شماره: IRCNE2014022109
تاريخ: 3/12/92

شركت ادوبی به‌روز رساني‌هاي حياتي براي فلش‌پلير بر روي سيستم‌هاي ويندوز، مك و لينوكس عرضه كرده است. نسخه 12.0.0.44 و نسخه‌هاي پيش از آن براي ويندوز و مكينتاش و نسخه 11.2.202.336 و نسخه‌هاي پيش از آن براي لينوكس در برابر سه آسيب‌پذيري مختلف آسيب‌پذير هستند.
يكي از اين آسيب‌پذيري‌ها (CVE-2014-0502) به طور گسترده مورد سوء استفاده قرار گرفته است.
نسخه جديد فلش‌پلير براي ويندوز و مك، نسخه 12.0.0.70 است. نسخه جديد اين نرم‌افزار براي لينوكس نيز 11.2.202.341 است. به‌روز رساني گوگل كروم به نسخه 33.0.1750.117 كه روز پنجشنبه عرضه شد نيز شامل پلاگين ترميم شده فلش است. مايكروسافت نيز يك به‌روز رساني براي ويندوز 8.0 و 8.1 عرضه كرده است كه پلاگين فلش پلير را براي IE 10 و IE 11 ترميم كرده است.
كاربران مي‌توانند جديدترين نسخه فلش پلير را از سايت ادوب دريافت نمايند. به كاربران توصيه مي‌شود كه به ساير روش‌ها براي دريافت به‌روز رساني فلش اعتماد نكنند.

ID: IRCNE2014022112
Date: 2014-02-22

According to “CNet”, Apple on Friday released the latest update of its mobile operating system. It's of note because it fixes an SSL connection issue, an important encryption vulnerability.
SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. Without it, almost anybody can see what you're doing online. According to Apple's full description of the update, the software previously had problems validating the authenticity of the connection, and the software fix restores steps that were missing in the validation process.
The company said the fix would stop an attacker from capturing and modifying data when supposedly shielded by SSL.
The patch is also available for older versions of Apple's operating system, with an iOS 6.1.6 update. The fix comes weeks after another minor iOS 7 update, which had to do with network errors in China. A more robust update, iOS 7.1, is expected next month.
Apple has been mum regarding specific details of the bug. So for that reason, it's difficult to gauge the magnitude of the situation. "It has the potential to be a very serious issue," said Jonathan Zdziarski, an iOS forensics expert. But he emphasized that many of the conclusions we can draw are only speculation, since Apple only vaguely and briefly described the vulnerability.
He did point to the possibility of man-in-the-middle attacks, where an eavesdropper could intercept data from a user's phone. He also points out that Apple didn't specifically mention any certain restrictions in its explanation of the vulnerability -- like, say, the bug only being applicable when a certain app is running. The lack of that caveat could indicate that the bug potentially affected the whole phone, giving an attacker complete control over the device and personal information on it.

ID: IRCNE2014022112
Date: 2013-02-22

According to "zdnet", Cisco has issued security advisories and updates for several products.
The following products are vulnerable to one or more of three vulnerabilities in Cisco IPS products:

• Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module (AIP SSM)
• Cisco ASA 5500-X Series IPS Security Services Processor (IPS SSP) software and hardware modules
• Cisco ASA 5505 Advanced Inspection and Prevention Security Services Card (AIP SSC)
• Cisco IPS 4200 Series Sensors
• Cisco IPS 4300 Series Sensors
• Cisco IPS 4500 Series Sensors

All three are denial of service vulnerabilities. Some of the products can be attacked remotely without authentication, so updates should be expedited.
The second advisory describes an unauthorized access vulnerability in the Cisco Unified SIP Phone 3905. By exploiting the vulnerability, an unauthenticated, remote attacker could gain root-level access to an affected device. Cisco Unified SIP Phone 3905 Firmware versions prior to 9.4(1) are affected. Cisco also provides mitigation techniques for the product, as well as an IPS signature.
The third advisory concerns Cisco Unified Computing System (UCS) Director Software versions prior to Cisco UCS Director Release 4.0.0.3 HOTFIX. A vulnerability in the UCS Director could allow an unauthenticated, remote attacker to take complete control of the affected device. Cisco also provides mitigation techniques.

The last advisory concerns Cisco Firewall Services Module (FWSM) Software. The vulnerability is a race condition during memory deallocation. An attacker, by sending the proper traffic to the module, could cause the software to reload. Repeated exploitation would cause a denial of service in the software. FWSM versions 3.1, 3.2, 4.0, and 4.1 are affected.

ID: IRCNE2014022111
Date: 2013-02-22

According to "zdnet", Microsoft has released a non-critical, non-security update to fix a bug in the Windows Update system in certain versions of Windows.
Microsoft found problems in the Windows servicing store which may prevent the successful installation of future updates, service packs, and software. This update is a tool which checks the system for these problems and tries to resolve them. Errors in Windows Update with the following codes are addressed by this update: 0x80070002, 0x8007000D, 0x800F081F, 0x80073712, 0x800736CC, 0x800705B9, 0x80070246, 0x8007370D, 0x8007370B, 0x8007370A, 0x80070057, 0x800B0100, 0x80092003, 0x800B0101, 0x8007371B, 0x80070490.
On Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista the tool is called the System Update Readiness Tool. The various versions of the update may be downloaded directly from KB947821. Installation instructions are on that page.
On Windows 8.1, Windows 8, Windows Server 2012 R2 or Windows Server 2012 you can use the included Deployment Image Servicing and Management (DISM) tool. Follow instructions in KB947821.

ID: IRCNE2014022109
Date: 2014-02-22

According to “ZDNet”, Adobe has released critical updates for Flash Player on Windows, Mac and Linux. Versions 12.0.0.44 and earlier for Windows and Macintosh and versions 11.2.202.336 and earlier versions for Linux are vulnerable to up to three vulnerabilities.
One of these, CVE-2014-0502, is being exploited in the wild.
The new version of Adobe Flash Player on Windows and Mac is 12.0.0.70. The new version for Linux is 11.2.202.341. A Google Chrome update to version 33.0.1750.117 today includes the fixed Flash plugin bundled with that product. Microsoft has released an update for Windows 8.0 and 8.1 for the bundled Flash Player plugin in Internet Explorer 10 and 11.
Users may obtain the newest version of Adobe Flash Player from Adobe at get.adobe.com/flashplayer. Do not trust Flash Player installations or patches from any other source.

Number: IRCNE2014022108
Date: 2014/02/18

According to “cnet”, it may be news to you that some Asus wireless routers leave your computer and networked drives open to hackers, but Asus has known about the problems for months, reports indicate.
The vulnerabilities make it possible for hackers to access directories on networked drives using Asus' proprietary AiCloud option. Enabling features such as "Cloud Disk," "Smart Access," and "Smart Sync" appear to enable the vulnerability, security researcher Kyle Lovett told Ars Technica.
Enabling the file-sharing tool Samba in the router also exposes the vulnerability to hackers.
Lovett told CNET that following his report of a related vulnerability in June that exposes hard drives of computers connected to the affected Asus routers, he reported to Asus representative Nick Mijuskovic the newer flaw to Asus in both September and November to no avail.
"I only received a reply of we'll look into it," Lovett wrote in an e-mail.
Asus did not immediately respond when asked for comment. CNET will update the story when we hear back from the company.
Two weeks ago, suspected hackers posted a list of more than 13,000 IP addresses gleaned from vulnerable Asus routers.
The vulnerability affects nearly a dozen Asus routers, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Apparently, Asus has released a firmware update that patches the vulnerabilities, but owners of those routers will have to manually install the update by going to the Asus site and following their instructions.

