WTB: Malicious Document Targets Pyeonchang Olympics

The intelligence in this week’s iteration discuss the following threats: Banking trojan, Botnet, Credit card theft, Data breach, Hardcoded backdoor, Malicious applications, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

Hardcoded Backdoor Found on Western Digital Storage Devices (January 8, 2018)
GulfTech researcher James Bercegay discovered vulnerabilities in the company Western Digital’s “WDMyCloud” firmware before version 2.30.165. The unrestricted file upload vulnerabilities affect multiple MyCloud products. In addition to the vulnerabilities, it was also found that some MyCloud products contain a hardcoded administrator account that can function as a backdoor. The vulnerabilities could be exploited to gain remote root code execution on the affected personal cloud storage units by sending a crafted HTTP POST request. Furthermore, the backdoor administrator account, when logged in to, can function as a root shell from which actors to execute arbitrary commands.
Click here for Anomali recommendation

Malicious Document Targets Pyeonchang Olympics (January 6, 2018)
A new phishing campaign has been identified to be targeting organizations associated with the Pyeongchang Olympics, according to McAfee researchers. The actors behind this campaign are distributing malicious Microsoft Word documents that have the original file name “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics.” This campaign is primarily targeting organizations in South Korea. If the Word document is opened, it requests the recipient to “Enable Content” which, if enabled, will launch an obfuscated PowerShell script. The script sets up communication to a Command and Control (C2) server for additional instructions, some of which were found to be executing commands on the infected machine to download additional malware.
Click here for Anomali recommendation

Microsoft Issues Warning for Meltdown Fix (January 5, 2018)
Microsoft has issued security updates out-of-cycle of their typical Patch Tuesday in response to a vulnerability dubbed “Meltdown” and registered as “CVE-2017-5754” that affects “Intel CPUs.” The Meltdown vulnerability allows normal applications to access the content of private kernel memory. This could potentially expose sensitive information on machines use cloud-based features. In addition to possibly exposing sensitive data, Meltdown can also cause compatibility issues with some antivirus tools.
Click here for Anomali recommendation

LightsOut: Shining a Light On Malicious Flashlight Apps on Google Play (January 5, 2018)
22 applications inside of the Google Play store were identified contain scripts that override a user’s ability to disable advertisements, and hides the icon of itself in an attempt to prevent it from being removed, according to Check Point researchers. The malware, dubbed “LightsOut,” was found inside of flashlight and utility applications that ranged from 1.5 million to 7.5 million downloads.
Click here for Anomali recommendation

Avamar Zero-day (January 4, 2018)
Digital Defense researchers have released information regarding three vulnerabilities, registered as “CVE-2017-15548,” “CVE-2017-15550,” and “CVE-2017-15549” discovered on Dell’s “EMC Data Protection Suite Family” products. The affected products were found to be “Avamar Server” versions 7.1.x, 7.2.x, 7.3.x, 7.4.x, and 7.5.0, NetWorker Virtual Edition versions 0.x, 9.1.x, and 9.2.x, and the Integrated Data Protection Appliance versions 2.0. Exploitation of the vulnerabilities can result in authenticated arbitrary file access and file upload in “UserInputService,” or conduct an authentication bypass in “SecurityService.” All three vulnerabilities can be exploited by an actor to gain root login on an affected machine.
Click here for Anomali recommendation

Reading Privileged Memory with A Side-Channel (January 3, 2018)
Google’s Project Zero team has released a report regarding three vulnerabilities, registered as “CVE-2017-5753,” “CVE-2017-5715,” and “CVE-2017-5754,” that affect some modern processors created by AMD, ARM, and Intel. Exploitation of the vulnerabilities can result in bounds check bypass, branch target injection, or rogue data cache load. These vulnerabilities are also known as “Spectre” (CVE-2017-5753 and CVE-2017-5715) and “Meltdown” (CVE-2017-5754).
Click here for Anomali recommendation

New Python-based Crypto-Miner Botnet Flying Under The Radar (January 3, 2018)
A new cryptocurrency mining botnet, dubbed “PyCryptoMiner,” has been observed infecting machines via brute forcing credentials for the SSH protocol, according to FS researchers. The Linux botnet malware is written in the Python programming language uses the text-storing website “Pastebin[.]com” under the username “WHATHAPPEN” to receive new Command and Control (C2) to receive commands if the original C2 server is unreachable. Researchers have observed the malware has scanning capabilities that search for JBoss servers vulnerable to “CVE-2017-12149.” The botnet mines “Monero” cryptocurrency on an infected device.
Click here for Anomali recommendation

Satori IoT Botnet Malware Code Given Away for Christmas (January 3, 2018)
An unknown threat actor has publicly released the code for a vulnerability, registered as “CVE-2017-17215,” on “Pastebin[.]com.” The vulnerability affects “Huawei GH532” devices. Prior to the posting, the vulnerability has already been used by two Internet-of-Things (IoT) malware families in “Satori” and “Brickerbot.”
Click here for Anomali recommendation

Android Banking Trojan Targets More Than 232 Apps Including Apps Offered by Indian Banks (January 3, 2018)
Researchers from Quick Heal Security Labs have detected an Android Banking Trojan that targets approximately 232 apps. The trojan is being distributed through a fake Flash Player application located on third-party app stores. Once the application is installed it will ask the user to enable administrative rights. Once enabled the Trojan looks for 232 applications on the device, mainly banking and cryptocurrency applications. If a targeted application is found on the device, a notification is shown and if the user clicks on it, a fake login page is displayed which harvests the user’s credentials. The Trojan can also exfiltrate contacts, locations, and SMS messages from the device.
Click here for Anomali recommendation

VMware Releases Security Updates (January 2, 2018)
The United States Computer Emergency Readiness Team (US-CERT) has issued an alert regarding vulnerabilities in “VMware’s” “vSphere Data Protection.” The vSphere Data Protection is a backup and recovery solution created for vSphere environment, according to VMware. In addition, the company ranks the vulnerabilities, registered as “CVE-2017-15548,” “CVE-2017-15549,” and “CVE-2017-15550,” as critical severity. The vulnerabilities could be exploited to allow a threat actor root access to an affected machine.
Click here for Anomali recommendation

Forever 21 Breach Lasted Over Seven Months (January 2, 2018)
The U.S.-based retail store “Forever 21” has made a statement regarding its investigation into a data breach that was first confirmed in November 2017. At that time, the company said that the breach affected card transactions at its stores from March to October 2017. Now Forever 21 has changed the timeframe in which card transactions were potentially compromised to April through November 2017. The retail company also stated that encryption features for Point of Sale (POS) machines at various locations were turned off during the April through November 2017 timeframe. This could allow threat actors to more easily steal payment data as it was processed. Additionally, the company identified malware “installed on some devices in some U.S. stores at varying times during the period from April 3, 2017 to November 18, 2017.”
Click here for Anomali recommendation


Source: Honeypot Tech

Vulnerability Management: The Most Important Security Issue the CISO Doesn't Own

Information security and IT need to team up to make patch management more efficient and effective. Here’s how and why.
Source: Vulnerabilitys & Threats

Five Brilliant Innovations from CES for the Smart and Connected Home

A person looks at a laptop.

At CES 2018, the smart home is leveling up. It’s no longer enough to simply connect more devices. Those connections must be fast, reliable and secure. Personal assistants are growing in popularity, bringing more intelligence to the home and adding more advanced capabilities, as proven by the broad range of innovative new devices coming to the marketplace with voice control. But there are still more ways we can innovate to unleash a new era of smart home experiences for consumers.

Intel collaborates with innovators in the smart home industry to deliver breakthrough solutions that make life more convenient, enjoyable and connected. These innovators announced some truly inspiring products at CES this year. Here are five examples that show how the industry is rethinking technology for the smart and connected home.

 

  1. Bring the fastest possible Wi-Fi to the home.

802.11ax is the newest IEEE standard for Wi-Fi, and it’s going to be a game changer. Compared with its predecessor, 802.11ax will offer significant improvements in peak data rates, throughput, network efficiency and battery life. Just prior to CES, Intel announced the planned expansion of our home Wi-Fi portfolio with new 802.11ax chipsets for mainstream home routers and gateways. The result will be faster, smoother content streaming, online gaming, video calls and more.

 

  1. Protect the home network.

The home has more connected devices than ever: smartphones, security systems, gaming consoles and even HVAC controls. Each new device brings with it a potential opening for a hacker. With its new AC2600 Wi-Fi Router Powered by McAfee, D-Link is offering a comprehensive solution that automatically increases security for devices on the home network.

This 802.11ac router with MU-MIMO is designed especially for smart home enthusiasts who want high-performance networking capability without sacrificing security and privacy. McAfee Secure Home Platform automatically protects devices connected to the network, while the Intel Home Wi-Fi Chipset WAV500 Series delivers robust Wi-Fi connectivity even as more devices connect to the router.

 

  1. Turn the router into a piece of modern art.

When routers are tucked away into closets, Wi-Fi suffers. It makes perfect sense that this critical piece of equipment should be stylish enough to set on a shelf. That’s the idea behind the new Blue Cave Wi-Fi router from ASUS. The dual-band router combines powerful Wi-Fi with a cool, modern design that begs to be noticed.

Also equipped with the Intel Home Wi-Fi Chipset WAV500 Series, the router can handle the simultaneous demands of many connected devices. It features concurrent dual-band AC2600 Wi-Fi for smooth streaming, advanced parental controls and AiProtection, which offers complete network security that protects privacy on all connected devices. With out-of-the-box support for Amazon Alexa and IFTTT capabilities that let users create automated tasks, this smart router is ready for the smart home.

 

  1. Offer the choice of touch and voice.

Consumers love voice-enabled personal assistants. But in some cases, a touchscreen may be better suited to the task. A new smart assistant from JD.com, the JD DingDong Play, will give consumers in China the best of both worlds with voice capabilities and a large, bright, touch-enabled display that can play video. The advanced flagship product features an Intel Atom processor to provide robust computing power and enable new advanced capabilities, such as facial recognition, on the device. The JD DingDong Play may very well be the next step in the evolution of the personal assistant.

 

  1. Harness the power of PCs with voice services.

In many homes, people rely on the PC to bring all their digital experiences together, and now they have more choices when it comes to voice services on desktops and notebooks.

With Amazon Alexa for PC, OEMs — including Acer, ASUS, and HP— are adding hands-free, interactive access to some of the most popular Alexa skills and capabilities for managing smart home tasks. With large displays, stylish form factors and the freedom to choose the voice service that makes sense for the user, the PC is the ideal complement to the smart home. Intel technology enables an improved voice services experience by offering support for hands-free voice control, Intel Smart Sound Technology for crisp, rich audio and Intel Wake on Voice to ensure the PC is ready to hear the “wake” word and start responding.

 

Intel technology powers the smart home

The solutions above are great examples of how Intel is working with the industry to transform connectivity and give devices the ability to think and act autonomously. We’re excited to help deliver these revolutionary smart home experiences.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com.

To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.


Source: Network News

The Nightmare Before Christmas: Security Flaws Inside our Computers

How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
Source: Vulnerabilitys & Threats

What is Strategic Threat Intelligence?

This is the second blog in a series called, “What is Threat Intelligence?”  The first blog in the series can be found here.  Stay tuned for future installments in this series.

Maintaining a strong security posture requires developing and answering many questions specific to the organization. Many of these questions must be answered continually as situations and environments evolve. Will bringing in additional security solutions really provide that much more additional protection? Is it worth the cost to update each and every legacy system? Who are my adversaries and how might they attack me? Many organizations choose to tackle these questions and make more informed decisions with context from threat intelligence. This curated information is generally divided into three subsets:

  • Strategic intelligence – who/why
  • Operational intelligence – how/where
  • Tactical intelligence – what

Strategic intelligence (who/why) is the 100,000 foot view, providing a big picture look at how threat and attacks are changing over time. Strategic intel may be able to identify historical trends, motivations, or attributions as to who is behind an attack. Who is attacking you and why? Who might attack organizations in your sector? Why are you within scope for an attack? What are the major trends happening? What kind of things do you need to do to reduce your risk profile? Knowing the who and why of your adversaries also provides clues to their future operations and tactics. This makes strategic intelligence a solid starting point for deciding which defensive measures will be most effective.

Strategic intelligence might include information on the following topic areas:

  • Attribution for intrusions and data breaches
  • Actor group trends
  • Targeting trends for industry sectors and geographies
  • Mapping cyber attacks to geopolitical conflicts and events (South China Sea, Arab Spring, Russia-Ukraine)
  • Global statistics on breaches, malware and information theft
  • Major attacker TTP changes over time

For example, if you are in the education sector, you may wonder what nation states and what groups you should be concerned about. Where do you need to focus your resources to reduce risk of an intrusion and theft of intellectual property? Or perhaps if you know you’re in an industry or region that is frequently targeted by the actor APT29.

