Number: IRCNE2014092328
Date: 2014/09/30

According to “cnet”, Akamai’s Prolexic division has warned of the growing threat from a Chinese toolkit that has started infecting Linux, Windows and embedded systems in order to launch DDoS attacks peaking at hundreds of Gigabits per second.
Dubbed the ‘Spike’ toolkit, the malware started life targeting Linux servers earlier in 2014 but now seems to have been ported to run on Windows (both PCs and servers), consumer and SME routers, and even Internet of Things (IoT) devices such as thermostats.
This means it can also infect Linux-based desktops and embedded devices running on ARM – to demonstrate this, Akamai’s engineers were able to get the bot up and running on the humble Raspberry Pi home computer.
Capable of generating a surge of conventional SYN, UDP and GET traffic as well as DNS floods, the malware had already been responsible for a number of large botnet-driven attacks, including one in Asia that peaked at an alarming 215Gbps across its ‘scrubbing’ centres, according to Akamai.
"This DDoS kit is designed to build botnets from devices and platforms that system administrators may not have thought to be at risk for botnet infection in the past. Enterprises need system hardening to prevent initial infection and DDoS protection to stop DDoS attacks from the Spike bots.”
The good news is that the malware should be easy to spot, assuming people know how to defend against it. On servers, this means ‘hardening’ systems at Layer 3 using Access Control Lists (ACLs), or at layer 7 using signatures for systems such as SNORT or the YARA open source malware detection tool.

Number: IRCNE2014092327
Date: 2014/09/27

According to “cnet”, Apple says that most Mac users are safe from a newly discovered security flaw, one that could -- in principle -- allow hackers to take over an operating system.
Known as the "Shellshock" or "Bash" bug, the latest vulnerability for the world's computers involves the execution of malicious code within a bash shell, which is a command-line shell used in many Linux and Unix operating systems, and by Apple's Mac OS X operating system. Apple however says that most people using its software have nothing to worry about.
"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an emailed statement from Apple to CNET said.
"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," it continues. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."
The Bash glitch is reminiscent of the Heartbleed security flaw that left information stored on data servers potentially vulnerable to hackers. Heartbleed was first identified in April, and an estimated 300,000 servers were still exposed two months later .
For now, it seems there's nothing ordinary computer users can do to protect against the new security flaw, with the responsibility for patching the potential exploit resting with those that manage Web systems.
"Anybody with systems using bash needs to deploy the patch immediately," Tod Beardsley, an engineering manager at security firm Rapid7 told CNET yesterday.

Number: IRCNE2014092326
Date: 2014/09/26

According to “cnet”, a new security vulnerability known as the Bash or Shellshock bug could spell disaster for major digital companies, small-scale Web hosts and even Internet-connected devices.
The quarter-century-old security flaw allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.
A post from open-source software company Red Hat warned that "it is common for a lot of programs to run Bash shell in the background," and the bug is "triggered" when extra code is added within the lines of Bash code.
Security expert Robert Graham has warned that the Bash bug is bigger than Heartbleed because "the bug interacts with other software in unexpected ways" and because an "enormous percentage" of software interacts with the shell.
"We'll never be able to catalogue all the software out there that is vulnerable to the Bash bug," Graham said. "While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable."
Ars Technica reports that the vulnerability could affect Unix and Linux devices, as well as hardware running Max OS X. According to Ars, a test on Mac OS X Mavericks (version 10.9.4) showed that it has "a vulnerable version of Bash".
"On the scale of 1 to 10, this is an 11," he said, estimating that half a million websites were vulnerable.
Tod Beardsley, an engineering manager at security firm Rapid7, warned that even though the vulnerability's complexity was low, the wide range of devices affected require that system administrators apply patches immediately.
"This vulnerability is potentially a very big deal," Beardsley told CNET. "It's rated a 10 for severity, meaning it has maximum impact, and 'low' for complexity of exploitation -- meaning it's pretty easy for attackers to use it.
"The affected software, Bash, is widely used so attackers can use this vulnerability to remotely execute a huge variety of devices and Web servers. Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes etc. Anybody with systems using bash needs to deploy the patch immediately."

شماره: IRCNE2014092329
تاريخ: 09/07/93

شركت هاي سيسكو و اوراكل در حال بررسي محصولات خود به منظور يافتن آسيب پذيري Shellshock مي باشند.
اين آسيب پذيري هفته گذشته كشف شد و به مهاجمان اجازه مي دهد تا فرآيندهاي خاص در حال اجرا بر روي ماشين هاي آلوده را فريب داده و رشته اي مخرب را به Bash وارد نمايند و در نتيجه بتوانند دستورات دلخواه را بر روي سيستم عامل اجرا نمايند.
يك محقق امنيتي با نام Rob Fullerمجموعه اي از كدهاي سوء استفاده از اين آسيب پذيري را از منابع مختلف جمع آوري كرده است. بيشترين بردارهاي حمله شناخته شده از طريق وب سرورهايي كه در حال اجراي اسكريپت هاي CGI مي باشند، صورت گرفته است. اگرچه ساير برنامه هايي كه با Bash در تعامل مي باشند نيز اهداف بالقوه محسوب مي شوند.
شركت سيسكو اين آسيب پذيري را در 71 محصول خود شناسايي كرده است. اين محصولات شامل برنامه هاي كاربردي و خدمات شبكه، امنيت و محتوي شبكه، تهيه و مديريت شبكه، مسيريابي و سوئيچينگ، پردازش واحد، صدا و ارتباطات، ويدئو، جريان داده و TelePresence مي شوند.
اين شركت در حال بررسي 168 محصول ديگر و خدمات ميزباني شده است بنابراين احتمال افزايش تعداد فهرست محصولات آسيب پذير وجود دارد.
در راهنمايي امنيتي شركت سيسكو آمده است كه تاثير اين آسيب پذيري بر روي محصولات سيسكو با توجه به نوع محصول آسيب پذير ممكن است متفاوت باشد.
شركت اوراكل در حال بررسي محصولات خود است. در حال حاضر اين شركت اصلاحيه هايي را براي نه محصول خود منتشر كرده است. اين محصولات عبارتند از: Oracle Database Appliance نسخه 12.1.2 و 2.x، Oracle Exadata Storage Server Software، Oracle Exalogic، Oracle Exalytics، Oracle Linux نسخه هاي 4، 5، 6 و 7، Oracle Solaris Operating System نسخه هاي 8، 9، 10 و 11، Oracle SuperCluster، Oracle Virtual Compute Appliance Software و Oracle VM نسخه هاي 2.2، 3.2 و 3.3.
هم چنين 42 محصولي كه از Bash استفاده مي كنند نسبت به مشكل Shellshock آسيب پذير مي باشند و در حال حاضر اصلاحيه اي براي آن ها در دسترس نيست.
اين شركت در راهنمايي امنيتي خود اشاره كرد كه شركت اوراكل مسئول تاثير اين آسيب پذيري بر روي محصولاتي كه ديگر از آن ها پشتيباني نمي كند، نيست.

شماره: IRCNE2014092328
تاريخ: 09/07/93

شركت Akamai هشدار داد كه يك ابزار چيني به منظور راه اندازي حملات انكار سرويس سيستم هاي ويندوز و لينوكس را آلوده مي كند.
اين ابزار كه ‘Spike’ ناميده شده است، بدافزاري است كه در اوايل سال 2014 سرورهاي لينوكس را هدف حمله قرار داده بود اما در حال حاضر به نظر مي رسد كه اين بدافزار سيستم هاي ويندوز، مسيرياب هاي SME و حتي دستگاه هاي IoT را تهديد مي كند.
اين بدان معني است كه اين بدافزار مي تواند دسكتاپ هاي مبتني بر لينوكس و دستگاه هاي تعبيه شده در حال اجراي ARM را آلوده نمايد.
اين بدافزار توانايي توليد موجي از ترافيك هاي SYN، UDP و GET و هم چنين سيلي از درخواست هاي DNSاي را دارد و در حال حاضر مسئول تعدادي از حملات بات نتي بزرگ مي باشد.
اين كيت حملات انكار سرويس توزيع شده به گونه اي طراحي شده است كه بات نتي از دستگاه ها و پلت فرم هايي كه مديران سيستم تصور مي كنند در معرض خطر آلودگي به بات نت قرار ندارند، راه اندازي مي كند. شركت ها نياز دارند تا سيستم هاي خود را مقاوم نمايند.
با فرض آن كه مردم مي دانند كه چگونه در برابر اين بدافزار مقابله نمايند، اين بدافزار به راحتي قابل شناسايي است. مقابله با اين بدافزار از طريق مقاوم سازي سيستم در لايه 3 با استفاده از فهرست كنترل دسترسي (ACLs) يا در لايه 7 با استفاده از امضا براي سيستم هايي مانند SNORT يا ابزار كشف بدافزار منبع باز YARA صورت مي گيرد.

شماره: IRCNE2014092327
تاريخ: 05/07/93

شركت اپل اعلام كرد كه اكثر كاربران مكينتاش تحت تاثير رخنه امنيتي كه اخيرا كشف شده است قرار ندارند. اين آسيب پذيري به مهاجمان اجازه مي دهد تا كنترل يك سيستم عامل را در اختيار بگيرند.
اين آسيب پذيري كه با نام "Shellshock" يا "Bash" شناخته مي شود، آخرين آسيب پذيري شناسايي شده در دنياي رايانه مي باشد كه مي تواند منجر به اجراي كدي مخرب در پوسته Bash شود. پوسته Bash يك پوسته خط فرمان است كه توسط سيستم عامل هاي يونيكس و لينوكس و هم چنين سيستم عامل Mac OS X اپل استفاده مي شود. با اين حال شركت اپل اعلام كرد كه اكثر كاربراني كه از اين نرم افزار استفاده مي كنند نگراني نداشته باشند زيرا تحت تاثير اين آسيب پذيري قرار ندارند.
آسيب پذيري Bash، ضعفي است كه مي تواند به كاربران غيرمجاز اجازه دهد تا از راه دور كنترل يك سيستم آسيب پذير را در اختيار بگيرند. سيستم كاربران OS X به طور پيش فرض امن مي باشد و در صورتي كه كاربران سرويس هاي پيشرفته يونيكس را پيكربندي نكرده باشند، خطري آن ها را تهديد نمي كند. در حال حاضر شركت اپل در حال كار بر روي انتشار يك به روز رساني براي كاربران يونيكس پيشرفته مي باشد.
به تمامي كاربراني كه در سيستم آن ها از Bash استفاده شده است توصيه مي شود تا در اسرع وقت به روز رساني هاي مربوطه را اعمال نمايند.

شماره: IRCNE2014092326
تاريخ: 03/07/93

يك آسيب پذيري امنيتي شناخته شده با عنوان Bash يا مشكل Shellshock مي تواند براي شركت هاي ديجيتالي بزرگ، ميزبان هاي وب در مقياس كوچك و حتي دستگاه هاي متصل به اينترنت فاجعه به بار آورد.
اين نقص امنيتي 25 ساله به مجرمان سايبري اجازه مي دهد تا كدي مخرب را در پوسته Bash (كه به طور عادي از طريق خط فرمان بر روي رايانه شخصي يا برنامه هاي Mac's Terminal قابل دسترسي است) اجرا نمايند و كنترل سيستم عامل را بدست آورند و به اطلاعات محرمانه دسترسي يابند.
شركت نرم افزارهاي منبع باز RedHat در پستي هشدار داد كه اجراي پوسته Bash در پس زمينه توسط برنامه هاي زيادي صورت مي گيرد و اين مشكل زماني اتفاق مي افتد كه كد اضافه اي در خط هاي كد Bash اضافه شود.
رابرت گراهام، متخصص امنيتي هشدار داد كه اين مشكل از آسيب پذيري Heartbleed بزرگتر است زيرا اين مشكل از راه هاي غيرمنتظره اي با نرم افزارهاي ديگر تعامل مي كند و هم چنين درصد بالايي از نرم افزارها با اين پوسته تعامل مي كنند.
گراهام گفت: ما قادر نخواهيم بود تمامي نرم افزارهايي كه نسبت به مشكل Bash آسيب پذير هستند را شناسايي نماييم. در نتيجه در حالي كه آسيب پذيري در سيستم هاي شناسايي شده اصلاح مي شود، سيستم هاي شناساي نشده بدون اصلاحيه باقي مي مانند. همانطور كه مشاهده مي شود، شش ماه پس از شناسايي آسيب پذيري Heartbleed هم چنان صدها هزار سيستم آسيب پذير باقي مانده اند.
بنا به گزارشات اين آسيب پذيري مي تواند دستگاه هاي يونيكس و لينوكس، هم چنين سخت افزارهاي در حال اجراي Mac OS X را تحت تاثير قرار دهد. آزمايشات بر روي سيستم عامل Mac OS X Mavericks نسخه 10.9.4 نشان مي دهد كه اين سيستم عامل نيز از يك نسخه آسيب پذير از Bash استفاده مي كند. به نظر مي رسد كه حدود 500 هزار وب سايت نسبت به مشكل Bash آسيب پذير باشند.
Tod Beardsley، مدير شركت امنيتي Rapid7 هشدار داد كه با وجود آنكه پيچيدگي اين آسيب پذيري كم است اما به مديران سيستم هاي طيف وسيعي از دستگاه هاي آلوده توصيه مي شود تا در اسرع وقت اصلاحيه هاي مربوطه را اعمال نمايند.
اين آسيب پذيري از نظر شدت در رده 10 قرار دارد كه بالاترين ضربه را دارد و از لحاظ پيچيدگي در رده "پايين" قرار دارد بدين معني كه مهاجمان به راحتي مي توانند از آن سوء استفاده نمايند.
در حال حاضر نرم افزارهايي كه تحت تاثير Bash قرار دارند به طور گسترده مورد استفاده قرار مي گيرند بنابراين مهاجمان مي توانند از اين آسيب پذيري سوء استفاده نمايند و از راه دور كد دلخواه را بر روي دستگاه و وب سرورهاي بسياري اجرا نمايند. با استفاده از اين آسيب پذيري مهاجمان مي توانند به طور بالقوه كنترل سيستم عامل دستگاه آسيب پذير را در اختيار بگيرند، به اطلاعات محرمانه دسترسي يابند و تغييراتي را بر روي سيستم عامل ايجاد نمايند.

Number: IRCNE2014082291
Date: 2014-08-16

According to “computerwprld”, BlackBerry's focus on strong security as a key differentiator for its devices does not mean that they're completely free of flaws. The company released security updates Tuesday for both the OS running on its smartphones and for its enterprise server software.
BlackBerry OS version 10.2.1.1925 was released for the company's Z10, Z30, Q10 and Q5 phone models. It fixes an authentication bypass vulnerability that could allow attackers connected to the same wireless network as affected devices to read or modify data stored on them.
The flaw can only be exploited on devices that have the Wi-Fi file-sharing service running, a service that's not enabled by default.
"Using a password for file sharing is not a workaround for this vulnerability," BlackBerry said in a security advisory published Tuesday.
The company also released BlackBerry Enterprise Service version 10.2.2 and BlackBerry Enterprise Server version 5.0.4 MR7 to fix an information disclosure vulnerability that in certain cases could allow attackers to gain access to credentials stored in the server's diagnostic logs.
"During rare cases of an exception, certain credentials are logged in an encoded form or in plain text," BlackBerry said in an advisory.
A workaround for this vulnerability is to manually delete the logs or to redact the sensitive information stored in them.

Number: IRCNE2014082298
Date: 2014-08-24

According to “zdnet”, the majority of Android's most popular apps are susceptible to SSL vulnerabilities, according to new research.
Google's Android operating system is an open-source, free framework which appeals to developers due to this unrestrictive nature. However, with such an open and free system, there is always the potential for abuse, a lack of patching and security consistency, and a wealth of Android-based operating systems and apps which many contain different vulnerabilities that can be exploited.
After analyzing the 1,000 most-downloaded free Android applications in the Google Play store, the FireEye Mobile Security Team found that a significant portion of them are susceptible to Man-In-The-Middle (MITM) attacks. According to a blog post published Thursday, the researchers found that as of July 17, 2014, 674 out of 1,000 contained at least one of three SSL vulnerabilities studied.
In other words, 68 percent of the most popular apps could become a pathway for cybercriminals to lift sensitive data.
The security team says that many of these vulnerabilities were traced back to configurations within advertising libraries used by app developers.
While the HTTPS protocol is often used to make it harder to intercept data, the incorrect use of the Android platform’s SSL libraries can become the weak link which allows MITM attacks.
The developers of vulnerable apps discovered were notified by the FireEye team, and were subsequently acknowledged with the promise of addressing the vulnerabilities in subsequent versions of their applications.

Number: IRCNE2014082282
Date: 2014-08-09

According to “computerworld”, a security review of network-attached storage (NAS) devices from multiple manufacturers revealed that they typically have more vulnerabilities than home routers, a class of devices known for poor security and vulnerable code.
Jacob Holcomb, a security analyst at Baltimore-based Independent Security Evaluators, is in the process of analyzing NAS devices from 10 manufacturers and has so far found vulnerabilities that could lead to a complete compromise in all of them.
"There wasn't one device that I literally couldn't take over," Holcomb said Wednesday during a talk at the Black Hat security conference in Las Vegas, where he presented some of his preliminary findings. "At least 50 percent of them can be exploited without authentication," he said.
The devices he evaluated are: Asustor's AS-602T, TRENDnet's TN-200 and TN-200T1, QNAP's TS-870, Seagate's BlackArmor 1BW5A3-570, Netgear's ReadyNAS104, D-LINK's DNS-345, Lenovo's IX4-300D, Buffalo's TeraStation 5600, Western Digital's MyCloud EX4 and ZyXEL's NSA325 v2.
Holcomb led a similar study last year that identified over 50 vulnerabilities in popular SOHO routers. He expects the number of vulnerabilities identified in NAS systems to far exceed those he found in routers by the time his new project is over.
The type of issues he found in the NAS systems include command injection, cross-site request forgery, buffer overflows, authentication bypasses and failures, information disclosure, backdoor accounts, poor session management and directory traversal. By combining some of these vulnerabilities, attackers can gain a "root shell" on the devices, allowing them to execute commands with the highest possible privilege.
All the vulnerabilities found so far were reported to the vendors, but the release of patches for them can take months, Holcomb said.
There are obvious differences in what can be done by compromising NAS devices and compromising routers. By controlling a router an attacker could capture and modify Internet traffic for a network, while hacking into a NAS system could provide access to potentially sensitive information stored on it.
By compromising a NAS device an attacker could also hijack traffic from other devices on the same network by using techniques like ARP spoofing, Holcomb said.
A big concern is that many NAS vendors use the same code base for their high-end and low-end devices, the researcher said. That means the same vulnerabilities in a low-cost NAS device designed for home use could exist in a much more expensive NAS system designed for enterprise environments.Paying more money for a device does not mean it has better security, Holcomb warned.