Number: IRCNE2014082299
Date: 2014-08-30

According to “computerworld”, cybercriminals are using a new information-stealing malware program to target companies from the automobile industry in Europe, security researchers warned.
The attack campaign started in early August and primarily targeted rental, insurance, transport and secondary market businesses for commercial and agricultural vehicles, according to a new report by researchers from antivirus vendor Symantec.
The attackers distributed their malware program through spear-phishing emails claiming to originate from a company called Technik Automobile that was seeking to acquire used and pre-owned vehicles. The emails contained an attachment called TechnikAutomobileGMBH.pdf.zip that was supposedly a list of vehicles, but in fact contained an installer for a Trojan program called Carbon Grabber.
"The malicious file will decrypt another executable from its body and inject code into Microsoft Outlook, Internet Explorer, Google Chrome, and Mozilla Firefox processes on the compromised computer," said Symantec researcher Lionel Payet in a blog post Friday. "The malware hooks the browser APIs [application programming interfaces], allowing it to steal information before it is encrypted and sent out to the network."
Like other man-in-the-browser Trojan programs, Carbon Grabber is capable of stealing log-in credentials for various Web services, including online banking websites and internal Web applications. It can also steal Microsoft Outlook credentials and use them to send emails on behalf of the victims.
In the attack campaign observed by Symantec, the rogue emails were sent to the customer service departments of the targeted companies.
The automobile industry has been the primary target for Carbon Grabber attacks, accounting for 48 percent of the victims observed by Symantec. However, the malware has also affected companies from other business sectors including public services, finance, charity, energy, research, telecommunications and tourism.

Number: IRCNE2014082300
Date: 2014-08-30

According to “zdnet”, Microsoft today re-released the updates for security bulletin MS14-045. This update had been released on the August Patch Tuesday, August 12, but withdrawn later in the week after user reports of blue screen crashes and disabled systems.
At the same time Microsoft withdrew MS14-045, it withdrew three non-security updates, KB2970228, KB2975719 and KB2975331. None of those have been reissued and we have no further information on them.
The security bulletin says that "Microsoft strongly recommends that customers who have not uninstalled the 2982791 update [i.e., the old version, released on Patch Tuesday] do so prior to applying the 2993651 update [the new version]." This recommendation applies to users whether they are having problems with the old update or not. Note that Windows Update and Automatic Updates do not remove the old version.
To uninstall the update go to Control Panel, Programs and Features, Installed Updates, find the 2982791 update in the Microsoft Windows section, right click and uninstall. You can find the update by searching for "KB2982791" in the Control Panel for uninstalling updates. See the screen capture below.
The update addresses three Windows kernel bugs, two of which could result in privilege elevation and the third in exposure of sensitive kernel information.

Number: IRCNE2014082301
Date: 2014-08-30

According to “zdnet”, Sony's PlayStation Network has once again become the target of a cyberattack.
In a blog post published Sunday, Sony admitted that a distributed denial of service (DDoS) attack impacted online services -- Sony's PlayStation Network and the Sony Entertainment Network -- but insisted that user's personal information remains safe. Sony representatives said that the company has "seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information," although the DDoS attack did scupper scheduled maintenance plans.
In 2011, Sony's PlayStation Network was thrown into the spotlight following a security breach which compromised the security of 77 million user accounts. Personal information including names, addresses, e-mail addresses, dates of birth, and account passwords were put at risk, as well as user credit card numbers.
The networks are now back online, and users can once again access Sony services.

Number: IRCNE2014082302
Date: 2014-08-30

According to “techworld”, most admins already know that Java and Adobe’s Flash and Reader are the most vulnerable pieces of software on the average Windows PC. A new analysis from Heimdal Security suggests that while 2014 has been better than last year vendors and customers remains pretty snowed under by the number of vulnerabilities in these programs.
Looking at the last three years to 2014 (so far), it becomes obvious that 2013 was an extreme outlier, showing soaring public vulnerability numbers, in particular for Java, which reached a stunning total of 180.
The numbers of vulnerabilities revealed each month has also reduced somewhat, almost back to 2012 levels, even if Java has managed to record 90 in 2014 with some months still to go. But the average CVSS (Common Vulnerability Scoring System) rating for these flaws remains high at between a 7 and a 9 across these programs.
Java, in particular, is a headache, so much so that it should probably be removed from every and any system that doesn’t need it.
”Our intelligence data from the last 3 years, shows that more than 99 percent of computers running on Windows operating systems are likely to use either Java, Acrobat Reader or Flash Player,” said Heimdal’s CEO, Morten Kjaersgaard.
Vulnerabilities don’t tell the whole story, for example how many are exploited in real attacks. But there is a relationship between the vulnerability of software and the likelihood of that happening.
“Software manufacturers such as Oracle, Adobe and Apple need to step up their game in patching software quickly and software users need to take into consideration that they are left on their own with wide open computers at the moment.”

Number: IRCNE2014092303
Date: 2014-09-01

According to “techworld”, new figures from Dell SecureWorks suggest that the current market leader, CryptoWall, hasn’t been as profitable as the infamous CryptoLocker despite infecting more PCs and holding hostage a staggering 5.25 billion files.
In December 2013, CryptoWall had infected at least 250,000 systems in its first 100 days out of an eventual total somewhere north of half a million at the point its distribution network was finally blitzed by Operation Tovar in May. Exactly how many victims eventually paid up is unknown but Dell’s original estimate was around 0.4 percent.
“Additionally, it is likely the CryptoWall operators do not have a sophisticated ‘cash out’ and laundering operation like the Gameover Zeus crew [which distributed CryptoLocker].”Nevertheless, CryptoWall had still managed to encrypt a staggering 5.25 billion files, the firm said.
It’s worth remembering that although less successful than CryptLocker, since appearing in CryptoWall (also known as CryptoDefense) has managed to infect PCs in every country on earth.

