ID: IRCNE2015012410
Date: 2015-01-26

According to “EWeek”, The risk of unpatched software is one that WordPress understands well and is taking aggressive steps to mitigate.
WordPress is a popular open-source content management and blogging system that is available in a hosted model on WordPress.com and as a self-hosted application that users can choose to host wherever they want. WordPress.com also offers the Jetpack plug-in for self-hosted WordPress users, which provides multiple services to help users manage and secure sites. WordPress is now beginning to disconnect self-hosted sites that have not updated the Jetpack plug-in.
"Last spring, we discovered a vulnerability in Jetpack and have been hard at work helping users update their sites to a secure version," WordPress wrote in an email sent to affected site administrators. "Your site has been running an old, highly insecure version (1.9.2) of the Jetpack plugin. To keep your site secure, we have disconnected it from WordPress.com."
The Jetpack 1.9 plug-in was first released in October 2012 and has been updated multiple times since. In April 2014, the Jetpack 2.9.3 update was released, providing a critical security update that fixed a vulnerability that impacted all versions of Jetpack from 1.9 and up. The vulnerability could have potentially enabled an attacker to bypass access controls and publish unauthorized posts.
Jetpack is a particularly valuable plug-in for self-hosted WordPress users in that it provides statistics, social media and site management features. More specifically on the security front, the Jetpack 3.3 update, which was released on Dec. 16, 2014, enables users to manage plug-in updates automatically. That is, with Jetpack 3.3 installed on a self-hosted WordPress CMS, a site administrator can choose to enable a feature that will automatically keep the self-hosted site's plug-ins updated.
The risk of outdated WordPress plug-ins is nontrivial. In December 2014, more than 100,000 WordPress sites were infected with the SoakSoak malware by way of an unpatched vulnerable plug-in.
WordPress has taken steps to help keep the core WordPress application updated as well. Starting with the WordPress 3.7 update that came out in October 2013, self-hosted WordPress sites are automatically updated to fix critical security vulnerabilities in WordPress.

ID: IRCNE2015012409
Date: 2015-01-26

According to “CNet”, People with Android smartphones and tablets running older versions of the mobile operating system -- around 60 percent of all Android users -- are going to have to live with a security flaw Google has decided not to fix.
A known security bug in the default, unbranded Web browser for Android 4.3 Jelly Bean and older versions of Google's mobile OS will go unpatched, Google's chief of security for Android wrote in aGoogle+ post on Friday.
"Keeping software up to date is one of the greatest challenges in security," Adrian Ludwig wrote. Because the browser app is based on a version of the WebKit browser engine that's now more than two years old, fixing the vulnerability in Android Jelly Bean and earlier versions is "no longer practical to do safely," he wrote.
Google confirmed on Saturday that Ludwig's post is the company's official position on the matter.
The company's decision has upset security experts, who worry hackers will be able to easily target the hundreds of millions of people using phones and tablets that run older versions of Android. Ludwig contends the number of people potentially affected by the vulnerability is "shrinking every day." But for security professionals, it's just not shrinking fast enough.
According to Google's own Android usage numbers, 39.1 percent of its smartphones and tablets run a newer, unaffected version of Android: 4.4 KitKat. The most recent version of the operating system, Android 5.0 Lollipop released in November, makes up less than one-tenth of 1 percent of Android devices in use. That means about 60 percent of Android devices run versions of the OS that included the susceptible browser by default.
Ludwig recommends people on Android 4.3 or older use a different Web browser. He suggests Google Chrome, which works on Android 4.0 Ice Cream Sandwich and newer, or Mozilla Firefox, which works on Android 2.3 Gingerbread and newer.

Number: IRCNE2015012408
Date: 2015/01/26

According to “zdnet”, Google's Project Zero security team have revealed the existence of three zero-day vulnerabilities found in Apple's OS X, following the disclosure of flaws in Microsoft's Windows operating system.
Over the past several days, the tech giant's Project Zero scheme has released details concerning three OS X security issues the team have dubbed severe.
The first flaw, "OS X networkd "effective_audit_token" XPC type confusion sandbox escape," which involves circumvention of commands in the network system, may be mitigated in OS X Yosemite, but there is no clear explaination of whether this is the case. The second vulnerability documents "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator," and finally, the third, "OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice." includes an exploit related to OS X's kernel structure.
While each flaw requires an attacker to have access to a targeted Mac, each vulnerability could contribute to a successful attempt to elevate privilege levels and take over a machine. Each vulnerability disclosure, as with any disclosed by the Project Zero team, includes a proof-of-concept exploit.
The vulnerabilities have been reported to Apple but the flaws have not been fixed. Once Project Zero's 90-day deadline passes, details of vulnerabilities found in systems are automatically released into the public domain.
This isn't the first time Google's Project Zero has published vulnerabilities which are yet to be fixed. In the past several weeks, the tech giant's security team has published three separate security flaws in Microsoft's Windows operating system, which were unpatched at the time.

ID: IRCNE2015012407
Date: 2015-01-26

According to “ComputerWorld”, Attackers are using compromised websites to exploit a new and currently unpatched vulnerability in Flash Player, a malware researcher has reported.
The new exploit was observed in drive-by-download attacks launched with an exploit kit called Angler, according to an independent researcher who uses the online alias Kafeine.
Exploit kits are malicious Web applications that contain exploits for vulnerabilities in browsers and browser plug-ins such as Java, Flash Player, Adobe Reader and Silverlight. Attackers silently redirect users' browsers to exploit kit installations by inserting rogue code in compromised websites and malicious advertisements.
The kits choose which exploits to load from their arsenal depending on the visitor's browser and installed plug-ins. If successful, the exploits install malware. It's known as a drive-by-download attack and is typically transparent to users.
Exploit kits usually target known vulnerabilities, which is why it's important to keep browser plug-ins like Flash Player up to date. But that doesn't help if attackers have an exploit for a zero-day vulnerability -- one that's not been patched yet by the software vendor.
Zero-day exploits are valuable to hackers, which is why they're more commonly used in targeted attacks where the stakes are higher and the goal is usually cyberespionage. It's unusual to see them in mass attacks like those performed with Angler and other exploit kits.
The new zero-day exploit used in Angler worked successfully on the latest Flash Player version on Windows 7 with Internet Explorer 8, Windows 8 with Internet Explorer 10, and Windows XP with IE 6 to 9, Kafeine said in a blog post. Disabling Flash Player for some days might be a good idea, he said.
Adobe is aware of the report and investigating the claims, a spokeswoman said via email. However, Kafeine claims he shared the exploit with the company, and that Adobe has confirmed it.

شماره: IRCNE2015012406
تاريخ: 05/11/93

به روز رساني هاي بحراني اوراكل شامل به روز رساني هاي امنيتي و اصلاحيه هايي براي 169 مشكلي كه محصولات جاوا، Fusion Middleware، Enterprise Manager و MySQL را تحت تاثير قرار مي دهند، مي شود. هم چنين اين به روز رساني ها شامل اصلاح هشت آسيب پذيري در پايگاه داده اوراكل مي شود.
در مجموع 36 اصلاحيه جديد براي محصولات Oracle Fusion Middleware منتشر شده است و اكثر آن ها در رده امنيتي بسيار بالا قرار دارند. دو آسيب پذيري اصلاح شده در اين به روز رساني ها مي توانند باعث شوند تا افراد خرابكار كنترل سرور را در اختيار بگيرند.
10 اصلاحيه جديد مربوط به بسته Oracle E-Business، شش اصلاحيه مربوط به بسته Oracle Supply Chain، هفت اصلاحيه براي Oracle PeopleSoft Enterprise، يك به روز رساني براي Oracle JDEdwards EnterpriseOne، 17 اصلاحيه براي Oracle Siebel CRM و دو به روز رساني براي Oracle iLearning مي باشد.
از 19 آسيب پذيري، 15 مشكل مربوط به كلاينت ها، دو مشكل مربوط به كلاينت و سرور و دو مشكل مربوط به JSSE مي باشد. مهم ترين تهديدات شامل اجراي كد دلخواه و در اختيار گرفتن كنترل سرور مي شود در نتيجه داده هاي حساس كاربران در معرض خطر قرار مي گيرد و هم چنين اين آسيب پذيري ها به مهاجم اجازه مي دهند تا بدافزاري را نصب نمايد و از طريق سيستمي كه به مخاطره افتاده است سيستم هاي ديگر را آلوده نمايند.

