Number: IRCNE2015042467
Date: 2015/04/08

According to “itpro”, security researchers have uncovered a flaw in temporary Wi-Fi connections - such as those in hotels or conference systems - that could allow hackers to tamper with the network and gain access to systems using it.
The CVE-2015-0932 vulnerability was found in 277 hotel, conference centre and data centre Wi-Fi networks that use ANTLabs InnGate devices, allowing hackers to carry out attacks similar to the DarkHotel incidents at the end of last year.
Using an unauthenticated rsync daemon running on TCP 873, the hacker can gain read and write priveleges in any Linux-based operating system, experts at Cylance said, folllowing the study.
Brian Wallace, senior researcher and software engineer at Cylane, said in a blog post: "When an attacker gains full read and write access to a Linux file system, it’s trivial to then turn that into remote code execution.
"The attacker could upload a backdoored version of nearly any executable on the system and then gain execution control, or simply add an additional user with root level access and a password known to the attacker. Once full file system access is obtained, the endpoint is at the mercy of the attacker."
Justin W. Clarke, senior security researcher on the Cylance Spear (Sophisticated Penetration Exploitation and Research) team said: "Given that the ANTlabs’ product integrates with external systems, such as a hotel’s PMS, this vulnerability could be leveraged to gain deeper access into a hotel’s business network.

Number: IRCNE2015042466
Date: 2015/04/08

According to “itpro”,a Trojan is targeting firms in the energy industry, infiltrating systems in a bid to gather information about a company’s operations.
The malware, discovered by researchers working at Symantec, found that most of the attacks involved victims in the petroleum, gas and helium industries, especially those based in the United Arab Emirates, which accounted for one in four attacks.
Christian Tripputi said the attacks were detected in the first couple of months this year and the Trojan looks to create a beachhead on energy firms before sending in further malware to gather further information about the victims.
The initial infection vector involves the use of spam emails coming from the moneytrans[.]eu domain, which acts as an open relay Simple Mail Transfer Protocol (SMTP) server, according to Tripputi.
“These emails include a malicious attachment packed with an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158),” he said. “This vulnerability has been exploited in many different attack campaigns in the past, such as Red October.”
Tripputi added that the stolen data “enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack”.
If the victim organisation is deemed to be interesting, additional Trojans and backdoors would then be installed.
“The attackers distributed customised copies of Backdoor.Cyberat and Trojan.Zbot which are specifically tailored for the compromised computer’s profile,” said Tripputi.
He said that threats were downloaded from a few servers operating in the US, UK, and Bulgaria.
The security researcher said the group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market.
“However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind. From the attacker’s perspective, they don’t always need to have the latest tools at their disposal to succeed,” he said. “All they need is a bit of help from the user and a lapse in security operations through the failure to patch.”

Number: IRCNE2015032458
Date: 2015/03/20

According to “zdnet”,two "high" severity flaws have been fixed in the latest version of OpenSSL.
The development project released versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf on Thursday after a number of flaws were reported privately.
One of the most severe flaws could be exploited to launch a denial-of-service attack against a server running the affected 1.0.2 version of the software.
The second flaw was initially classified as "low" priority, but was upgraded after recent studies showed that server RSA export ciphersuite support is not as rare as first thought.A total of 12 vulnerabilities were patched in this release.
OpenSSL serves as one of the most popular open-source and widely available toolkits for implementing SSL and TLS. It's deployed at some of the largest and best-known services, including Facebook, Google, Yahoo, and across the federal government.

Number: IRCNE2015032458
Date: 2015/03/20

According to “itpro”, millions of Android devices have been found vulnerable to cyber attack following a security flaw allowing malware to replace legitimate apps, hacker Zhi Xu has found.
Almost half of Android phones may be affected, with the flaw allowing dangerous malicious apps to be downloaded without the user's knowledge, collecting personal data from the infected device.
Xu, a senior staff engineer at Palo Alto Networks, says: “The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data.”
According to the report, 49.5 per cent of Android users are still vulnerable to the threat despite patches released by Google and manufacturers such as Samsung and Amazon attempting to tackle the problem.
Applications affected only include those installed via a third-party app store, with the flaw allowing the APK file to be modified by the malware during the installation process.
The flaw was actually first found in January 2014, but the number of devices left vulnerable has dropped from 89.4 per cent to just below 50 per cent (as of march 2015) in the interim.
Users have been advised to update their phones to Android 4.1 or above to avoid being affected, though the report warns those running on Android 4.3 that they may also be open to attack.

