Where is this coming from?

Over the last two #WeekendWisdoms I talked about needing to do updates for vulnerabilities and when it comes to software vulnerabilities zero days are usually the most critical.

You see when security researchers are analysing various software like Microsoft, Apple and Google products, if they discovery a vulnerability in that software, they will report it to the vendor and give them an opportunity to rectify it and fix it before they make it public. They usually give them a period of months, normally it is usually 3 months.

What are Zero Days?

But in the case of zero days what happens is that a vulnerability is exposed on a day when nobody is aware of it until everybody is suddenly aware of it, including the vendor and including criminal gangs.

These cyber criminal gangs will immediately start looking to try and exploit that zero day vulnerability, while the vendors are rushing to try and fix it, to put out an update to fix that vulnerability.

That can take time. It can take days, it could take weeks to fix it. So it’s kind of a race against time for the cyber criminals to try and crack it and exploit it and for the vendors to fix it and update it.

What should you do?

So if you ever hear me talking about “There’s a zero day vulnerability out there that you need to patch!”, you should be looking to try and patch that as quickly as possible.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 096 Zero Days appeared first on L2 Cyber Security Solutions Ltd..

This sounds familiar

Waaaay back in the early days of the #WeekendWisdom series, back at number 3, I talked about updates. I’ll have a link to that video somewhere on the social media post associated with this video.

The events of the last week has brought it back to me that this really is an important topic that we all need to be aware of.

What happened this last week?

Apple, earlier this week, released updates to its iPhones and Mac computers and watches that plugged a vulnerability which was being exploited by a surveillance software maker which literally all they had to do if they wanted to take control of somebody’s iPhone we’ll say, all they need to do is send a message to that phone and just when the phone receives the message, they now have control of it. The user of the phone did not have to do anything. So that’s pretty scary.

Also there was the vulnerability that I talked about in last week’s #WeekendWisdom. Microsoft have issued updates for that this week. So again, it’s really critical that if you have updates waiting on your Windows computer to apply them.

This is the reason why updates are important

You see the problem here is that when the likes of Apple or Microsoft issue updates, criminals go and take those updates, they look at them and they find out what exactly has been fixed in Windows or in the iPhones or whatever. Then they can figure out how they can exploit that, that vulnerability that was there that was fixed. If people don’t do the updates, the criminals can now exploit them, for those people who don’t, because there are quite a lot of people who don’t apply updates.

But it’s really important that you do.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 095 Why Updates are Important appeared first on L2 Cyber Security Solutions Ltd..

Why would you want to do this?

Microsoft are going to retire the Internet Explorer browser in June of 2022. But you might want to consider getting rid of it at bit sooner … like now. You see there is a vulnerability in it that can be exploited by somebody sending you a malicious word document. That all you have to do is open the document. You don’t need to take any other action, like click enable content or any other thing. Opening the document will exploit this vulnerability and cause malicious code to be run on your computer.

Check if you should first

Now before you take any of these steps, please check with your IT support that you really don’t need to use Internet Explorer anymore or that you’re allowed to remove it. So please check first.

How to remove Internet Explorer

This is how you get rid of it.

1. Go down to the bottom left hand corner and click the start button and select settings.
2. Click Apps.
3. Then click Optional features.
4. Find Internet Explorer, click on it and click uninstall.
5. Then when you see this thing and it’s finished, reboot your computer.

Once it comes back up again, you should be safe.

What if you need Internet Explorer?

If you really do need to use Internet Explorer for some legacy application or something like that, there is an Internet Explorer mode in the Microsoft Edge browser. Google that and find out how you can use that mode.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 094 How to remove Internet Explorer appeared first on L2 Cyber Security Solutions Ltd..

As is usual, the vulnerability lies in the software that runs on these firewalls. This Adaptive Security Appliance (ASA) software is what has been found to be vulnerable by a researcher who was to present his findings at a security conference in Belgium last Friday. He hasn’t released all of the juicy details yet and there are no reported exploits in the wild, but that could all change.

The affected devices, according to Cisco, are:

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 4120 Security Appliance
• Firepower 4140 Security Appliance
• Firepower 4150 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)
• FTD Virtual (FTDv)

If you have any of these devices in your network, you should be getting your IT support to patch it as soon as possible. There were reported issues with the initial patches, but Cisco have now rectified those too.