شماره: IRCNE2015012405
تاريخ: 05/11/93

چندين آسيب پذيري در برخي از نسخه هاي VLC كشف شده است كه به مجرمان سايبري اجازه مي دهد تا حافظه را تخريب نمايند و به طور بالقوه كد دلخواه را اجرا نمايند.
با توجه به يافته هاي محقق امنيتي Veysel Hatas، يكي از اين آسيب پذيري ها مربوط به آسيب پذيري نقض دسترسي به DEP است و مابقي آسيب پذيري هاي مربوط به دسترسي نوشتن مي باشد.
اولين آسيب پذيري امنيتي 24 نوامبر سال گذشته كشف شده است و منجر به تخريب حافظه و اجراي كد دلخواه مي شود. دومين آسيب پذيري نيز همانند آسيب پذيري اول مي باشد. اين مشكلات در VLC نسخه 2.1.5 وجود دارد.
اين آسيب پذيري ها در 26 دسامبر سال 2014 به VideoLAN گزارش شده است اما هم چنان اصلاحيه اي براي آن ها منتشر نشده است.

Number: IRCNE2015012406
Date: 2015/01/25

According to “zdnet”, Oracle's quarterly critical patch update includes security updates and patches for 169 problems affecting products including Java, Fusion Middleware, Enterprise Manager and MySQL.
The California-based company's January 2015 Critical Patch Update includes 8 vulnerability fixes for Oracle Database, such as one severe issue given a CVSS Base Score of 9 -- as it allows a full compromise of the targeted server.
In total, 36 new fixes have been issued for Oracle Fusion Middleware products, and the most severe received a rating of 9.3. Two of the Oracle Fusion Middleware vulnerabilities fixed in this Critical Patch Update can result in a server takeover.
10 new fixes have been included for Oracle E-Business Suite, 6 for Oracle Supply Chain Suite, 7 for Oracle PeopleSoft Enterprise, one for Oracle JDEdwards EnterpriseOne, 17 for Oracle Siebel CRM, and 2 for Oracle iLearning.
Out of 19 vulnerabilities, 15 affect client-only installations, 2 affect client and server installations, and 2 affect JSSE installations. However, considering how many critical updates in the past have predominantly focused on Java, this security fix rate is relatively low.
The executive also noted that threats associated with this update range include everything from reading and writing local data to complete "operating system takeover including arbitrary code execution." Naturally, complete system takeovers are the most severe threats, as this places a user's sensitive data at risk, allows an attacker to install malware, steal an identity or use a compromised system to infect others.

Number: IRCNE2015012405
Date: 2015/01/25

According to “zdnet”, vulnerabilities have been discovered in some versions of the popular VLC media player which may allow a cyberattacker to corrupt memory and potentially execute arbitrary code.
According to security researcher Veysel Hatas, who posted the discovery on Full Disclosure last week, one of the vulnerabilities is a DEP access violation vulnerability and the other is a write access flaw.
The VideoLAN project is a community of non-profit developers who create open-source multimedia tools. The VLC player is one of the most well-known results of this project, and acts as a cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.
The first security vulnerability, discovered on 24 November last year, is a flaw which is triggered as user-supplied input is not properly sanitized when handling a specially crafted FLV file. The second vulnerability, much the same, is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file -- both of which may be malicious and lead to a "context-dependent attacker corrupting memory and potentially executing arbitrary code."
Considered severe, the flaws are present on version 2.1.5 of VLC media player, and were tested through Windows XP SP3. While this legacy operating system is no longer supported by Microsoft, many users worldwide have not yet updated and may be vulnerable.
The vulnerabilities were reported to the VideoLAN project on 26 December 2014, but no patch has been issued to fix the problem.

