ID: IRCNE2013081919
Date: 2013-08-13

According to "zdnet", a security researcher exploring the weak links in Google's Android ecosystem says that a single feature can be used to take down a plethora of business applications -- and ignore two-step verification entirely.
Speaking at the Def Con 21 hacking conference, senior security researcher at Tripwire, Craig Young said he is able to "fully compromise Google Apps" using only one feature. The weak link? The "weblogin" token that allows Android users to sign once for all Google-based services, as reported by Dark Reading.
Rather than using passwords, the feature basically uses cookies -- but if an attacker gains access to the domain control panel, then havoc can ensue. Once breached, a hacker could reset passwords, download files from Drive, disable two-step verification, modify user roles and create mailing lists -- potentially full of spam or malicious content.
Young says the best ways to protect yourself and your business against such threats is to remain vigilant when receiving token requests, run antivirus software to seek out root exploits, and only purchase or download applications from trusted sources.

ID: IRCNE2013081918
Date: 2013-08-13

According to “Eweek”, The open-source Mozilla Foundation is out with its Firefox 23 Web browser for multiple platforms, including Windows, Mac, Linux and Android devices. The new release comes just six weeks after the last major Firefox release, and brings a number of feature and security updates to the browser.
Mozilla is aiming to make Web browsing safer by way of the Mixed Content blocker that is now in the Firefox 23 release. Mixed Content refers to the common, but ill-advised practice among some Web developers of including both HTTP and secured HTTPS traffic on the same Web page. The risk is that the secured traffic isn't really secured when mixed with regular HTTP traffic.
"Firefox's Site Identity panel has historically warned about the risks of mixed content," Sharp said. "Active Mixed Content blocking goes one step further and proactively blocks some forms of mixed content that have the potential to cause security problems."
Users don't need to worry that Firefox 23's Mixed Content blocker will now mean they can no longer access sites that provide Mixed Content that they need or want to access. There is an option to "disable protection on this page" if necessary, Sharp explained.
Additionally, Mozilla has released 13 security advisories for vulnerabilities that have now been fixed in Firefox 23. Of those, Mozilla has marked four as critical. Three of the critical issues are memory-related vulnerabilities, while the fourth is identified as being a potential Cross Site Scripting (XSS) flaw. XSS flaws potentially enable an attacker to inject arbitrary code into one site from another, which could lead to a malware infection or unauthorized information disclosure.

ID: IRCNE2013081917
Date: 2013-08-13

According to “InternetNews”, Microsoft has issued its advanced notification for the upcoming Patch Tuesday update cycle, set to be released on Aug. 13.
This month, Microsoft is set to issue eight new security bulletins, three of which are rated as being Critical (the highest rating of severity for a Microsoft bulletin). Paul Henry, security and forensics analyst at Lumension, noted that at this time last year there were 35 total critical bulletins issued for the year-to-date. In contrast for the year-to-date in 2013, the number of critical bulletins has declined to 25.
Of those three bulletins rated critical in the upcoming August 2013 Patch Tuesday update, one in particular has my interest. Once again, Microsoft is patching its often attacked Internet Explorer Web browser.
In the July Patch Tuesday update, Microsoft addressed a zero-day flaw alongside 17 additional vulnerabilities in IE. That's on top of 19 flaws in IE that Microsoft patched in June. In May there was another 12 IE security issues patched in that month's Patch Tuesday.
So just doing the simple math, over the last 90 days, Microsoft has already issued fixes for at least 48 flaws in IE.
On the positive side of this there have not been 48 zero-day flaws in IE that have been publicly exploited over the last 90 days. Most of the flaws are responsibly disclosed and Microsoft is responsibly handling fixing flaws too.

ID: IRCNE2013081916
Date: 2013-08-13

According to "zdnet", a new Microsoft security advisory warns that smartphones running the Windows Phone operating system could be susceptible to infiltration when connecting to a rogue Wi-Fi hotspot.
A rogue access point, also known as a rogue AP, is a Wi-Fi access point installed on a network, operating without authorization and not under the control of a systems administrator. If installed, rogue APs could allow anyone to connect to your network through Wi-Fi, and may not adhere to WLAN security policies.
The bulletin, advisory 2876146, says that hackers could exploit a known weakness in the Wi-Fi authentication protocol known as PEAP-MS-CHAPv2 (Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2). The protocol is used in Windows Phones for WPA2 wireless authentication.
The tech giant says that an attacker can exploit a weakness in the protocol when the mobile device attempts to automatically authenticate with a hotspot posing as Wi-Fi. Once the attempt to connect is made -- without user permission -- a hacker can intercept the victim's encrypted domain credentials before decrypting and lifting the data.
"An attacker could then exploit cryptographic weaknesses in the PEAP-MS-CHAPv2 protocol to obtain the victim's domain credentials. Those credentials could then be re-used to authenticate the attacker to network resources, and the attacker could take any action that the user could take on that network resource."
Microsoft has not received any reports of this vulnerability being used to steal corporate data, passwords or breach a network to date. There is no security patch available for this; instead, Microsoft suggests that you enable the certificate verification process before executing the PEAP-MS-CHAPv2 protocol to connect to Wi-Fi hotspots.
The bulletin contains instructions for configuring your Windows Phone versions 7.8 or 8 to fix the security flaw. Older versions are not affected.

شماره: IRCNE2013081915
تاريخ:16/05/92

شركت مك آفي بدافزاري را كشف كرده است كه كاربران ويندوز را مورد هدف قرار مي دهد. اين بدافزار به صورت تصادفي و توسط يك توسعه دهنده ناآگاه از وجود چنين بدافزاري در داخل برنامه كاربردي KFC اندرويد قرار گرفته است.
محققان اين شركت امنيتي دريافتند كه كرم ‘og!ats’ در داخل فايل APK مرتبط با برنامه ‘KFC WOW@25’ وجود دارد. اين بدافزار نمي تواند به دستگاه اندرويد صدمه اي بزند و احتمال آنكه كاربران ويندوز را آلوده نمايد بسيار كم است، با اين وجود ممكن است در صورتي كه اين برنامه بر روي كامپيوترهاي شخصي ويندوز دانلود شود و بسته APK از حالت فشرده خارج گردد، سيستم هاي ويندوز را آلوده كند.
فرناندو رويز از شركت مك آفي گفت: زماني كه برنامه هاي معتبر اندرويد حاوي يك فايل مخرب مي باشند، اين احتمال وجود دارد كه به دليل غفلت در بخشي از توسعه برنامه رخ داده باشد. اين امكان وجود دارد كه توسعه دهنده از يك آنتي ويروس به روز نشده استفاده كرده باشد در نتيجه بدون آنكه متوجه آلوده بودن كامپيوتر باشد، دايركتوري كد منبع حاوي يك كپي از كرم مي شود.
از آنجايي كه اين كرم بسته بندي و امضاء مي شود و در Google Play مستقر مي شود. توسعه دهنده از وجود كرم كاملا بي خبر است.
شركت مك آفي به طور جداگانه نيز بر روي برخي از دستگاه هاي اندرويد، يك فايل HTML كه در برنامه هاي پست الكترونيكي بسته بندي شده است را كشف كرد. اين برنامه ها با جاوا اسكريپت مخرب آلوده شده بودند.
كشف برنامه هاي آلوده اندرويد، احتمال وجود آسيب پذيري را بر روي فروشگاه برنامه هاي بازي به كاربران تاكيد مي كند.

ID: IRCNE2013081915
Date: 2013-08-07

According to "techworld", McAfee was discovered malware targeting Windows users inside an Android app promoting Kentucky Fried Chicken (KFC) on Google Play, most probably embedded by accident by a careless developer unaware of its existence.
The security firm’s researchers noticed the generic worm ‘og!ats’ bundled inside the APK file associated with the promotional app ‘KFC WOW@25’. The malware can’t do any harm to an Android device and the chances of Windows users being infected would be vanishingly small although it might be possible if they downloaded it to a Windows PC and attempted to open the APK as a Zip.
“When a legitimate Android application contains a malicious file such as this one (for a Windows PC), it is likely this has occurred due to neglect on the part of the developer.” suggested McAfee’s Fernando Ruiz in a blog.
It was possible that the developer was using out-of-date antivirus software, “so without realizing that the computer was infected, the source code directory contained a copy of the worm,” he speculated.
“From there the worm was packaged, signed, and deployed on Google Play, with the developer completely unaware of the file.”
Separately, the firm had also discovered an HTML file packaged with an email app on some Android devices that had been infected with malicious JavaScript, again most likely without the developer being aware of the issue.
The discovery of the polluted Android app underlines the risks to users on the Play app store, a place on which they are supposed to feel secure.
A week ago Symantec said it had found 1,200 problematic apps on Google Play in seven months, some of which survived for download for several days. At times, it can seem as if security companies are performing some of the malware-spotting role that should be carried out by Google itself.

شماره: IRCNE2013081914
تاريخ:15/05/92

يك كمپين جاسوسي سايبري كه RSA را در سال 2010 مورد هدف قرار داده است، هم چنان فعال مي باشد و شبكه ها را در سراسر جهان مورد هدف قرار مي دهد.
جو استوارت و دان جكسون محققان Dell SecureWorks، گزارش جديدي را منتشر كرده اند و در آن به تروجان دسترسي از راه دور Comfoo اشاره كرده اند. Comfoo بدافزاري است كه براي نفوذ به شبكه هاي بزرگ و دولتي در سراسر جهان مورد استفاده قرار مي گيرد.
حمله « تهديد مداوم پيشرفته APT» يكي از حملاتي است كه بسياري از سازمان ها در تلاش هستند تا به عنوان يك تهديد سايبري با آن مقابله نمايند. اين حملات بسيار پيچيده بوده و در برخي از موارد دولت ها از آن حمايت مي كنند.
كمپين Comfoo يك مثال اوليه از تهديدات پيشرفته دائمي مي باشد.Comfoo براي اولين بار در سال 2010 با نشت داده RSA شناخته شد. با توجه به گزارش منتشر شده، اين تروجان در حداقل 64 حمله هدفمند در سراسر جهان استفاده شده است و صدها نوع از RAT وجود دارد.
Comfoo RAT اغلب به جاي نصب يك سرويس جديد، به طور پنهاني مسير DLL را با يك سرويس موجود غير قابل استفاده جايگزين مي كند. اين مساله كمتر توسط مديران شبكه مورد توجه قرار مي گيرد. هم چنين گاهي اوقات يك روت كيت براي مخفي كردن فايل هاي ديسك Comfoo مورد استفاده قرار مي گيرد. ترافيك شبكه توليد شده توسط RAT به منظور ارسال امن داده ها به مراكز كنترل و فرمان بدافزار، رمزگذاري مي شود.
محققان نمي توانند به داده هاي ارسال شده براي مراكز كنترل و فرمان دسترسي داشته باشند اما توانستند نقشه شبكه و نحوه عملكرد اين بدافزار را رسم نمايند كه چگونه Comfoo ضربات صفحه كليد را ثبت مي كند، به فايل ها دسترسي يافته و آن ها را دانلود مي كند، دستورات را اجرا كرده و قادر است دستورات به اشتراك گذاري را باز نمايد.
در حالي كه محققان RAT را نظارت مي كردند دريافتند كه نهادهاي دولتي و شركت هاي خصوصي مستقر در امريكا، اروپا، آسيا و اقيانوسيه به اين تروجان آلوده هستند. بسياري از سازمان هاي دولتي ژاپن و هند، هم چنين موسسات آموزشي، رسانه ها، شركت هاي مخابراتي و شركت هاي انرژي هدف حمله اين تروجان قرار گرفته اند.
جالب توجه است كه شركت هاي صوتي و ويدئو كنفرانس نيز يكي از اهداف محبوب اين تروجان بوده است. محققان بر اين باورند كه ممكن است هكرها به دنبال مالكيت معنوي هستند يا ممكن است اين تروجان براي شنود بي سرو صدا در سازمان هاي دولتي و تجاري استفاده مي شود.