The big concern was to do with the Virtual Private Network (VPN) component on the firewall. If you are able to connect in remotely to your network by way of this VPN, then your entire network is at risk of being compromised.

Of course you’ve been following Commandment 3 and have a firewall in place. Now you’ve also got to employ Commandment 1 and keep it updated.

For the technical types who are reading this, you can get a much more in-depth view of the vulnerable Cisco firewall issues on a blog post by Omar Santos.

The post Vulnerable Cisco Firewalls appeared first on L2 Cyber Security Solutions Ltd..

I’m not going to go into any technical detail on these vulnerabilities. If you want to read the technical side you can go to the team that discovered the problems, Google’s Project Zero. There is some less technical information available on a dedicated webpage for the vulnerabilities. I’ve put in some easy to read background on this in the discussion section below.

What do you need to do about Meltdown NOW:

First of all DON’T PANIC. This is not the end-of-the-world. The situation is serious, but there are currently no active exploits out there. So keep a cool head and this can be managed successfully.

Original Text posted 4th January 2018 @ 16:30 GMT

Update 30th January 2018 @ 10:00 GMT:

Steve Gibson, a renowned security expert has created an excellent free little tool, called InSpectre for helping people to understand if they are protected or not from the two vulnerabilities. It has other useful advice there too. I would suggest you download it and run it against your Desktop/Laptop and see what your exposure is. Link to the download page is here.

https://www.grc.com/inspectre.htm

End-of-Update 2018/01/30-10:00

Update 8th January 2018 @ 10:00 GMT:

• It has been reported that the Microsoft patches are causing problems for people using some AMD processor chips. It stops the machine from booting properly and seems to require Windows to be re-installed. If you have a PC with an AMD processor, it might be advisable to turn off Windows Update temporarily until this issue is fixed.
• Qualcomm is another chip manufacturer, who make processors for mobile devices (e.g. – the Snapdragon processor that is used by many Android phones). They have now confirmed that their chips are also affected by these vulnerabilities.

End-of-Update 2018/01/08-10:00

Update 5th January 2018 @ 21:45 GMT:

• Intel have advised that they are rolling out software and firmware patches to address the exploits as best possible. They expect to have 90% of the chips that were made in the last 5 years updated by the end of next week. They don’t seem to be talking about anything older than 5 years, so this might be a concern for people with older equipment.

End-of-Update 2018/01/05-21:45

Update 5th January 2018 @ 11:00 GMT:

• What I didn’t mention yesterday was there are reports that fixing these vulnerabilities will cause the processor performance to degrade. While there will be some level of degradation, in typical workloads it shouldn’t be too noticeable. I won’t quote a percentage degree of slowdown as has been reported elsewhere, as it is purely speculation.
• Operating Systems:
  • Microsoft have pushed out their patch for this to all platforms. As mentioned earlier some Anti-Virus vendors need to make changes before the patch can apply correctly. Keep an eye on this google doc for the current situation with the various anti-virus packages. Be sure to test the patch where possible before widespread deployment, in case there are any issues.
  • Apple Macs – MacOS patches are available.
  • Linux – patches are available.
• Browsers:
  • Firefox – be on version 57 (currently available).
  • Chrome won’t be releasing version 64 for a few weeks, but Google advise people to enable an experimental feature called “Site Isolation” that can offer some protection against the web-based exploits but might also cause performance problems. Do the following:
    • Copy chrome://flags/#enable-site-per-process and paste it into the URL field at the top of your Chrome web browser, and then hit the Enter key.
    • Look for Strict Site Isolation, then click the box labelled Enable.
    • Once done, hit Relaunch Now to relaunch your Chrome browser.
  • Internet Explorer/Edge will be updated with today’s patches from Microsoft
• Mobile and Smart Devices:
  • The big change since the original post is that iPhones and iPads have been declared as vulnerable by Apple. Expect updates in the coming days for iOS devices.
  • Google branded Android phones/tablets will get the January 2018 patches in the next few days. Non-Google branded phones will only get updates at the discretion of the manufacturer. So please watch out for these.
  • If you have any other devices (smart fridge/kettle/thermostat/toaster, CCTV cameras, digital assistants), be sure to check their interface to see if updates come available for them.
• Virtualisation Software:
  • VMWare have issued guidance on their affected products.
  • Citrix don’t believe they are directly affected, but have guidance for their customers as other software running on their platform may be impacted.
• Cloud platforms:
  • Google Cloud platform has detailed advice for their clients.
  • Microsoft’s Azure platform also has information for their customers.
  • Amazon also has a detailed statement for their clients.
  • If you use some other Cloud Platform, please contact them to find out what their plans are to address these vulnerabilities.

End-of-Update 2018/01/05-11:00

I hate to say it, but you need to patch and patch everything as soon as you can. Warning: Make sure patches/fixes come from their usual sources and not by somebody sending you an e-mail with the patch. That won’t end well for you.

• Microsoft are issuing their monthly Patch bundle today (4th January) to address Meltdown. Install it as soon as it comes available on your PCs and schedule an emergency patch for your servers ASAP. Warning: There have been reports that some Anti-Virus software may not play nicely with the Windows fixes and cause your machine to crash badly. Check this google doc for the current situation with the various anti-virus packages.
• Firefox users make sure you are running version 57 (click the three horizontal lines and go to Help->About Firefox).
• Chrome users need to wait for version 64 which is coming (click the three vertical dots and go to Help->About Google Chrome).
• Apple Macs already have the patches out there, so make sure you are up-to-date.
• If you have Linux anywhere, patches are available so update it ASAP.
• Hopefully Android phones/tablets will get updates, so please watch out for them.
• iPhones/iPads are currently safe from this issue.
• If you have any other devices (smart fridge/kettle/thermostat/toaster, CCTV cameras, digital assistants), be sure to check their interface to see if updates come available for them.

I would not be at all surprised if there will be multiple patches emanating from Microsoft over the next week or two in respect to this.

I use services in the cloud, am I affected?

Absolutely. However reports are that Amazon and Microsoft are busy working away patching their infrastructure. There are a LOT of other other cloud services out there, so please check with them to see if you are in anyway exposed to these bugs.

Discussion:

When I check Twitter each morning, I normally see about 10 or 20 tweets from overnight. This morning it was hundreds of tweets. The cyber security world has gone into overdrive in the last 24 hours. I was seeing rumours of an Intel processor vulnerability circulating yesterday and then the disclosure broke overnight. It seems that they were trying to hold off until next week, in order for more work to be done on issuing fixes, but it was leaked. So now there is the scramble to get the fixes out there as fast as possible.

The Meltdown bug is poorly named, as it is not going to “melt” anything (ignore the picture I’ve used for this post I just liked the look of it ?). What it does is it breaches protections between the operating system (e.g. Windows) and Applications that are in use (e.g. Excel, Sage, etc.). The bug enables a malicious program to get at parts of the computer memory that stores sensitive information, such as passwords. Once it has this information it could send it to the bad guys. This vulnerability is relatively easy to exploit and proof of concept exploits have shown up in the wild.

The Spectre bug is not as easy to exploit as Meltdown, but it is also not as easily fixed. It works by breaking the isolation between different applications, which enables an attacker to fool normal computer programs into revealing sensitive data that they have in memory. The current discussion on this indicates that to truly protect against Spectre, hardware may need to be replaced.

We’re in for an interesting start to 2018!!! ???

The post Meltdown and Spectre appeared first on L2 Cyber Security Solutions Ltd..

Don’t be overly worried about this subject. At this time, hackers won’t be able to issue some commands from their bedrooms that will stop every pacemaker in use. In this particular case, they would need a very unlikely set of circumstances to happen in order to degrade the battery of the pacemaker or set it to an inappropriate rhythm. The reason for the long delay between the patch being released and the FDA approving it, was they needed to be sure there would be no ill effects on the patients when they applied the pacemaker updates.

Virtually every technology runs on a mixture of hardware and software. The software controls and monitors the hardware. In devices like a pacemaker, the software is usually referred to as Firmware. This is because it is built into the of electronics of the device as opposed to being on a hard disk, for example. Updating firmware is usually a bit more difficult to carry out than say updating windows. Different devices have different mechanisms to do so. In some cases the firmware may only be updated by replacing a physical electronic chip.

As was detailed in our First Commandment, developers of software sometimes make mistakes. If evil doers discover these mistakes, they will endeavour to see if the mistake created a vulnerability. If there is a vulnerability, the bad guys will seek to exploit it and make the software do something it was not meant to do. This will never be something for your benefit.

Therefore we should all keep anything with software (which includes firmware) as up-to-date as possible in order to remove the vulnerabilities.

