Gladiator Research and Security

GSA Reference Number: AD081031-01
Updated: 11-3-2008

Simply Put: SonicWALL has released an advisory regarding a new vulnerability found in its content filter.  If a user behind a SonicWALL with content filtering enabled clicks on a malicious link, an attacker can cause malicious javascript to be executed through the content filter’s “Blocked Traffic” screen.  This vulnerability only affects SonicWALLs running the Enhanced OS using the content filter with the CFS Block Page.  See below for vulnerable versions.

Happy Halloween, everybody!  This is a great holiday that brings out the kid in all of us.  Unfortunately, it also brings out the email forwards with games that could be more “trick” than “treat.”  Malware authors are quick to take advantage of any holiday to send us fun, new ways to spend our free time.  In this case, our free time may be spent cleaning up some new spyware or trojans.  CRN has a nice piece on Halloween malware from the past few years.  I suggest you check it out and let your employees know to beware of email forwards with Halloween subjects.

Related Links:

• CRN: 9 Scary Halloween Tricks (http://www.crn.com/security/211800350)

GSA Reference Number: AD081024-01

Simply Put: Cisco has announced three vulnerabilities in Cisco ASA and PIX devices.  The vulnerabilities cover Windows NT Domain authentication, IPv6, and the Crypto Accelerator. Gladiator will be reviewing all monitored client Cisco devices to determine what IOS version they are running.  If a device is out of date, it will be updated.

GSA Reference Number: AD081023-01

Simply Put: Normally Microsoft only releases patches on the second Tuesday of each month.  But Microsoft has just released a bulletin notifying customers they will release a patch to address a new remote code execution exploit.  The patch was posted today at 1 pm and addresses a bug in the Server Service.

Today is Patch Tuesday, Microsoft’s monthly patch release day.  There were 11 new advisories released, with 4 of them critical, 6 important and 1 moderate.  The critical patches deal with Active Directory, Internet Explorer, Host Integration Server and Microsoft Excel.  These should be applied as soon as possible.   Remember to test them on a subset of your servers first to make sure they’re compatible with all of the software you currently run.

Because more and more users are connecting to the Internet without proper edge security, Botnets are beginning to grow rapidly all around the world, continuously sending mail that wreaks havoc upon our Inboxes.  So what exactly is a Bot or Botnet, and how can you protect your network and your users?

Dark Reading, an IT security website, recently released an article on the new dangers of social engineering in this current time of financial difficulties. Specifically, the article warned of the dangers of spear phishing directed at financial institutions [spear phishing is a targeted social engineering attack directed at a specific company].  New attacks are preying on people’s fears over the current economy.  Financial institutions are seen as particularly vulnerable to these attacks since employees are more concerned with job security and institution performance in a weaker economy.  Auditors are finding it easier to trick employees by claiming to be federal regulators or by sending emails with information on how the institution is gaining ground on competitors.