Strategic Intelligence for the Education Sector

Academic networks typically possess diverse infrastructure with a relatively large volume of connected devices and high bandwidth, but are notoriously challenging to adequately secure and monitor, making them prime targets for actors interested in exploiting them. A variety of actors routinely target these networks, including Advanced Persistent Threat (APT) groups conducting cyber espionage and likely using institutions’ networks to launch attacks against third parties, financially motivated actors seeking to steal information and monetize it, and hacktivists and similar groups seeking to promote their messages and causes. We assess with high confidence that actors will continue to target the education sector for the foreseeable future due to the perceived value of the information stored on school networks, demonstrated ease of using network infrastructure for launching further operations, and the inherent difficulties administrators face in securing them.

  • Cyber espionage continues to pose the greatest threat to the education industry. China, Russia, Iran and South Korea have demonstrated the capability and willingness to conduct extensive reconnaissance activity and espionage against educational entities.
    • Motivations include strategic and business intelligence, economic advantage, regional interests, and monitoring citizens abroad.
    • China–based groups and campaigns include APT22, Menupass Team, and unnamed groups.
    • APT29, a cyber espionage actor with a Russia nexus.
    • Beanie Team, a cyber espionage actor with an Iran nexus.
    • Fallout Team, a cyber espionage actor with a South Korea nexus.
    • We have also observed unknown cyber espionage actors targeting the education industry.

Strategic Intelligence for APT29

  • APT29 engages in cyber espionage operations where the primary goal appears to be data theft. APT29s targets include Western governments, foreign affairs and policy making bodies, government contractors, universities, and media outlets. Based on available data, we assess with high confidence that APT29 is a nation-state sponsored group located in Russia.
  • APT29 appears to have formidable capabilities, to include a range of custom developed tools, extensive command-and-control (C2) infrastructure that includes compromised and satellite infrastructure (via satellite service providers), and savvy operational know-how. Unlike many other Russian attack groups, APT29 continues to operate after they have been detected. APT29 has demonstrated a high regard for OPSEC, and is aggressive in continued operations and efforts to evade investigators and remediation attempts.
  • APT29 appears highly interested in European government and foreign policy issues, with a significant emphasis on the Russia-Ukraine conflict. APT29 has targeted several Western national government and foreign policy entities, defense and government contractors, and academic institutions.

Using Strategic Intelligence

Strategic threat intelligence is built upon a huge body of knowledge and includes expert opinions and insights that are based on aggregating both operational and tactical intelligence from known cyber attacks.

There are many uses for strategic intel including, but not limited to, the following:

  • Inform your executive leadership about high risk threat actors, relevant risk scenarios, and threat exposure in the public-facing technology sphere and criminal underground.
  • Perform a thorough risk analysis and review of entire technology supply chain.
  • Learn which commercial ventures, vendors, partner companies, and technology products are most likely to increase or decrease risk to your enterprise environment.

Next up – What is Operational Threat Intelligence?


Source: Honeypot Tech

Hak5 2317 – [[ PAYLOAD ]] – The Situation Response Payload

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news


Source: Zologic

WTB: macOS Exploit Published on the Last Day of 2017

The intelligence in this week’s iteration discuss the following threats: Data leak, Information stealing malware, Malspam, Misconfigured Database, Phishing, RAT, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.

Trending Threats

macOS Exploit Published on the Last Day of 2017 (January 2, 2017)
A security researcher going by the alias “Siguza” has released a zero-day vulnerability that affects all versions of the Mac operating system (macOS) since at least 2002. Siguza did not notify Apple prior to publishing a report discussing the vulnerability that affects the “IOHIDFamily” macOS kernel driver. According to Siguza, the vulnerability is a Local Privilege Escalation (LPE) flaw that an actor can only exploit with local access to, or previous malware infection of the affected machine.
Click here for Anomali recommendation

Resume-Themed Malspam Pushing Dreambot Banking Trojan (December 29, 2017)
Researchers have observed a new malspam campaign that is distributing the “Dreambot” banking trojan. In the emails, the actors behind this campaign purport to be sending the recipient a resume to consider. The actors also include “Happy New Year” in the email in an attempt to stay relevant to the current timeframe and to attempt to add legitimacy to the emails. The “resume” attachment is a zip file that, if opened, will extract a JSE file (JScript) and begin the infection process for Dreambot.
Click here for Anomali recommendation