So have a look around you and think about the different devices that you may have in your office or home. We covered mobile, networking equipment, printers and internet of things in the First Commandment. But it would now seem that pacemaker updates (in fact any medical electronic device) will need to be added to that list.

The post Pacemaker updates – they’re a thing now!?!? appeared first on L2 Cyber Security Solutions Ltd..

But do we really pay attention to these pop-ups that advise us what the app is looking to get permission to access? I would say no in most cases, because we just want to get the app and we trust the maker of said app, so let it have whatever it wants.

I’m raising this issue following:

1. the recent revelation about Snap Map, which is effectively Snapchat’s stalker mode, where you can see the current exact location of other Snapchat users.
2. a discussion with a colleague who uses an app that was developed for a small, rural community area and which she discovered showed the current exact location of any other user of the app.

In the case of Snapchat, they are a large corporation with a huge number of end users and the revelation about the Snap Map feature has gotten quite a lot of media attention. Therefore a lot of people will have become aware of it and for those people who are concerned for their privacy, there is a means of disabling it, while still using the app for it’s original intended purpose.

In the second case above, there is probably only a hundred or so end users of this app, which was supposedly a simple community noticeboard. The discovery of the map containing the location of current users was made by accident and caused great concern for my colleague, who is now going to speak with the app developer. There is no way to disable the location tracking without uninstalling the app.

That app, when it was being installed, obviously asked for permission to the person’s identity and location (amongst other things), but like most people, anybody downloading the app would have trusted their local app developer and just accepted whatever permission was requested by the app, without question.

I tend to be more careful about what permissions apps are looking for, before I let an app install or update (with new permissions). For example, I have an old Android phone (not my primary device), which is no longer receiving updates from Google. So there probably exists vulnerabilities which are not being patched (if you wonder why this is important, you obviously haven’t read Commandment 1 ).

I therefore downloaded the free Avast Anti-Virus app to give me an additional layer of protection (in keeping with Commandment 2). Initially it looked for permissions to in-app purchases, Device & App History, Identity, Contacts, Location, SMS, Phone, Photos/Media/Files, Wi-Fi Connection information and Device ID. I was a little cagey about it needing access to location. Avast is a large company with a good reputation, so I took the decision to allow it access.

Then several weeks ago it looked to update the app and needed some additional permission granted. Now it wanted the following:

I can see no justifiable reason for an Anti-Virus application to need permission to access the camera and microphone, let alone Bluetooth connection information. Viruses do not come through by the phone looking at or listening to something. So I have not allowed it to be updated.

Everyone really needs to be more careful when installing or updating apps, particularly when presented with the permissions pop-up. Just think “What is this app going to do for me?” and then go through each of the permissions it is asking for and say “Why does it need access to …?”. If you are really unsure, then please ask somebody who knows about such things (and not your pre-teen or teenager). If you want, you can reach us at support@L2CyberSecurity.com.

The post Permission to spy on you? appeared first on L2 Cyber Security Solutions Ltd..

According to this, the concept of using malicious subtitle files to compromise a machine goes back to the early 2000’s. However that was not a very widespread phenomenon back in the day.

In this modern era, where every home probably has multiple media players, this could become a very serious problem, because you might not have the media player set to automatically update. In fact in some cases there is no automatic update facility available, only a message to suggest you update the software manually. This is the case with VLC and Kodi for Windows. As we say in our First Commandment, you should always keep your software up-to-date with patches and new versions.

You might ask what kind of impact could a malicious subtitle file really have. The researchers at Check Point posted their research into this attack vector and the following is what they said could happen:

By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device. The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.

So, yes it is pretty serious alright. The researchers also discovered that it is possible to manipulate sites that host subtitles in order to make a malicious subtitle file more “popular” so the sick subtitles would be more likely to be chosen and loaded by the media player when the video is being played.

They have also provided a video to show, as a proof of concept, how easy it is to take control of the victim’s computer by way of malicious subtitles.

I realised after reading this story that I still have Kodi installed on my home PC, though I have not used it in a couple of years (as I use Plex to watch my media now). It was running version 14.1 whereas the current version is 17.3. So I’ve uninstalled it altogether now and also verified that my Plex installation is fully updated, as well as any installs of VLC. I gotta practice what I preach. 

The post Sick subtitles can infect your media player appeared first on L2 Cyber Security Solutions Ltd..

This story is going to disappear from the news headlines fairly quickly, as there is nothing massively new or worrying coming out for the moment, so we’ll probably be back to normal by next week.

What is Ransomware?

Ransomware has been around for a good few years. Earlier versions were fairly rudimentary, as they only prevented the victim from using their PC and were easily mitigated. The term itself comes from the techie habit to combining words and in this case it is a combination of Ransom Software.

It normally spreads by e-mail attachment/link or a poisoned web page/online ad. If you open the attachment or click on a poisoned ad, a little piece of computer code executes, which downloads the actual  ransom software from the internet. This software then generates an extremely complicated “key”, which is used to scramble the data contained in your files (documents, spreadsheets, photos, videos, databases, etc.). It will carry out the scrambling on any drive that the PC running it can see (so hard drives, network drives, external drives, USB sticks, cloud drives, etc.).

A screen is popped up advising the victim about what has happened and provides instructions for how they can pay the ransom in order to get the “key” to unlock and recover their scrambled files. In some cases the “key” is stored on the evil doers servers, so if the victim does pay, they will be given the key and will be able to get their files back. There may even be a helpdesk telephone number which you can call to get assistance on how you can pay. This is usually because not everyone knows how to go through the cumbersome process of acquiring BitCoin … “Ah here! WTF is BitCoin?” I hear you cry! ? Basically BitCoin is a virtual currency, which is untraceable and that’s why the bad guys like it.

If the victim does get their files back, there is a good chance that the crooks will leave behind a “present”, which will wait a few weeks, then execute on it’s own and scramble the files again. The victim paid once, so there is a good chance they will do it again. However there is also a high probability that paying the ransom won’t mean you get your data back, as you might never get the key from the bad guys.

So that’s a very brief outline of what Ransomware is. In the last 2 years, it has become extremely prevalent. Over 50% of evil email contains some form of Ransomware.

What was special about WannaCry?

What made WannaCry special was the fact that it spread all by itself. It did not require anybody to click on a link or open an attachment. This is what technical types call a “worm”. What it does is it finds a machine on the internet that has a specific vulnerability which it exploits and loads itself into that machine, scrambles the data and then looks for more machines to infect on the local network, as well as on the internet.

My most avid readers ? will remember back in a March post, I discussed the Microsoft Patch Tuesday was a double month, because there had been none in February. Then in an April post, we found out why there was secrecy around the previous month’s patching. The US’ National Security Agency (NSA) had their hacking toolkit released to the internet and Microsoft had spent February urgently patching vulnerabilities that the NSA toolkit exploited.

Which brings us neatly to WannaCry. The evil doers used one of the NSA tools to have their ransomware scan for machines that are vulnerable to a specific exploit and then infect any such machines it finds. Microsoft has issued the patch for this vulnerability in March however it was only issued for the versions of Windows that they still support (Windows Vista, 7, 8.1 and 10 as well as a bunch of server operating systems). Anybody running a Windows XP or 8.0 machine would be vulnerable. The British NHS still has a lot of Windows XP machines and these were the ones that got all of the attention when thousands of them became infected causing surgeries, diagnostic procedures and clinics to be cancelled as a result. In fairness to Microsoft they did subsequently release the patch for the unsupported versions of Windows, which will prevent this attack vector being used in future.

It started circulating on Friday 12th May, and by Saturday it was very widespread, so much so that it grabbed a lot of media attention. This is where it get my first problem – advice from newspaper “Tech” journalists. I’ll possibly get stick for this, but most of them are nothing more than shiny gadget reviewers. They don’t actually truly understand the underlying technology and just parrot “don’t click links”, “patch your software”, etc. While that is good advice, I then see them giving inaccurate reportage like “this was spread by somebody clicking on a link”. No it wasn’t! That’s not how a worm works!!! ? … On a related matter, which I think is hilarious … the shiny gadget reviewer on Ireland AM on TV3 gave better advice than any “Tech” journalist I’ve read this week. ?

My second problem was advice from “Experts” from larger cyber security firms. In the last few days I’ve heard two such experts (from different unnamed companies) say the same thing as the “Tech” journalists, except they made it worse by saying “this worm was spread by somebody opening an attachment.” THAT IS NOT HOW A WORM WORKS FFS!!! ?

