Zappos (a popular, Amazon-owned, online shoe reseller) warned its employees and customers that an attacker had gained access to their internal network, and made off with a bunch of sensitive customer information. The good news? The attacker did not gain access to any customer credit card info. The bad news? He or she did steal over 24 million users’ names, addresses, phone numbers, email addresses, and encrypted or hashed passwords.

password

you’ve followed security or technical news over the last few days, you’ve probably heard about the “Flame” worm. This interesting new piece of malware belongs to a class of attack called an Advanced Persistent Threat (APT), and it’s making headlines worldwide. As a result, many of you may be wondering whether or not this nasty sounding malware will affect your organization. My short answer is, “probably not,” but read on to learn more.

watchguard , antivirus

Compared to the last few months, this week seems relatively quiet as far as security stories are concerned. We saw some security incidents this week, but nothing that would catch your hair on fire.

malware , watchguard

Historically, APT attacks have been created by sophisticated hackers using advanced attack techniques and blended threat malware, but it is only a matter of time before “normal” malware criminals learn from these sophisticated hacks and the evolution of the APT speeds up, making organizations of every size a target.

malware , watchguard

Radio Free Security (RFS) is a monthly audio podcast dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. Here’s what to expect in April’s episode:

Radio Free Security

Have you noticed more and more employees walking around with iPhones, Droids, and iPads? If so, you’re not alone, and this month’s Radio Free Security episode might help you learn how to mitigate this BYOD security problem.

Radio Free Security

Many of the Media’s articles characterize this complicated TCP connection attack as, “a hacker exploit that lets an attacker trick a firewall and get into an internal network as a trusted IP connection” or as a “hole” in firewalls. I’m not sure that these descriptions properly characterize this vulnerability, and I suspect many administrators may not really understand how this attack works (let alone what it does and doesn’t allow an attacker to accomplish). I hope to try and rectify that in this post.

watchguard

WatchGuard now has an iOS app that can deliver WatchGuard Security Center content, and much more, directly to your Apple mobile. The app is called WatchGuard REDnews, and you can download it today from the App Store in iTunes or on your iOS device.

app

These vulnerabilities affect: All current version of Microsoft Office Publisher and Visio How an attacker exploits them: By enticing you to open maliciously crafted Publisher or Visio documents Impact: An attacker can execute code, potentially gaining complete control of your computer What to do: Install the appropriate Office Publisher and Visio patches immediately, or let Microsoft’s Automatic Update do it for you.

malware , microsoft

This vulnerability affects: Microsoft Visual Basic for Applications (VBA), which ships with all current versions of Office. How an attacker exploits it: By tricking one of your users into opening a malicious Office document. Impact: An attacker can potentially gain complete control of your windows computers (depending on the privileges of the user). What to do: Download, test, and install Microsoft’s update as soon as possible, or let Windows Automatic Update do it for you

Office Document

This vulnerability affects: The email client shipping with any current version of Windows (whether it’s Outlook Express or Windows Mail). How an attacker exploits it: By enticing one of your users to connect to a malicious POP3 or IMAP email server (or by performing a man-in-the-middle attack). Impact: An attacker can execute malicious code, potentially gaining full control of your users computer. What to do: Download, test, and install Microsoft’s email client updates as soon as possible, or let Windows Automatic Update do it for you

Outlook

DNSSEC makes some significant changes to the way typical DNS traffic “looks” to networking devices. As a result, some experts worry that certain networks and devices may not handle DNSSEC traffic properly after this change, thus potentially preventing you from accessing the Internet (using domain names). Below, we’ll list a few of the DNSSEC changes that could affect some of your networking gear. However, the main point of this alert is to inform you that WatchGuard’s Firebox and XTM appliances should handle the DNSSEC changes without problem — whether you use our packet filtered or proxied DNS policies.

Proxy , DNS

These vulnerabilities affect: All current versions of Microsoft Office for Windows and Mac (specifically Word and Excel). How an attacker exploits them: Typically, by enticing you to open maliciously crafted Office documents. Impact: An attacker can execute code, potentially gaining complete control of your computer. What to do: Install the appropriate Office patches immediately, or let Windows Update do it for you.

Office Document

For the new listeners out there, Radio Free Security (RFS) is a monthly podcast, dedicated to spreading knowledge about network and information security, and to keeping busy IT administrators apprised of the latest security threats they face online. WatchGuard’s LiveSecurity team started RFS back in January, 2007. However, we’ve been off the air since 2009 — but that all changes today, with our first return episode!

Radio Free Security

As part of our ongoing efforts to improve the effectiveness of WatchGuard XCS appliances to protect from data loss, new viruses, and malware, and to enable organizations to customize their environments, WatchGuard is pleased to announce the availability of XCS 9.2 Update 4.

watchguard , xcs

These vulnerabilities affect: The IIS FTP service running on Windows Vista, 2008, 7, and 2008 R2. How an attacker exploits them: By sending specially crafted FTP commands or accessing a local log file. Impact: In the worst case, a local attacker can learn the credentials for a local account. What to do: Deploy the appropriate IIS update at your earliest convenience.

IIS

These vulnerabilities affect: Excel (and Office) 2003 through 2010 for Mac and PC (and related components). How an attacker exploits it: By enticing one of your users to open a malicious Excel document. Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it. What to do: Install Microsoft’s Excel updates as soon as possible, or let Microsoft’s automatic update do it for you.

Office Document

These vulnerabilities affect: All current versions of Windows and the .NET Framework. How an attacker exploits them: Multiple vectors of attack, including enticing users to view malicious fonts or to open specially crafted Briefcase folders. Impact: In the worst case, an attacker can gain complete control of your Windows computer. What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

.net

These vulnerabilities affect: Internet Explorer (IE) 9 only. How an attacker exploits them: By enticing one of your users to visit a malicious web page. Impact: An attacker can execute code on your user’s computer, often gaining complete control of it. What to do: Install Microsoft’s Internet Explorer 9 updates immediately, or let Windows Automatic Update do it for you.

Internet Explorer

It’s Microsoft Patch Day and I have a question for you. How quick are you at applying software updates? Do you jump on them within the day; a week, or are you months behind?

Windows 8