Number: IRCNE2015082614
Date: 2015/08/30

According to “zdnet”, a security researcher has discovered security problems in the Dolphin and Mercury mobile browsers.
Benjamin Watson, blogging under the name Rotlogix, revealed the existence of vulnerabilities within the Android-based mobile browsers. Last week, the security researcher said the flaws could lead to remote code execution or arbitrary read/write access.
Mobotap's Dolphin Browser for Android is a highly customisable browser for smartphones and mobile devices, including search bar tailoring and themes. Following Chrome and Firefox, the browser app is one of the most popular mobile browsers for the Android OS and boasts between 50 million and 100 million installations.
According to Watson, when new themes are downloaded, the files are transferred over HTTP as a standard .zip file under the extension .dwp. Through the use of a simple script, the downloaded theme can be intercepted and injected with a modified, malicious theme, which in turn allows for an arbitrary write in the Dolphin data directory.
The .zip payload can then be crafted to exploit the unzipping process of the browser theme. The researcher found that a malicious library could be uploaded to overwrite the original browser library, libdolphin.so, paving the way for full remote code execution.
When the malicious theme is applied, "full blown code execution" is possible, according to the researcher.
The Mercury browser also captured the security researcher's attention, and was discovered to be vulnerable to arbitrary reading and writing of files in the browser's data directory.
Watson recommends that in both cases users avoid downloading and applying new themes, and they should also consider using a different browser altogether until patches have been issued.

Number: IRCNE2015082613
Date: 2015/08/28

According to “zdnet”, BitTorrent has taken rapid steps to mitigate a flaw which could divert user traffic to launch reflective DDoS attacks.
The flaw, reported by Florian Adamsky at the USENIX conference in Washington, D.C., affects popular BitTorrent clients such as uTorrent, Mainline and Vuze, which were known to be vulnerable to distributed reflective denial-of-service (DRDoS) attacks.
According to the researchers from City University London, BitTorrent protocols could be exploited to reflect and amplify traffic from other users within the ecosystem -- which could then be harnessed to launch DRDoS attacks powered up to 120 times the size of the original data request.
The team said in a paper documenting the vulnerability that BitTorrent protocols Micro Transport Protocol (uTP), Distributed Hash Table (DHT), Message Stream Encryption (MSE) and BitTorrent Sync (BTSync) are exploitable.
On Thursday, Vice President of Communications at BitTorrent Christian Averill said in a blog post no attack using this method has been observed in the wild and as the researchers informed the BitTorrent team of the vulnerability ahead of public disclosure, this has given BitTorrent the opportunity to "mitigate the possibility of such an attack."
Regarding BTSync, BitTorrent says the severity of the vulnerability -- even before recent updates were applied to the protocol -- mitigated the risk of this vulnerability. In order to exploit the security weakness, an attacker would have to know the Sync user, identifiers would have to be made public, and the protocol's design ensures that peers in a share are limited -- keeping the potential attack scale down.

شماره: IRCNE2015082612
تاريخ:06/07 /94

GitHub در حال مقابله با حملات DDoS جديدي است كه اخيرا عليه خدمات اين شركت راه اندازي شده است.
روز سه شنبه گروه وب سايت GitHub متوجه شدند كه هدف حملات انكار سرويس توزيع شده قرار گرفتند. اين حملات شامل ارتباط ربايي ترافيك اينترنتي از طريق بدافزار يا مرورگرها مي شود و مي توان از اين ترافيك براي اهداف خرابكارانه استفاده كرد. حملات DDoS، روش رايجي براي از كار انداختن وب سايت ها است و مي تواند براي پوشاندن حملات نفوذ به شبكه مورد استفاده قرار بگيرد و باعث سردرگمي گروه هاي امنيتي شود.
يكساعت پس از شناسايي حمله، اين گروه سعي در بازگرداندن عملكرد سرويس داشتند اما زمان پاسخ وب سايت كند بود. روز چهارشنبه اين وب سايت مجددا هدف حمله DDoS قرار گرفت.
با توجه به محتويات ذخيره شده در GitHub، اين وب سايت چندين دشمن دارد و بنابراين مواجه شدن با چنين حملاتي عجيب نيست. در ماه مارس امسال، اين سايت قرباني حملات DDoS شد و به مدت يك هفته خدمت رساني اين وب سايت دچار اختلال شد.
هم چنان مشخص نيست كه چرا اين وب سايت مجددا هدف حمله قرار گرفته است و مبدا اين حملات از كجا نشات مي گيرد.

