Sicherheits News Zusammenfassung

Vorsicht! Neue betrügerische Bewerbungsmail mit Erpressungstrojaner im Umlauf

heise Security - Wed, 11/07/2018 - 12:05
Derzeit kursiert eine gefakte Bewerbung von "Peter Reif" im Internet. Nach dem Öffnen des Dateianhangs verschlüsselt ein Schädling Daten und fordert Lösegeld.
Categories: Sicherheit News

35C3: Vorverkauf für CCC-Hackerkongress in Leipzig startet

heise Security - Wed, 11/07/2018 - 09:12
Der 35. Chaos Communication Congress des CCC unter dem Motto "Refreshing Memories" steht vor der Tür. Der Ticketverkauf startet Donnerstagnachmittag.
Categories: Sicherheit News

Betrugsversuch: Angebliche Whatsapp-Mitgliedschaft kann teuer werden

heise Security - Tue, 11/06/2018 - 18:25
Mancher Whatsapp-Nutzer könnte in jüngster Zeit um sein Backup bangen. Das versuchen Ganoven nun auszunutzen.
Categories: Sicherheit News

Schadcode per FaceTime-Anruf: Apple stopft kritische Lücke

heise Security - Tue, 11/06/2018 - 15:16
Allein durch einen Videoanruf lassen sich ungepatchte iPhones, iPads und Macs kapern – Demo-Exploits wurden nun veröffentlicht.
Categories: Sicherheit News

Daten von einigen selbstverschlüsselnden SSDs ohne Passwort einsehbar

heise Security - Tue, 11/06/2018 - 14:50
Sicherheitsforscher zeigen auf, dass die Verschlüsselungsmechanismen bestimmter SSD-Modelle von Crucial und Samsung Daten nicht verlässlich schützen.
Categories: Sicherheit News

Patchday Android: Das letzte Mal Sicherheitsupdates für Nexus-Geräte

heise Security - Tue, 11/06/2018 - 11:41
Google schließt unter anderem kritische Sicherheitslücken in Android und schmeißt eine von Schwachstellen durchsiebte Bibliothek ganz raus.
Categories: Sicherheit News

Chrome-Browser blockiert "irreführende Inhalte"

heise Security - Tue, 11/06/2018 - 11:00
Chrome will besser vor irreführenden Inhalten schützen: Versucht eine Werbeanzeige, den Nutzer auszutricksen, blockiert sie der Browser künftig.
Categories: Sicherheit News

DevSecOps: Thoma Bravo kauft Veracode

heise Security - Tue, 11/06/2018 - 09:41
Ein kurzes Intermezzo bei Broadcom: Denn gut vier Monate nach der Übernahme von CA ist Veracode nun bei der Private-Equity-Firma Thoma Bravo gelandet.
Categories: Sicherheit News

Streaming-Server Icecast: Angreifer könnten Online-Radiosender ausknipsen

heise Security - Mon, 11/05/2018 - 16:00
In der aktuellen Version von Icecast haben die Entwickler eine Sicherheitslücke geschlossen.
Categories: Sicherheit News

Neue Schwachstelle in Intel-CPUs: Hyper-Threading anfällig für Datenleck

heise Security - Sun, 11/04/2018 - 18:25
Forscher demonstrieren einen neuen CPU-Bug bei aktuellen Intel-Prozessoren, über den sich Daten aus einem benachbarten Thread auslesen lassen.
Categories: Sicherheit News

Bleedingbit: Sicherheitslücken in Bluetooth LE gefährden Access Points

heise Security - Fri, 11/02/2018 - 12:05
Sicherheitsforscher skizzieren eine ihrer Einschätzung nach kritische Schwachstelle in einigen Bluetooth-Low-Energy-Chips. Es gibt bereits erste Updates.
Categories: Sicherheit News

iOS, macOS, watchOS und tvOS lassen sich per Funk abschießen

heise Security - Fri, 11/02/2018 - 11:36
Die Apple-Mobilbetriebssysteme enthielten eine Sicherheitslücke, die sich über Bluetooth ausnutzen ließ. Geräte in der Umgebung lassen sich crashen.
Categories: Sicherheit News

Kommentar zur IoT-Sicherheit: Europas Verordnung ist zahnlos

heise Security - Fri, 11/02/2018 - 08:15
Weil die Hersteller bei der IoT-Sicherheit versagen, müssen Gesetze her. Nur leider gerät die geplante EU-Verordnung zur Farce, kritisiert Mirko Ross.
Categories: Sicherheit News

Sicherheitsupdate: E-Mail-Client Thunderbird mit Schlupflöchern für Schadcode

heise Security - Thu, 11/01/2018 - 15:08
In der aktuellen Thunderbird-Version haben die Entwickler unter anderem kritische Sicherheitslücken geschlossen.
Categories: Sicherheit News

Zero-Day-Lücke in Cisco Adaptive Security Appliance und Firepower Threat Defense

heise Security - Thu, 11/01/2018 - 11:43
Unbekannte Angreifer attackieren derzeit Firewalls und Sicherheitslösungen von Cisco. Für die Sicherheitslücke gibt es noch keinen Patch.
Categories: Sicherheit News

Fireware 12.2.1 is now available

WatchGuard Wire (englisch) - Mon, 09/17/2018 - 09:08

Fireware 12.2.1 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.2.1. Full details are covered in the What's New in 12.2.1 presentation, and there is also a recorded webinar of this content. Key highlights of the release include:

  • ​Backup and Restore features have been redesigned to provide a new UI with more options, making it more dependable on tabletop Fireboxes with lower available memory.
  • WAN interface monitoring for Jitter, Latency, and Packet Loss enables admin to easily identify problematic WAN connections.  
  • For partners with NFR appliances, WatchMode has been refactored for greater reliability. It now works with mirrored network traffic with VLAN tags. WatchMode enables monitoring of mirrored traffic from a switch, which is ideal for non-disruptive evaluations.

WSM 12.2.1 Update 1 is also available now, which is an update to the WSM 12.2.1 release to address a known issue. We recommend that any customers that installed WSM 12.2.1 in the last week upgrade to this release. Please read the Release Notes prior to upgrading. 

Does this release pertain to me?
Fireware 12.2.1 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2.1 and subsequent releases will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.2.1 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center

Contact
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

Categories: Sicherheit News

Host Containment and Artificial Intelligence: New in TDR 5.5

WatchGuard Wire (englisch) - Fri, 09/14/2018 - 07:03
Host Containment

I am pleased to announce the availability of Threat Detection and Response 5.5. This release of TDR introduces a powerful new response capability, Host Containment, which enables operators to contain infected host machines. When a threat is identified, ThreatSync quickly moves to contain the host endpoint, preventing the spread of malware to other points in your network. The Host Containment feature also makes it possible to isolate machines when they are outside of your network, alleviating cases where an infected host returns “home” and unintentionally infects the network.

If you are a customer or partner using TDR today, you already have access to TDR 5.5, and can begin using the feature immediately. To get started, visit the WatchGuard Help Center to learn how to configure host sensors, and establish containment policies.

Artificial Intelligence

TDR 5.5 also streamlines the advanced threat triage capability of ThreatSync, by introducing a new artificial intelligence engine to aid in the identification and classification of files. ThreatSync uses AI to automatically analyze combinations of features to determine if a file possesses suspicious characteristics, before sending the file for further analysis in APT Blocker. This prevents truly suspicious files from going undetected and allows you to identify real threats with more confidence.

Additional Included Features
  • System tray notifications about relevant TDR events.
  • The ability to pause protection when needed.
  • Host Sensor auto-update control.

Want to get an early look at what’s next in TDR? Join the WatchGuard Beta program today!

Categories: Sicherheit News

WebBlocker Server version 1.0 Available for Fireware 12.2

WatchGuard Wire (englisch) - Thu, 08/30/2018 - 18:45

WatchGuard is pleased to announce the release of a new standalone WebBlocker Server that replaces and upgrades the functionality previously provided in the legacy SurfControl service. The WebBlocker Server hosted on-premises now provides the same equivalent URL categories and database as the cloud hosted server which WatchGuard customers have been using since 2013.  

The WebBlocker Server is available for VMware (v. 5.x.+) and Hyper-V (for Microsoft Windows 2008 R2, 2012, or 2012 R2 64-bit) and can be downloaded by customers with a WebBlocker subscription now, August 28, 2018.

WatchGuard customers who use on-premises URL filtering today now have three options:

  • Upgrade to Fireware 12.2 or later and use the WebBlocker cloud service for URL filtering
  • Upgrade to Fireware 12.2 or later and use WebBlocker Server, which is now available to download at software.watchguard.com
  • Remain on current version of Fireware 12.1.x (or earlier) and leverage existing WebBlocker cloud service for URL filtering

WatchGuard is also announcing that the legacy SurfControl service will reach end of life on November 30, 2018. All URL lookups conducted against the SurfControl service after this date will return “uncategorized”. Customers can choose from one of the three migration options listed above.

Note: XTM customers will not be able to upgrade to Fireware 12.2, but can still use Fireware 12.1.x or earlier.

After the Fireware 12.2 release, support for these new features will be as follows:

  • On-premises WebBlocker Server will not be compatible with previous versions of Fireware 12.1.x
  • WSM 12.2 will not be capable of managing SurfControl settings on devices that run 12.1.x or lower

This offering for a virtual WebBlocker server helps to serve customer environments where regulatory compliance or even ISP constraints inhibit the web connections that allow WebBlocker URL filtering to function as designed through the WatchGuard UTM. 

How can I get started?

Qualifying Firebox M-series and T-series appliances with active Basic Security or Total Security Subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Categories: Sicherheit News

DNSWatch Australian Resolvers

WatchGuard Wire (englisch) - Thu, 08/30/2018 - 01:08

In order to better support our customers in Australia and New Zealand, we are pleased to announce the availability of a DNSWatch resolver in Sydney.

Based upon your feedback and data collected from production DNSWatch, we identified a need for a resolver to service ANZ. Neither DNS nor content latency were within our target, so we have deployed this resolver to improve performance of any network protected by DNSWatch.

No action is needed on your part. Any ANZ protected firebox will automatically use the Australian resolvers.

Thank you for submitting your feedback and having patience with us as we improve our products globally. We hope that this improves your experience with the WatchGuard product line all while keeping you safer every day.

 
Categories: Sicherheit News

DNSWatch Introduces Protection Against DNS Rebinding Attacks

WatchGuard Wire (englisch) - Thu, 08/23/2018 - 23:28

Despite being around for many years, “DNS Rebinding” attacks have been making headlines recently. Commodity devices (Chromecast, Roku, Sonos Speakers, and many other IoT devices) are potentially vulnerable, and while the popular ones have been patched, it’s hard to know if they all have.

This trend, combined with direct feedback from other customers, has led us to build new protections into DNSWatch to address these types of attacks.

You can enable the DNS binding protections in your DNSWatch settings. Once you enable the feature, it can take up to an hour to take effect due to DNS caching.

When enabled, any responses that would normally contain an A record for a private IP address (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/16) will instead result in an NXDOMAIN.

To confirm the rebinding protection is enabled, you can look up `local.strongarm.io`. If rebinding is enabled, it will return `192.168.1.1`. If the rebinding protection is enabled, DNSWatch will return an NXDOMAIN.

If you use an external nameserver to host intranet websites, you need to move those domains to an internal name server to protect them from DNS Rebinding attacks.

Categories: Sicherheit News
Syndicate content