ACA Aponix Security Alerts: January 26, 2016

January 26, 2016

Fraudulent UPS Delivery Emails Contain Links to Malware

Fraudulent UPS delivery notification emails have been circulating that appear legitimate but contain links containing malware. The link opens a Microsoft® Word® document containing a malicious macro, which opens a scripting shell that downloads and opens a malicious executable file.

In the following screenshot of a UPS notification email, all links are legitimate except for the tracking number link.

Clicking the link opens a Microsoft Word document like the one in the following screenshot. The document contains a malicious macro.

More information about fraudulent UPS emails

ACA Aponix recommends verifying that each URL directs to a trusted source before clicking any link in an email, regardless of whether the email appears to be legitimate. To do this in Microsoft® Outlook®, hover your mouse over the link.

Google Releases Security Update for Chrome Browsers

On January 6, 2016, Google released Chrome browser version 48.0.2564.82, which fixes multiple vulnerabilities for Microsoft® Windows®, Mac, and Linux users.

ACA Aponix recommends applying the latest Chrome update as soon as possible.

More information

Update to Juniper Networks Critical Security Update for ScreenOS

On December 17, 2015, Juniper Networks released an out-of-cycle security bulletin for vulnerabilities in ScreenOS. Since then, an additional vulnerability was discovered in ScreenOS that makes it possible for attackers to gain full administrative access to affected devices.

This vulnerability affects all NetScreen devices running ScreenOS 6.2.0r15-6.2.0r18 and 6.3.0r12-6.3.0r20. Juniper ScreenOS devices are commonly used for firewalls and home VPNs.

More information

ACA Aponix recommends applying the latest patched releases of ScreenOS and limiting device access to trusted networks only. However, it is important to note that no fix has yet been released to prevent the decryption of VPN traffic. We will be conducting vendor diligence around the patching of these issues. 

Backdoor Vulnerability Found Older Versions of Fortinet FortiOS

Independent researchers recently discovered that older versions of FortiOS™(4.x-5.0.7) had a hard-coded password embedded in the software, making it possible for FortiGate™ enterprise firewalls to be compromised and for attackers to gain full administrative access to servers running an affected version of FortiOS. Fortinet™claims this issue was discovered and a patch was made available in July 2014 that corrected this issue, however no announcement was made until the issue was publicly disclosed on January 12, 2016.

This issue affects the following products:

  • FortiAnalyzer: 5.0.0 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
  • FortiSwitch: 3.3.0 to 3.3.2
  • FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
  • FortiOS 4.1.0-5.0.7

More information

ACA Aponix recommends applying the latest version of FortiOS. We will be conducting vendor diligence around the patching of these issues. 

Microsoft and Adobe Release Critical Security Updates

Microsoft and Adobe recently released critical security updates that resolve issues in various products.

Microsoft Updates

Microsoft released a security bulletin on January 12, 2016, containing updates that resolve critical vulnerabilities in the following products:

  • Microsoft® Windows® (various components)
  • Microsoft Internet Explorer®
  • Microsoft Office®
  • Microsoft Silverlight®
  • Microsoft Exchange Server
  • Microsoft Edge
  • JScript and VBScript

See the complete bulletin for more information.

Adobe Updates

Adobe recently released critical security updates for Adobe® Acrobat® and Adobe Reader®. See the complete bulletin for more information.

Please reach out to us if you have any questions: