http://arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/
By Dan Goodin
Ars Technica
Dec 16, 2015
When you're a Fortune 500 company that's a favorite target of
sophisticated hackers, it often makes sense to install security appliances
at the outer edges of your network to stop attacks before they get far.
Now, researchers say they have uncovered a vulnerability in such a product
from security firm FireEye that can give attackers full network access.
The vulnerability, which is on by default in the NX, EX, AX, FX series of
FireEye products, was FireEye last week, after researchers from Google's
Project Zero privately reported it. It made it possible for attackers to
penetrate a network by sending one of its members a single malicious
e-mail, even if it's never opened. It's not uncommon for outsiders to find
such critical flaws in a security product. Still, the proof-of-concept
exploit underscores that such game-over threats often extend to some of a
network's most critical equipment. As Google employee Tavis Ormandy
explained in a blog post published Tuesday:
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
