ProSecure Security Blog

Come Visit the NETGEAR Booth 255 at RSA!

2012-03-01T03:00:15Z

We are at RSA this year, booth 255. Feel free to stop by and check out our new Application Control feature as well as 3G/4G USB dongle support for the UTM9S!

Happy Holidays!

2011-12-25T10:10:50Z

From all of us here at NETGEAR - Happy Holidays!

PS: Be on the lookout for Christmas or New Years related spam. Even emails claiming to be from Santa Claus are not to be trusted ;-)

Microsoft Releases Final Security Update of 2011

2011-12-25T08:40:54Z

Microsoft has just released this year's last monthly security update which includes 13 patches for Windows, Office, IE, Windows Media Player and Publisher that resolves 19 security vulnerabilities found in these products.

One patch of particular concern is MS11-087. The patch fixes the Windows kernel vulnerability that the DUQU virus had been taking advantage of.
(Attackers embedding specially crafted TrueType fonts in documents can exploit this vulnerability in the Windows kernel.)

MS-11-092 is another important patch. It is for a high-risk level security hole for the windows media player remote code execution vulnerability - when a vulnerable user opens Windows Media Player, the attacker can use a carefully constructed digital video recording file (.Dvr-ms) to exploit the hole and use it to install malicious programs or steal users' privacy.

We remind users not to open suspicious files and promptly install security patches.

V3 Gives UTM9S with ReadyNAS Integration 4 out of 5 Stars

2011-12-10T00:27:01Z

V3 recently published a review of the UTM9S along with a ReadyNAS for integration. They loved the ability of the UTM9S to be customized according to customer needs with the optional VDSL and Wireless N modules. They were also really pleased with the UTM/ReadyNAS integration on how that gave the UTM extensive logging and quarantine capabilities.

To read the entire review, head on down to V3.

UTM Firmware 1.3.14-0 Released

2011-12-10T00:18:29Z

We have just released UTM v1.3.14-0
This maintenance release contains bug fixes as well as minor usability tweaks. Release notes can be found here http://forums.prosecure.netgear.com/showthread.php?t=5481.

The offline update package can be found on Support.netgear.com. Simply enter your UTM model and go to the product page.

One thing to keep in mind is to update to version 1.3.7-0 before updating to version 1.3.14-0.

Microsoft Announces Emergency Solution to Duqu Zero-day Vulnerability

2011-11-23T23:11:07Z

Recently, Microsoft released a security warning that basically confirmed that the popular "Duqu" virus uses a zero-day vulnerability within the Windows kernel and also provided a temporary solution to combat it. (http://technet.microsoft.com/en-us/security/advisory/2639658)

Duqu uses an existing loophole in the file T2EMBED.DLL. When the Win32k True Type font parsing engine uses this DLL, hackers can add malicious code to the word file in use and turn it into malware. When the victim opens the file in Word, the malicious code will be executed with the highest authority level in the system - creating an extremely dangerous scenario.

The Duqu virus is considered a second generation STUXNET virus, the former made its name doing damage on Iran's nuclear power plants. Duqu on the other hand, targets high-tech enterprises, stealing confidential technical information as it spreads and infects. Many of the world's larger businesses have already fallen victim to Duqu.

We advise our customers to install the patch and not to open any suspicious email attachments from unknown sources.

New BIOS Virus in the Wild

2011-11-23T23:08:08Z

BIOS (Basic Input / Output System) is a small program that starts when the computer first boots up. When the BIOS is loaded to run, the computer loads only the most basic hardware information; nothing about the overlaying OS is known at that time. So if the BIOS is infected, it undoubtedly, would be a very terrible thing. Anti-virus software would have a terrible time trying to remove the virus, reinstalling the system would be useless, and even replacing the hard disk would do nothing to eliminate the virus.

One of the more memorable BIOS targeting viruses was known as the CIH virus (1999). This particular virus caused tremendous damage and was named as one of the world's top ten viruses by a number of security organizations. We recently found another BIOS virus infection spreading globally named Rootkit.Win32.Mybios.a. This virus is usually bundled with game software, tricking users into turning off their security software and subsequently attacking the BIOS, MBR (master boot record) , and windows system files.