به تازگي تروجاني با نام XOR.DDoS كشف گرديده است كه احتمالاً مجموعه اي از سيستم ها را براي استفاده در حملات DDoS‌ آلوده ساخته است. اين تهديد جديد تنظيمات محيط لينوكسي قرباني را تغيير مي دهد و يك روت كيت را براي جلوگيري از شناسايي شدن، نصب مي نمايد.
نصب چنين روت كيتي روي لينوكس بسيار سخت است چرا كه به موافقت سيستم عامل قرباني نياز دارد. بنابراين مهاجمين تغييري در login پيش فرض كاربران نمي دهند بلكه از طريق تكنيك brute forceارتباط SSH كاربر rootاقدام مي نمايند. در صورت موفقيت تروجان را از طريق shell script نصب مي نمايد. اسكريپت شامل پروسه هايي مانند main، check، compiler، uncompress، setup ، generate ، upload ، upload و غيره و نيز متغيرهايي مانند __host_32__،__kernel__ ، __host_64__ و __remote__, است. سپس تروجان بررسي مي كند كه آيا با كرنل سيستم قرباني منطبق است يا نه و در اين صورت روت كيت را نصب مي نمايد.روت كيت سپس همه فايل هايي كه نشان دهنده آلودگي است، پنهان مي سازد، بنابراين كاربر نشانه هاي آلودگي را مشاهده نمي كند. پروسه اصلي رمزگشايي و انتخاب سرور دستور و فرمان متناسب با معماري سيستم است.
اين روت كيت اولين بار در حمله اي در اكتبر ۲۰۱۴ بكار رفته است و در دسامبر ۲۰۱۴ جزييات آن تا حدودي توسط گروه MalwareMustDie شناسايي شده است.
اين تروجان و متغيرهاي آن مي تواند وب سرورها و ميزبان هاي ۳۲ و ۶۴ بيتي همچنين معماري ARM ها در روترها، تجهيزات loT سيستم هاي ذخيره سازي و سرورهاي ARM ۳۲ بيتي را تحت تاثير قرار دهد.اگرچه تاكنون تعداد زيادي سيستم آلوده به اين تروجان كشف نگرديده است، اما مواردي هم كه مشاهده شده است از الگوي خاصي پيروي نمي كند. اين مورد تروجان هم سازمان ها و هم افراد عادي را مي تواند آلوده نمايد ولي سازمان ها معمولاًداراي امنيت بالاتري هستند.
پيشنهاد مي گردد جهت جلوگيري از آلودگي به اين تروجان از انتي ويروس هاي معتبر و به روز رساني استفاده نماييد ، همچنين در صورت استفاده از ssh از اسم رمز هاي قوي استفاده نماييد.
منبع:
بر طبق جديد ترين پژوهش انجام شده به سفارش كمپاني Cloudmark بيش از 75 درصد سازمان ها در ايالات متحده و انگلستان حداقل يك بار حمله DNS را تجربه كرده اند كه اين حمله در 66درصد از آنها در ايالات متحده در طول 12ماه رخ داده است.
بررسي امنيت DNS بر اساس 300 مركز تصميم گيري فناوري اطلاعات با سازمان هايي كه حداقل 1000 نفر پرسنل در بخش هاي سرويس مالي، IT، ساخت و توليد،خرده فروشي، توزيع و بخش حمل و نقل مي باشد انجام شده كه 200 مورد از ان ها در ايالات متحده و 100 مورد در انگلستان مي باشد.
74 درصد از از كساني كه حداقل يك بار حمله DNS را تجربه كرده اند، اظهار داشتند كه سازمان توسط يك حمله انكار سرويس ((DDoS از طريق مكاتبات ايميلي با CMagazine.com به هدف قطع اينترنت و يا وقفه در سرويس دهي روبرو بوده است.
در مكاتبات سه شنبه يك ايميل، آقايTom Landesman(محقق امنيتي شركت( Cloudmark گفت كه مهاجمان CMagazine.com قادر به راه اندازي حملات DDoS از طريق Dns Amplifications و فرسودگي منابع مي باشند.
Landesman بيان داشت كه : آنها يك دامنه مخرب با سوابق منابع بسيار بزرگ با هدف اجراي يك حمله تقويت DNS راه اندازي مي نمايند. هنگامي كه دامنه هاي مخرب ايجاد شد كوءري ها توسطIP جعلي به يك آدرس IP جعلي از سرويس دهنده resolvers DNS باز نموده و به اين ترتيب حمله DDOS شكل مي گيرد.
Landesman گفت حملات DDoS به احتمال زياد، حمله شماره اول DNS بوده كه به دليل تلاش حداقل و منابع مورد نياز مهاجم پايان مي يابد. وي افزود كه ايجاد سناريو حملات DDoS در آن سازمان هايي است كه متمركز بر تعديل بوده و اين در حالي است كه آلودگي مخرب و سرقت داده ها ممكن است در جاي ديگر در شبكه اتفاق مي افتد.
به عنوان يك نتيجه از حملات DNS ،شصت و سه درصد از سازمان ها تجربه از دست دادن اينترنت ،42 درصد شكايات مشتريان را تجربه، 34 درصد اطلاعات حساس و مهم كسب و كار و اطلاعات محرمانه مربوط به مشتري را از دست داده و 30 درصد تجربه از دست رفتن درآمد را داشته اند.
به دنبال حمله DNS هزينه هاي بازسازي و عملياتي نيز در نظر گرفته شده با اين حال پاسخ دهندگان با تاكيد به حفظ مشتري و شهرت نام تجاري به عنوان بزرگترين دغدغه روبرو بوده اند. Landesman گفت كه حملات DNS با فشار قرار دادن زيرساخت ها و منابع سازمان مي تواند منجرب به از دست رفتن درآمد شود.
نزديك به 70 درصد از پاسخ دهندگان اظهار داشته اند كه سازمان يك راه حل امنيتي DNS براي محافظت در برابر حملات DNS ايجاد نموده است.
Landesman گفت: مهم اين است كه سازمان برنامه حفاظت DNS را به استراتژي امنيتي كلي خود تبديل نمايد. و اين درحاليست كه فقط تمام سازمان ها با يك روال سنتي توسط آنتي ويروس و فايروال براي جلوگيري از آسيب پذيريها پرداخته اند.

پيرو انتشار خبر هك شبكه اجتماعي برخط فيس نما، بررسي هاي مركز ماهر با همكاري مسئولين سايت مذكور نشان داد دليل وقوع حادثه عدم پيكر بندي مناسب و به موقع سامانه بوده است كه منجر به ايجاد يك آسيب پذيري قابل بهره گيري توسط مهاجم شده است، اين حادثه ارتباطي با موضوع انتقال و ميزباني سايت مذكور نداشته و اين سايت از يك سال و نيم پيش در قضاي ميزباني داخل كشور بارگذاري شده است.
امنيت هر سرويس ارائه شده بر بستر شبكه وابسته به نرم افزارها و سخت افزارهاي بكار رفته جهت ارائه خدمات و همچنين پيكربندي و تنظيم درست آنهاست. با توجه به اينكه سخت افزارها و نرم‌افزارهاي سرويس دهي چه در داخل كشور و چه در خارج كشور عموما يكسان هستند، لذا امنيت سرويس‌هاي ارائه شده عمدتا متوجه پيكربندي مناسب و به ويژه نرم‌افزارهاي توسعه يافته اختصاصي جهت سرويس دهي است.