Archive | January 2013

Adobe’s Patch Tuesday for Acrobat/Reader – ColdFusion Problems

Adobe will release a round of updates on Patch Tuesday (as usual). This month, Patch Tuesday (which involves Microsoft and Adobe, sometimes Oracle) will be on January 8. It’s first updates involve vulnerabilities in Reader and Acrobat products, while the other issues involve ColdFusion vulnerabilities.

“Adobe is aware of reports of security issues in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX that are being exploited in the wild. We are currently evaluating the reports and plan to issue a security advisory as soon as we have determined mitigation guidance for ColdFusion customers and a timeline for a fix,” said Adobe’s Wendy Poland in an advisory posted January 3.

From the good news side of things, none of these vulnerabilities are being actively exploited in the wild. But, let’s not get too hasty to underestimate threats. Make sure to get patched on Tuesday!

Vulnerabilities in Adobe Reader and Acrobat versions 11.0.0 and earlier are going to be patched next week.

Last month, there were issues in Flash Player and ColdFusion. Looks like these are favorites of hackers as of late.

Protect yourself from vulnerabilities with Kaspersky ONE Security, one good price ($79.95) per year for awesome protection.

Anonymous Says “Expect Us 2013” – #OpNewBlood – McAfee Underestimates

Anonymous is not going away. Just wanted everyone to know that. It’s not a likely thing for them to disappear at all. From what McAfee made it sound like, is that Anonymous was low-key and not a big threat. However, it is to be disagreed with. They could strike crazy at any time with a hacking attack.

Their year-in-review video details what they have done, and it is clear they have similar plans in 2013, if not more. Some are saying the next mission to finally carry out is “#OpNewBlood”. This is actually an old plan, but they’re still carrying it out. There are already tons of posts on Twitter discussing #OpNewBlood, and how many people can freely join Anonymous. Some have linked to how to set up chatting in IRC and how to be anonymous when browsing the Internet. Many recruiting efforts are underway, such as AnonyOnion. Can anyone LOL?

Their press release on AnonNews characterizes an “Expect Us 2013” banner. See for yourself. Apparently, a lot of the new operations would be led by @Crypt0nymous.

Anyway, back to the details about the video, it details info about the temporary shutdown of websites belonging to The US Department of Justice, the FBI, the Motion Picture Association of America – which were all in protest of the indictment of MegaUpload. Although the sites were temporarily down, it sent a message of protest against the US Government, in hopes to say that people still have a voice.

However, the hacktivism continues, and is showcased in the video. It shows newsreels of Anonymous’ intervention in Syria, when the Syrian Government shut down Internet access for a day. Apparently, from what also showed up in the video involved Anonymous’ “cyberwar” against the Israeli Government – when clearly it is a problem with Syria and other neighboring countries.

“The operations which are listed in the video are only examples, there are far more operations,” Anonymous wrote in the statement. “Some of them still running, like Operation Syria. We are still here.”

Despite such threats, and other details that Anonymous threw in the faces of the viewers of the video (with a lot of them saying F*CK YEAH!), many other underestimate their presence. But, what risk can we take in computer security? The first time we let our guard down, Anonymous will strike. They do it every time. Never let your guard down in computer security. McAfee: We’re calling out to you. Stop spreading the message giving people the idea that Anonymous is going to be less active or less threat. We don’t need anymore damage. The more we stay aware, the better protected we will be.

This “syncopathic” (goth jargon: syncope=fainting, pathic=motivation) approach is common for Anonymous…meaning they are silent (kind of when you faint), and then all of the sudden they jump up (motivate quickly) and go into hacking/activism.

Expect Anonymous or get a reality check! That’s all we’re saying here. It’s not worth the mess/damage to let your guard down.

Security Concerns This Winter – Android Malware, Facebook Problems, Anonymous, among other things

We’ve discussed over the past couple of weeks some of the things that happened in 2012, and things we’re focused on coming into the new year. There is a surge in a lot of security concern over several different issues, including Android malware, Anonymous, cyberwar, among other things. Here is a comprised list of the top concerns this Winter that we’ll be investigating on a continual basis.

  1. Identity Theft – this can be a problem for most people that get viruses and other malware on their computer. It can also be a problem on social networks. It is best to have a good antivirus and keep your social networking information safe. You don’t have to enter everything in your profile. Leave some fields blank so it is more trivial for the unsuspecting stalker. Sadly, you cannot know who’s viewed your profile, which makes it more difficult to discover stalkers. Hmm…hint Facebook.
  2. Spear-Phishing – plain and clear, spear-phishing is similar to identity theft. This is done by email-spoofing, which the attacker is masking him-or-herself as a legitimate company with legitimate looking emails. However, these emails are only subject to make you click and to either steal your information, or distribute malware, or even both. Normally, this is a big problem over the holidays, but now it’s starting to become widespread no matter the time of year.
  3. Human Error and the Failure to Update – Vulnerabilities – It is true that humans forget a lot of things. One of the biggest security risks we have always faced is that users fail to update their browser plugins and programs on their computer. However, through the use of this vulnerability, attackers exploit and send malware your way. Using a vulnerability scanner can help you keep managed of this atrocity.
  4. Browser Hijackers and Junkware – we still continue to see the problem of browser hijackers and junkware being distributed in installers for legitimate programs. What’s sad is, the royalties are so high for software developers to add in the install code for junkware, that the developers don’t know how bad the issue is. From Babylon Toolbar to Claro Search…these toolbars and homepage hijackers are unnecessary and technically need to be done away with. Good thing our security community has the ability to remove this crap with our special tools.
  5. Malware growth on Other Platforms – it’s no surprise that malware problems are lighting up on the iOS now, as well as Linux. It sure will start to become a problem this year. Even more on Windows 8 and Android than any other device.
  6. Android Malware Growth – This has become one of the biggest problems right now in the computing world is the steady high growth of malware on the Android platform. It will continue to be a problem, sadly.
  7. Anonymous Cyberattacks, and Government Cyberwar – we will still see cybercrime and cyberwar problems continue this year.

Stay in tune with this blog for further updates.

%d bloggers like this: