Malware Disguising Itself As An Update

An ArsTechnica article posted today is talking about a rash of websites that have been compromised, and are now delivering phony web browser updates to site visitors.

What’s important for our clients to understand is that all major web browsers have a control method for updates. Internet Explorer and Edge are updated through Windows Update. Chrome and Firefox both phone home and download updates from their trusted sources. There is never a legitimate reason for a website to distribute an update to your web browser.

As always, keep your anti-virus software up-to-date, and if you run into any problems, Reinforcements are just a phone call away.

Secure Website Warnings

Symantec had a bit of a bumpy 2017, starting out with the mis-issuance of roughly 30,000 secure website certificates. For a very in-depth read on that, check out Ars Technica’s post here.

With the mis-issuance issue in mind, The Register kindly reminds us that in mid-April of this year, Google Chrome is going to stop considering certain certificates issued by Symantec as being valid. This means that if you visit a site with one of these certificates, you will get a security warning before you see the actual web site you were intending to visit.

We just want you to be aware that these security warnings could be coming. It’s possible that site owners will have upgraded all of their certificates before the deadline. But if they don’t, then for those of you using the Google Chrome browser, you may expect to start seeing these warnings sometime in April. For those of you using Mozilla Firefox, the warnings should be popping up a month later in May. Unfortunately I couldn’t find time lines for Microsoft Internet Explorer or Edge.

The main take away is that if you see these alerts, give it some time. Don’t put any personal information into a site that has thrown one of these warnings. Given the wide spread popularity of Google and Firefox, web site administrators will be keenly aware when the switch has been flipped, if they weren’t aware already.

Vulnerable Cisco Firewalls

Ars Technica reports on a vulnerability to some Cisco firewalls. You can read their article here:

https://arstechnica.com/information-technology/2018/01/cisco-drops-a-mega-vulnerability-alert-for-vpn-devices/

What does this mean to TRI customers?

Well, it looks like the vulnerability exists in Cisco’s ASA software that is used in many of their firewalls (note: some of the firewalls running the software don’t necessarily say ASA on them). If you’re using one of the affected firewalls, and you’re using WebVPN, you should patch immediately. That brings us to the next hurdle. Patches for Cisco devices either come from behind their paywall, or by contacting their Technical Assistance Center (TAC). Some people are reporting slow response times from TAC, and if you don’t have current support with Cisco, the download behind their paywall is out of reach.

Need Help?

If you’d like assistance assessing your firewall, working with TAC, or even replacing your firewall if it’s simply too old, we are here to help.