Flaws in Sonos and Bose Smart Speakers Let Hackers Play Pranks on Users (December 27, 2017)
Trend Micro researchers Stephen Hill, has discovered that some “Bose” and “Sonos” smart speakers are affected by vulnerabilities that could allow a threat actor to take over the device. In addition, the vulnerabilities can be exploited by actors who are performing reconnaissance and are trying to gain access to a corporate network, or gather information stored on the device to conduct potentially more effective phishing attacks. Researchers report that the affected smart speakers are “Sonos Play:1” and “Bose SoundTouch,” however, it is possible that more models are also affected.
Click here for Anomali recommendation

Mozilla Releases Security Update for Thunderbird (December 25, 2017)
The United States Computer Emergency Readiness Team (US-CERT) has issued an alert regarding multiple vulnerabilities in Mozilla’s “Thunderbird” platform. Mozilla’s security advisory lists five vulnerabilities that affect Thunderbird 52.5.2. Out of the vulnerabilities, two are listed as critical, two as high, and one as low. Some of the vulnerabilities allow remote code execution.
Click here for Anomali recommendation

Vulnerability Affects Hundreds of Thousands of IoT Devices (December 25, 2017)
Researchers have discovered a vulnerability, registered as “CVE-2017-1756,” in a web server package called “GoAhead” created by the company “Embedthis Software.” GoAhead is located in hundreds of thousands of IoT devices as well as well deployed inside other products such as Comcast, Oracle, and HP, among others. Elttam researchers identified a method in which they could execute malicious code remotely on any device that used the GoAhead web server package.
Click here for Anomali recommendation

Malspam Uses CVE-2017-0199 To Distribute Remcos RAT (December 22, 2017)
Researchers have discovered that threat actors are exploiting the Microsoft Office/WordPad remote code execution vulnerability registered as “CVe-2017-0199” to distribute the “Remcos” Remote Access Trojan (RAT). The malspam emails purport that the attached invoice is incorrect, and requests the recipient to make an amendment so that the sender “Helen Rowe” of “Purchasing Department” can process the payment. The attachment is an RTF file which, if opened, will present a prompt that requests the user to update the document with data from linked files. Clicking yes, and subsequently running the executable will infect the user with Remcos.
Click here for Anomali recommendation

Huawei Home Routers in Botnet Recruitment (December 21, 2017)
An updated variant of the notorious denial-of-service “Mirai” malware called “Satori” is being used to target a zero-day vulnerability in “Huawei” routers, according to Check Point researchers. A threat actor is exploiting a vulnerability, registered as “CVE-2017-17215,” that affects Huawei routers. The threat actor behind this campaign is believe to go under the alias “Nexus Zeta.”
Click here for Anomali recommendation

Digmine Cryptocurrency Miner Spreading via Facebook Messenger (December 21, 2017)
Trend Micro researchers have discovered that threat actors are distributing cryptocurrency miner malware, dubbed “Digimine” via Facebook Messenger. The malware only affects Messenger’s desktop/web browser version on Chrome. Digimine is being propagated to create a cryptocurrency mining botnet installing an auto-start mechanism on infected machines, and then continuing again using Messenger in attempts to infect other machines. Digimine is capable of mining the “Monero” cryptocurrency. The threat actors are sending zip files to their “friends” that will begin the infection process if opened.
Click here for Anomali recommendation

CVE-2017-11882 Exploited to Deliver a Cracked Version of the Loki Infostealer (December 20, 2017)
A new campaign has been found to be delivering a “cracked” version of the “Loki” information stealing malware, according to Trend Micro researchers. Threat actors are using a pirated version of Loki that is being distributed via spam emails that masquerade as an Australian shipping company with an attached receipt. The emails contain a malicious .docx file that then drops a Rich Text Format (RTF) file. The RTF file exploits the Microsoft Office vulnerability registered as “CVE-2017-11882” to download an HTML Application (HTA) dropper that then downloads the Loki payload.
Click here for Anomali recommendation

Home Economics: How Life in 123 Million American Households Was Exposed Online (December 20, 2017)
The UpGuard Cyber Risk Team has discovered that a cloud-based repository belonging to the California-based data analytics firm “Alteryx” was configured for public access. Specifically, the repository was an Amazon Web Services (AWS) S3 cloud storage bucket located on an Alteryx subdomain. The exposed data consists of Personally Identifiable Information (PII) such as financial history and mortgage ownership, in addition to 248 categories of specific data types within the AWS bucket.
Click here for Anomali recommendation

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites (December 19, 2017)
Researchers have found that a plugin available for WordPress websites created by the developer “BestWebSoft” was modified by the buyer. The plugin was a Captcha that was modified in such a way that it operated as a backdoor that had the ability to affect approximately 300,000 WordPress websites. An actor could use the backdoor to gain administrator privileges on the affected website.
Click here for Anomali recommendation

