Archive | February 2013

RSA Conference Details Unfold in this Super Writeup!

The RSA conference is a yearly security conference where various internet security topics are discussed. Well, this year’s discussions are quite intense, and involve many of the latest problems.

  1. Security training is an important thing for any person. Teaching people about the seriousness of threats is highly important. Not just about some of the basics of threats, like an IP address, firewalls, or antivirus software. But, more than that, more focused on trends in computer security, social engineering, etc. With the increase of people using tablets, smartphones, etc., there is a big need for understanding cybersecurity. (Secure Connexion has their own ventured school, SecuSchool, hosted on a sister website.)
  2. Cybersecurity on Planet Earth is in big trouble! Experts state that the internet was designed to be build without security concerns. However, with password theft, business attacks, fraud, phishing, etc. – this makes internet security far more important. Problem is, attackers are also getting organized with their criminal activity. With that, there is a need for counterintelligence methods.
  3. “Too big to be good” is how most security companies are being stated as. By the time new businesses are started fighting new cyberthreats, criminals already have new plans being carried out.
  4. Free personal data (in numbers of petabytes) are out there in social media and analytics. Scams, fraud, and phishing scams can be built with the free information available online.
  5. Mobile malware on the rise. An apparent 30% of malware submissions (not necessarily new) are reported to come from mobile platforms.
  6. Cyberespionage is on the rise big time!  Governments are spying on each other, gathering information, stealing secrets, and preparing to construct cyberattacks.
  7. There are a lot of good security startups, which are making steady advances toward the future of cybersecurity. We’re just one of those startups.

Today, continuing in RSA, keynote speeches will be posed from Vint Cerf of Google, Philippe Courtot of Qualys with special guess John Pescatore of SANS Institute, Christopher Young of Cisco, Mike Fey of McAfee, and Jimmy Wales of Wikipedia.

Last year’s conference highlights were as follows:

  • Application, cloud, data, and mobile  security
  • Cryptography
  • Hacking and other threats
  • Governance & laws
  • Risk & compliance
  • Professional development
  • Strategy & architecture
  • Technology infrastructure

We will most likely have more details about RSA 2013 in the coming days. The conference runs from February 25-March 1 in San Francisco.

Advertisements

Adobe Flash Player Critically Affected Again! Two Bugs Resolved!

Adobe has published another update now, fixing three vulnerabilities. Two of these three vulnerabilities are currently being exploited in the wild.

Adobe has introduced the Flash Player sandbox a year ago protecting Firefox users from vulnerabilities in Flash Player. This sandbox is being actively targeted for attacks.

“Adobe is aware of reports that CVE-2013-0643 and CVE 2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content,” the company wrote in a security bulletin.

Adobe classifies the update at priority rating of 1 for Windows and Mac (which means super-critical: PATCH NOW!), and 3 for Linux (not as critical for Linux).

Google automatically patches for Chrome Browser. Microsoft automatically patches for Internet Explorer 10 for Windows 8 (note for Internet Explorer 10 for Windows 7, you have to patch).

The following issues are resolved:

  • Permissions issue with the Flash Player Firefox sandbox (CVE-2013-0643)
  • ExternalInterface ActionScript feature (CVE-2013-0648)
  • Buffer overflow in Flash Player broker service (CVE-2013-0504).

Update link for Windows and Mac

Update link for all other versions

To see version information about Flash Player or what browser/OS you’re running, check out the following.

Remember, when updating, UNCHECK McAfee | Security Scan Plus, unless you really want to scan your computer. It is pre-checked, so you have to uncheck it.

 

Another missing link in Stuxnet Reveals Earlier Infection Time

Stuxnet, the government malware believed to have been created by a dual-venture of the US and Israel, and the one used to attack the Iran nuclear enrichment facility, is now believed to have an earlier attack link. It is believed now that sometime in 2008 was when the facility may have been in progress of attacks from Stuxnet.

Iran leaders met in Kazakhstan this week to discuss with members of the UN Security Council the nuclear program. The researchers there announced a new variant of the sophisticated Stuxnet cyberweapon.

Some have noted that the US and Israel may have partnered way before doing similar activities to try to take down the nuclear enrichment program in Iran.

The new variant was designed as a different attack vector against the centrifuges for the uranium enrichment program, versus later versions released. This “new variant” was apparently released in 2007. Here we are six years later, knowing the discovery of such variant. This shows that the current versions of Stuxnet were made in 2009, which means this variant now recognized predated the original code that researchers found. Therefore, its first version may have been in 2007. That tells security experts this: Stuxnet was attacking much earlier than previously thought.

Still to make a rebuttal, Iran is awaiting and planning new cyberwarriors, which can construct cyberattacks and cyberterrorism on the US.

