Number: IRCNE2014082297
Date: 2014-08-23

According to “zdnet”, US researchers have discovered a flaw which may exist across Android, Windows, and iOS operating systems, and could allow popular services such as Gmail to become compromised.
Security experts from the University of California Riverside Bourns College of Engineering and the University of Michigan identified a weakness believed to exist in all of the above operating systems, which could allow a cyberattacker to steal sensitive data through malicious applications.
The weakness was tested through an Android smartphone, but the researchers claim the method could be used across all of the platforms -- as each OS shares a similar feature: the ability for applications to access a mobile device's shared memory. However, no tests have yet been conducted on other systems.
The attack works through a user downloading a seemingly harmless application, such as background wallpaper. Once installed, the researchers were able to exploit a newly discovered public side channel, the shared memory of a process, which can be accessed without permissions or app privileges.
Changes within the shared memory are then monitored, and these changes are correlated with what the team calls an "activity transition event." In other words, when a user is actively using an app, for example, to log into Gmail or take a picture of a cheque so it can be deposited online via Chase Bank, activity changes are noted.
There are two stages to this attack: firstly, the attack needs to take place in real time, such as the moment when the user is logging into Gmail. Secondly, the hack needs to be done so it is undetectable by the user -- which can be achieved through good timing.
The method used to exploit the flaw was successful "between 82 percent and 92 percent of the time" on six of the seven apps tested. Among the applications that were successfully infiltrated were Gmail, Chase Bank and H&R Block.Attacks on Gmail were successful 92 percent of the time, as were attacks on H&R Block.
The only app that was difficult to penetrate was Amazon, with a 48 percent success rate.

Number: IRCNE2014092309
Date: 2014-09-09

According to “zdnet”, Adobe has announced that a patch to Acrobat and Reader, scheduled for release on Tuesday, September 9, will not be released until the week of September 15.
The update will include new versions of Reader and Acrobat for Windows and Mac. The new versions will address one or more critical vulnerabilities in the software, the exact nature of which remain unspecified for now.
The affected versions are Reader and Acrobat X 10.1.11 and earlier and Reader and Acrobat XI 11.0.08.

ID: IRCNE2014092319
Date: 2014-09-17

According to “ZDNet”, a security vulnerability exists in Amazon's Kindle Library, which can be used to "compromise" an entire Amazon.com account, according to the researcher who found the flaw.
German researcher Benjamin Mussler published a proof-of-exploit on his blog after claiming Amazon previously fixed the flaw, but reintroduced it later on. Mussler said Amazon had not responded after he submitted it for the second time, which led him to publicly disclose the flaw.
The vulnerability, known as a cross-site script (XSS), can be included in a Kindle e-book's metadata, such as the title, which automatically executes as soon as the victim opens their Amazon Kindle Library page on Amazon.com.
"As a result, Amazon account cookies can be accessed by and transferred to the attacker and the victim's Amazon account can be compromised," Mussler said.
Anyone who uses Amazon's Kindle Library to store e-books or deliver them to a Kindle, he said, is affected by the bug.
Mussler warned that those who obtain e-books from untrustworthy sources, such as pirated copies of popular books, are at greater risk than those who buy through Amazon.com.
The researcher said he first reported the vulnerability privately to Amazon in November 2013, and was fixed with a relatively quick turnaround. But after the retail giant rolled out a new version of the "Manage Your Kindle" web application, the bug was reintroduced.
"Amazon chose not to respond to my subsequent email detailing the issue, and two months later, the vulnerability remains unfixed," he said.

ID: IRCNE2014092324
Date: 2014-09-20

According to “ZDNet”, if the feds are after your iPhone or iPad, it probably won't be Apple's door they'll be knocking on.
After the PRISM scandal broke, the news threw Apple and other Silicon Valley under the bus over allegations that they knowingly participated in a secret surveillance program.
But that wasn't the case at all, as the recently released Yahoo documents showed. Yahoo was threatened with bankruptcy if it didn't comply with the U.S. government's data demands, for the first time solidifying the rebuttals from the named nine technology companies that they were not complicit in state surveillance.
Now, Apple is going one step further — adjusting its encryption and security practices, and its privacy policy, in order to prevent law enforcement from cracking open its smartphone and tablet line-up.
Apple's new mobile operating system, iOS 8, which was released on Wednesday, lands with reworked encryption, forcing law enforcement, federal agents, and intelligence agencies to go to the device owner themselves rather than Apple.
The new encryption methods prevent even Apple from accessing even the relatively small amount of data it holds on users.
"Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the company said in its new privacy policy, updated Wednesday. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
There are some caveats, however. For the iCloud data it stores, Apple still has the ability (and the legal responsibility) to turn over data it stores on its own servers, or third-party servers it uses to support the service.
iCloud data can include photos, emails, music, documents, and contacts.

Number: IRCNE2014082299
Date: 2014-08-30

According to “computerworld”, cybercriminals are using a new information-stealing malware program to target companies from the automobile industry in Europe, security researchers warned.
The attack campaign started in early August and primarily targeted rental, insurance, transport and secondary market businesses for commercial and agricultural vehicles, according to a new report by researchers from antivirus vendor Symantec.
The attackers distributed their malware program through spear-phishing emails claiming to originate from a company called Technik Automobile that was seeking to acquire used and pre-owned vehicles. The emails contained an attachment called TechnikAutomobileGMBH.pdf.zip that was supposedly a list of vehicles, but in fact contained an installer for a Trojan program called Carbon Grabber.
"The malicious file will decrypt another executable from its body and inject code into Microsoft Outlook, Internet Explorer, Google Chrome, and Mozilla Firefox processes on the compromised computer," said Symantec researcher Lionel Payet in a blog post Friday. "The malware hooks the browser APIs [application programming interfaces], allowing it to steal information before it is encrypted and sent out to the network."
Like other man-in-the-browser Trojan programs, Carbon Grabber is capable of stealing log-in credentials for various Web services, including online banking websites and internal Web applications. It can also steal Microsoft Outlook credentials and use them to send emails on behalf of the victims.
In the attack campaign observed by Symantec, the rogue emails were sent to the customer service departments of the targeted companies.
The automobile industry has been the primary target for Carbon Grabber attacks, accounting for 48 percent of the victims observed by Symantec. However, the malware has also affected companies from other business sectors including public services, finance, charity, energy, research, telecommunications and tourism.

Number: IRCNE2014082300
Date: 2014-08-30

According to “zdnet”, Microsoft today re-released the updates for security bulletin MS14-045. This update had been released on the August Patch Tuesday, August 12, but withdrawn later in the week after user reports of blue screen crashes and disabled systems.
At the same time Microsoft withdrew MS14-045, it withdrew three non-security updates, KB2970228, KB2975719 and KB2975331. None of those have been reissued and we have no further information on them.
The security bulletin says that "Microsoft strongly recommends that customers who have not uninstalled the 2982791 update [i.e., the old version, released on Patch Tuesday] do so prior to applying the 2993651 update [the new version]." This recommendation applies to users whether they are having problems with the old update or not. Note that Windows Update and Automatic Updates do not remove the old version.
To uninstall the update go to Control Panel, Programs and Features, Installed Updates, find the 2982791 update in the Microsoft Windows section, right click and uninstall. You can find the update by searching for "KB2982791" in the Control Panel for uninstalling updates. See the screen capture below.
The update addresses three Windows kernel bugs, two of which could result in privilege elevation and the third in exposure of sensitive kernel information.

Number: IRCNE2014082301
Date: 2014-08-30

According to “zdnet”, Sony's PlayStation Network has once again become the target of a cyberattack.
In a blog post published Sunday, Sony admitted that a distributed denial of service (DDoS) attack impacted online services -- Sony's PlayStation Network and the Sony Entertainment Network -- but insisted that user's personal information remains safe. Sony representatives said that the company has "seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information," although the DDoS attack did scupper scheduled maintenance plans.
In 2011, Sony's PlayStation Network was thrown into the spotlight following a security breach which compromised the security of 77 million user accounts. Personal information including names, addresses, e-mail addresses, dates of birth, and account passwords were put at risk, as well as user credit card numbers.
The networks are now back online, and users can once again access Sony services.

Number: IRCNE2014082302
Date: 2014-08-30

According to “techworld”, most admins already know that Java and Adobe’s Flash and Reader are the most vulnerable pieces of software on the average Windows PC. A new analysis from Heimdal Security suggests that while 2014 has been better than last year vendors and customers remains pretty snowed under by the number of vulnerabilities in these programs.
Looking at the last three years to 2014 (so far), it becomes obvious that 2013 was an extreme outlier, showing soaring public vulnerability numbers, in particular for Java, which reached a stunning total of 180.
The numbers of vulnerabilities revealed each month has also reduced somewhat, almost back to 2012 levels, even if Java has managed to record 90 in 2014 with some months still to go. But the average CVSS (Common Vulnerability Scoring System) rating for these flaws remains high at between a 7 and a 9 across these programs.
Java, in particular, is a headache, so much so that it should probably be removed from every and any system that doesn’t need it.
”Our intelligence data from the last 3 years, shows that more than 99 percent of computers running on Windows operating systems are likely to use either Java, Acrobat Reader or Flash Player,” said Heimdal’s CEO, Morten Kjaersgaard.
Vulnerabilities don’t tell the whole story, for example how many are exploited in real attacks. But there is a relationship between the vulnerability of software and the likelihood of that happening.
“Software manufacturers such as Oracle, Adobe and Apple need to step up their game in patching software quickly and software users need to take into consideration that they are left on their own with wide open computers at the moment.”

Number: IRCNE2014092303
Date: 2014-09-01

According to “techworld”, new figures from Dell SecureWorks suggest that the current market leader, CryptoWall, hasn’t been as profitable as the infamous CryptoLocker despite infecting more PCs and holding hostage a staggering 5.25 billion files.
In December 2013, CryptoWall had infected at least 250,000 systems in its first 100 days out of an eventual total somewhere north of half a million at the point its distribution network was finally blitzed by Operation Tovar in May. Exactly how many victims eventually paid up is unknown but Dell’s original estimate was around 0.4 percent.
“Additionally, it is likely the CryptoWall operators do not have a sophisticated ‘cash out’ and laundering operation like the Gameover Zeus crew [which distributed CryptoLocker].”Nevertheless, CryptoWall had still managed to encrypt a staggering 5.25 billion files, the firm said.
It’s worth remembering that although less successful than CryptLocker, since appearing in CryptoWall (also known as CryptoDefense) has managed to infect PCs in every country on earth.

ID: IRCNE2014092304
Date: 2014-09-06

According to “ZDNet”, Microsoft has released their advance notification for the September 2014 Patch Tuesday updates. There will be a total of four updates issued next Tuesday, September 9, one of them rated critical.
The one critical update addresses a problem or problems in Internet Explorer in all versions of Windows. Following a pattern typical of IE updates, it is rated Critical on Windows client systems and Moderate on servers. The problems are likely mitigated by the Enhanced Security Configuration in Windows Server.
Two of the other updates are rated Important and affect Windows. One specifically affects the .NET Framework and all versions of Windows (oddly, except for Server Core versions of the non-R2 editions of Windows Server 2008) and could result in a denial of service. The other affects Windows 8.x, Windows RT and Windows Server 2012.
The final update will fix a denial of service bug in Lync Server 2010 and 2013 and is rated Important.
Microsoft will also release a new version of the Windows Malicious Software Removal Tool and probably some as-yet undisclosed number of non-security updates to various Windows versions. It has also become popular for other companies, most prominently Adobe, to release security updates for their own products on that day.