Cyberespionage Campaign Sphinx Goes Mobile With AnubisSpy (December 19, 2017)
Trend Micro researchers have discovered malicious applications that made their way into the Google Play store. The applications were identified to contain malware dubbed “AnubisSpy” and are believed to be linked to a cyber espionage campaign called “Sphinx.” Researchers attribute this campaign to the Advanced Persistent Threat group “APT-C-15.” The AnubisSpy malware is capable stealing various forms of data from an infected device in addition to stealing and recording audio.
Click here for Anomali recommendation

TelegramRAT Evades Traditional Defenses via the Cloud (December 18, 2017)
The Remote Access Trojan (RAT) called “TelegramRAT” is being distributed by threat actors via a malicious Microsoft Office document, according to Netskope Threat Research Labs. TelegramRAT exploits the Microsoft vulnerability registered as “CVE-2017-11882.” Additionally, the malicious Office document uses the “Bit.ly” URL shortening service to hide TelegramRAT which is hosted on Dropbox. The RAT uses the messaging service “Telegram’s” BOT API to send and receive commands. TelegramRAT is capable of numerous malicious functions, including stealing various forms of data and deleting evidence of its presence.
Click here for Anomali recommendation

CHM Badness Delivers a Banking Trojan (December 18, 2017)
SpiderLabs researchers have discovered a malspam campaign that is targeting Brazilian institutions with the “Bancos” banking trojan. The threat actors behind this campaign are distributing the trojan via malspam emails that utilize Compiled HTML (CHM) file attachments. This tactic allows actors to conceal malicious downloader code in files and make them more difficult to detect. If the CHM is opened and subsequently decompressed by its default application, “Microsoft Help Viewer”, the HTML objects will run a JavaScript function that begins the Bancos infection process.
Click here for Anomali recommendation


Source: Honeypot Tech

GAV Outage for 11.10.5 and earlier software versions

AV Signatures in 11.x releases

With the release of 12.0, WatchGuard introduced a new GAV engine to take advantage of new AV industry technology and would discontinue support for older AVG engines in Fireware 11.x by January 2018. GAV signature support for 11.10.7 and above will remain in place until April 2018.

As of December 31, 2017, appliances running 11.10.5 and earlier Fireware versions may be experiencing scan errors and observing the following messaging in the log files:

01-02 13:41:58 scand license init failed(The license has expired.)       Debug

2018-01-02 13:41:58 scand Instance_Create failed.              Debug

The licensing error is in relation to the license key expiration of the AV scanning engine provided by AVG and not the appliance’s feature key.  The licensing of AVG’s scanning engine has been extended until April 2018 in 11.10.7 and later Fireware versions. We recommend that you have your customers upgrade to our latest software build 12.1 to resolve this issue.  If that is not currently an option, please upgrade to at least 11.10.7 to resolve this GAV licensing/scanning issue. 

Please note that when upgrading to 12.x software versions, signature updates may take up to 20 minutes to complete.  During this time, you may experience scanning issues but these will resolve once the signatures have completed the update process. For more detailed information, see the release notes for 12.0.

To stay up to date on this issue, please subscribe to receive updates from our Product and Support News blog.

Thank you for all that you do as a loyal WatchGuard customer.


Source: WatchGuard

Snowden’s New Security System; Browsing Tracked By Login Forms – ThreatWire

Your browsing data could be tracked by login forms, Forever21 got hacked, and Snowden released his very own mobile security system. All that coming up now on ThreatWire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Las Vegas CES Meetup details!

Links:

No boundaries for user identities: Web trackers exploit browser login managers

https://www.theverge.com/2017/12/30/16829804/browser-password-manager-adthink-princeton-research
https://webtransparency.cs.princeton.edu/no_boundaries/autofill_sites.html

https://www.cnet.com/news/forever-21-confirms-hack-payment-system/
https://newsroom.forever21.com/releases/notice-of-payment-card-security-incident
https://www.forever21.com/protecting_our_customers/default.aspx

https://guardianproject.github.io/haven/

https://www.wired.com/story/snowden-haven-app-turns-phone-into-home-security-system/
https://freedom.press/news/introducing-haven-open-source-security-system-your-pocket/

Youtube Thumbnail credit:
https://c2.staticflickr.com/4/3870/14977198417_7fcd885fdd_b.jpg

Source: Security news


Source: Zologic