Number: IRCNE2015102673
Date: 2015/10/25

According to “computerworlduk”, the Xen Project fixed several vulnerabilities in its popular virtualization software, including one that could allow potential attackers to break out of a virtual machine and gain control over the host system.
Vulnerabilities that break the isolation layer between virtual machines are the most serious type for a hypervisor like Xen, whose main goal is to allow running multiple VMs on the same hardware in a secure manner.
The Xen patches released Thursday fix a total of nine vulnerabilities, but the privilege escalation one identified as CVE-2015-7835 is the most serious one.
As such, the flaw can only be exploited by malicious administrators of PV guests and only on x86 systems, the Xen Project said in an advisory. Xen versions 3.4 and higher are vulnerable.

Number: IRCNE2015102672
Date: 2015/10/25

According to “zdnet”, the Tor Project has launched the beta version of Tor Messenger, an easy-to-use encrypted message client for those concerned about their privacy and potential surveillance.
One of the non-profit's projects is Tor Messenger. The client, now released to the general public, is based on Instantbird, a messaging app which allows users to connect to separate messenger systems.
The Tor Project says Instantbird was chosen as its transport protocols are written in a "memory safe" language -- Javascript -- and already supports a number of languages, as well as the fact Instantbird is an XUL application. While the client lacked off-the-record (ORT) cryptographical protocol support, Tor has implemented the new features within the beta Tor messenger.
Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others are all supported through the beta client.
"This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor."
Tor Messenger beta is available for Windows, Mac and both 32-bit and 64-bit Linux.
In the future, the Tor Project team hopes to fix software issues and release updates on the same cycle as Mozilla's Extended Support Releases (ESR). There is also the possibility of future versions supporting encrypted Twitter direct messages, encrypted file transfer and automatic updates.

Number: IRCNE2015102671
Date: 2015/10/25

According to “computerworlduk”, spam emails containing the Dridex malware are being seen almost daily despite the arrest of one of its key operators in August.
Dridex, also referred to as Cridex or Bugat, is advanced malware that collects financial login details and other personal information that can be used to drain bank accounts.
The U.S. and U.K. said the Dridex botnet -- or the collection of computers infected with the malware -- had been disrupted following their operations.
Two weeks before the DOJ's announcement, Palo Alto Networks wrote that it noticed a drop in Dridex activity but that it resumed again around the start of October.
Often, those employing Dridex tricked people into downloading it by sending spam emails with malicious links or attachments, such as XML files and Microsoft Office documents.
Much of that activity has now resumed, wrote Brad Duncan, a security researcher with Rackspace, on the Internet Storm Center blog.
He wrote that there appear to be more files labeled as Dridex on VirusTotal, a repository of malware samples. Although some of the samples could mislabeled, it backs up what Palo Alto noticed.
"Plenty of us are seeing Dridex malspam on a near-daily basis now," Duncan wrote.

Number: IRCNE2015102670
Date: 2015/10/25

According to “itpro”, despite claiming to have fixed a security hole in Google Drive last year, criminals are still making use of a Google Drive phishing scam that can steal your email address and password in just a few taps.
Last year, it was revealed hackers were using fake Google Drive documents to force you to enter your email and password, but this year's attack seems to be more sophisticated.
You may receive an email from one of your contacts, granting you access to a document stored in Google Drive. Click on the link and you're taken to the normal Google Drive sign-in screen.
Then, after entering your username and password, you're asked to enter your verification - either your mobile phone number if you have one associated to your account, or your secondary email address.
When you've entered this information, you're forwarded to your Google Drive, but there's no document in sight. You've just had your details phished.
Symantec investigated into the flaw last year and found out the login page is actually hosted on Google's servers and is served on SSL, making it seem very convincing.
"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages," Symantec security expert Nick Johnston explained in a blog post.
However, it was reportedly fixed soon after, with Google saying: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password.
However, Chris Boyd, Malware Intelligence Analyst at Malwarebytes said using Google Docs to phish hasn't gone away and is still a popular way of stealing login details (and in this case, your phone number and secondary email too).
"More often than not, the contact details used in the emails are randomly lifted from websites, blogs and even other emails. If in doubt, try contacting the sender to confirm if what you're looking at is the real deal."

Number: IRCNE2015102669
Date: 2015/10/25

According to “computerworld”, South Korean organizations are being targeted in attacks with a new stealthy backdoor program that gives attackers full access to infected computers.
The malware has been dubbed Duuzer and while it's not exclusively used against targets in South Korea, it does seem that the hacker group behind it have a preference for that country's manufacturing industry, according to security firm Symantec.
Duuzer was designed to work on both 32-bit and 64-bit Windows versions and opens a back door through which attackers can gather system information; create, list and kill processes; access, modify and delete files; execute commands and more.
Once a computer is infected with Duuzer, the attackers will attempt to hide the malware by finding an existing application and mimicking it.
The Symantec researchers have found evidence that Duuzer is related to two other malware threats called Brambul and Joanap that have also been used in attacks against organizations from South Korea.

Number: IRCNE2015102668
Date: 2015/10/25

According to “computerworld”, just one cybercriminal group may be collecting the revenue from Cryptowall 3.0, a malicious program that infects computers, encrypts files and demands a ransom, according to a new study released on Thursday.
The finding comes from the Cyber Threat Alliance (CTA), an industry group formed last year to study emerging threats, with members including Intel Security, Palo Alto Networks, Fortinet and Symantec.
Cryptowall is among several families of "ransomware" that have posed a growing danger to businesses and consumers. If a computer is infected, its files are scrambled with strong encryption.
There is little recourse for those affected. The best defense is to ensure files are backed up and that the backup can't be reached by the attackers.
CTA studied Cryptowall 3.0, the latest version of the malware, which appeared earlier this year. Victims are instructed to pay in bitcoin and are supplied with an address for the bitcoin wallet controlled by the attackers.

شماره: IRCNE2015102675
تاريخ: 08/08/94

بنا به يافته هاي محققان، بيش از 900 دوربين CCTV به عنوان بات براي اختلال خدمات آنلاين استفاده مي شوند. با توجه به گروه تحقيقاتي Incapsula، دوربين هاي CCTV يكي از رايج ترين المان بات نت هاي مبتني برIoT مي باشد.
در حال حاضر حمله جديدي براي ايجاد اختلال در خدمات آنلاين راه اندازي شده است. با توجه به يافته هاي جديد يك نوع كمپين انكار سرويس توزيع شده راه اندازي شده است كه در هر ثانيه حدود 20000 درخواست را ارسال مي كند و بيشتر اين درخواست ها متعلق به دوربين هاي CCTV است.
تمامي دستگاه هاي در معرض خطر در حال اجراي BusyBox، ابزار كم نور يونيكس طراحي شده براي سيستم هاي با منابع محدود مي باشند. پس از آنكه مهاجم از طريق اعتبارنامه هاي پيش فرض به دوربين دسترسي يافت، يك نوع از بدافزار ELF Bashlite را نصب مي كند.
پس از شناسايي دستگاه، بدافزا مي تواند باز بودن خدمات Telnet/SSH كه مستعد راه اندازي حملات brute force dictionary را جستجو كند. اين نوع بدافزار نيز مي تواند براي راه اندازي حملات DDoS استفاده شود.
يك راه ساده براي جلوگيري از وقوع چنين حملاتي و عدم دسترسي مهاجمان به اين نوع دوربين ها تغيير نام كاربري و رمز عبور پيش فرض دستگاه مي باشد.

شماره: IRCNE2015102674
تاريخ: 08/08/94

كاربراني كه رايانه آن ها به بدافزارهاي گروگان گير CoinVault و Bitcryptor آلوده شده است خوش شانس هستند زيرا به احتمال زياد مي توانند بدون پرداخت وجه فايل هاي خود را بازيابي كنند.
محققان كسپراسكي آخرين تنظيم كليدهاي رمزگذاري از سرورهاي دستور و فرمان كه توسط بدافزارهاي گروگان گير CoinVault و Bitcryptor استفاده مي شوند را بدست آوردند.
اين كليدها در سرويس رمزگشايي بدافزارهاي گروگان گير كسپراسكي آپلود شده است. بدافزار گروگان گير CoinVault براي اولين بار در نوامبر 2014 توسط محققان كسپراسكي شناسايي شد. در ماه آوريل NHTCU از پليس هلند برخي كليدهاي رمزگشايي را شناسايي كرد

شماره: IRCNE2015102673
تاريخ: 08/08/94

Xen Project چندين آسيب پذيري را در نرم افزار مجازي سازي معروف خود اصلاح كرده است. يكي از اين آسيب پذيري ها مي تواند به طور بالقوه به مهاجم اجازه دهد تا به ماشين مجازي نفوذ كرده و كنترل سيستم ميزبان را در اختيار بگيرند.
آسيب پذيري هايي كه لايه هاي ايزوله بين ماشين هاي مجازي را مي شكند جدي ترين نوع آسيب پذيري براي hypervisor مانند Xen مي باشد.
اصلاحيه هاي منتشر شده براي Xen در مجموع نه آسيب پذيري را برطرف مي كند اما يك آسيب پذيري افزايش سطح دسترسي شناسايي شده با CVE-2015-7835 جدي ترين آسيب پذيري مي باشد.
اين مشكل تنها مي تواند توسط ادمين هاي خرابكار از ماشين مهمان PV و بر روي سيستم هاي 32 بيتي مورد سوء استفاده قرار بگيرد. Xen نسخه 3.4 و نسخه هاي بعد از آن تحت تاثير اين آسيب پذيري قرار دارند.

شماره: IRCNE2015102672
تاريخ: 08/08/94

Tor Project نسخه بتاي نرم افزار Tor Messenger را براي استفاده ساده از پيام هاي رمزگذاري شده كلاينت براي كساني كه نگران حريم خصوصي خود مي باشند راه اندازي كرد.
يكي از پروژه هاي خصوصي، Tor Messenger مي باشد. كلاينت آن بر اساس Instantbird بوده كه برنامه پيام رساني است كه به كاربر اجازه مي دهد تا به سيستم هاي مجزاي پيام رساني متصل شود.
Tor Project اعلام كرد Instantbird به عنوان پروتكل انتقال انتخاب شده است و به زبان جاوا اسكريپت نوشته شده و برخي زبان ها را پشتيباني مي كند.
Jabber، IRC، Google Talk، چت فيس بوك، توييتر، ياهو و ساير برنامه هاي پيام رساني از طريق كلاينت بتا قابل پشتيباني هستند.
برنامه Tor Messenger در مدل كلاينت سرور مي باشد و بدين معناست كه ابر داده كاربر مي تواند به سرور لاگين شود. با اينحال، مسير كاربر به سرور پنهان خواهد شد زيرا بر روي شبكه Tor اين ارتباط برقرار مي شود. نسخه بتاي اين برنامه براي ويندوز، مكينتاش و نسخه 32 بيتي و 64 بيتي لينوكس در دسترس مي باشد.
در آينده گروه Tor Project اصلاحيه هايي را به صورت دوره اي منتشر خواهد كرد. هم چنين قابليت هايي شامل پشتيباني از پيام هاي رمزگذاري شده توييتر، انتقال فايل رمزگذاري شده و به روز رساني خودكار به اين نرم افزار اضافه خواهد شد.