شماره: IRCNE2013081913
تاريخ:15/05/92

با توجه به گزارش منتشر شده توسط محقق امنيت آزمايشگاه Security Research Labs، آسيب پذيري كه در ميليون ها سيم كارت وجود دارد و مي تواند توسط هكرها مورد سوء استفاده قرار بگيرد، برطرف شده است.
Karsten Nohl، محقق امنيت آزمايشگاه Security Research Labs اين رخنه را پس از سه سال تحقيق در فناوري سيم كارت كشف كرد. او دريافت كه اين آسيب پذيري در جايي وجود دارد كه يك رخنه جاوا مي تواند بوسيله ارسال يك پيام متني دستكاري شده خاص كه با رمزگذاري OTA امن شده است، مورد سوء استفاده قرار بگيرد. سيم كارت ها مي تواند حاوي شماره هاي تلفن، اطلاعات تماس و ديگر اطلاعات شخصي مالك آن باشد.
سيم كارت ها يكي از امن ترين فناوري هاي موجود به حساب مي آيند و تقريبا هيچ سوء استفاده اي از آن ها صورت نگرفته است.
Karsten Nohl قصد داشت در كنفرانس امنيتي Black Hat يافته هاي خود را در معرض نمايش بگذارد اما در عوض او اظهار داشت كه شبكه هاي سلولي و حامل مشكل را به سرعت برطرف كرده اند.

ID: IRCNE2013081914
Date: 2013-08-06

According to "cnet", a cyberespionage campaign that targeted the RSA in 2010 is still active and targeting networks worldwide.
Dell SecureWorks researchers Joe Stewart and Don Jackson have released a new threat intelligence report documenting the Comfoo remote access Trojan (RAT) -- malware used to infiltrate corporate and governmental networks across the globe.
The so-called Advanced Persistent Threat (APT) attack is simply one of many that organizations are scrambling to defend against as cyberthreats become more sophisticated, and in some cases, state-sponsored.
The Comfoo campaign is a prime example of an advanced persistent threat. Comfoo has been in operation since at least 2006, and first came to light as part of the RSA data breach in 2010. According to the report, the Trojan has been used in at least 64 targeted attacks worldwide, and there are hundreds of variants of the RAT.
To lurk within a corporate system, the Comfoo RAT often replaces the DLL path of an "existing unused service rather than installing a new service" -- which is less likely to be noticed by system administrators. A rootkit is also sometimes used to hide Comfoo disk files. Network traffic generated by the RAT is encrypted in order to securely send data back to the malware's command and control centers.
The researchers could not see the data that was lifted, but were able to plot out the network and see how Comfoo logged keystrokes, accessed and downloaded files, executed commands and was able to open command shares.
While monitoring the RAT, researchers found that government entities and private firms based in the U.S., Europe, and Asia Pacific were often infected. Many Japanese and Indian governmental bodies were targeted, as well as educational institutions, media, telecommunications companies and energy firms.
Interestingly, audio and videoconferencing firms are also a frequent target. The researchers speculate that this may be due to hackers seeking intellectual property, or the Trojan may have been used to quietly listen in on commercial and government organizations.

ID: IRCNE2013081913
Date: 2013-08-06

According to "zdnet", a bug that could have allowed hackers to exploit a vulnerability in millions of SIM cards, commonly used in mobile phones and other cellular equipment, has been fixed, according to the security researcher who first discovered the flaw.
Germany-based Karsten Nohl of Security Research Labs discovered the flaw after three years of investigative research into SIM card technologies.
He discovered that a vulnerability existed where a Java flaw could be exploited by sending a specially-crafted over-the-air (OTA) cryptographically secured text message. SIM cards can contain phone numbers, contact information, and other personally identifiable information to the phone owner.
SIM cards are considered one of the safest technologies around, with almost no exploits publicly available known.
He was scheduled to show off his findings at the Black Hat security conference on Tuesday (ZDNet's Violet Blue is on the scene and has more on the event), but instead he disclosed that carriers and cellular networks had in fact promptly fixed the bug.