شماره: IRCNE2015082611
تاريخ:06/06 /94

يك آسيب پذيري امنيتي كه به برنامه هاي مخرب اجازه مي دهد تا بدون محدوديت زماني در پيش زمينه دستگاه هاي iOS اجرا شود توسط اپل اصلاح شد.
اين آسيب پذيري كه Ins0mnia ناميده شده است به برنامه هاي كاربردي iOS اجازه مي دهد تا در پيش زمينه يك دستگاه اپل حتي پس از آنكه فرآيند توسط كاربر خاتمه پيدا مي كند به اجراي خود ادامه دهد و در جدول وظائف ديده نشود.
آسيب پذيري Ins0mnia به برنامه هاي كاربردي اجازه مي دهد تا كنترل هاي طراحي شده توسط اپل شامل محدوديت هاي پيش زمينه و پروتكل هاي اتمام زمان برنامه را دور زنند. كد سوء استفاده از اين آسيب پذيري باعث مي شود تا سيستم فكر كند كه در حال اشكال زدايي است و در نتيجه تمامي ويژگي هاي مروبط به اتمام زمان در رابطه با برنامه مخرب را معلق مي كند.
در اين حالت برنامه مخرب مي تواند در پيش زمينه اجرا شود و اطلاعات كاربر را براي مدت زمان نامحدود به سرقت ببرد هم چنين مي توان از اين آسيب پذيري براي مختل كردن عملكرد دستگاه و عمر باتري استفاده كرد.
شركت اپل اين مشكل را در نسخه 8.4.1 سيستم عامل iOS اصلاح كرده است.

شماره: IRCNE2015082610
تاريخ:06/06 /94

شركت ادوب يك برطرف كننده فوري براي ColdFusion منتشر كرده است كه همان آسيب پذيري از دست دادن داده را كه اخيرا در چارچوب كاري برنامه LiveCycle Data Services اصلاح شده است را برطرف مي كند.
روز پنج شنبه، شركت ادوب يك اصلاحيه فوري را منتشر كرد كه چلوي سوء استفاده از مساله XXE با شناسه CVE-2015-3269 را بگيرد.
در راهنمايي امنيتي ادوب آمده است كه اين برطرف كننده مساله اي در رابطه با تجزيه ورودي هاي خارجي XML دستكاري شده در BlazeDS را كه مي تواند منجر به افشاي اطلاعات شود برطرف مي كند.
با توجه به پايگاه داده آسيب پذيري، اين مساله در رده امنيتي متوسط قرار دارد و در المان Apache Flex BlazeDS از LCDS و ColdFusion شناسايي شده است.
اين آسيب پذيري نرم افزار ColdFusion نسخه 10 به روز رساني 16 و نسخه هاي پيش از آن و ColdFusion نسخه 11 به روز رساني 5 و نسخه هاي پيش از آن را تحت تاثير قرار مي دهد.
در حال حاضر سوء استفاده از اين آسيب پذيري گزارش نشده است اما شركت ادوب توصيه مي كند تا ادمين ها محصولات خود را تا 30 روز آينده به يك نسخه اصلاح شده به روز رساني نمايند.

Number: IRCNE2015082612
Date: 2015/08/28

According to “zdnet”, GitHub has been working to mitigate a new DDoS attack levied against the service this week.
The code repository, used to host code ranging from security systems to application frameworks as well as data dumps, was made aware of connectivity problems on Tuesday at approximately 10.40 BST. Following an investigation into the issue, the website's team realized they were under a distributed denial-of-service (DDoS) attack, yet again.
DDoS attacks involve hijacking Internet traffic, whether through malware or browsers, and turning this traffic to an unintended target.DDoS is a common technique for disrupting websites, and may also be used as a way to distract security teams while more severe network intrusion occurs.
According to a GitHub service report, An hour later, GitHub began pushing back in an attempt to mitigate the DDoS attack, and response times were slower than usual while repairs and restoration were undertaken. At 13.52 BST, service was restored. On Wednesday, systems reported at 100 percent, suggesting the attack is now over.
GitHib has earned itself a few enemies due to content stored on the website, and so DDoS attacks are not necessarily surprising. In March this year, the site became the victim of a DDoS attack lasting close to a week.
It is not yet known why GitHub is yet again under assault, or where the DDoS attack originated from.

Number: IRCNE2015082611
Date: 2015/08/28

According to “zdnet”, a security flaw which permitted malicious applications to run in the background of iOS devices for an unlimited amount of time has been patched by Apple.
The vulnerability, dubbed Ins0mnia by FireEye researchers, allowed iOS applications to continue to run in the background of an Apple device even when the process was terminated by the user and no longer visible in the task switcher -- bypassing Apple background restrictions and timeout protocols.
However, the Ins0mnia vulnerability allows applications to bypass these Apple-imposed controls. The exploit fools the device into believing the system is being debugged, and therefore the system suspends any timeout features relating to the malicious app.
The malicious app could then run in the background and steal user data for an unlimited amount of time, and could also be used to hamper device performance and battery life.
Apple has been informed of the vulnerability and patched the problem in iOS version 8.4.1, released earlier this month.

