Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

When a single e-mail gives hackers full access to your network

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Dec 2015 08:52:20 +0000 (UTC)
http://arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/

By Dan Goodin
Ars Technica
Dec 16, 2015
When you're a Fortune 500 company that's a favorite target of sophisticated hackers, it often makes sense to install security appliances at the outer edges of your network to stop attacks before they get far. Now, researchers say they have uncovered a vulnerability in such a product from security firm FireEye that can give attackers full network access.
The vulnerability, which is on by default in the NX, EX, AX, FX series of FireEye products, was FireEye last week, after researchers from Google's Project Zero privately reported it. It made it possible for attackers to penetrate a network by sending one of its members a single malicious e-mail, even if it's never opened. It's not uncommon for outsiders to find such critical flaws in a security product. Still, the proof-of-concept exploit underscores that such game-over threats often extend to some of a network's most critical equipment. As Google employee Tavis Ormandy explained in a blog post published Tuesday: 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: