incident was traced back to the hack of an Apple iCloud account--allegedly accomplished through social engineering.
A Forbes.com story from Adrian Kingsley-Hughes explains that a former contributor for Gizmodo, Mat Honan, was the original victim of the attack. Hackers were able to access Honan’s iCloud account, and remotely wipe his iPhone, iPad, and MacBook. The original theory was that the hackers used a brute force attack to crack Honan’s iCloud password, but further investigation revealed that social engineering was used to convince Apple the attackers were Honan, and Apple gave them the keys to walk right in.
Color me incredulous!
Every time I’d contact Apple Support I would get the same default answers, and “solutions” that wouldn’t work. Apple Support would explain that my email address was already in use on another Apple ID account, and that until it was removed from that account I’d be unable to use it.
Exasperated, I’d explain again that I can’t remove the email address from the Apple ID account because I had no idea what the Apple ID account was, or how to access it. Eventually, I’d become frustrated and quit. After a month or two, I’d contact Apple support and try again.
After many conversations and attempts, I finally had a breakthrough…sort of. An Apple Support person “cracked” and gave me an email address of the Apple ID associated with my email address. It was my wife’s. However, we logged in to her Apple ID account to remove my email address and found no sign whatsoever of it being there.
The nation’s critical infrastructure is at risk--a well-executed cyber attack could have a potentially devastating effect. Congress is trying to patch some of the holes with legislation, but a recent survey found that most security experts have little faith that government regulation can do the trick.
Sensational attacks against the critical infrastructure make for great stories in books like Zero Day: A Novel by respected security expert Mark Russinovich, or perhaps something from Dan Brown. But, many security experts believe that we are in very real danger of such attacks moving from fiction to reality, and that we are woefully unprepared to defend against, or respond to them.
What is the “critical infrastructure”? Executive Order 13010, signed by President Clinton on July 15, 1996 established the President’s Commission on Critical Infrastructure Protection. It explains, “Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.”
We talk frequently about cybersecurity, discussing how to protect your business’s data by using strong passwords, deploying antimalware utilities, and keeping your computers safe with the latest patches and updates. This time, the focus is on premises security, or protecting your business’s physical assets from burglary and vandalism.
The best cybersecurity measures in the world are useless if a thief breaks into your office and makes off with your computers.
You won’t lose any digital data if you’ve followed our advice to back up your computers to secure, offsite locations; but if your business is like most operations, it isn't entirely digital. You have paper records, including sensitive personal information about your employees.
These systems are professionally installed, but they're pricey.
ADT maintains a large presence in both the residential and commercial security markets. The company rolled out its residential Pulse system in late 2011, and is now marketing the same devices and services to small businesses.
This system provides site security via sophisticated access control.
RedCloud provides a different type of premises security system, one that revolves around access control. As such, RedCloud Express wouldn’t be appropriate for a retail operation open to the public, but it is ideally suited for small-office buildings, warehouses, and manufacturing facilities where you need to restrict access to authorized personnel and you wish to keep track of who’s coming and going.
A new Mac malware threat has been discovered. The OSX/Crisis Trojan is an insidious clever threat. Mac users should take steps to defend against this new malware, and proactively defend against future threats while they’re at it.
OSX/Crisis is uniquely sneaky. First of all, the malware is cross-platform. It identifies the operating system, and executes different instructions depending on whether the target is a Windows or Mac OS X system. The malware is capable of infecting OS X 10.6 “Snow Leopard” and OS X 10.7 “Lion” systems without requiring a password, or any user intervention.
Once it infiltrates the system, it exhibits different behavior depending on whether or not it has Admin level privileges on the target. OSX/Crisis is exceptional in its ability to adapt on the fly to attack a broader range of targets.