Original release date: November 27, 2015 The Internal Revenue Service (IRS) has released the first in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January, and will continue through the April tax deadline. The first tip focuses on seven simple steps to secure your computer when conducting business online.
Category: Research & Alerts
Introduction Earlier today (Wednesday2015-11-25), one of our readers notified the ISC of malicious spam (malspam) with a Word document designed to infect a Windows computer with malware.
Information sharing has been a much discussed, but traditionally a hit-and-miss affair within the world of information security – after all, one’s information can hardly be said to be secure if you’re bandying it about to anyone who expresses an interest, can it? …is a Problem Doubled Let’s try something: How many enterprise-grade switch vendors can you name off the top of your head? (I managed eight, for what it’s worth)
Vulnerability Note VU#566724 Embedded devices use non-unique X.509 certificates and SSH host keys Original Release date: 25 Nov 2015 | Last revised: 25 Nov 2015 Overview Embedded devices use non-unique X.509 certificates and SSH host keys that can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks. Description CWE-321 : Use of Hard-coded Cryptographic Key – Multiple CVEs Research by Stefan Viehböck of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked firmware images are found to contain hard-coded keys or certificates whose fingerprints can be matched to data from the Internet-wide scan data repository, scans.io (specifically, see SSH results and SSL certificates )
ISC StormCast for Wednesday, November 25th 2015 http://isc.sans.edu/podcastdetail.html?id=4761, (Wed, Nov 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Original release date: November 24, 2015 Dell consumer personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability.
Vulnerability Note VU#925497 Dell System Detect installs root certificate and private key (DSDTestProvider) Original Release date: 24 Nov 2015 | Last revised: 24 Nov 2015 Overview Dell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks, resulting in the exposure of sensitive information
Vulnerability Note VU#870761 Dell Foundation Services installs root certificate and private key (eDellRoot) Original Release date: 24 Nov 2015 | Last revised: 24 Nov 2015 Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems.
Vulnerability Note VU#870761 Dell Foundation Services installs compromised root CA (eDellRoot) Original Release date: 24 Nov 2015 | Last revised: 24 Nov 2015 Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key, which allows attackers to impersonate services and decrypt traffic. Description Dell Foundation Services (DFS) is a remote support component installed on some Dell systems