شماره: IRCNE2014032138
تاريخ:07 /01/93

شركت مايكروسافت اعلام كرد كه يك آسيب پذيري اصلاح نشده در مايكروسافت ورد در حال سوء استفاده شدن است.
تمامي نسخه هاي مايكروسافت ورد در هر دو نسخه مكينتاش و ويندوز و چندين محصول ديگر مانند Word Viewer، Word Automation Services بر روي سرور SharePoint نيز آسيب پذير مي باشند اما حمله اخير بر روي مايكروسافت ورد 2010 انجام شده است. اين قبيل سوء‌ استفاده ها اغلب بر روي نسخه هاي خاص و در حملات هدفمند صورت مي گيرد.
هم چنين مايكروسافت اعلام كرد كه مايكروسافت Outlook مي تواند در اينگونه حملات مورد سوء استفاده قرار بگيرد. در تنظيمات پيش فرض ورد در Outlook نسخه هاي 2007، 2010 و 2013 به عنوان فايل ناظر عمل مي كند.
شركت مايكروسافت مقاله اي همراه با يك ابزار برطرف كننده موقت اين آسيب پذيري منتشر كرده است و در آن اشاره كرده است كه با غيرفعال كردن پشتيباني از فايل هاي RTF مي توان با اين مشكل مقابله كرد.
يك سوء استفاده موفقيت آميز به مهاجم اجازه مي دهد تا كنترل ورد كاربر را با داشتن دسترسي هاي كاربر در اختيار بگيرد. شركت مايكروسافت هم چنين اعلام كرد كه ابزار Enhanced Mitigation Experience Toolkit مي تواند با اين آسيب پذيري مفابله كند.
اين آسيب پذيري توسط Drew Hintz، Shane Huntley و Matty Pellegrino از گروه امنيتي گوگل به شركت مايكروسافت گزارش شده است.

Number:IRCNE2014032139
Date: 2014-03-27

According to “computerworld”, Cisco Systems released security updates for its IOS software used on routers, switches and other networking gear to fix seven vulnerabilities that could be exploited by attackers to hurt the performance of affected devices or force them to reboot.
The newly released IOS versions contain patches for two vulnerabilities identified in the software's Network Address Translation (NAT) feature that's commonly used in routing scenarios. One vulnerability could be exploited by sending malformed DNS packets to be processed and translated by an affected device and the other by sending certain sequences of TCP packets.The Cisco IOS XR and Cisco IOS XE software families are not affected by these two NAT vulnerabilities.
A separate vulnerability was identified and patched in the IP version 6 (IPv6) protocol stack implementation in Cisco IOS and Cisco IOS XE software, Cisco said in an advisory.
Another vulnerability was found and patched in the Secure Sockets Layer (SSL) VPN subsystem of the Cisco IOS software. The flaw allows an attacker to consume the memory of an affected device by submitting crafted HTTPS requests. This could impact the device's performance, could cause certain processes to fail or could lead to a device restart.The Cisco IOS XE and Cisco IOS XR software is not affected by this vulnerability and neither is the Cisco ASA 5500 Series Adaptive Security Appliance.
A sixth vulnerability was found in the Session Initiation Protocol (SIP) implementation in Cisco IOS and Cisco IOS XE. SIP is widely used for establishing multimedia communications like voice and video calls over the Internet.
The vulnerability only affects devices configured to process SIP messages and running Cisco IOS 15.3(3)M and 15.3(3)M1 or Cisco IOS XE 3.10.0S and 3.10.1S1, Cisco said in an advisory.
The last denial-of-service vulnerability patched Wednesday affects only IOS software running on the RSP720-3C-10GE and RSP720-3CXL-10GE models of the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks.The Cisco IOS XE and IOS XR software is not affected by this vulnerability.

Number:IRCNE2014032138
Date: 2014-03-27

According to “zdnet”, Microsoft announced today that an unpatched vulnerability in Microsoft Word is being exploited in the wild.
All versions of Microsoft Word, both Mac and Windows, and several related programs like the Word Viewer and Word Automation Services on Microsoft SharePoint Server are also vulnerable, but the current attacks are directed at Microsoft Word 2010. Exploits such as these are often version-specific, and in targeted attacks, such as this appears to be, the attacker may already know which version he needs to exploit.
Microsoft also says that Microsoft Outlook could also be exploited with such an RTF file if Word were set as the viewer for Outlook. In the default configuration Word is the viewer in Outlook 2007, 2010 and 2013.
Microsoft has issued a Knowledge Base article with a "Fix It" tool which works around the problem by disabling support for RTF.
A successful exploit would give the attacker control with the privileges of the user running Word, so running with standard user privileges could lessen the damage that an attacker could cause. Microsoft also says that their Enhanced Mitigation Experience Toolkit (EMET) tool can mitigate this vulnerability.
The vulnerability was reported to Microsoft by Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google Security Team.

