شماره: IRCNE2014102332
تاريخ: 15/07/93

هكرها بيش از 17000 سيستم مكينتاش را از طريق سايت خبري Reddit به بدافزار Mac.BackDoor.iWorm آلوده كردند.
مجرمان سايبري با دستكاري توابع توضيح و جستجوي سايت Reddit از يك حفره در سيستم عامل رايانه هاي اپل سوء استفاده كردند.
محققان شركت آنتي ويروس روسي Dr Web اين حفره را آشكار كردند و اظهار داشتند كه اين حفره اجزاي دسترسي از راه دور را به هكر مي دهد، هم چنين به او اجازه مي دهد تا دستوراتي را به ساير رايانه ها براي نصب بدافزار ارسال نمايد. در برخي موارد با سوء استفاده از اين حفره مي توان كمپين هرزنامه يا حملات انكار سرويس نيز راه اندازي نمود.
شركت Dr Web اعلام كرد كه اين بدافزار با استفاده از C++ و Lua نوشته شده است و براي انجام عمليات خود از رمزگذاري استفاده مي كند.
هنگامي كه هكر سعي مي كند تا به رايانه اي دسترسي يابد ابتدا فايلي در پوشه /Library/Application Support/JavaW از حالت فشرده خارج مي شود و يك فايل p-list ايجاد شده سپس راه نفوذ مخفي به طور خودكار راه اندازي مي شود.
Graham Cluley يك محقق امنيتي مستقل گفت: اين اولين بار نيست كه رايانه هاي مكينتاش هدف اين چنين حملاتي قرار مي گيرند هم چنين اين حمله به بزرگي آخرين حملاتي كه بر روي رايانه هاي اپل صورت گرفت نيست. تاكنون سيستم هاي ميكنتاش هيچ حمله اي را به بزرگي كرم بدنام Flashback كه در سال 2012 بيش از 600000 سيستم را آلوده كرد تجربه نكرده اند.
او اضافه كرد: تهديد اخير تنها به كاربران مكينتاش هشدار مي دهد كه نبايد تصور كنند كه سيستم آن ها در برابر تهديدات امنيتي ايمن است. اگر براي حريم خصوصي خود ارزش قائل هستيد و داده هاي مهمي را بر روي سيستم خود نگه مي داريد بايد از يك آنتي ويروس استفاده نماييد.

ID: IRCNE2014102335
Date: 2014-10-07

According to “TechWorld”, Yahoo said Monday it has fixed a bug that was mistaken for the Shellshock flaw, but no user data was affected.
Three of the company's servers with APIs (application programming interfaces) that provide live streaming for its Sports service "had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers," wrote Alex Stamos, Yahoo's chief information security officer.
Stamos wrote on the Hacker News website that the servers had been patched after the Shellshock vulnerability was disclosed.
Yahoo was notified by Jonathan Hall, senior engineer and president of Future South Technologies, a security consulting firm. Hall wrote on his blog that he uncovered a vulnerability in at least two Yahoo servers.
Hall wrote he found evidence that a group of what appears to be Romanian hackers had struck Yahoo, Lycos and WinZip, using the Shellshock vulnerability to infect servers and build a botnet, the term for a network of infected machines.
Shellshock, first identified late last month, is the nickname for a flaw in a form of software known as Bash, a command-line shell processor on Unix and Linux systems. The security hole could let attackers insert extra code into computers running Bash, allowing them to take control of servers remotely.
In a statement released earlier on Monday, Yahoo appeared to confirm Hall's finding that Shellshock was to blame. But Stamos later published a post on the Hacker News saying that further investigation showed Shellshock was not the cause.
The attackers, Stamos wrote, had "mutated" their exploit and ended up taking advantage of a different bug that was in a monitoring script being run by Yahoo's developers to parse and debug Web logs. That bug was only specific to a small number of machines, he wrote.
"As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public," he wrote.
Hall wrote that he sent an email warning of his findings to WinZip, a division of Canada-based Corel. WinZip is a file compression utility.

ID: IRCNE2014102334
Date: 2014-10-07

According to “ZDNet”, AT&T suffered a data breach in August, carried out by one of its own staff, the cellular giant confirmed on Monday.
In a letter to Vermont's attorney general [PDF], AT&T officials said the former employee was able to access account information, including Social Security and driving license numbers.
Unique customer numbers, known as Customer Proprietary Network Information (CPNI), which can include metadata — such as the time, date, duration, and destination number of each call made — were also viewed by the company insider.
The letter said the account information was accessed "without authorization."
"This is not the way we conduct business, and as a result, this individual no longer works for AT&T," the letter wrote.
AT&T said it has informed law enforcement of the data breach.
However, the company, which remains the second-largest cellular giant by customers in the US behind Verizon, remained mum on how many individuals were affected.

Number: IRCNE2014102333
Date: 2014/10/07

According to “techworld”, despite the launch of new biometric technologies to authorise financial payments, banks should not ditch the traditional password to enable payments to be cleared, according to analyst IDC.
The analyst says biometric identification in financial applications is a "relatively young and experimental business".
IDC points out that the biggest developments are related to the fingerprint scanners built into Apple and Samsung smartphones. And Mastercard this month said it was trialling facial and voice recognition technologies to authorise retail payments.
Apple's Touch ID has been available for a year now, but up to now has only been used for unlocking screens. With the launch of the new iPhone 6 though, Apple has essentially endorsed Touch ID to replace the traditional PIN code for payment cards via Apple Pay, said IDC.
More importantly, said the analyst, Apple has now also given third-party developers access to the Touch ID application programming interface (API), enabling integration of its biometric identification method into iOS apps.
In addition, digital wallet operators PayPal and have upgraded their apps to allow users to sign in and authorise payments by swiping their finger. IDC said, "These financial institutions are the first to bet that the security level offered by mass market fingerprint scanners is at least as good as that of a PIN code or a password.
But financial institutions like banks should not jump in, warned IDC. Andrei Charniauski, an analyst at IDC, said: ''While improving authorisation experience is attractive and will help adoption of mobile banking services, financial institutions should not just blindly commit to mass market biometric identification solutions, especially those provided by third parties via publicly-available APIs.''
Charniauski said it would take "several years" for the financial industry to assess safety levels. Until then, the best approach, he said, was to use two-factor authentication in mobile applications. In order to maximise user experience, he added, it would be appropriate to introduce biometrics only for the initial sign in and access to the information area that offers account overviews and transaction statements, for instance.
"For the transaction part of the mobile application - including account transfers, bill payments and other sensitive functions such as payment card PIN change - financial institutions should double-up by retaining the traditional password,'' said Charniauski.

Number: IRCNE2014102332
Date: 2014/10/07

According to “itpro”, hackers have infected more than 17,000 Macs worldwide, and 1,227 in the UK, with the Mac.BackDoor.iWorm malware via social news site Reddit.
The cyber criminals managed to exploit a flaw in Apple's computer operating system by manipulating Reddit's search and comment functions.
Researchers at Russian antivirus company Dr Web revealed the flaw and said it gives a hacker remote access, allowing them to send commands to other computers to install more malware and, in some cases, launch spam campaigns and denial-of-service attacks.
The company said the hackers developed the malware using C++ and Lua and used encryption to carry out its actions.
When the hacker has managed to access the computer installation it is extracted into /Library/Application Support/JavaW folder and generates a p-list file so that the backdoor is launched automatically.
Independent security researcher Graham Cluley responded to the attack on his blog by saying it's not the first time Macs have been targeted with such a verocious campaign, although it's not as large scale as past attacks on Apple's computers.
"It isn’t anything like as big so far as the notorious Flashback worm which hit more than 600,000 Mac computers in early 2012," Cluley said.
He warned: "It is another timely warning that Mac users shouldn’t be fooled into thinking they are somehow immune from computer security threats. An anti-virus product should be part of your arsenal, if you value your privacy and the data you store on your Apple computer."

شماره: IRCNE2014102331
تاريخ: 12/07/93

يكي از محققان امنيتي در كنفرانس هفته گذشته آتلانتا اظهار داشت كه براي حمله به سيستم هاي كنترل صنعتي نيازي به حملات پيچيده اي مانند استاكس نت نيست بلكه مي توان با حملات سرقت هويت ساده اين سيستم ها را در معرض خطر قرار داد.
Chris Shipp، مدير امنيت سايبري در دپارتمان انرژي امريكا در كنفرانس امنيت گفت:با وجود استفاه از فايروال و كنترل دستگاه ها از طريق سروري كه در DMZ قرار دارد، حملات ساده مي توانند با موفقيت اجرا شوند.
او گفت كه اين قبيل حملات را بيش از يكبار در محيط هاي واقعي مشاهده كرده است و اين مشكل بسيار حائز اهميت است زيرا استاكس نت و حملات پيچيده ديگر نشان مي دهند كه گروهي با منابع وسيع در حال كار بر روي حملات مي باشند.
بهترين روش پيشگيري و دفاع در برابر حملات براي سيستم هايي كه نمي توانند ارتقاء يابند آن است كه تست نفوذ دائمي بر روي آن ها صورت گيرد تا ضعف هاي آن ها شناسايي شده و نسبت به رفع آن ها اقدام گردد.
اين مشكلات از آنجا ناشي مي شود كه سيستم هاي كنترلي به شبكه كسب و كار متصل مي شود و در نتيجه به اينترنت متصل مي شوند. اين كار باعث مي شود تا سوئيچ ها و گيت ها براي عمليات صدور صورتحساب، كنترل موجودي و اعمال اصلاحيه ها از راه دور كنترل شده و در دسترس قرار داشته باشند. در نتيجه مي توانند در معرض خطر حملات راه دور قرار داشته باشند.
در بسياري موارد امكانات شبكه از نرم افزارهاي اختصاصي به سمت نرم افزار ويندوز تغيير پيدا كرده است. بسياري از هكرها با اين محيط و آسيب پذيري هاي آن آشنايي كامل دارند و در نتيجه تعداد حملات بالقوه افزايش مي يابد.
در اين كنفرانس حمله اي شبيه سازي شد كه مي تواند حتي به شبكه هايي كه از سرور امن شده براي كنترل سيستم ها استفاده مي كنند نفوذ كند. در اين حمله ابتدا مهاجم از طريق يك حمله سرقت هويت و فريب كاربر به كليك كردن بر روي لينكي در يك وب سايت خرابكار كه منجر به دانلود بدافزار مي شود، كنترل سيستمي را بدست مي آورد. سپس مي تواند حملات متعدد ديگري را از جمله نصب ثبت كننده ضربات صفحه كليد، سرقت رمز عبور، نصب پوسته اي كه حاوي دستورات هكر است، پياده سازي نمايد. در نتيجه مسيري بين رايانه مهاجم و سرور امن شده از طريق ماشين كاربري كه هدف حمله قرار گرفته است برقرار مي شود. در اين حمله نمايشي، نشان داده شد كه چگونه هكر مي تواند فن يا چراغ قطعه اي از سخت افزار را خاموش نمايد.
اين محقق امنيتي توصيه مي كند كه امنيت معماري سايت هايي كه از سيستم هاي كنترل صنعتي استفاده مي نمايند بايد مبتني بر راهنماها و استارنداردهايي موسسه ملي كه براي اين قبيل سيستم ها طراحي شده است، باشد.

شماره: IRCNE2014092330
تاريخ: 09/07/93

در حال حاضر تمامي رايانه هاي جديد اپل در برابر آسيب پذيري امنيتي Bash ايمن هستند. اين آسيب پذيري به طور بالقوه به هكرها اجازه مي دهد تا كنترل سيستم عامل دستگاه آسيب پذير را بدست آورند.
آخرين آسيب پذيري در دنياي رايانه با نام Bash يا Shellshock شناخته مي شود كه مي توان بواسطه آن كدي مخرب را در پوسته Bash اجرا نمود. Bash يك پوسته خط فرمان است كه در سيستم عامل هاي يونيكس و لينوكس و سيستم عامل Mac OS X اپل استفاده مي شود.
روز دوشنبه شركت اپل اعلام كرد كه در حال حاضر اين آسيب پذيري در سيستم عامل هاي OS X Lion، Mountain Lion و نرم افزار Maverick اصلاح شده است. هم چنين اين شركت سايتي را ايجاد كرده است تا كاربران بتوانند به روز رساني هاي Bash را از آن دانلود نمايند.
هفته گذشته شركت اپل اعلام كرد كه Bash يك زبان و دستور يونيكسي است كه در OS X استفاده مي شود و داراي ضعفي است كه بواسطه آن كاربران غيرمجاز مي توانند از راه دور كنترل يك سيستم آسيب پذير را در اختيار بگيرند. سيستم هاي OS X به طور پيش فرض ايمن هستند مگر آن كه كاربران خدمات پيشرفته يونيكس را پيكربندي كرده باشند.

Number: IRCNE2014102331
Date: 2014/10/04

According to “techworld”, sophisticated attacks like Stuxnet aren't necessary to compromise industrial control systems for dams, power plants, chemical plants and the like. Rather, simple phishing attacks followed up by using tools that are easily available through Metasploit will do the trick, security pros were told at a conference in Atlanta this week.
Even with firewalls in place and buffering access to control devices through a server protected in a DMZ, simple-to-execute attacks succeed, said Chris Shipp, a contractor who is director of cyber security for the U.S. Department of Energy, Strategic Petroleum Reserve, in a talk to (ISC)² Security Congress.
Shipp says he's seen such attacks work more than once in real life situations, and the problem is more worrisome because it's been shown through Stuxnet and other sophisticated attacks that groups with extensive resources are at work.
For systems that can't be upgraded readily, the best defense is constant penetration testing to find weaknesses and adopting new architectures that are less vulnerable.
The root of the problem is that many of the control systems are connected to facilities' business networks and therefore the Internet. This makes the switches, gates and valves being controlled remotely accessible for billing, inventory control and patching. It also makes them accessible for remote attacks, Shipp says
Networking gear within these facilities has moved from proprietary software to Windows in many cases. This means more hackers understand the environment, increasing the number of potential attackers, Shipp says.
In a demonstration, the contractor showed how an attack could be carried out even in a network that routed access to its control system through a secured server. It started with gaining control of a business workstation via a phishing attack that tricks a user into clicking on a link to a malicious Web site that downloads malware.
That was followed up with using several tools within Metasploit to grab passwords and screenshots of the victim's machine and to install a key logger. It also installed a shell that carried out commands from the hacker machine and using that, revealed machines that the victim's workstation was connected to. That included the secured server, which connected to the control network.
Shipp established a route from the attacker PC through the compromised workstation to the secured server to the control network. In the demonstration, he showed how the attacking machine could turn on fans and lights on a piece of hardware.
The speaker recommended that security architects at sites using industrial control systems follow National Institute of Standards and Technology guidelines for such systems.

Number: IRCNE2014092330
Date: 2014/09/30

According to “cnet”, all of Apple's recent Mac computers are now safe from a security flaw that could potentially allow hackers to take over an operating system.
Known as the "Shellshock" or "Bash" bug, the latest vulnerability for the world's computers involves the execution of malicious code within a bash shell -- a command-line shell used in many Linux and Unix operating systems, and by Apple's Mac OS X operating system.
Apple on Monday said it has now patched the Bash vulnerability for its OS X Lion, Mountain Lion and Mavericks software. The company also created a site for users to download the Bash update.
"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," Apple said last week. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."

Number: IRCNE2014092329
Date: 2014/09/30

According to “cnet”, Cisco Systems and Oracle are hard at work identifying networking and other products in their portfolios that are affected by the critical Shellshock vulnerability.
The Shellshock vulnerability and several related ones found over the past week stem from errors in how the Bash command-line interpreter for Unix and Linux systems parses strings passed to it by external scripts. The flaws allow attackers to trick certain processes running on vulnerable machines to pass malicious strings to Bash that would then get executed as commands on the underlying OS.
Security researcher Rob Fuller has put together a collection of Shellshock proof-of-concept exploits gathered from various sources. The most well-known attack vectors are through Web servers that run CGI scripts and through SSH (Secure Shell) daemons, although other applications that interact with Bash are also potential targets.
Cisco has identified 71 products so far that are exposed to the vulnerability. These products serve various purposes, including network application, service and acceleration; network content and security; network management and provisioning; routing and switching; unified computing; voice and unified communications; video, streaming, TelePresence and transcoding.
The number of Cisco products vulnerable to Shellshock and related bugs far exceeds the 38 confirmed not to be vulnerable. The company is reviewing an additional 168 products and hosted services, so the list of vulnerable products is likely to increase.
"The impact of this vulnerability on Cisco products may vary depending on the affected product," Cisco said in its advisory.
Oracle is also in the process of identifying which of its products are vulnerable. So far the company has released Shellshock patches for nine products: Oracle Database Appliance 12.1.2 and 2.X; Oracle Exadata Storage Server Software; Oracle Exalogic; Oracle Exalytics; Oracle Linux 4, 5, 6 and 7; Oracle Solaris Operating System 8, 9, 10 and 11; Oracle SuperCluster; Oracle Virtual Compute Appliance Software and Oracle VM 2.2, 3.2 and 3.3.
An additional 42 products use Bash in at least one of their versions and are likely to be vulnerable to Shellshock, Oracle has found. No patches are currently available for those products.
"Oracle has not assessed the impact of this vulnerability against products that are no longer supported by Oracle," the company said in its advisory.