My third problem is with technology vendors that try to capitalise on the fear, uncertainty and doubt (FUD) that was present in businesses across the globe on Monday morning. Coming out with nonsense like, “Our Whizz-Bang product will fully protect you from WannaCry.” as Mrs. Brown is known to say “That’s nice.” See below for some simple steps on how you can protect yourself, that is available for free and for nothing.

There are a lot of small to medium-sized, independent security consultancy firms out there that have been giving excellent, accurate and timely advice. These are the ones you should be listening too. They are staffed by people who actually truly know what is happening. I’d like to think I’m also in that category as I don’t state something unless I know it to be a fact. If I don’t know something, I will say so and will go and educate myself.

The spread of WannaCry was stanched by a Cyber Security blogger in the UK (@MalwareTechBlog) who discovered that if a certain internet domain name was registered and active, the worm would not carry out it’s scrambling and scanning function. This was a great help to the world, which has led the young man to be hounded by tabloid newspapers. There you go – no good deed goes unpunished. ?

There is one aspect about this, that I’ve only seen mentioned once. What if the culprits behind this didn’t use Ransomware as the payload? They used the NSA tools to scan the internet for the vulnerability that allowed them execute something on hundreds of thousands of PCs. They chose Ransomware, which kinda gets in your face when it has done it’s dirty deed. What if they chose keyloggers (software that logs all key presses – used for stealing passwords) or other surreptitious, stealthy, spying software? We might never have realised there was something afoot. ?

There’s talk that it was the North Korean’s what did it! Is that interesting? … Maybe. I would have thought they might have preferred the stealth route, but their leader might have had other ideas.

How do I protect myself?

This is the insanely easy bit, believe it or not. All you have to do is follow 4 of my 10 commandments:

• Commandment 1 Keep all software up-to-date with automatic patching/updating
• Commandment 2 Use and keep up-to-date Anti-Virus software
• Commandment 4 Take regular backups of all your data and test that you can restore.
• Commandment 5 Ignore email from strangers and be careful of email from friends, family, co-workers.

Do those few things and you shouldn’t have to pay any ransom to anybody, because if 1, 2 and 5 fail you (for whatever reason), then 4 will recover you. ?

Let’s be careful out there!

The post Do you WannaCry? I didn’t think so. appeared first on L2 Cyber Security Solutions Ltd..

Well for the most part§ it turned into “not much to see here, move along”. Yes, these NSA hacking tools were released to the internet for anybody with evil intentions to use them on the innocent. Yes, they are highly effective. Yes, they can let hackers break into your computer.

But you follow my first commandment don’t you? You keep your Windows (and other software) automatically updated, don’t you? If so, then you’ll be fine … nothing to see here, move along … these NSA hacking tools are nothing to concern yourself with.

§Now, this is where the earlier reference to “for the most part” gets some clarity. If you are running Windows XP, then you are at extreme risk of probably every tool that was released by Shadow Brokers. Microsoft patched the vulnerabilities in their supported operating systems (so Windows 7, 8.1 and 10) that all of the hacking tools exploited, except for three. The tools that were named “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan” are the only ones that Microsoft didn’t bother with as they only affected earlier versions of Windows which Microsoft no longer support (Windows XP or Server 2003 anyone?).

So if you are still an XP/2003 user, you’ve got a pile of evil-doers, with access to at least 12 hacking tools which the NSA created and they can come and compromise your PC/Laptop/Server! ? It’s that simple, you really need to move off XP/2003 for your own good. If you can’t upgrade, then get the XP/2003 thing off the internet so you can’t be compromised. ?

Some of you may recall back in March, I talked about how Microsoft offered no patches in February and then here was a double lot in March. Microsoft were pretty tight lipped about why this happened and most of the speculation was around problems encountered with the way they were changing their method of delivering updates.

Welllllll … it would seem it was much more likely that is was to do with the NSA giving them a low-down on the vulnerabilities that they knew were about to be revealed and exploited by the bad guys and so Microsoft put the head down and got on with fixing these “secret” vulnerabilities. ?

There were also some tools released which enabled the NSA (the US National Security Agency) to monitor some service bureaus used by the SWIFT inter-bank payment network. This mainly targeted middle-east bureaus, but it’s possible this could be expanded. This is something for the SWIFT network to address and there is likely nothing you can do about this. ?

Let’s be careful out there!

The post Hackers released NSA hacking tools … World continues to turn ?. appeared first on L2 Cyber Security Solutions Ltd..