ID: IRCNE2013051849
Date: 2013-05-18

According to “ZDNet”, attackers are able to bypass the lock screen on the Samsung Galaxy Note II smartphone, a device that the Korean electronics giant is pitching to enterprise customers.
First discovered by self-confessed mobile enthusiast Terence Eden, he outlines the flaw that allows an attacker to bypass the device's pattern lock, PIN code, longer alphanumeric password, and even the face unlock security feature.
It's not clear if the flaw lies within Samsung's devices or the Android platform, or both. However, this flaw may not be limited to Samsung's Note II or Android 4.1.2, and users and IT managers alike should test their devices immediately.
From the lock screen, an attacker can hit the emergency contacts button. Then, by holding down the home button, the unlocked home screen is momentarily displayed. That alone is enough to see what's on the home screen. Getting the timing right, users can direct dial and launch apps—though the attacker can only see what's briefly displayed rather than directly use the apps.
Changing to a different launcher or third-party lock screen will not protect you if it accesses the emergency dialer.
It comes only a couple of weeks after a similar flaw was discovered in the lock screen of Apple's iPhone, running the latest iOS 6.1 software.
Despite a couple of updates by Apple to iOS 6.1 since then, no fix has yet been released. Reports suggest iOS 6.1.3, due out in the next week or two, will in fact fix the flaw.

ID: IRCNE2013051848
Date: 2013-05-18

According to “ITPro”, Malwarebytes researchers have discovered a new scam being distributed via Microsoft-owned instant messaging service Skype.
The phishing attack manifests as a message from a Skype contact, and claims the user will be able to get a free upgrade to Skype Premium by following a link contained in the message.
However, the scam steals the user’s account credentials and then goes on to deliver a well-known banking Trojan onto their computer.
While you may do everything in your power to keep your data safe, your friends and family might not be so prudent.
While Skype and other messaging services have long been a popular infection vector for cyber criminals, Adam Kujawa, a malware intelligence analyst at Malwarebytes, claims this particular attack is unusual, as it checks the validity of a victim’s credentials before proceeds.
In an upcoming blog post, Kujawa explains how he created a new account in the name of Sean Connery’s character from Highlander, immortal Juan Sanchez villa-lobos Ramirez, in order to expose the scam.
“If you give them fake or incorrect login details, [the scam] will not proceed. So in order to test this scam without giving up my own personal information, I decided to create a new account...with the Skype name Villa-LobosRamirez,” Kujawa said.
It is only once legitimate account details have been entered that the victim is taken to a page imitating the official Skype Download page, which will then attempt to install an executable file named “SkypePremiumSetup”, or something similar.
A popup screen then appears, claiming the user’s lifetime premium package is being activated. However, their computer is in fact being infected with a Trojan that can steal financial and online banking details.
Additionally, the victim’s Skype account will now begin proliferating the scam, with a message similar to the one that originally reeled them in.

ID: IRCNE2013051847
Date: 2013-05-18

According to “InternetNews”, on the security front, Mozilla has issued eight security advisories with the Firefox 21 release. Three of the advisories are critical and deal with memory related vulnerabilities and exploitations.
Some of the flaws were reported by Google security researchers using the open source Address Sanitizer tool.
"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software," Mozilla states in its advisory. "Some of these issues are potentially exploitable, allowing for remote code execution."

شماره: IRCNE2013051846
تاريخ:25/02/92

با توجه به گزارشات شركت امنيتي F-Secure، تهديدات اندرويد در هر دو معيار سايز و پيچيدگي در حال رشد مي باشد. مجرمان سايبري از روش هاي جديد براي سوء استفاده از ضعف هاي اندرويد استفاده مي كنند و سرويس هاي بدافزار مبتني بر اندرويد را طراحي مي كنند.
در اين گزارش آمده است: در سه ماهه اول سال 2013، تعداد تهديدات تلفن همراه حدود 50 درصد افزايش يافته است. بيش از 91 درصد از اين تهديدات، پلت فرم هاي اندرويد را هدف حمله قرار داده اند و مابقي پلت فرم Symbian را مورد هدف قرار داده اند.
محققان امنيتي F-Secure در اين گزارش اشاره كردند: تا زماني كه تعداد بدافزارهاي اندرويد در حال افزايش باشد، اين دسته از بدافزارها روند نگران كننده اي را به دنبال خواهند داشت.
به طور كلي، نويسندگان بدافزارهاي اندرويد، از طريق برنامه هاي كاربردي معتبر رويGoogle Play يا فروشگاه هاي برنامه هاي كاربردي ديگر، كاربران تلفن همراه را فريب مي دهند تا برنامه هاي مخرب را بر روي دستگاه هاي خود نصب نمايند. باتوجه به گزارش شركت F-Secure، در حال حاضر روش توزيع جديد مبتني بر ايميل، خطر آلوده شدن به بدافزار را براي كاربران اندرويد افزايش مي دهد. اين روش براي كاربراني است كه كمتر از فروشگاه هاي برنامه هاي كاربردي استفاده مي كنند اما به طور منظم ايميل هاي خود را از طريق تلفن ها و تبلت ها چك مي كنند.
در حال حاضر نه تنها مجرمان سايبري با انگيزه هاي مالي شروع به استفاده از اين روش نموده اند كه گروه هاي هكر نيز با استفاده از اين روش حملات هدفمندي را هدايت مي كنند.