Number: IRCNE2015032457
Date: 2015/

According to “itpro”,Apple has put out new versions of its Safari web browser for OS X to fix a number of vulnerabilities that could enable hackers to run malicious code on a Mac.
In a security advisory, Apple warned that 17 bugs affect Safari 8.0.4 for OS X 10.10 Yosemite, Safari 7.1.4 for OS X 10.9 Mavericks and Safari 6.2.4 for OS X 10.9 Mavericks.
The first patch fixes a number of memory corruption problems in WebKit that could lead to an unexpected application termination or arbitrary code execution. Apple said that these issues were addressed through improved memory handling.
The second vulnerability concerned a user interface inconsistency in Safari itself that could prevent users from discerning a phishing attack. An attacker could misrepresent the URL in the browser, folling the user into thinking a website was genuine. Apple said this was fixed by improving user interface consistency checks.
Users can download the latest Safari versions 8.0.4, 7.1.4 and 6.2.4 for free through Software Update.
Apple did not give any further detail on the bugs or whether they had been exploited by criminals.

Number: IRCNE2015032456
Date: 2015/

According to “itpro”, research by Kaspersky has revealed businesses fear losing clients as a result of DDoS attacks, although the construction industry is more concerned about the cost of eradicating threats.
A survey conducted by the security firm in partnership with B2B International revealed 26 per cent of companies thought the problems caused by such attacks were long-term, meaning they could lose current or prospective clients as a result.
23 per cent said they were concerned a DDoS attack would cause reputational issues, while 19 per cent thought the risk of losing current customers who were not able to access services as a result of an outage was the biggest threat to business.
The research revealed that only 37 per cent of the companies surveyed had measures already in place to protect against DDoS attacks.
Of those surveyed, the majority of telecoms, e-commerce, utilities, utilities and industrial companies viewed the loss of business as the main DDoS risk, while construction and engineering verticals explained they were concerned about the cost of implementing backup systems most.

Number: IRCNE2015032455
Date: 2015/03/18

According to “itpro”, more than one billion personal records were leaked online in 2014, according to IBM’s security research team.
The total is 25 per cent higher than the 800 million personally identifiable information (PII) records leaked in 2013, the X-Force team revealed yesterday.
The experts called 2014 a “white knuckle rollercoaster ride” in which data breaches, malware and mobile app vulnerabilities all contributed to the huge volume of data exposed.
However, three overarching themes emerged – weak passwords, critical vulnerabilities in operating systems, and sensitive photos stored on cloud services.
“Breaches and security incidents were being announced so rapidly in 2014 that many struggled to keep up.
The majority of data was stolen from US companies such as Sony, which suffered embarrassing email leaks alongside unreleased films and staff data.
IBM referred to vulnerabilities including Shellshock, and this year’s newly discovered FREAK, adding that good old-fashioned malware continued to play its part, with cyber criminals using it to hit banking firms and other industries.
It also found that ransomware became more popular in 2014, with hackers either threatening sites with DDoS attacks or encrypting a user’s data until a fee is paid.

Number: IRCNE2015032451
Date: 2015/03/18

According to “computerworld”, new versions of OpenSSL will be released on Thursday to patch several security vulnerabilities, one of which is considered highly serious, according to the OpenSSL Project Team.
An advisory published on Monday did not give further details of the vulnerabilities, presumably so as not to tip off hackers and to give some organizations time to add the patch.
The updates will be included in OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, the advisory said.
A number of serious problems have been found over the last year in OpenSSL, a widely used open-source software that encrypts communications using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocol, a cornerstone of Web security.
OpenSSL has been undergoing a security audit since the Heartbleed flaw was found in April 2014, a serious vulnerability that leaked memory from a server, potentially exposing login credentials, cryptographic keys and other private data.
The software was also affected by FREAK, a flaw revealed earlier this month that can allow an attacker to initiate a weaker type of encrypted connection that can be compromised more easily.

Number: IRCNE2015032450
Date: 2015/03/16

According to “zdnet”, this month's Patch Tuesday is one of the biggest in recent memory, with 14 separate security-related updates going out via Microsoft's update channels. All but two of the updates are for Windows. (Depending on your OS, you'll find a large number of non-security-related updates as well. More details on those when I get them.)
Five updates (four for Windows and one for Office) are rated Critical. The remaining nine are rated Important, all for Windows except for a lone Exchange Server patch.
Two of the fixes are for vulnerabilities that have already been publicly disclosed. The good news for Microsoft's Security Response team is that they've cleared all open issues from the Google Project Zero list.
MS15-018 is a Cumulative Security Update that addresses an even dozen vulnerabilities and affects all supported versions of Internet Explorer. It includes the fix for a cross-site scripting vulnerability that was publicly disclosed prior to February's Patch Tuesday but didn't make last month's fixes.
MS15-019 repairs a scripting vulnerability in some older Windows versions; it doesn't affect Windows 7 and later desktop versions or the equivalent server versions, Windows Server 2012 and 2012 R2.
MS15-020 fixes a flaw in the way Microsoft Text Services handles objects in memory and how Microsoft Windows handles the loading of DLL files.
MS15-021 addresses an issue with the Adobe Font Driver. Both vulnerabilities could theoretically allow remote code execution, although Microsoft's summaries say that possibility is unlikely.
MS15-022 applies to all supported Microsoft Office versions (2007, 2010, and 2013), as well as the server-based Office Web Apps and SharePoint Server products. It fixes three known vulnerabilities in Office document formats as well as multiple cross-site scripting issues for SharePoint Server. The worst outcome allows remote code execution.
And then there's MS15-031, which fixes the widely publicized (and cross-platform) Schannel vulnerability, more popularly known as the FREAK technique. This update means Microsoft and Apple platforms are secured, while vulnerable Android versions have yet to be patched. (Update: It took about 36 hours extra, but this patch is now available for Internet Explorer in Windows 10 Technical Preview build 9926. It's reasonable to assume the fix will be built into the next preview release.)
Systems with Internet Explorer 11 (which includes all Windows 8.1 installations) are also receiving an update to the built-in Flash Player code. The security issues fixed by this update are addressed in a separate bulletin, not yet available from Adobe. Oh, and this month's update to the Malicious Software Removal Tool reportedly removes the unwanted Superfish certificate from Lenovo PCs.

Number: IRCNE2015032449

Date: 2015/03/16

According to “zdnet”, Adobe has issued patches for security vulnerabilities in Flash Player -- 11 of which are deemed critical.
On Thursday, Adobe issued its latest set of security updates for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the software giant.
The patches solve memory corruption vulnerabilities and type confusion vulnerabilities which could lead to remote code execution, vulnerabilities which could cause the bypass of cross-domain policies, as well as security issues which allow the circumvention of file upload restriction. In addition, other updates fix an integer overflow vulnerability and use-after-free vulnerabilities which could lead to remote code execution.
Adobe recommends that users update their products to the latest versions. Windows and Mac users of the Adobe Flash Player desktop runtime should update to Adobe Flash Player 17.0.0.134, users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277, and users of the Adobe Flash Player for Linux need to update to Adobe Flash Player 11.2.202.451.
Google Chrome users with Flash Player enabled, as well as users of Internet Explorer on Windows 8.x with the software will see an automatic update to version 17.0.0.134.
Adobe Flash Player version 16.0.0.305 and previous versions, as well as 13.0.0.269, 11.2.202.442 and both earlier 11.x and 13.x are affected by the latest security patch.