ID: IRCNE2014092304
Date: 2014-09-06

According to “ZDNet”, Microsoft has released their advance notification for the September 2014 Patch Tuesday updates. There will be a total of four updates issued next Tuesday, September 9, one of them rated critical.
The one critical update addresses a problem or problems in Internet Explorer in all versions of Windows. Following a pattern typical of IE updates, it is rated Critical on Windows client systems and Moderate on servers. The problems are likely mitigated by the Enhanced Security Configuration in Windows Server.
Two of the other updates are rated Important and affect Windows. One specifically affects the .NET Framework and all versions of Windows (oddly, except for Server Core versions of the non-R2 editions of Windows Server 2008) and could result in a denial of service. The other affects Windows 8.x, Windows RT and Windows Server 2012.
The final update will fix a denial of service bug in Lync Server 2010 and 2013 and is rated Important.
Microsoft will also release a new version of the Windows Malicious Software Removal Tool and probably some as-yet undisclosed number of non-security updates to various Windows versions. It has also become popular for other companies, most prominently Adobe, to release security updates for their own products on that day.

ID: IRCNE2014092305
Date: 2014-09-06

According to “ZDNet”, taking another page from Microsoft's book, Adobe has issued a Prenotification Security Advisory for Adobe Reader and Acrobat.
On Tuedsay, Adobe will release new versions of Reader and Acrobat for Windows and Mac. The new version will address one or more critical vulnerabilities in the software.
The affected versions are Reader and Acrobat X 10.1.11 and earlier and Reader and Acrobat XI 11.0.08.

Number: IRCNE2014092306
Date: 2014-09-07

According to “techworld”, Mozilla has added a defense in its latest version of Firefox that would help prevent hackers from intercepting data intended for major online services.
The feature, known as certificate key pinning, allows online services to specify which SSL/TLS (Secure Sockets Layer/Transport Security Layer) certificates are valid for their services. The certificates are used to verify a site is legitimate and to encrypt data traffic.
In theory, that allowed the hackers to set up a fake website that looked like Gmail and didn't trigger a browser warning of an invalid SSL certificate. Security experts have long warned that attacks targeting certificate authorities are a threat.
Certificate pinning would have halted that kind of attack, as Firefox would have known Diginotar shouldn't have issued a certificate for Google.
In Firefox 32, "if any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal," wrote Sid Stamm, senior manager of security and privacy engineering at Mozilla, on a company blog.
"When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error," he continued.
The "pins" for the certificates of online services have to be encoded into Firefox. Firefox 32, released this week, supports Mozilla sites and Twitter.

Number: IRCNE2014092307
Date: 2014-09-07

According to “techworld”, attackers are actively exploiting a critical vulnerability in a WordPress plug-in that's used by a large number of themes, researchers from two security companies warned Wednesday.
The vulnerability affects versions 4.1.4 and older of Slider Revolution, a commercial WordPress plug-in for creating mobile-friendly content display sliders. The flaw was fixed in Slider Revolution 4.2 released in February, but some themes -- collections of files or templates that determine the overall look of a site -- still bundle insecure versions of the plug-in.
The vulnerability can be exploited to execute a local file inclusion (LFI) attack that gives hackers access to a WordPress site's wp-config.php file, researchers from Web security firm Sucuri said in a blog post. This sensitive file contains database access credentials that can be used to compromise the whole site, the researchers said.
Information about the vulnerability circulated on underground forums for several months, but on Sept. 1 someone posted a proof-of-concept exploit for it on a public site, including a list of WordPress themes that are likely affected, security researchers from Trustwave said Wednesday in a blog post.
"We fix all issues within hours," a technical support representative for Damojo, the Cologne, Germany, company that owns ThemePunch, said Thursday via email. "As you know it is essential that all your plugins, WordPress and servers are always updated with the latest releases. Our direct customers do and can update their plugin regularly and automatically if they choose to."
The latest version of Slider Revolution is 4.6, released on Aug. 25, but this particular vulnerability only affects versions older than 4.2.

Number: IRCNE2014092323
Date: 2014-09-17

According to “zdnet”, in addition to the large list of vulnerabilities fixed in iOS 8, Apple has released new versions of many other products to fix many other vulnerabilities.
iOS 8 fixed 53 vulnerabilities in earlier versions. The other new versions — OS X Mavericks 10.9.5; Safari 6.1.6, 7.0.6, 6.2 and 7.2; Xcode 6.0.1; OS X Server 2.2.3 and 3.2.1; and Apple TV 7 — fix another 53.
Many of the fixes in OS X Mavericks 10.9.5 and Security Update 2014-004 are problems with common open source programs which the average user might not use. Among these are Apache mod_php, Ruby and QT Media Foundation. But several are serious, especially the bugs in the Intel Graphics Driver, IOAcceleratorFamily and Libnotify, one of which allows a malicious application to execute arbitrary code with root privileges. This is a very critical update for Mac users. All of the bugs fixed in Apple TV were among those fixed in OS X.
Nearly all the flaws fixed in Safari 6.1.6, 6.2, 7.0.6 and 7.2 are memory corruption bugs in the WebKit browser engine which could allow remote code execution. The others are information disclosure bugs.
OS X Server 2.2.3 and 3.2.1 both fix a SQL injection bug which could allow an attacker to run arbitrary SQL queries. Version 3.2.1 also fixes a JavaScript injection bug and multiple critical bugs in PostgreSQL.