Posted By Pete at 7:00 PM, February 29, 2012
We are at RSA this year, booth 255. Feel free to stop by and check out our new Application Control feature as well as 3G/4G USB dongle support for the UTM9S!
Posted by: Pete at 7:00 PM
Posted By Pete at 2:10 AM, December 25, 2011
From all of us here at NETGEAR - Happy Holidays!
PS: Be on the lookout for Christmas or New Years related spam. Even emails claiming to be from Santa Claus are not to be trusted ;-)
Posted by: Pete at 2:10 AM
Posted By Netgear Threat Lab at 12:40 AM, December 25, 2011
Microsoft has just released this year's last monthly security update which includes 13 patches for Windows, Office, IE, Windows Media Player and Publisher that resolves 19 security vulnerabilities found in these products.
One patch of particular concern is MS11-087. The patch fixes the Windows kernel vulnerability that the DUQU virus had been taking advantage of.
(Attackers embedding specially crafted TrueType fonts in documents can exploit this vulnerability in the Windows kernel.)
MS-11-092 is another important patch. It is for a high-risk level security hole for the windows media player remote code execution vulnerability - when a vulnerable user opens Windows Media Player, the attacker can use a carefully constructed digital video recording file (.Dvr-ms) to exploit the hole and use it to install malicious programs or steal users' privacy.
We remind users not to open suspicious files and promptly install security patches.
Posted by: Netgear Threat Lab at 12:40 AM
Categories: Netgear Threat Lab
Posted By Pete at 4:27 PM, December 9, 2011
V3 recently published a review of the UTM9S along with a ReadyNAS for integration. They loved the ability of the UTM9S to be customized according to customer needs with the optional VDSL and Wireless N modules. They were also really pleased with the UTM/ReadyNAS integration on how that gave the UTM extensive logging and quarantine capabilities.
To read the entire review, head on down to V3.
Posted by: Pete at 4:27 PM
Posted By Pete at 4:18 PM, December 9, 2011
We have just released UTM v1.3.14-0
This maintenance release contains bug fixes as well as minor usability tweaks. Release notes can be found here http://forums.prosecure.netgear.com/showthread.php?t=5481.
The offline update package can be found on Support.netgear.com. Simply enter your UTM model and go to the product page.
One thing to keep in mind is to update to version 1.3.7-0 before updating to version 1.3.14-0.
Posted by: Pete at 4:18 PM
Posted By Netgear Threat Lab at 3:11 PM, November 23, 2011
Recently, Microsoft released a security warning that basically confirmed that the popular "Duqu" virus uses a zero-day vulnerability within the Windows kernel and also provided a temporary solution to combat it. (http://technet.microsoft.com/en-us/security/advisory/2639658)
Duqu uses an existing loophole in the file T2EMBED.DLL. When the Win32k True Type font parsing engine uses this DLL, hackers can add malicious code to the word file in use and turn it into malware. When the victim opens the file in Word, the malicious code will be executed with the highest authority level in the system - creating an extremely dangerous scenario.
The Duqu virus is considered a second generation STUXNET virus, the former made its name doing damage on Iran's nuclear power plants. Duqu on the other hand, targets high-tech enterprises, stealing confidential technical information as it spreads and infects. Many of the world's larger businesses have already fallen victim to Duqu.
We advise our customers to install the patch and not to open any suspicious email attachments from unknown sources.
Posted by: Netgear Threat Lab at 3:11 PM
Categories: Netgear Threat Lab
Posted By Netgear Threat Lab at 3:08 PM, November 23, 2011
BIOS (Basic Input / Output System) is a small program that starts when the computer first boots up. When the BIOS is loaded to run, the computer loads only the most basic hardware information; nothing about the overlaying OS is known at that time. So if the BIOS is infected, it undoubtedly, would be a very terrible thing. Anti-virus software would have a terrible time trying to remove the virus, reinstalling the system would be useless, and even replacing the hard disk would do nothing to eliminate the virus.
One of the more memorable BIOS targeting viruses was known as the CIH virus (1999). This particular virus caused tremendous damage and was named as one of the world's top ten viruses by a number of security organizations. We recently found another BIOS virus infection spreading globally named Rootkit.Win32.Mybios.a. This virus is usually bundled with game software, tricking users into turning off their security software and subsequently attacking the BIOS, MBR (master boot record) , and windows system files.
First, the virus will drop bios.sys, flash.dll, my.sys, hook.rom and cbrom.exe in an attempt to infect the BIOS. Once the BIOS is infected, an additional ISA module called Hook.rom will be added to the BIOS. It's role is to detect whether the MBR is infected. If it finds that the MBR is not yet infected, it will write virus code located in the BIOS into about 14 sectors in the MBR, and then save the original MBR to sector 8.
Second, when the infected part of the MBR is loaded and executed, it will execute different viral code according to the OS (Winlogon.exe (XP/2003) or wininit.exe (Win7/Vista)). When the infected executable is run, the screen displays "Find it ok! ". This behavior can also be used to determine whether the machine has been infected by the virus.
Third, when the infected winlogon.exe is loaded at run time, it will attempt to download a variety of malicious programs from a remote server.
The virus will also load my.sys. This driver will hook disk.sys and prevent anti-virus software from repairing the infected MBR.
As always, we remind users to update their virus definitions as well as system patches and do not open suspicious files and game plug-ins. We remind users to update the pattern. Do not open suspicious files and game plug-ins.
Posted by: Netgear Threat Lab at 3:08 PM
Categories: Malware , Netgear Threat Lab
Posted By Jason at 5:11 PM, October 31, 2011
For the past two years, we are NETGEAR ProSecure have been advocating the need to ask "How well does my security system actually work?"
Multiple Reports have been conducted by third parties that show our systems are more effective at stopping threats than the others... And now ICSA Labs' Anti-Virus certification program is testing not only the WildList (a database of real-world viruses considered harmful to PC users) but also the Extended WildList, which consists of additional malware, such as keyloggers and Trojans.
ProSecure has been using the extended wildlist for two years now --- ahead of ICSA Labs.
Posted by: Jason at 5:11 PM
Categories: General , Malware , Viruses , Worms
Posted By Jason at 3:04 PM, October 6, 2011
Unfortunately, within hours of Steve Jobs' passing, the bad guys have already started circulating scams on Facebook to exploit this news ....
(as reported by the San Francisco chronicle...)
Posted by: Jason at 3:04 PM
Posted By Pete at 3:52 PM, September 26, 2011
We're proud to announce the newest member of the UTM family - the UTM9S. The UTM9S is a new breed of all-in-one security in that it has 2 built in slots in which users can customize their UTM9S according to their network needs. Need wireless? Add a Wireless-N module! Need ADSL? Add a ADSL module. Simply insert the module and it will be automatically discovered and usable immediately by the UTM.
It also contains all the robust security found in our award winning UTM line and on top of that, we've added ReadyNAS support. This means users can integrate with the ReadyNAS and leverage it as a storage partition to store logs, reports, quarantined files and emails from the UTM.
All in all, the UTM9S is a great all-in-one security solution for branch/remote office networks as it packs a lot of security/connectivity in one box while maintaining great performance.
Link on the ProSecure site
Link on Netgear.com
Contact your local VAR or sign up at prosecure.netgear.com for a risk free 30 day eval.
Posted by: Pete at 3:52 PM