Rapid Setup in Remote Locations

I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) have increased the demand for security appliances in even the smallest retail locations, including kiosks in shopping malls, small hotels, and franchise restaurants. Additionally, Healthcare and privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the data privacy directive in the European Union have driven the need for security. Seeing the red box, I knew that my credit card information was in good hands.

WatchGuard appliances are now running in places like dentists, doctors’ offices, and small clinics. Although these are wildly different industry environments, one thing these locations all have in common is that they don’t have dedicated IT staff on site. Security and network configuration is provided by a Managed Security Service Provider (MSSP) or the central IT staff for the distributed enterprise, clinic group or retail chain.

At WatchGuard, our mission is to provide solutions that are easy to deploy, easy to manage, and generally accessible to companies of all sizes. To succeed in these environments, we need to provide solutions that can be setup securely without sending a technician out every time, especially for companies that are managing hundreds of locations. All of WatchGuard’s Unified Threat Management (UTM) appliances, including our new WatchGuard Firebox T30 and T50 models include access to the company’s unique RapidDeploy feature that enables centralized IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites.

Here’s a common challenge we see. When installing a new appliance in a remote location, someone needs to unpack and set up the IT equipment. This will often be the store manager or an employee who may lack technical skills. They may have a computer at home, but no technical responsibilities in the workplace. They do not know much about IT other than how to start their laptop, browse the Internet, watch Netflix, and use Microsoft Word, etc. Therefore, no matter how clear the corporate instructions are, they still seem like a foreign language.

With Rapid Deploy, the local staff just needs to plug in the Firebox’s power and Internet cables. It then establishes a connection, and pulls the appropriate configuration file from either the WatchGuard cloud or the central management server. This even works in cases where the IP address is assigned statically and not via DHCP. It also works in environments where the local site needs to connect back to the corporate management server through a third party device with NAT implemented. Such scenarios are common in shopping malls, airports, and healthcare campuses.

Does this sound like a challenge you’ve been facing? Find out more about how WatchGuard can help, here.

 

Black Friday Security Tips – Daily Security Byte EP. 181

To deal hunters, Black Friday and Cyber Monday have become even more exciting than the Thanksgiving holiday that spawned them. Unfortunately, cyber criminals understand our weakness for deals, and use the time themselves to increase their phishing and web scam campaigns. Watch today’s video for some quick tips on how you might avoid any Black Friday related cyber attacks.

Show note: This is the last show this week since WatchGuard will be out on a long holiday weekend. Have a happy Thanksgiving!

(Episode Runtime: 3:00)

Direct YouTube Link: https://www.youtube.com/watch?v=vhEgt81-QIE

EPISODE REFERENCES:

• I share similar tips on a Q13 Interview – Q13 Fox

— Corey Nachreiner, CISSP (@SecAdept)

Dell Superfish 2.0 – Daily Security Byte EP. 180

Remember Superfish? That was when Lenovo shipped bloatware on their laptops that included the same self-signed root certificate. Once attackers extracted the private key, they could leverage this root certificate to make every HTTPS connection look good, even if it was a fake site. Apparently, Dell made the same mistake. Watch today’s video to learn more.

Show note: I apologize for the bad sound in today’s video. I made it in a hotel room with a bad audio source.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=mIc028v3XVk

EPISODE REFERENCES:

• Dell XPS and Inspiron suffer for a Superfish-like certificate flaw – Ars Technica
• Dell Superfish 2.0 lets attackers spoof legitimate web sites – The Register
• Dell Superfish 2.0 certificate keeps coming back – The Register
• Lenovo’s original Superfish issue – CNet

— Corey Nachreiner, CISSP (@SecAdept)

Amazon 2FA – Daily Security Byte EP. 179

Great news for Black Friday shoppers who use Amazon! The well known online retailer has finally enabled free two-factor authentication (2FA) for its customers. Watch today’s video to learn why I think you should turn it on, and why I think 2FA is important for all IT organizations.

(Episode Runtime: 2:19)

Direct YouTube Link: https://www.youtube.com/watch?v=xzodlmJxyrE

EPISODE REFERENCES:

• Article sharing how to enable Amazon two-factor authentication – Wire

— Corey Nachreiner, CISSP (@SecAdept)

Linux Ransomware – Daily Security Byte EP. 178

Ransomware has become a very serious threat online, and I suspect it will continue to evolve and get worse in 2016. Today’s video covers one such evolution—a Linux-based variant affecting web servers. Luckily, this ransomware story has a happy ending. Click play to learn more.

(Episode Runtime: 2:24)

Direct YouTube Link: https://www.youtube.com/watch?v=H4RpG0n4olw

EPISODE REFERENCES:

• Linux ransomware targets web servers – Extreme Tech
• Dr. Web’s Linux.encoder.1 write-up – Dr. Web
• How to defeat Linux.encoder.1 – ZDNet
• Bitdefender cracks attackers bad encryption – BitDefender
• Download Bitdefender’s decrypter [ZIP] – BitDefender

— Corey Nachreiner, CISSP (@SecAdept)

Terrorism & InfoSec – Daily Security Byte EP. 177

On the surface, terrorist attacks and information security (infosec) seem unrelated. However, the abhorrent terrorist attacks carried out against innocent victims in Paris have stirred up two long-running information security topics; is hactivism valuable and should governments have access to public encrypted data? Neither of these are black and white issues, but watch today’s daily video to get my opinion on these subjects.

(Episode Runtime: 4:27)

Direct YouTube Link: https://www.youtube.com/watch?v=6q9YZfeRcuU

EPISODE REFERENCES:

• Anonymous declares war on ISIS – IBTimes
• My CNBC Closing Bell video interview on Anonymous – CNBC
• Anonymous launches “biggest operation” ever – Digital Times
• Encryption debate to reignite over the Paris Attacks – Re/Code
• Government push “spy agenda” with Paris Attacks – The Guardian

— Corey Nachreiner, CISSP (@SecAdept)

Android Chrome 0day – Daily Security Byte EP. 176

Last week, a Chinese security research disclosed a new zero day Android vulnerability at PacSec’s Pwn2Own competition. Watch today’s video to learn a little more about this flaw, and what to do about it until it’s patched.

(Episode Runtime: 2:13)

Direct YouTube Link: https://www.youtube.com/watch?v=GzE9VpfhkaE

EPISODE REFERENCES:

• Researcher discloses Android Chrome zero day vulnerability at PacSec Pwn2Own – Security Affairs
• One shot Android exploit demonstrated at Pwn2Own – The Register
• Japan’s PacSec Security conference – PacSec

— Corey Nachreiner, CISSP (@SecAdept)

Fantasy Football Malvertising – Daily Security Byte EP. 175

Whether you’re talking about soccer in Europe, or U.S. football in the states, fantasy football leagues have become very popular lately, which is why criminal hackers have noticed and might start targeting them. Today’s video talks about how a popular UK fantasy football site has become infecting with evil malvertising. Watch below to learn how you can protect yourself from these sorts of ad-based drive-by downloads.

(Episode Runtime: 2:42)

Direct YouTube Link: https://www.youtube.com/watch?v=-tlHgUko21c

EPISODE REFERENCES:

• MalwareBytes post on the Barclay’s Premier League malvertising – MalwareBytes
• Barclay’s fantasy football site serves malicious Flash to 16M visitors – IT Pro

— Corey Nachreiner, CISSP (@SecAdept)

A Dozen Microsoft Updates – Daily Security Byte EP. 174

If you use Microsoft or Adobe products—as the majority of computer users do—it’s that time again… Patch Day.

For November’s Patch Day, Microsoft released a dozen bulletins fixing many flaws in their most popular products. Watch today’s video for the quick highlights about these and Adobe’s updates.

UPDATE: As gung-ho as I am about applying patches quickly, there have been reports that some of the Windows 10 updates can cause problems. You may want to test these updates before deploying them throughout your network.

(Episode Runtime: 1:43)

Direct YouTube Link: https://www.youtube.com/watch?v=xGj2grkLQfk

EPISODE REFERENCES:

• Microsoft Patch Day Summary for November 2015 – Microsoft
• Adobe Flash bulletin for November 2015 – Abode
• Two new Microsoft security advisories for November – Microsoft

— Corey Nachreiner, CISSP (@SecAdept)

iOS Bounties, Android Auto-root, and Guy Fawkes Day – WSWiR Episode 168

Nowadays, each week has more information security news that we used to have each month. If you find yourself falling behind, and need a shortcut to stay informed, this is the weekly video for you. Every Monday, I summarize our daily security video from last week.

Today’s episode covers a new Android malware variant, an iOS zero day that’s bad for the industry, a couple hacktivism campaigns, and more. Watch the YouTube video for all the details, and check out the references below to learn more.

(Episode Runtime: 13:13)

Direct YouTube Link: https://www.youtube.com/watch?v=z7Xgnd8CHQ8

EPISODE REFERENCES:

• Monday: 000Webhost has 000 Security – Daily Security Byte EP. 169
  • 13M+ password leaked from popular web hosting company – Forbes
  • Original blog disclosing the 000webhost breach – Troy Hunt
  • 000Webhost’s breach due to outdated PHP – Computer Weekly
• Tuesday: Claimed iOS Bounty is Bad News – Daily Security Byte EP. 170
  • Vulnerability researchers claim a $1M iOS 9.1 hack bounty – Motherboard
  • iOS bounty claimed, but Apple won’t be informed – Wired
  • The original iOS 9 hack bounty – Zerodium
• Wednesday: vBulletin Breach and 0day – Daily Security Byte EP. 171
  • vBulletin’s site and forum software hacked – Ars Technica
  • vBulletin asks users to reset password – vBulletin
  • vBulletin released patch for forum software – vBulletin
  • Researcher discloses his vBulletin RCE vuln – Twitter
    • His actual Pastie disclosure – Pastie
  • Hacker claims responsibility for breach – The Admin Zone
  • Coldzer0 attempts to sell vBulletin 0day – oday.today
  • Video demonstrating the vBulletin exploit –  YouTube
• Thursday: Auto-rooting Android Malware – Daily Security Byte EP. 172
  • Three Android malware families quietly roots phones and digs in – Ars Technica
  • Researcher’s blog post describing these new Android threats – Lookout
• Friday: Guy Fawkes Day Hacktivism – Daily Security Byte EP. 173
  • Anonymous Doxxes 1000 alleged KKK members as part of #OpKKK – ZDNet
  • Anonymous threatens #OpKKK on Nov. 5th: Epic fail – USA Today
  • CWA doxxed more government employees – Motherboard
  • CIA Director hackers break into arrest database – Wired
  • Information about Guy Fawkes night – Wikipedia

EXTRAS:

• 11yr old girl will give you a secure password for $2 – The Telegraph
• CISA passes the Senate despite privacy issues – Wired
• Big tech companies don’t like CISA either – CNN
• EFF unveils vulnerabilities in automatic license plate readers – EFF
• Can humanity build a computer security AI? – TechCrunch
• BGP is still a security risk (nothing new here) – SC Magazine
• Nice article on man-in-the-middle attacks – Network World
• Millions of passwords leaked from a free web hoster – Forbes
• Lots of issues with SSL certificate revocation systems – Phys
  • Google warns Symantec to clean up certificates – Ars Technica
• More browser vulnerabilities allow for zombie cookies –  Ars Technica
• Duuzer trojan seems to target South Korean manufacturing industry – Computer World
• Strengthen your security with passive DNS – Network World
• It’s ok to hack stuff you own for research – Wired
• NSA director says state sponsored attacks increasing – Time
• Tennis star recommends affirmations as passwords – Wired
• Chipped cards get hacked too – Network World
• DARPA keeping an eye on security researchers – Motherboard
• A third of stolen cars in France were hacked – Telegraph
• UK to ban strong encryption on social sites – The Telegraph
• No three arrested in association with the TalkTalk hack – Dark Reading
• Citrix patches some serious (and old) Xen vulnerabilities – The Register
• Researchers collect the $1M iPhone root vulnerability bounty – Forbes
• Zerodium to pay a $1M iOS hack bounty – Motherboard
• Apple doesn’t approve security conference app because of hacking talks – The Register
• Fascinating piece on ex-employees of The Hacking Team – Motherboard
• Will ransomware threaten to disclose your files publicly? – Tripwire Blog
• DMCA exemptions allow hacking for security research – SC Magazine
• British Gas data breach affects 2200 customers – IBTimes
• UK national arrested in association with DroidJack – BBC
• Cyber criminals suck at information security too – The Register
• CCTV (or Linux) botnet DDoSes victims – Incapsala
• Anti-adblocker CDN hijacked and served malicious fake Flash update – The Register
• KeeFarce targets popular password manager – Ars Technica
• Latest Android update fixes 23 vulns including another “Stagefright” – Forbes
• Researchers find new Windows flaw that bypasses EMET – Threatpost
• Cryptowall’s revenue may go to one criminal group – PC World
• Backdoor found in Chinese iOS ad SDK – Threatpost
• UK government wants to increase surveillance – The Intercept
• Tinba still spreading, and targeting Japanese and Russian banks – Threatpost
• FBI is budging a bit on back doors. Servants to the people – Ars Technica
• Longest DDoS attack lasted 320 hours – IT Pro
• Signing malware with valid certs has become an underground service – The Register
• XcodeGhost still lurking, this time on US Appstore – Dark Reading
• Google’s project Zero found 11 vulnerabilities in latest Samsung phone – The Inquirer
• White House reveals the Cybersecurity Strategy Implementation Plan (CSIP) – WhiteHouse.gov
• U.S. Officials targeted by cyber attacks after Iranian hacker’s arrest – Reuters
• Hackers pull heist on a heist video game over microtransactions – Motherboard
• Details surface about two older gambling payment processor breaches – Forbes
• Like the NSA, MI5 uses hacking for investigations – Motherboard
• 14yr old Japanese boy arrested for having the Zeus trojan (video) – NBC News
• Apparently, CIA Director’s email hackers are targeting others – Motherboard
• Good article asking if we learned from Stuxnet – Dark Reading
• Proton email suffers DDoS and pays extortionists $6000 in bitcoin – Forbes
• A look at the person modeled for the CSI:Cyber character – Telegraph
• Finfisher government spyware company still alive and well – Motherboard

— Corey Nachreiner, CISSP (@SecAdept)