ID: IRCNE2014032120
Date: 2013-03-01

According to "computerworld", the number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
The vulnerability affects Internet Explorer 9 and 10 and was publicly revealed on Feb. 13 by researchers from security firm FireEye who found an exploit for the flaw being served from the Veterans of Foreign Wars (VFW) website.
Microsoft published a security advisory about the vulnerability, which is tracked as CVE-2014-0322, and released a "Fix It" tool as a temporary workaround. However, the company has not yet released a regular patch through the regular Windows update channel.
The attacks reported by FireEye and Websense are known as "watering hole attacks" because they involve compromising websites visited by particular groups of people that attackers wish to target -- in these particular cases U.S. military personnel and French defense contractors.
"We have continued to closely monitor attacks focusing on CVE-2014-0322," security researchers from Symantec said Tuesday in a blog post. "We've observed trends suggesting that attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) -- the zero-day attacks are expanding to attack average Internet users as well."
According to Symantec's telemetry data, the number of attacks that exploit this vulnerability increased dramatically since Feb. 22 and affected users in many parts of the world, including North America, Europe, the Middle East and Asia.
"If the attack is successful, the exploit drops a banking Trojan that steals login details from certain banks," the Symantec researchers said.
Users should either upgrade to Internet Explorer 11, which is not affected by this vulnerability, or install the Fix It solution provided by Microsoft.

ID: IRCNE2014032119
Date: 2013-03-01

According to "computerworld", the number of vulnerabilities found in Microsoft's Windows 7 and XP operating systems doubled last year over 2012, with the highest number of flaws reported in Windows 8, according to new research from Secunia.
The Denmark-based security company said 102 vulnerabilities were found in Windows 7 in 2013 and 99 in XP, up from 50 and 49 vulnerabilities respectively in 2012.
Windows 8 had the most vulnerabilities, at 156, but Secunia said that was due to the integration of Adobe System's Flash Player into the Internet Explorer browser, which accounted for 55 of those problems.
Secunia released the data in its annual report on software vulnerabilities, which looks at the 50 most commonly used programs and operating systems.
Microsoft took the first three spots in the list with its XML Core Services, followed by Windows Media Player and Internet Explorer. Adobe came in fifth place with its Flash Player and seventh place with Reader. Oracle occupied the number ten spot with its Java platform.
Eighty-six percent of the vulnerabilities found in the top 50 software products had a patch available on the day the vulnerability was disclosed, Secunia said.
Third party programs, which are made by a variety of vendors, contained about 76 percent of the vulnerabilities in the top 50 programs in 2013. That's down from 86 percent in 2012," according to the report.
Secunia found only 10 zero-day vulnerabilities, which are those actively being exploited that don't have a patch, in its top 50 portfolio.

شماره: IRCNE2014022115
تاريخ:07/12/92

بسياري از شركت ها در معرض تهديدات جدي قرار دارند زيرا كليدهاي رمزگذاري SSH كه براي تاييد هويت افراد براي دسترسي به سيستم هاي داخلي و سرويس هاي حياتي استفاده مي شوند، به خوبي مديريت نمي شوند.
تحقيقات موسسه Ponemon Institute از 2100 مدير سيستم در بيش از 2000 شركت در سراسر جهان نشان مي دهد كه سه شركت از چهار شركت در برابر حملات سطح root آسيب پذير مي باشند و اين آسيب پذيري به علت عدم مديريت صحيح كليدهاي SSH مي باشد.
با وجود آن كه بيش از 50 درصد از شركت هاي مورد مطالعه حملاتي را در رابطه با كليد SSH تجربه كرده اند، 53 درصد از آن ها اظهار داشتند كه هم چنان مديريت واحدي بر روي اين كليدها ندارند و 60 درصد بيان كردند كه هيچ راهي براي شناسايي كليدهاي جديد توليد شده در سازمان ندارند. حدود 46 درصد نيز اظهار داشتند كه هرگز كليدهاي SSH را تغيير نداده اند.
با توجه به گزارش منتشر شده توسط موسسه Ponemon، اين يافته ها نشان مي دهد كه يك شكاف قابل ملاحظه اي در كنترل هاي امنيتي سازمان ها وجود دارد.
كليدهاي SSH به مديران شبكه اجازه مي دهد تا از راه دور و از طريق يك تونل رمگذاري شده امن به سيستم متصل شوند.هم چنين مديران شبكه براي دسترسي به سيستم پايگاه داده، سرور برنامه هاي كاربردي، سيستم هاي ابر و سيستم هاي امنيتي سازمان از اين كليدها استفاده مي كنند. اين كليدها براي تاييد هويت ماشين هاي در حال اجراي فرآيندها و سرويس هاي خودكار نيز مورد استفاده قرار مي گيرد.
كليدهاي SSH هرگز منقضي نمي شوند و اين بدان معناست كه پس از آن كه كليد براي تاييد هويت دسترسي به يك سيستم استفاده شد، همان كليد مي تواند براي هميشه مورد استفاده قرار گيرد مگر آن كه مدير شبكه كليد را تغيير دهد. اگر هكري يك كليد SSH امن نشده را بدست آورد مي تواند به سرورها و سرويس هايي كه از اين كليد استفاده مي كنند دسترسي يابد و سپس مي تواند از اين طريق دسترسي به كليدهاي بيشتري را در شبكه بدست آورد تا بتواند به سيستم هاي ديگر شبكه نيز دسترسي يابد.
از آن جايي كه كليدهاي SSH در سطح مدير سيستم ايجاد مي شوند، دسترسي كامل به سيستم هاي سازمان م يتواند به هكر اجازه دهد تا كنترل كامل سيستم را بدست آورد در حالي كه اين حمله قابل شناسايي نيز نمي باشد.
اين مطالعه نشان داد كه شركت هاي بزرگ بيش از دها هزار كليد SSH بر روي شبكه خود دارند و اغلب آن ها به خوبي مديريت نمي شوند. اغلب شركت ها از وجود اين كليدها بر روي شبكه اطلاع كمي دارند ئ در نتيجه نمي توانند به خوبي آن ها را مديريت نمايند.
براي رفع اين مشكل، شركت ها بايد مشخص نمايند كه SSH در كجاها استفاده مي شود و چند كليد در سطح شبكه وجود دارد. سپس بايد راهي براي مديريت آن ها بيابند به گونه اي كه كليدها بر روي سرورهاي مناسب نگهداري شوند و فرآيندي را در نظر بگيرند تا اين كليدها در فواصل زماني خاص به طور خودكار تغيير يابند.

ID: IRCNE2014022118
Date: 2013-02-26

According to "zdnet", in addition to fixing a high-priority bug in SSL/TLS and shipping numerous feature tweaks and fixes, Apple released a large number of security fixes today to OS X, Safari and QuickTime for Windows.
There were 33 vulnerabilities patched in OS X, four in Safari and 10 in QuickTime for Windows.
Surprisingly, in addition to patching the current version OS X 10.9 (Mavericks), updates were also released for OS X 10.7.x (Lion) and OS X 10.8.x (Mountain Lion). In the time since they released Mavericks in October Apple has disclosed and but not patched dozens of vulnerabilities in Mountain Lion. This policy appears to have changed, but most of the vulnerabilities previously unpatched remain unpatched, according to Apple's disclosures.
Many of the OS X vulnerabilities are quite severe. Apple has a good deal of experience with this vulnerability having now patched it on 8 separate occasions in different programs:

• Ruby in Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4
• curl in Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
• Apache in Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
• Apple TV 4.0 through 4.3
• Data Security in iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad
• CFNetwork SSL and python in OS X 10.6.x through 10.8.5
• neon (XCode) for OS X Lion v10.7.4 and later
• Secure Transport for OS X Mountain Lion v10.8.5

The remaining vulnerabilities include many with which an attacker could execute privileged code, intercept confidential data or modify files. One vulnerability could allow an unprivileged user to change the system clock.
Four vulnerabilities were patched in Safari for Lion, Mountain Lion and Mavericks. All four are in the Webkit browser engine, and are memory corruption vulnerabilities with which an attacker could execute arbitrary code by getting the user to visit a malicious web site.
All ten vulnerabilities in QuickTime for Windows could allow remote code execution if the user plays a malicious movie file.