First, the virus will drop bios.sys, flash.dll, my.sys, hook.rom and cbrom.exe in an attempt to infect the BIOS. Once the BIOS is infected, an additional ISA module called Hook.rom will be added to the BIOS. It's role is to detect whether the MBR is infected. If it finds that the MBR is not yet infected, it will write virus code located in the BIOS into about 14 sectors in the MBR, and then save the original MBR to sector 8.

Second, when the infected part of the MBR is loaded and executed, it will execute different viral code according to the OS (Winlogon.exe (XP/2003) or wininit.exe (Win7/Vista)). When the infected executable is run, the screen displays "Find it ok! ". This behavior can also be used to determine whether the machine has been infected by the virus.

Third, when the infected winlogon.exe is loaded at run time, it will attempt to download a variety of malicious programs from a remote server.

The virus will also load my.sys. This driver will hook disk.sys and prevent anti-virus software from repairing the infected MBR.

As always, we remind users to update their virus definitions as well as system patches and do not open suspicious files and game plug-ins. We remind users to update the pattern. Do not open suspicious files and game plug-ins.

Extended Wildlist Testing - Now a Standard of ICSA Labs

2011-11-01T00:11:51Z

For the past two years, we are NETGEAR ProSecure have been advocating the need to ask "How well does my security system actually work?"

Multiple Reports have been conducted by third parties that show our systems are more effective at stopping threats than the others...

And now ICSA Labs' Anti-Virus certification program is testing not only the WildList (a database of real-world viruses considered harmful to PC users) but also the Extended WildList, which consists of additional malware, such as keyloggers and Trojans.

ProSecure has been using the extended wildlist for two years now --- ahead of ICSA Labs.

Steve Jobs --- RIP

2011-10-06T22:04:22Z

Unfortunately, within hours of Steve Jobs' passing, the bad guys have already started circulating scams on Facebook to exploit this news ....

(as reported by the San Francisco chronicle...)

All-in-One Security for the Remote Office - ProSecure UTM9S Launched

2011-09-26T22:52:56Z

We're proud to announce the newest member of the UTM family - the UTM9S. The UTM9S is a new breed of all-in-one security in that it has 2 built in slots in which users can customize their UTM9S according to their network needs. Need wireless? Add a Wireless-N module! Need ADSL? Add a ADSL module. Simply insert the module and it will be automatically discovered and usable immediately by the UTM.

It also contains all the robust security found in our award winning UTM line and on top of that, we've added ReadyNAS support. This means users can integrate with the ReadyNAS and leverage it as a storage partition to store logs, reports, quarantined files and emails from the UTM.

All in all, the UTM9S is a great all-in-one security solution for branch/remote office networks as it packs a lot of security/connectivity in one box while maintaining great performance.

Link on the ProSecure site
Link on Netgear.com

Contact your local VAR or sign up at prosecure.netgear.com for a risk free 30 day eval.

UTM150 on Display at VMworld

2011-09-08T07:16:49Z

Just got back from VMworld 2011 in Las Vegas where the UTM150 was on display along with many more of our business class products such as the ReadyNAS 4200 and our all 10Gig switch the XSM7224S.

While virtual machines are efficient and easy to deploy, we often forget that virtual machines inherit the same risks and dangers as their physical counterparts. Further more, because their so easy to deploy, it's easy to lose track of patches, security software licenses, and security settings making them an even easier target for attackers and malware. A UTM or STM at the gateway will go a long way towards protecting your servers and workstations - virtual or physical.

Are We Really Doing a Good Job Protecting Our Users?

2011-08-29T22:03:29Z

Last week, McAfee asked an introspective question to the entire security "are we really protecting our users?" Its our opinion that by "we" if we mean "IT administrators of small and midsized companies and IT technology vendors as whole" the answer is a resounding No! Some interesting data points to triangulate this hypothesis include:

Android is far and away an enormous vehicle for delivering mobile malware - witness last week's news buzz on android malware (attacks on Android increased by 76% !)
Microsoft becoming less relevant to malware writers (ever so slightly!)
Adobe becoming hugely relevant to malware writers ---- 7 of the top 10 vulnerabilities are on Flash Player!

