vulnerable_paloaltonetworks-1.png

In this week’s four critical flaws were found in Palo Alto Networks - to be patched on March 16, a Dell report shows that malwares are increasingly using encryption to defeat firewalls and other context-aware solutions, while a backdoor appears with Linux Mint ISO. 

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 


Vulnerability

1. Four critical flaws were brought to Palo Alto’s attention by a researchers that gave them March 16th patch deadline..

why is this signficant?

  • Recent headlines are pointing to host-based security tools, such as in a series of: AV's, DLP's, personal firewalls, EDR’s, application controls, port/device controls and mobile data protections, that are increasing the risk of intrusion for infecting entire enterprises’ networks.  Just yesterday, Microsoft revealed a vulnerability in their  EMET,  Microsoft's exploit defense tool that can essentially disable itself.
  • It has been a busy month for Palo Alto Networks that have revealed critical bugs and are working with a March 16th patch deadline that will be exposed at a conference in Germany at that time. 
  • Customers have been sent a message advising to upgrade PAN-OS and Panorama on March 16th.

 

Read the fully story on The Register

State of Malware 

Dell’s latest annual report shows that there is a spike in SSL/TLS encryption that is handing cyber criminals a wide range of opportunities to hide malware through encrypted channels from the firewalls that are supposed to prevent them from infiltrating.

why is this signficant?

  • This malicious strategy was used in Aug. 2015 exposing an estimated 900 million Yahoo users to a malware that was injected in a malvertising campaign that redirected users to an infected site.
  • “Many organisations are blind to encrypted traffic, and if they are unable to analyse 65% of traffic, that means the risk is effectively 65% greater,” said Florian Malecki, international product marketing director, network security at Dell Security.
  • Websites have stepped up and are encrypting traffic, although many organizations are being supported by firewalls that are blind to encrypted traffic.  
  • Some security tools can open the encryption, though in order to that they will need the private keys, causing more headache when it comes to key management.

 

Read the fully story on Computer Weekly

**enSilo prevents malicious outgoing connections already on connection establishment, independent of any protocol or encryption used by the advanced threat**

Malware

Linux Mint reported threat actors had modified a Linux Mint ISO with a backdoor and hacked their website via a WordPress plugin security flaw.

why is this signficant?

  • Linux Mint caught the intrusion early, the incident happened on February 20th and should have only affected anyone that downloaded Linux Mint 17.3 Cinnamon edition on that day.  
  • Tsunami malware program was being installed and this backdoor allows remotely access the system. Tsunami has been seen in DDos attacks.
  • Clearly the threat actor intruder had clear intentions of backdoored installs and it is great that LM was able to detect and handle it with diligence.
  • This opens up a can of worms on ISO verification. 

Read the fully story on ZDNet