Number:IRCNE2014032140
Date: 2014-03-28

According to “zdnet”, a Linux worm variant found in the wild targets routers, set-top boxes, and now PCs in order to mine for cryptocurrency.
According to research firm Symantec, a new Internet of Things (IoT) worm was discovered last November. Dubbed Linux.Darlloz, the worm targets computers running Intel x86 architectures, as well as devices running the ARM, MIPS and PowerPC architectures, such as routers and set-top boxes.
Preloaded with usernames and passwords in order to crack into such systems, a new variation has now been found, which continuously updates and is now making money through the mining of cryptocurrency.
Kaoru Hayashi, a senior development manager and threat analyst with Symantec, wrote that the new version focuses on finding Intel architecture PCs in order to install "cpuminer," an open-source mining program.
In Symantec's last scan, researchers found that 31,000 devices have been infected with the worm, with half of the infections based in India, China, South Korea, Taiwan, and the United States.
It is believed that the hackers capitalize on a backdoor in several router types, which can be exploited to gain remote access. However, this represents a threat to Darlloz if more malware is installed, and so the author implemented a feature to block the backdoor port by "creating a new firewall rule on infected devices to ensure that no other attackers can get in through the same back door."
In total, 31,716 identified IP addresses were infected. 43 percent of Darlloz infections compromised Intel based-computers or servers running on Linux, and 38 percent of Darlloz infections have affected a variety of IoT devices.
Symantec suggests that security patches are applied to all software installed on PCs or IoT devices, and passwords are changed from default settings. In addition, to further improve security, blocking connections on ports 23 and 80 are recommended.

شماره: IRCNE2014032137
تاريخ:28/12/92

در حدود يك سال پيش يك راه نفوذ مخفي در سرورهاي وب آپاچي با نام ‘Cdorked’ كشف شد. شركت امنيتي ESET در تحقيقات اخير خود دريافت كه اين راه نفوذ مخفي قسمتي از يك بات نت بزرگتر لينوكسي با نام 'Windigo' مي باشد كه از سال 2011 براي ارتباط ربايي بيش از 26000 سرور لينوكس مديريت مي شود.
'Windigo'يك بات نت بسيار قدرتمند است كه هدف آن ارسال دها ميليون پيام هرزنامه اي در روز، سرقت اعتبارنامه هاي SSH، ميزباني بدافزار هاي drive-by و تغيير مسير آدرس هاي وبي مي باشد.
شركت ESET اعلام كرد كه تعداد سرورهاي لينوكسي كه تحت تاثير اين بات نت قرار گرفته اند، 26024 سرور تخمين زده شده است كه از جمله قربانيان آن سايت kernel.org بنياد لينوكس و تعداد قابل توجهي از شركت هاي ميزباني وب مانند cPanel مي باشند. علاوه بر سرورها، كامپيوترهاي شخصي كه اين سايت ها را مشاهده كرده اند نيز مي توانند در معرض خطر قرار گيرند.
يك محقق از شركت امنيتي ESET معتقد است كه در حال حاضر 10000 سرور در كنترل بات نت 'Windigo' قرار دارند. بيش از 35 ميليون پيام هرزنامه اي هر روز براي حساب هاي كاربري كاربران بيگناه فرستاده مي شود و رايانه آن ها را در معرض خطر قرار مي دهد. بدتر از آن، هر روز 500 هزار رايانه اي كه وب سايت هايي حاوي بدافزار را مشاده مي كنند، در معرض آلودگي قرار دارند. اين رايانه ها توسط بات نت 'Windigo' به سمت كيت هاي سوء استفاده و تبليغات مخرب هدايت مي شوند.
سرورهايي كه توسط اين بات نت آلوده شده اند شامل سرورهاي در حال اجراي Apple OS X، OpenBSD، FreeBSD، ويندوز مايكروسافت و لينوكس شامل لينوكس بر روي معماري ARM مي باشند.
ادمين هايي كه دريافتند سيستم آن ها آلوده به اين بات نت است بايد ابتدا سيستم را پاك سازي كرده و سپس براي آن مجددا سيستم عامل نصب نمايند. هم چنين بايد در آينده از فرِآيند احراز هويت دو مرحله اي استفاده نمايند.

شماره: IRCNE2014032136
تاريخ:28/12/92

يك مطالعه جديد نشان مي دهد كه اكثر كسب و كارها در سراسر جهان براي مقابله با حملات سايبري آمادگي ندارند.
تحقيقات انجام شده توسط موسسهEconomist Intelligence و شبكه آربور نشان مي دهد كه در حالي كه حملات سايبري در حال افزايش است اما شركت ها براي مقابله با تهديدات متداول در وضعيت خوبي قرار ندارند.
اگر هكرها موفق شوند چه از طريق شبكه شركت يا از طريق دسترسي به سيستم هاي ثالثي كه روي شبكه قرار دارند به سيستم يك شركت نفوذ كنند در نتيجه اطلاعات كلاينت ها مانند اطلاعات مالي، آدرس ها و جزئيات تماس در معرض خطر جدي قرار مي گيرد.
اگر در شركتي نشتي رخ دهد نه تنها هزينه زيادي براي ترميم آن نياز است كه اعتبار و آّبروي آن شركت نيز آسيب جدي مي بيند. در صورتي كه نتوان اعتماد مصرف كننده را جذب نمود، سود آينده شركت كاهش مي يابد. به عنوان مثال در هك اخيري كه بر روي خرده فروشي هاي Target صورت گرفت، 40 ميليون ركورد مشتريان حاوي اطلاعات كارت اعتباري و حدود 70 ميليون حساب كاربري با اطلاعاتي شامل آدرس منزل و شماره تلفن همراه به سرقت رفت. اين نوع از حملات سايبري به راحتي قابل بازيابي نيست.
بنا به تحقيقات صورت گرفته، بسياري از شركت ها هم چنان درك نمي كنند كه داشتن كارمندان ماهر و سرمايه گذاري پول و زمان براي امن نگهداشتن يك شبكه ضروري است.
پس از بررسي هاي انجام شده بر روي 360 شركت در سراسر ايالات متحده، اروپا و آسيا مشخص شد در حالي كه 77 درصد از اين شركت ها در دو سال گذشته حداقل يك نشت امنيتي را تجريه كرده اند اما هم چنان 38 درصد از آن ها هيچ برنامه اي براي پاسخ گويي به اين گونه رخدادها ندارند.
تنها 17 درصد از كسب و كارهاي سراسر جهان اعلام كرده اند كه به صورت كامل براي مقابله با رخدادهاي امنيتي آنلاين آمادگي دارند.

ID: IRCNE2014032137
Date: 2013-03-19

According to "techworld", the curious ‘Cdorked’ Apache web server backdoor that alarmed admins a year ago was only one part of a larger 'Windigo' Linux-Unix botnet that has managed to hijack 26,000 Linux servers since 2011, security firm ESET has discovered.
The campaign analysed in some detail by ESET in conjunction with Sweden’s CERT-Bund and physics lab CERN is that of a compact but potentially very powerful botnet whose purposes include sending tens of millions of spam messages per day, stealing SSH credentials, serving drive-by malware and web redirection.
The number compromised Linux servers since it was discovered stood at 26,024, rising at a rate of 38 per day, with prominent victims including the Linux Foundation’s kernel.org site and a sizable number of hosting firms including cPanel. Although this sounds modest, because these are servers, every PC visiting them could be at risk, ESET said.
"Windigo has been gathering strength, largely unnoticed by the security community, for over two and a half years, and currently has 10,000 servers under its control," said ESET security researcher Marc-Étienne Léveillé.
"Over 35 million spam messages are being sent every day to innocent users' accounts, clogging up inboxes and putting computer systems at risk. Worse still, each day over half a million computers are put at risk of infection, as they visit websites that have been poisoned by web server malware planted by Operation Windigo redirecting to malicious exploit kits and advertisements."
Servers affected by Windigo included those running Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture.
Anyone discovering an infection would have to wipe the affected system and re-install the OS. They should also consider using two-factor authentication in future.

ID: IRCNE2014032136
Date: 2013-03-19

According to "computerworld", a new survey suggests that the majority of businesses across the globe are unprepared to deal with cyberattacks in the future.
Research conducted by the Economist Intelligence Unit and Arbor Networks says that while cyberattacks are on the rise, corporations are still woefully unprepared in dealing with the prevalent threat.
If hackers manage to break in to a corporate system, whether through the primary network or through a third party with access to systems, then this can leave client information at risk -- including finances, addresses and contact details.
Once a breach occurs, not only can this cost a firm a fortune to fix, but a company's reputation is likely to be damaged -- which in turn can lower future profit margins if consumer trust cannot be restored. As an example, U.S. retailer Target's recent security breach resulted in the theft of at least 40 million customer records containing credit and debit card data, as well as approximately 70 million accounts with information including home addresses and mobile phone numbers.
These kinds of cyberattacks, especially in high-profile cases, are not easy to recover from. Despite this, the business intelligence provider and security firms' report, "Cyber incident response: Are business leaders ready?" says that many companies are still not getting the message -- that skilled employees and the investment of time and money are necessary to keep networks safe.
After surveying 360 senior business leaders in companies across the U.S., Europe and Asia-Pacific, the companies found that while 77 percent of firms have suffered a security breach in the past two years, over a third of firms -- 38 percent -- still have no incident response plan in place should a cyberattack occur.
A mere 17 percent of businesses worldwide claim to be "fully prepared" for an online security incident.

شماره: IRCNE2014032135
تاريخ:27/12/92

استفاده از دستگاه هاي تلفن همراه براي گرفتن پرينت با پرينترهاي شركت امري بديهي است. Hewlett-Packard سعي كرده است از طريق ويژگي پرينت مستقيم بي سيم با خطرات امنيتي اين روش مقابله نمايد.
شركت HP دو ويژگي NFC و واي فاي مستقيم را به پرينترهاي رنگي ليزري جديد اضافه كرده است در نتيجه دستگاه هاي تلفن همراه مي توانند بدون اتصال به شبكه سازمان و به طور مستقيم يك ارتباط بي سيم را با پرينتر برقرار نمايند. اين پرينترها مي توانند يك ارتباط نظير به نظير را با تبلت ها يا گوشي هاي هوشمند برقرار نمايند و كاربران مي توانند به راحتي و به طور مستقيم درخواست هاي پرينت خود را براي يك پرينتر ارسال نمايند.
مدير شركت HP اظهار داشت: هدف از افزودن اين دو ويژگي آن است كه كاربران شركت ها به راحتي بتوانند به پرينتر دسترسي داشته باشند و هم چنين به راحتي بتوان با تبلت ها و گوشي هاي هوشمند تقلبي مبارزه كرد.
پرينترهاي سازمان به طور فزاينده اي براي گرفتن پرينت اسناد شخصي مورد استفاده قرار مي گيرند و در محيط هايي كه از دستگاه هاي شخصي استفاده مي شود، دستگاه هاي تقلبي مي توانند يك مشكل امنيتي محسوب شوند. ويژگي هاي جديد نظير به نظير براي پرينت گرفتن مي تواند باعث شود تا محيط هاي BYOD راحت تر مديريت شود.
بسياري از پرينترها اغلب بواسطه ديوار آتش به سيستم متصل مي شوند و براي كاربران مجوزهاي خاصي براي پيرنت گرفتن درنظر گرفته مي شود و بر روي سيستم اعمال مي گردد. اما اتصال مستقيم به پرينترها از طريق ويژگي هاي NFC و واي فاي مستقيم مستقل از ديوار آتش عمل مي كند و هم چنين ديگير نيازي نيست تا مدير شبكه مجوزهاي خاص را براي كاربران BYOD نمايند.
شركت HP به همراه انتشار پرنترهاي ليزري جديد خود، نرم افزاري را براي امنيت بيشتر پرينترها پيشنهاد مي دهد. نرم افزار مربوطه براي دستگاه هاي تلفن همراه برنامه ePrint Enterprise 3.2 مي باشد كه قبل از اتصال كاربر به پرينتر لايه هاي امنيتي را ارائه مي دهد.

ID: IRCNE2014032135
Date: 2013-03-18

According to "computerworld", using mobile devices for one-off printing tasks on office printers may not be a big deal, but Hewlett-Packard is trying to mitigate any security risk through direct wireless printing features it is bringing to enterprise printers.
HP is adding NFC (near-field communication) and Wi-Fi Direct to its new color LaserJet printers so mobile devices can establish a wireless connection directly to a printer without being logged into an office network. The printer establishes a peer-to-peer connection to tablets or smartphones, and users can send a print command direct to a printer within proximity.
The goal is to provide everyone in an office easy access to a printer, and keep rogue smartphones and tablets from a corporate network, said Todd Gregory, director at HP's Personal and Printing Systems group.
Increasingly, office printers are being used to print personal documents, but rogue devices can be a security hazard in bring-your-own-device environments, Gregory said. The new peer-to-peer printing features can make BYOD environments easier to manage while ensuring document security on corporate networks.
Many printers are usually connected behind a firewall to the document workflow system, with security measures in place to print and access documents. A direct connection to printers through NFC or Wi-Fi Direct is independent of the firewall, and also spares system administrators from putting permissions in place in mobile-device-management software.
HP is also offering software to secure printing. HP announced the ePrint Enterprise 3.2 app for mobile devices, which adds security layers before users are allowed to print either through a peer-to-peer connection or over a Wi-Fi network.