Monday, February 13, 2017

Who is tracking you online - January 2017

January 2017 was an exciting month for Telspace Systems. A segment titled "Who is tracking you online" was aired by Carte Blanche on the 15th of January. The insightfull piece of investigative journalism took a look at how and why we are being tracked online and what we can do about it. Dino Covotsos and Rob Len took part in the panel discussion while Richard Hocking and Rhet Evans did a live demo compromising an Android smart phone, showcasing how much control an attacker can assume over ones mobile phone. This included GPS tracking, making calls from the device as well as using the device's microphone to eavesdrop on the victims conversations and surroundings. The full clip can be watched here "http://carteblanche.dstv.com/tracking-2/"

January 2017 was a busy month on the cyber security front too. Various patches were released by major vendors in response to the discovery of critical vulnerabilities.

Microsoft released the following:

MS17-001 - Security Update for Microsoft Edge (3214288)
This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges
Result:Elevation of Privilege

MS17-002 - Security Update for Microsoft Office (3214291)
This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Result: Remote Code Execution

MS17-003 - Security Update for Adobe Flash Player (3214628)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Result: Remote Code Execution

MS17-004 - Security Update for Local Security Authority Subsystem Service (3216771)
A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
Result: Denial of Service

Cisco released news that a WebEx Browser Extension Remote Code Execution was discovered. The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.
The vulnerability is due to a design defect in an API response parser within the plugin. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability.  If successful, the attacker could execute arbitrary code with the privileges of the affected browser.

Cisco has released software updates for Google Chrome, Firefox, and Internet Explorer that address this vulnerability. There are no workarounds that address this vulnerability.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Mac. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

The following versions are affected:
Acrobat DC - 15.020.20042 and earlier versions Windows and Mac
Acrobat Reader DC - 15.020.20042 and earlier versions Windows and Mac
Acrobat DC - 15.006.30244 and earlier versions Windows and Mac
Acrobat Reader DC - 15.006.30244 and earlier versions Windows and Mac
Acrobat XI - 11.0.18 and earlier versions Windows and Mac
Reader XI - 11.0.18 and earlier versions Windows and Mac