Number: IRCNE2014022107
Date: 2014/02/18

According to “zdnet”,It's been best-practice for a very long time: all users and processes should run with the fewest privileges necessary. This limits the damage that can be done by an attacker if the user or process is compromised.
Unfortunately, running users without admin rights on Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, 7 and 8, but many organizations still run users as administrator because it makes things easier in the short term.
A new study from Avecto demonstrates the real world import of running with "least privilege". In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.
The greatest impact comes with remote code execution vulnerabilities. Such vulnerabilities are necessary in the large majority of meaningful attacks. 100 percent of critical remote code execution vulnerabilities would be mitigated with non-administrator rights.
Non-administrator users can still be compromised, but it's much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture.

Number: IRCNE2014022106
Date: 2014/02/18

According to “zdnet”,SecureMac is reporting a new Mac trojan they call OSX/CoinThief.A. The malware targets Mac users and spies on web traffic to steal Bitcoins. They say the malware is in the wild and have received multiple reports of stolen Bitcoins.
The software was distributed through an app called "StealthBit" which, until recently, was available for download from Github. The source code version did not match the precompiled version, the latter of which contained the malicious payload. StealthBit purports to be an app to send and receive payments on Bitcoin Stealth Addresses.
The malware installs browser extensions for Safari and Google Chrome and a separate background program, all of which monitor all web traffic looking for login credentials for Bitcoin websites and wallet sites. It reports these credentials to a remote server.

Number: IRCNE2014022105
Date: 2014/02/18

According to “zdnet”,the Internet Storm Center (ISC) at the SANS Institute is reporting a burst of scanning on ports used by Symantec Endpoint Protection Manager (SEPM) versions 11.0 and 12.1. The scanning appears aimed at building a list of systems vulnerable to a recently-disclosed vulnerability in the product.
Symantec disclosed the vulnerability on February 10 and released updates to SEPM. The fixed versions of the management console are 11.0 RU7 MP4a (11.0.7405.1424) or 12.1 RU4a (12.1.4023.4080).
The vulnerability results from erroneous parsing of XML data sent to the console, causing the console to send unsanitized queries to an internal database.
The console listens on TCP ports 8443 and 9090. Both ports are regularly scanned from across the Internet for vulnerabilities.
Symantec has also released an IPS signature to block HTTPS attacks using this vulnerability.

شماره: IRCNE2014022108
تاريخ: 29/11/92

گزارش ها حاكي از آن است كه برخي از مسيرياب هاي Asus به هكرها اجازه مي دهند تا به درايوهاي موجود بر روي شبكه دسترسي داشته باشند.
يك محقق امنيتي با نام Kyle Lovett گفت: آسيب پذيري موجود در مسيرياب هاي Asus اين امكان را براي هكرها فراهم مي كند تا با استفاده از گزينه AiCloud اختصاصي Asus به دايركتوري درايوهاي شبكه دسترسي يابند. فعال كردن گزينه هاي "Cloud Disk"، "Smart Access" و "Smart Sync" باعث فعال شدن اين آسيب پذيري مي شود.
هم چنين فعال كردن ابزار اشتراك گذاري فايل Samba در اين مسيرياب ها منجر به افشاي اين آسيب پذيري براي هكرها مي شود.
دو هفته پيش هكرها فهرستي از بيش از 13000 آدرس IP جمع آوري شده از مسيرياب هاي آسيب پذير Asus منتشر كردند. اين آسيب پذيري برخي از مسيرياب هاي Asus را تحت تاثير قرار مي دهد. مسير ياب هاي آسيب پذير شامل RT-AC66R، RT-AC66U، RT-N66R، RT-N66U، RT-AC56U، RT-N56R، RT-N56U، RT-N14U، RT-N16 و RT-N16R مي شوند. ظاهرا شركت Asus به منظور اصلاح اين آسيب پذيري يك به روز رساني براي ميان افزار خود منتشر كرده است اما صاحبان مسيرياب هاي Asus بايد با مراجعه به سايت Asus و پيروي از دستورالعمل ها به صورت دستي اين به روز رساني را اعمال نمايند.