Number: IRCNE2015082610
Date: 2015/08/28

According to “zdnet”, Adobe has issued a hotfix for ColdFusion which fixes the same data loss flaw recently patched in the LiveCycle Data Services application framework.
On Thursday, Adobe issued a hotfix which prevents the exploit of CVE-2015-3269, an XML External Entity (XXE) issue.
"This hotfix resolves an issue associated with the parsing of crafted XML external entities in BlazeDS that could lead to information disclosure," the security advisory states.
According to the National Vulnerability Database, the medium-severity issue is found within the Apache Flex BlazeDS element of Adobe LiveCycle Data Services (LCDS) and ColdFusion.
If exploited, the flaw could allow remote attackers to read arbitrary files through the parsing of crafted XML external entities.
Discovered by Matthias Kaiser of German cybersecurity firm Code White, the issue affects ColdFusion 10, update 16 and earlier versions, and ColdFusion 11, update 5 and earlier.
There are currently no known exploits, but Adobe recommends that administrators ensure their products have been updated within the next 30 days.

Number: IRCNE2015082609
Date: 2015/08/24

According to “zdnet”, a vulnerability which exploited iOS mobile device management (MDM) solutions was able to expose enterprise credentials used by apps and for corporate server access has been patched.
Last week, the iPad and iPhone maker fixed the 'Quicksand' flaw, CVE-2015-5749, which utilizes a third-party sandbox flaw to harvest credentials used by enterprise mobile applications.
According to mobile security firm Appthority, the previously unknown flaw impacts on MDM clients as well as any applications which are distributed through an MDM's Managed App Configuration settings, used to configure and store settings and data.
However, a recently-discovered sandbox vulnerability within iOS allowed a mobile app or the MDM vendor app itself to monitor this sensitive data. As credentials are stored in a world readable format, any application exploiting this flaw can review the information sent by IT departments.
In a security advisory, Appthority's Enterprise Mobility Threat Team said this flaw could lead the way for threat actors to use spear-phishing or develop an app which has a chance of being installed on an unpatched enterprise device -- such as a productivity software -- which monitors the MDM stream for settings being written to the world-readable directory.
The vulnerability then allows malicious apps, distributed through iTunes, to harvest this data and send it back to the attacker.
"Because all apps have access to the directory, it could hide in plain sight and operate as one of the many legitimate apps that have access to the directory in question," the security team says.
In terms of severity, it depends on the specific enterprise user and whether corporate e-mail and business documents, as well as browser apps to access enterprise networks are involved. After running a global sweep of apps on enterprise-managed devices, Appthority says that 67 percent of apps reliant on configuration through MDM referenced server authentication tokens, which could become a serious security risk to businesses.
Appthority worked with Apple's security team to patch the flaw, and the vulnerability was resolved in the latest iOS 8.4.1 update. Users are encouraged to install the latest update to avoid becoming a victim of this vulnerability.

شماره: IRCNE2015082609
تاريخ:06/02 /94

يك آسيب پذيري كه از راه حل MDM دستگاه تلفن همراه iOS سوء استفاده مي كند مي تواند به مهاجمان اجازه دهد تا اعتبارنامه هاي استفاده شده توسط برنامه هاي كاربردي را فاش نمايند و به سرور سازمان ها دسترسي يابند.
هفته گذشته شركت اپل مشكل 'Quicksand' را كه از مشكل sandbox استفاده مي كرد تا اعتبارنامه هاي استفاده شده توسط برنامه هاي تلفن همراه را جمع آوري كند برطرف كرد.
با توجه به شركت امنيتي Appthority، مشكل شناخته شده قبلي كلاينت هاي MDM و هر برنامه كاربردي كه از طريق تنظيماتMDM's Managed App Configuration توزيع مي شود را تحت تاثير قرار مي دهد.
اما آسيب پذيري شناخته شده جديد به برنامه تلفن همراه يا برنامه MDM اجازه مي دهد تا داده هاي حساس را نظارت كنند. از آنجايي كه اعتبارنامه ها در قالب قابل خواندن ذخيره مي شوند هر برنامه اي كه مي تواند از اين آسيب پذيري سوء استفاده كند مي تواند به اطلاعات ارسال شده توسط دپارتمان IT دسترسي يابد.
در راهنمايي امنيتي آمده است كه اين آسيب پذيري مي تواند توسط مهاجمان براي اجراي حملات سرقت هويت يا توسعه برنامه اي كه بر روي دستگاه هاي به روز نشده سازمان نصب شوند مورد سوء استفاده قرار بگيرد. سپس اين آسيب پذيري به برنامه خرابكار اجازه مي دهد تا از طريق iTunes توزيع شود و داده ها را جمع آوري كرده و براي هكر ارسال كند.
اين آسيب پذيري در آخرين به روز رساني iOS 8.4.1 اصلاح شده است. به كاربران توصيه مي شود تا اين به روز رساني را نصب نمايند.