04/18/10

Permalink 09:08:15 pm, by Larry Boggis, 90 words
Categories: Cisco NAC, Cisco Security

Cisco NAC - Web Login Support for Apple iPad Client Devices

As documented in DDTS CSCtf60530, Cisco has released a patch update for Cisco NAC Appliance Release 4.7(2) CASs that provides web login (no persistent or temporal Agents) support for Apple iPads.

You can retrieve the Patch-iPadSupport.tar.gz file and "Readme" containing installation instructions by logging in to the Cisco Software Download Site and navigating to Security > Endpoint Security > Cisco Network Access Control > Cisco NAC Appliance > Cisco NAC Appliance 4.7.2 > Network Admission Control (NAC) Manager and Server System Software > Latest Releases > 4.7.2, and clicking Download Now next to the Patch-iPadSupport.tar.gz filename.

Permalink 01:17:02 pm, by Zach Brewer, 174 words
Categories: Cisco Security Agent

Cisco Security Agent 6.0.2 Released

The much anticipated Cisco Security Agent 6.0.2 was released today with many new product features and fixes. Of the most notable enhancements includes added support for 64-bit Operating Systems as well as 32 and 64-bit support for Windows 7, 2008, and VMWare WS 6.x, specifically:

  • Windows 7 (Professional and Enterprise) 32-bit platform
  • Windows 7 (Professional and Enterprise) 64-bit platform
  • Windows Server 2008 (Standard, Enterprise, and Web Edition) 32-bit
  • Windows Server 2008 (Standard, Enterprise, and Web Edition) 64-bit
  • VMware WS 6.x (workstation)

(All CSA 6.0.2 supported agent Operating Systems can be found here.)

Other notable improvements include:

  • Improved SystemAPI rule integration with Microsoft Data Execution Prevention (DEP)
  • Integration and reporting on rootkit kernel modification via Microsoft's Kernel Patch Protection (KPP). Note: KPP is only used in MS 64-bit OSes. 32-bit Operating Systems still rely on CSA's Rootkit Detection rules.
  • Support for FQDN's in Network Address Sets and wildcard support in those FQDNs (resolvable to IP4 only). Ex: *.Priveon.com

For a full list of CSA 6.0.2 enhancements, please see the official CSA 6.0.2 release notes. Additionally, CSA 6.0.2 may be downloaded from Cisco's website (valid contract required).

04/14/10

Permalink 09:53:42 am, by Zach Brewer, 99 words
Categories: Security Advisories, General Security

Apache.Org Compromise

On 04/05/2010, Apache's issue tracker for projects was compromised via an XSS attack. The attackers used a simple URL redirect service appended to a new issue to grab administrator session credentials and ultimately download hashed copies of JIRA, Bugzilla, and Confluence passwords.

While the Apache blog gives compromise details and timelines, current status, and new mitigation steps, it bears repeating that any user of Apache hosted JIRA, Bugzilla, or Confluence should change their password immediately.

I also highly recommend the following related read: Improving Web Security: Six Ways the Apache.org JIRA Attack Could Have Been Prevented by Better Code

04/06/10

Permalink 02:37:28 pm, by Zach Brewer, 157 words
Categories: Cisco Security Agent, Security Advisories

IMPORTANT: No New ClamAV Signatures for CSA Versions Earlier than 6.0.1.138

ClamAV will no longer release new signatures for ClamAV scan engines older than 0.95 effective as of April 15, 2010. As a result, any CSA 6.0 implementation prior to 6.0.1.138 using the ClamAV signature protection ("Anti-Virus - Signature based" policy) will not receive updated signatures after 04/15/10. Cisco has upgraded the ClamAV scan engine in 6.0.1.138 to include the new ClamAV engine. Any CSA customer using the AV signature policy must upgrade to CSA 6.0.1.138 to continue receiving updated ClamAV signatures. (Both the Management Center and Agents must be upgraded)

CSA 6.0 users who are currently using or plan on using CSA signature protection are urged to contact Priveon for upgrade options and caveats.

Related URLs:

ClamAV decision to stop support for releases older than 0.95 (due to a specific bug)

CSA 6.0.1 Release Notes (CCO ID and valid contract required)

For additional information or to schedule a discussion around potential impact to your environment, please contact us directly via email or call us at 877-783-1337 x-2.

03/25/10

Permalink 11:52:20 am, by Chad Sullivan, 131 words
Categories: Pen Testing

Metasploit update allows backdooring of fully functional EXE

Attention Pentesters!

There was an interesting update to Metasploit (go do your SVN UP) that now allows msfencode to add an existing msfpayload to a pre-existing EXE of your choice while retaining full EXE functionality. What does this mean? Well, for starters, it would allow you to get an individual to run a known .exe that functions as expected to the user yet runs your shellcode in the background (like meterpreter).

Once you attach to the meterpreter session or it attaches back to you, you can now use the somewhat recent ability to migrate the meterpreter session from the backdoor of the new exe to something that will not terminate like explorer.exe.

Voila! Pwned via the Bowling_Elves.exe... Again...

For more info and step-by-step process by example see: here

<< 1 2 3 4 5 6 7 8 9 10 11 ... 41 >>

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

Archives