McAfee closed out its rhetorical question by also asking if the security industry is falling us as a whole. That said, we believe that part of the answer lies with a proper joint education between IT admins, security vendors, and end users. With a 3-way mutual understanding people ---- humans can learn to differentiate what constitutes a threat and what doesn't constitute a threat. Humans are by nature fallible creatures, and when end users fail to properly discern a threat (accidentally clicking on dangerous links!) technology should come to save humans from themselves.

From the technology perspective, we also believe that IT admins deserve to ask more of their security vendors --- all the time security vendors get asked questions on throughput performance or feature set, but less common in the small and midmarket business arena do security vendors really get grilled on the efficacy of their products. Effectiveness is so key to security products and services, and yet the industry seems often to be selling solutions the same way the insurance industry markets car insurance --- by price!

We're presenting a joint webinar between NETGEAR ProSecure and Kaspersky Lab to discuss "Top 5 IT Practices that Put the Organizations at Risk" ... won't you come join us?

You Data is Not Safe - Not Even in South Korea

2011-08-04T18:01:42Z

South Korea's leading Web portal Nate and blog site Cyworld was attacked by hackers last week. An estimated 35 million records of user data were stolen.

Both sites have 25 million and 33 million subscribers respectively - totalling to about 35 million users worth of information leakage. Taking into account South Korea's total population of about 49 million, this is a staggering amount of data leakage! This is also by far the worst global hacking incident (that we know of) of 2011.

The stolen information, included user names, phone numbers, email addresses, encrypted passwords, social security numbers, blood types, and many other types of user info. Details on how the hack took place is still under investigation, but we can expect a large number financial theft, phonefraud, spam and other illegal acts performed with the stolen data. When information sensitive as this is stolen, the threat is no longer cyber any more. It can threaten even the physical well being of the victims.

Major networks continue to enhance their own security, but incidents such as this continue to occur. We suggest limiting the personal information you provide to different sites. Don't give out more than you have to. Also use different user names and passwords for different sites - especially the ones involving any form of financial transaction.

That Firewall is Full of Holes... Hackers Targeting Small Firms

2011-07-21T17:27:24Z

This article from the Wall Street Journal validates what we've been noticing and socializing for years - that much of the small business community out there could really use an improvement on their networks defenses.

Many small businesses think that a simple firewall and Anti-Virus on the desktop is good enough --- but that doesn't always adequately defend against the latest scareware, malware, and other virus type programs you can pick up on the Internet!

One unfortunate newstand owner detailed in the article lost $22K from cyber hackers!

See here on why hackers have realized its easier to go after lots of little fishes worth a couple of dollars rather than going after a Moby Dick with a big wallet -

Wall Street Journal - Hackers Shift Attacks to Small Firms

Microsoft Releases July Security Updates

2011-07-15T17:42:18Z

On Wednesday morning, Microsoft released the security patches for July.
In this current update, Microsoft released 4 security patches, which fixed a total of 22 vulnerabilities. Although the number of patches was only a quarter of what it was last month, what they fixed were highly critical.

The MS11-053 patch fixes a serious vulnerabilty which allowed remote code execution by the attacker Bluetooth. This affected multiple versions of Windows 7 and Vista operating systems. The vulnerability may cause the remote control of computer users, leakage of personal information, virus, and Trojan attacks; adding up to a very serious threat.

Another patch which caught our attention was MS11-055. This is the patch for a well-known Microsoft Visio vulnerability. If a user opens a legitimate Visio file and the file is on the same network as a special library directory, the vulnerability could allow remote code execution. Successfully exploited, this vulnerability could gain the same privileges as the logged-on user.

We would like to remind our readers - A new vulnerability always comes with the subsequent invasion of computer viruses and Trojans. Timely installation of security updates will help your computers significantly reduce the possibility of malicious attacks.