Related Links:
Apple promises to fix OS X encryption flaw 'very soon'

ID: IRCNE2014022117
Date: 2013-02-26

According to "techworld", Kaspersky Lab has spotted malware for the Android mobile operating system employing the TOR anonymity network.
TOR, short for The Onion Router, is software that offers users a greater degree of privacy when browsing the Internet by routing encrypted traffic between a user and a website through a network of worldwide servers. TOR can also be used to host websites on a hidden network.
The Android malware uses a TOR website as a command-and-control server, wrote Roman Unuchek of Kaspersky. Command-and-control servers are used to send instructions to the malware.
Adding TOR functions to desktop malware programs is nothing new. The latest finding shows hackers are increasingly targeting powerful mobile devices, which often hold valuable personal data. The malware can intercept SMSes, and collect other data, such as a user's phone number, the device's IMEI and the country where the device is located and request GPS coordinates.
Unuchek wrote that using a TOR site as a command-and-control server makes it "impossible to shut down."
The malware, which Kaspersky calls "Backdoor.AndroidOS.Torec.a" uses a package of software, called Orbot developed by The TOR Project that enables TOR on Android.
"We recommend keeping an eye out for any data usage increases from your mobile device, over-power consumption (running a constant TOR connection will no doubt drain your battery faster than otherwise) and any other kinds of odd behavior," Kujawa wrote.

ID: IRCNE2014022116
Date: 2013-02-26

According to "zdnet", researchers claim to have discovered another vulnerability which could allow hackers to log your keystrokes before sending such data to a remote server.
First spotted by Ars Technica, the security team at FireEye have developed a proof-of-concept application which could, in theory, run in the background of your mobile device and log your keystrokes without your knowledge.
In a blog post, the researchers say that this background monitoring can take place on both jailbroken and non-jailbroken devices running iOS 7.
FireEye says that this type of "flaw" could be used by potential attackers in order to break in to user accounts and spy on them, by duping them in to downloading a malicious application, conducting a phishing campaign, or by exploiting another remote vulnerability of an application.
Furthermore, FireEye states that disabling iOS7's "background app refresh" feature will not block the vulnerability as it can still be bypassed.
The latest scrutiny of Apple security comes as the tech giant quickly released a patch last Friday for an overlooked SSL encryption flaw which left iPhone, iPad and Mac devices open to man-in-the-middle (MITM) attacks.

Related Links:
Apple promises to fix OS X encryption flaw 'very soon'
Apple security update fixes iOS vulnerability

ID: IRCNE2014022115
Date: 2013-02-26

According to "computerworld", many companies are dangerously exposed to threats like the recently revealed Mask Advanced Persistent Threat because they don't properly manage the Secure Shell (SSH) cryptographic keys used to authenticate access to critical internal systems and services.
A Ponemon Institute survey of more than 2,100 systems administrators at Global 2000 companies discovered that three out of four enterprises are vulnerable to root-level attacks against their systems because of their failure to secure SSH keys.
Even though more than half of the surveyed enterprises had suffered SSH-key related compromises, 53% said they still had no centralized control over the keys and 60% said they had no way to detect new keys introduced in the organizations. About 46% said they never change or rotate SSH keys -- even though the keys never expire.
Those findings reveal a significant gap in enterprise security controls, said Larry Ponemon, founder and CEO of the Ponemon Institute.
SSH keys allow administrators to remotely login to and operate a system via a secure encrypted tunnel. Administrators use such keys to authenticate access to critical database systems, application servers, cloud systems and security systems. SSH keys are also used to authenticate machines running automated processes and services and to protect data in transit.
SSH keys never expire, meaning that once a key is used to authenticate access to a system, the same key can be used in perpetuity unless it is changed. A hacker who acquires an unsecured SSH key can use it to gain access to the server or service to which it is attached and then use that access to try and find more keys for jumping on to other systems in a network.
Because SSH keys provide administrator-level, fully encrypted access to enterprise systems, any compromise of the keys could allow an attacker to gain complete control of a system while they remain hidden from view.
Large enterprises can have tens of thousands of SSH keys on their network -- most of which are poorly managed, said Kevin Bocek, vice president of product marketing and threat research at security vendor Venafi, which commissioned the Ponemon survey.
Companies often have little knowledge about the presence of such keys on their networks and therefore do little to manage them.
To get a handle on the problem, enterprises must figure out where SSH is in use and how many keys might be floating about on their networks. They then need to find a way to correlate the keys back to the appropriate servers, evaluate whether they're needed and put in place a process for automatically changing keys.

