The Most Sophisticated Phishing Attack Yet
In the past, one way to defend yourself from a phishing attempt was to double check the URL. If something looked fishy, pun intended, you knew to navigate away.
However, a recent demonstration by a Chinese security researcher shows it’s possible to display a URL that appears correct. Safari isn’t tricked, but Chrome, Firefox and Opera all can display this convincing, fake URL.
The best defense is to update these browsers as soon as possible; Chrome has already released an update that now prevents this. You should also always visit websites from your own bookmarks or by typing in the URL.
HTTPS Vulnerable to a MiTM Attack
An alert was put out by the United States Computer Emergency Readiness Team (US-CERT) mid-March outlining the possibility that HTTPS is vulnerable.
In their alert, they point to issues detected with HTTPS inspection products that aren’t preforming the correct transport layer security certificate validation. Hackers could use a man-in-the-middle (MiTM) attack to intercept the connection and collect sensitive client data.
US-CERT recommends that any organizations using HTTPS should verify that their product properly validates certificate chains and passes any warnings/errors to the client.
Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:
|Adobe (Updates for Adobe Campaign, Flash Player, Acrobat, Reader, Photoshop CC, and the Creative Cloud Desktop Application)||APSB17-09
|Wireshark||Network protocol analyzer||Wireshark_v2.2.6|
|Glary Utilities||PC cleanup||Glary_v5.74|
Type confusion in PDFium.
Heap use after free in Print Preview.
Type confusion in Blink.
URL spoofing in Omnibox.
Use after free in Chrome Apps.
Use after free in Blink.
Incorrect UI in Blink.
Incorrect signature handing in Networking.
Cross-origin bypass in Blink.
|Skype_7.35||When searching for new contacts, you will now see the number of mutual friends you have. Quality improvements and general fixes.|
|Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).
Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an important vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006). This update also resolves a vulnerability related to the directory search path used to find resources (CVE-2017-3007).
|Firefox_v53||Faster and more stable with a separate process for graphics compositing (the Quantum Compositor). Compact themes and tabs save screen real estate, and the redesigned permissions notification improves usability. Plus various security fixes.|
|Thunderbird_52.0.1||Fixed: Clicking on a link in an email may not open this link in the external browser. Crash due to incompatibility with McAfee Anti-SPAM add-on. Add-on is blocked in 52.0.1|
|WinSCP_5.9.5||SSH core and private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.68. It brings the following change: Security fix: an integer overflow bug in the agent forwarding code. vuln-agent-fwd-overflow
Translation completed: Traditional Chinese.
Translation updated: Icelandic.
De-duplicating Duplicate Session and Disconnect accelerators in Session menu. 1512
De-duplicating Quit and Queue accelerators in Commands menu. 1516
Increased length limit of host name. 1517
Bug fix: Failure when reloading non-current directory expanded in remote directory tree. 1514
Bug fix: Failure when moving Download and Delete operation to background. 1462
|Wireshark_2.2.6||Various security and bug fixes|
|Glary_v5.74||Faster scan and analyses. New Design.|
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.