Skip to content

Monthly Archives: December 2017

Updated! Vulnerability in Cyberoam appliance

1) Stay on Version 10.6.5 – In our testing of Version 10.6.6. of CROS (Cyberoam Firmware), we discovered a bug that causes blocking of certain web content. We request customers stay on 10.6.5 until this is fixed.

2)To get patched for the SQL Vulnerability simply make sure that “Allow Over-the-air Hotfix” option is enabled on Cyberoam device as shown in the image below. Devices that already have this option enabled will automatically fetch the fix and remain protected.

Click here for larger image in browser

(System>Maintenance>Updates and then check the “Allow Over-the-air Hotfix Box)

To see if you are patched, You can login to the SSH/telnet console session of the unit and execute following command to check Hot Fix version:

console> cyberoam diagnostics show version-info

The Hot Fix version should be displayed as 1 or higher.

 

——–
Full Knowledge-base Article:
here

——
Other news
– Over the next two weeks we will be updating our store site for Fortinet & Meraki. Other updates after these.

Our Blog Site: Here

Contact US

 

Vulnerability Affecting Cyberoam Appliances

A SQL injection vulnerability has been discovered in Cyberoam appliances running the Cyberoam operating system (CROS) that allows for unauthenticated remote code execution.

A small percentage of appliances have been impacted by a cryptominer that consumed CPU cycles, and our investigations have found no evidence that any data has been compromised or exfiltrated from those appliances.

For customers running CROS version 10.6.1 and above that use the default setting of automatic updates, the hotfix was automatically installed, and there is no action required. Customers who have changed their default settings will need to apply the update manually.
Remediation

CROS Version

Patch Distributed

Version 10.6.3 and above

December 7, 2017

Version 10.6.1, 10.6.2.x

December 8, 2017

All versions prior to 10.6.1

Upgrade to current CROS version

 
Full Knowledge-base Article here

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Quote

Browser will block third-party software from mucking around with pages next year.

By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.

“In the past, this software needed to inject code in Chrome in order to function properly; unfortunately, users with software that injects code into Windows Chrome are 15 per cent more likely to experience crashes.”

In particular, the target here seems to be poorly coded AV tools can not only crash the browser or cause slowdowns, but also introduce security vulnerabilities of their own for hackers to exploit.

Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes. With Chrome 68, the browser will block third-party code in all cases except when the blocking itself would cause a crash. In that case, Chrome will reload, allow the code to run, and then give the user a warning that the third-party software will need to be removed for Chrome to run properly. The warning will be removed and nearly all code injection will be disabled in January of 2019.

“While most software that injects code into Chrome will be affected by these changes, there are some exceptions,” said Hamilton.

“Microsoft-signed code, accessibility software, and IME software will not be affected.”