Looking in the code of the 2007 version, it was used for Siemens PLCs, which are used in the Iran nuclear enrichment program in Natanz. It was aimed at sabotaging the valves’ operations, by controlling the flow of uranium.

The list of new information goes on. According to Wired Magazine, the new finding, described in a paper released by Symantec on Tuesday (.pdf), resolves a number of longstanding mysteries around a part of the attack code that appeared in the 2009 and 2010 variants of Stuxnet but was incomplete in those variants and had been disabled by the attackers.

Microsoft Humbled: Hit by Cyberattack as well

We reported on all the recent cyberattacks lately, but didn’t catch this, so here’s an addendum to yesterday’s story:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.

Posted on MSRC’s Technet Blog

Recent Hacks: NBC.com, Twitter, and Zendesk – Warnings: Tumblr, Pinterest

After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.

The latest high profile organization that was recently hacked is the National Broadcast Company (NBC), more specifically on their website. The idea from the hackers is to use the website to infect visitors, using exploits and other JavaScript injections.

NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.

Malicious JavaScript was added to the mix, and also used the exploit kit called RedKit. It delivers one of two exploit files to try to take control of your browser.

I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.

What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.

This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.

Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).

Zendesk hacks and other various warnings

Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.

How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.

Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.

Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.

Version 19 Update for Firefox – Patched HTTPS Phishing Issues, PDF Viewer Added

Firefox 19 now has a PDF viewer (Yay, bells and whistles)! Time to kick Adobe Reader, you know, because of all the exploits.

According to TheNextweb.com, Firefox 19 “includes PDF.js, a JavaScript library intended to convert PDF files into HTML5, which was started by Andreas Gal and Chris Jones as a research project that eventually picked up steam within Mozilla Labs.

Technically, the tool has been in Firefox for many versions, but you had to manually enable it. The whole point of the built-in PDF viewer is to avoid having to use plugins with proprietary closed source code “that could potentially expose users to security vulnerabilities.””

The new PDF viewer doesn’t even require a secondary plugin or anything! It has its own ability to draw images and text.

A little more explained:

“Firefox for Windows, Mac and Linux introduces a built-in browser PDF viewer that allows you to read PDFs directly within the browser, making reading PDFs easier because you don’t have to download the content or read it in a plugin like Reader. For example, you can use the PDF viewer to check out a menu from your favorite restaurant, view and print concert tickets or read reports without having to interrupt your browsing experience with extra clicks or downloads,” Mozilla said.

In addition to that exciting news, Firefox 19 also fixes an HTTPS phishing flaw, which was reported by Michal Zalewski, Google security researcher. It details an issue with a proxy’s 407 response, where if a user canceled the proxy’s authentication prompt, the browser continues to display the address bar. This can be spoofed by attackers, by telling them to enter credentials. Read more in the Mozilla advisory about this.

Also, several use-after-free vulnerabilities were patched, and memory corruption vulnerabilities.

In Firefox, if you’re not automatically prompted to update, then do so as soon as possible by clicking the Firefox tab at the top left corner of the browser, hovering over Help >, click on About Firefox. You may also have to click Check for updates in the window that pops up. You should be patched.

Also, check out the posts today about Java and Adobe Reader being patched as well. It’ll be time to update everything at once.

New Java Update Available by Oracle, Sped Up Patching Process

At least 5 security issues were patched in yesterday’s release of Java. This was all problematic generated by a string of problems including hacks on Facebook computers, among Apple and Twitter. Recently, at least 40 companies were targeted in malware attacks leading to an Eastern European gang of hackers trying to steal private corporate information, according to Bloomberg News.

The new version, now available on Java.com will bring the current version to Java SE 7 Update 15 and Java SE 6 Update 41. It is recommended to unplug your browser from Java, at least the main one, and only use Java Runtime Environment (JRE) in a lesser-used browser. Whenever you need to use a site that required Java, use it on your rare browser, so that you don’t get tripped up by ads or other exploit sites that try to access Java on your main browser.

Additionally, make sure to occasionally clear the Java cache, which will help prevent old temporary files for Java from loading. It’ll make the Java experience a bit better. This may also help remediate issues, if a Java application doesn’t run.

Oracle has announced on its website that it will “start auto-updating all Windows 32-bit users from JRE 6 to JRE 7 with the update release of Java, Java SE 7 Update 15 (Java SE 7u15), due in February 2013.”

Oracle will speed up its patching cycle for Java. “Oracle’s intent is to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers,” Eric Maurice, director of Oracle’s software assurance, said.

Protect against exploit issues on Windows by adding or supplementing your current antivirus with a secondary malware scanner and protection unit:

%d bloggers like this: