Number: IRCNE2014092312
Date: 2014-09-13

According to “techworld”, malicious advertisements have popped up on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware, Cisco said Monday.
When encountered, the malicious advertisements cause a person to be redirected to a different website, which triggers a download based on whether the computer is running Windows or Apple's OS X, wrote Armin Pelkmann, a threat researcher.
Cisco didn't identify the advertising network that is serving the malicious advertisements. Although ad networks try to filter out malicious ones, occasionally bad ones slip in, which for a high-traffic site means a large pool of potential victims.
Some of the malicious ads were served on youtube.com, amazon.com and ads.yahoo.com, Pelkmann wrote. All told, 74 domains were serving the ads.
When a victim is redirected by one of the ads, the computer downloads a piece of malware with a unique checksum, making it harder for security software to detect. The download may also contain legitimate software such as a media player. To be infected, the user must be convinced to open the file.
"The attackers are purely relying on social engineering techniques in order to get the user to install the software package," Pelkmann wrote. "No drive-by exploits are being used thus far."

Number: IRCNE2014092313
Date: 2014-09-13

According to “techworld”, VMware and Cisco Systems released security fixes this week for serious vulnerabilities in networking virtualization and server software typically used in data centers.
Cisco patched a persistent denial-of-service vulnerability that could prevent the out-of-band management of Cisco Unified Computing System (UCS) E-Series Blade servers that are deployed in Cisco Integrated Services Routers Generation 2 (ISR G2).
The vulnerability is located in the SSH (Secure Shell) service of the Cisco Integrated Management Controller (Cisco IMC), a specialized micro-controller embedded in server motherboards that allows systems administrators to monitor and manage servers from outside their OS.
Cisco released version 2.3.1 of the Cisco IMC firmware for UCS E-Series servers on Monday. Customers need to use the Host Upgrade Utility in order to deploy the new firmware.
If left unpatched, an attacker could exploit the vulnerability by sending a specially crafted packet to the vulnerable SSH server, forcing the IMC to become unresponsive. This could impact the availability of the entire server.
VMware released security updates Thursday for its NSX and vCloud Networking and Security (vCNS) products in order to patch what the company called "a critical information disclosure" vulnerability. The company's advisory does not clarify what kind of information can be disclosed by exploiting the issue, but both the NSX and vCNS products are used for virtualizing network services.

ID: IRCNE2014092314
Date: 2014-09-13

According to “ComputerWorld”, security experts are urging Gmail users to change their passwords amid reports that hackers gained access to the credentials of 5 million users of the free email service. Some password combinations have been spotted on Russian cybercrime forums.
Peter Kruse, head of the eCrime unit at CSIS Security Group in Copenhagen, told Computerworld that most of the nearly 5 million stolen Gmail passwords are about three years old, but many are still legitimate and functioning.
He said that CSIS experts suspect that several hackers worked on an endpoint compromise to exploit vulnerable network protocols.
Google did not respond to a Computerworld request for comment but has told other news outlets that it has found no evidence that their systems have been compromised.
Google’s cloud-based email service is used by individuals as well as enterprises.
Russian media outlet RIA Novosti reported that hackers have stolen and published a database containing the Google account logins and passwords to a Bitcoin Security online forum.
The database reportedly contains 4.93 million Google accounts from English, Russian and Spanish users.

Number: IRCNE2014092315
Date: 2014-09-13

According to “techworld”, a group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems.
"The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process," security researchers from FireEye said Thursday in a blog post.
The malicious program is dubbed XSLCmd and is capable of listing and transferring files and installing additional malware on an infected computer. The OS X variant can also log keystrokes and capture screen shots, the FireEye researchers said.
When installed on a Mac the malware copies itself to /Library/Logs/clipboardd and $HOME/Library/LaunchAgents/clipboardd. It also creates a com.apple.service.clipboardd.plist file to ensure its execution after system reboots.
The malware contains code that checks the OS X version, but does not account for versions above 10.8 (Mountain Lion). This suggests that version 10.8 was either the latest OS X version when the program was written or at least the most common one used by its intended targets.
The XSLCmd backdoor was created and is used by a cyberespionage group that has been operating since at least 2009 and has been dubbed GREF by the FireEye researchers. "Historically, GREF has targeted a wide range of organizations including the US Defense Industrial Base (DIB), electronics and engineering companies worldwide, as well as foundations and other NGOs, especially those with interests in Asia," they said.
According to FireEye, GREF is known to have used zero-day exploits in the past. These are exploits for vulnerabilities that didn't have a patch available when they started being targeted.
This new XSLCmd variant is the latest of several backdoor programs for Mac OS X that have been used in cyberespionage attacks in the past couple of years.

ID: IRCNE2014082293
Date: 2014-08-19

According to “ITPro”, Apple has released a security update to fix seven vulnerabilities found in Safari’s Webkit framework.
The update can be found on the Apple support page now for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.4. It applies to Safari 6.1.6 and Safari 7.0.6.
According to Apple, several memory corruption issues were present in Webkit that have been addressed with improved memory handling.
The US-based company said: “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.”
The global tech giant refused to comment on whether hackers have exploited the vulnerabilities. It said: “For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.
Even so, the United States Computer Emergency Readiness Team (US-CERT) is urging IT managers to install the updates as a matter of urgency.
"Users and administrators are encouraged to review Apple security update... and apply the necessary updates," its advisory states.
Problems with Webkit are not uncommon. It is the open source framework behind Safari, Google Chrome and other OS X applications such as Mail.

Number: IRCNE2014082294
Date: 2014-08-19

According to “techworld”, Heartbleed may have been a software bug, but it highlighted glaring weaknesses in existing hardware architectures, which remain vulnerable to memory-bound attacks, a university researcher said this week.
Data is vulnerable to hackers when in transit or in computer memory, said Ruby Lee, professor of engineering at Princeton University's Department of Electrical Engineering, at a presentation to the Hot Chips conference.
The weakness is in the memory and cache, or secondary memory where data temporarily resides before being sent for processing or storage.
Securing memory was a hot discussion topic among chip experts at the forum, and Heartbleed sparked discussions on how hackers could access data from memory, storage and interconnects. Chip makers talked about hardware being the first line of defense against such attacks, and proposed techniques to scramble data and secure keys within a chip. A research project at Princeton funded by the U.S. Department of Homeland Security recommended a new architecture that could secure memory and cache.
Heartbleed exposed a critical defect in affected versions of the OpenSSL software library, which enables secure communication over the Internet and networks. Heartbleed affected servers, networking gear and appliances, and hardware makers have since issued patches to protect systems.
"Lots of people have talked about the attacks, but very few people have talked about the solutions," Lee said. "The hardware is still leaking out your secret keys all the time. Every single piece of hardware that has a cache is vulnerable to cache-side channel leakage."
It's difficult to launch software attacks on hardware, but side-channel attacks can be dangerous, Lee said.
To mitigate such attacks, Lee and researchers at Princeton have reconstructed cache architecture so tracks left by the victim are effectively wiped out, making it difficult to carry out side-channel attacks. The cache architecture, called Newcache, could replace the exposed cache and memory in systems today.
Newcache is structured like regular cache, but has dynamic and randomized cache mapping that will make it harder for attackers to correlate memory usage to key bits. That will make it hard for hackers to map the cache and extract data.
Newcache is ready to implement, and the additional security measures won't hurt performance, Lee said. Memory typically slows down when new features -- like ECC for error correction -- are added. But benchmarks of Newcache actually showed improvements in system performance, Lee said.
It could take years for chip and system makers to change memory features, but Lee said chip makers need to start thinking about securing data within systems, Lee said.

Number: IRCNE2014082295
Date: 2014-08-19

According to “techworld”, a type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.
The malware often infects computers via drive-by download when a person visits a website rigged to automatically exploit software vulnerabilities. Users are helpless after the computer is locked, with Reveton demanding a few hundred dollars as ransom payable various web-money services.
Avast analyzed a version of Reveton that has a module containing the Pony password stealer, which can also steal virtual currency stored on a computer such as bitcoin.
Pony can pluck and decrypt encrypted passwords for FTP, VPN and email clients, web browsers and instant messaging programs.
The version of Reveton analyzed by Avast also has another password stealer from the Papras family of malware. It's not as effective as Pony but can disable security programs, the company wrote on its blog.

Number: IRCNE2014092316
Date: 2014-09-14

According to “techworld”, a critical vulnerability in a popular e-commerce extension for the Joomla content management system allows malicious users to gain super-admin privileges to sites that run the software.
The VirtueMart extension, which allows users to set up online shops on their websites, has been downloaded more than 3.5 million times, said Marc-Alexandre Montpas, a researcher at Web security firm Sucuri, in a blog post Wednesday. "With super-admin access, the attacker has full control of the site and database."
The issue was discovered last week and was patched in VirtueMart 2.6.10, released on Sept. 4. The VirtueMart page in the Joomla extensions catalogue advises users that "everyone using a version lower than 2.6.10 should update as soon as possible for security reasons."
"VirtueMart uses Joomla's JUser class 'bind' and 'save' methods to handle user accounts information," Montpas said. "We actually think the problem is on the Joomla class itself, so we will not disclose any more details."

Number: IRCNE2014092317
Date: 2014-09-16

According to “techworld”, VMware has updated third-party libraries and components used by its vSphere server virtualization platform.
The company released vCenter Server 5.5 Update 2 in order to include a patch for a remote code execution vulnerability in the Apache Struts Web framework used inside the product.
The same vCenter Server release updates the Apache Tomcat component to version 7.0.52, originally released in February, which includes fixes for two denial-of-service and one information disclosure vulnerabilities.
VCenter Server 5.5 Update 2 and vCenter Update Manager 5.5 Update 2 change the bundled Java Runtime Environment (JRE) version to 1.7 Update 55 that was released in April. This Java version contains patches for 37 security vulnerabilities.
The VMware vSphere Hypervisor (ESXi) received a patch called ESXi550-201409101-SG that updates the included GNU C Library (glibc) in order to address two buffer overflow vulnerabilities that can trigger denial-of-service conditions.

ID: IRCNE2014082295
Date: 2014-08-20

According to “ComputerWorld”, Symantec will consolidate its cluttered Norton line of security software, folding nine products into one online service that can be used across desktop computers and mobile devices.
The product, in beta now, will simply be called "Norton Security" and cost $79 a year when it goes on sale in North America on Sept. 23, said Gerry Egan, senior director of product management. It replaces Norton Internet Security, Norton AntiVirus and Norton360, among others.
Symantec, one of the largest security vendors, has been working for more than a year to revise its product line as it faces strong competition in the low-margin consumer antivirus business.
Over the years, Symantec added new products as new threats emerged, but people had trouble figuring out which product was the right one for them.
"What we realized was we actually ended up confusing a lot of customers," Egan said.
Overall, Symantec has aimed to make Norton Security an easy-to-manage online service along the lines of Netflix or iTunes. The user interface has been improved for simpler device management.
Consumers can sign up for a Norton Security online account and then download the appropriate product for Windows or Apple OS X computers, or Android or iOS mobile devices.
There will be a limit on the number of devices that Norton Security can be used on. The limit hasn't been determined yet, Egan said, but it will aim to prevent abuse and should be appropriate for most customers, he said.
Norton Security has the usual antivirus, antispyware and spam monitoring functions. Symantec will offer a cloud-based backup feature as an option.
Pricing for the backup feature hasn't been set yet, but Egan said it will be generally the same as in other Norton products, starting around $10 for 25 GB of storage.
Customers on versions of Norton due to be retired won't be forced off the old products, although Symantec will encourage them to move to the latest version, Egan said.
Egan said Symantec expects to release Norton Security in Europe around early October and then later in Asia Pacific.