شماره: IRCNE2014022118
تاريخ:07/12/92

شركت اپل علاوه بر برطرف نمودن مشكلات با اولويت بالا در SSl/TLS و انتشار چندين برطرف كننده و ويژگي براي محصولات خود، روز گذشته چندين اصلاحيه امنيتي را براي OS X، سافاري و QuickTime منتشر نمود.
در اين به روز رساني 33 آسيب پذيري در OS X، چهار آسيب پذيري در سافاري و 10 آسيب پذيري در QuickTime اصلاح شدند. شركت اپل به طور غيرمنتظره اي علاوه بر انتشار اصلاحيه براي نسخه جاري سيستم عامل مكينتاش OS X 10.9 (Mavericks)، اصلاحيه هايي براي سيستم هاي OS X 10.7.x (Lion) و OS X 10.8.x (Mountain Lion) نيز منتشر كرد. از زمان انتشار نسخه Mavericksدر ماه اكتبر تاكنون اپل آسيب پذيري هاي موجود در نسخه قديمي Mountain Lion را افشاء ساخته بود اما اصلاحيه اي را براي آن ها منتشر نكرده بود. به نظر مي رسد اين سياست تاحدودي تغيير كرده است اما بسياري از آسيب پذيري هايي كه قبلا اصلاح نشده بودند نيز هم چنان بدون اصلاحيه باقي ماندند.
بسياري از آسيب پذيري هاي OS X بسيار جدي مي باشند. شركت اپل اين آسيب پذيري ها را در 8 مورد جداگانه در برنامه هاي مختلف اصلاح كرده است.

• Ruby in Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4
• curl in Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3
• Apache in Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2
• Apple TV 4.0 through 4.3
• Data Security in iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad
• CFNetwork SSL and python in OS X 10.6.x through 10.8.5
• neon (XCode) for OS X Lion v10.7.4 and later
• Secure Transport for OS X Mountain Lion v10.8.5

ساير آسيب پذيري هاي باقي مانده شامل آن هايي مي شود كه به مهاجم اجازه مي دهند تا كدي را با دسترسي خاص اجرا نمايند، داده هاي محرمانه را ردگيري كنند و يا فايل ها را تغيير دهند. يكي از اين آُسيب پذيري ها به كاربر غيرمجاز اجازه مي دهد تا ساعت دستگاه را تغيير دهد.
در به روز رساني روز گذشته شركت اپل نيز چهار آسيب پذيري در سافاري براي Lion، Mountain Lion و Mavericks برطرف شده است. تمامي اين چهار آسيب پذيري در موتور Webkit مرورگر قرار دارند. هم چنين يك آسيب پذيري تخريب حافظه برطرف شده است كه به مهاجم اجازه مي دهد تا با فريب كاربر به مشاهده يك وب سايت خرابكار، كد دلخواه را اجرا نمايد.
تمامي 10 آسيب پذيري موجود در QuickTime براي ويندوز مي تواند منجر به اجراي كد از راه دور شود اگر كاربر يك فايل فيلم مخرب را مشاهده كند.

مطالب مرتبط:
رخنه مهم رمزگذاري در OS X به زودي برطرف خواهد شد

شماره: IRCNE2014022117
تاريخ:07/12/92

آزمايشگاه كسپراسكاي بدافزاري را براي سيستم عامل تلفن همراه اندرويد كشف كرده است كه براي شبكه گمنام TOR خدمت مي كند.
TOR، كه مخفف The Onion Router است نرم افزاري است كه به كاربران خدمات بهتري از حريم خصوصي را هنگام جستجو در اينترنت پيشنهاد مي دهد. اين خدمات شامل رمزگذاري ترافيك بين كاربر و وب سايت از طريق شبكه اي از سرورهاي سراسر جهان مي باشد.هم چنينTOR مي تواند براي ميزباني وب سايت ها بر روي يك شبكه پنهان استفاده گردد.
Roman Unuchek از آزمايشگاه كسپراسكاي نوشت: اين بدافزار اندرويد از يك وب سايت TOR به عنوان يك سرور كنترل و فرمان استفاده مي كند.
افزودن ويژگي هاي TOR به محيط يك برنامه مخرب ايده جديدي نيست. آخرين يافته ها نشان مي دهد كه هكرها به طور فزاينده اي دستگاه هاي تلفن همراه را مورد هدف قرار داده اند. بدافزار تازه كشف شده مي تواند از ارسال پيام هاي كوتاه متني جلوگيري كند و داده هاي ديگري مانند شماره تلفن كاربر، IMEI دستگاه و كشوري كه دستگاه در آن قرار دارد و هم چنين درخواست هاي GPS را جمع آوري نمايد.
يكي از محققان امنيتي اظهار داشت كه استفاده از يك سايت TOR به عنوان سرور كنترل و فرمان باعث مي شود تا از كار انداختن آن غيرممكن باشد.
اين بدافزار كه آزمايشگاه كسپراسكاي آن را "Backdoor.AndroidOS.Torec.a" ناميده است از بسته اي از نرم افزار Orbot استفاده مي كند كه توسط The TOR Project طراحي شده است و اجازه مي دهد تا اين وب سايت ها بر روي اندرويد قابل مشاهده باشند.
توصيه مي شود تا هر گونه استفاده بيش از حد از داده هاي روي تلفن همراه، مصرف بالاي باطري و يا هر رفتار مشكوك ديگري را بر روي تلفن همراه خود جدي بگيريد.

شماره: IRCNE2014022116
تاريخ:07/12/92

محققان ادعا مي كنند كه آسيب پذيري ديگري را در سيستم هاي اپل كشف كردند كه به مهاجم اجازه مي دهد تا ضربات صفحه كليد را قبل از ارسال داده به سرور راه دور ثبت كنند.
اين آسيب پذيري اولين بار توسط Ars Technica كشف شد و گروه امنيتي FireEye براي اثبات اين ادعا برنامه اي را طراحي كردند كه مي تواند در پس زمينه تلفن همراه اپل اجرا شود و ضربات صفحه كليد را بدون آگاهي كاربر ثبت نمايد.
محققان بر اين باور هستند كه اين برنامه مي تواند بر روي دستگاه هاي تلفن همراه در حال اجرايiOS7 اجرا شود.
FireEye در گزارش خود آورده است كه اين نوع رخنه مي تواند توسط هكرهاي بالقوه به منظور وارد شدن به حساب كاربري فرد و جاسوسي او مورد استفاده قرار گيرد. اين سوء استفاده از طريق فريب دادن فرد به دانلود يك برنامه خرابكار، اتصال به كمپين سرقت هويت يا با سوء استفاده از آسيب پذيري ديگري در يك برنامه كاربردي انجام مي گيرد.
FireEye اعلام كرد كه غيرفعال كردن ويژگي "background app refresh" بر روي iOS 7 مانع از سوءاستفاده از اين آسيب پذيري نمي شود.
هفته گذشته شركت اپل يك رخنه رمزگذاري SSL را در محصولات خود برطرف كرد كه به مهاجم اجازه مي داد تا حملات MITM را راه اندازي نمايد.

مطالب مرتبط:
رخنه مهم رمزگذاري در OS X به زودي برطرف خواهد شد
ترميم آسيب‌پذيری iOS