شماره: IRCNE2013051845
تاريخ: 25/02/91

سايمانتك اظهار كرده است كه يك كمپين پيچيده مهندسي اجتماعي، كارمندان فرانسوي زبان وزارت ماليات و دارايي را هدف قرار داده است. در اين روش با قرباني تماس گرفته شده و از وي سؤال مي‌شود كه آيا مي‌تواند فاكتوري را كه از طريق ايميل ارسال مي‌شود پردازش نمايد يا خير. در نتيجه اعتماد قرباني جلب شده و راحت‌تر فريب مي‌خورد.
اين نوع حمله پيش‌تر نيز عليه سازمان‌هاي فرانسوي اتفاق افتاده بود.
به گفته سايمانتك شواهدي وجود دارد كه نشان مي‌دهد اين حملات از فوريه 2013 آغاز شده‌اند، اما از ماه آوريل مهاجمان شروع به تماس تلفني پيش از ارسال ايميل كرده‌اند. مهاجمان شماره تلفن و ايميل فرد قرباني را به دست مي‌آورند. اين اهداف به اطلاعات حساس مالي دسترسي دارند و رسيدگي به فاكتورها بخشي از كار عادي روزمره آنها است.
به گفته سايمانتك از آنجايي كه رسيدگي به فاكتورها كاري است كه اين افراد به شكل عادي و روزمره انجام مي‌دهند، احتمال موفقيت اين فريب بالا است.
ايميل ارسالي توسط مهاجمان شامل يك لينك خرابكار يا يك پيوست بدافزاري است. سايمانتك مي‌گويد كه برنامه پيوست اين ايميل ويرايشي از W32.Shadesrat مي‌باشد كه يك تروجان دسترسي از راه دور است كه هكرها براي سرقت اطلاعات از سيستم‌ها مورد استفاده قرار مي‌دهند. بر اساس گزارش سايمانتك در سال 2011، Shadesrat مي‌تواند كلمات عبور را سرقت كرده و حملات انكار سرويس توزيع شده را هدايت نمايد.
اين شركت اظهار داشت كه ممكن است مهاجمان صرفاً اطلاعات اندكي در مورد قرباني خود داشته باشند و به كساني كه چنين تماس‌هايي دريافت مي‌كنند توصيه كرده است كه با چند سؤال در مورد اعتبار تماس‌گيرنده اطمينان حاصل كنند. همچنين اطلاعات حساس بايد رمز شده باشند.

شماره: IRCNE2013051844
تاريخ:25/02/92

تنها 11 روز پس از انتشار راهنمايي امنيتي مرتبط با IE8، شركت مايكروسافت يك اصلاحيه براي برطرف نمودن يك مشكل در IE8 منتشر كرد.
بولتن امنيتي IE8(MS13-038) يكي از 10 بولتن امنيتي بود كه شركت مايكروسافت روز سه شنبه منتشر نمود تا اين مشكل را در IE8 برطرف نمايد.
اين شركت بولتن امنيتي MS13-038 را بحراني اعلام كرده است و اين شركت به همراه شركت هاي امنيتي ديگر به كاربران توصيه مي كنند تا IE8 را فورا به روز رساني و اصلاح نمايند. مهاجمان با استفاده از اين آسيب پذيري مي توانند بر روي سيستم هايي كه در حال اجراي IE8 مي باشند، كدهاي مخرب را نصب نمايند.
بولتن امنيتي ديگري با عنوان MS13-037 نيز مي توانند مرورگر اينترنت اكسپلورر را تحت تاثير قرار دهد. اين به روز رساني 11 مساله را برطرف مي نمايد كه مي توانند از طريق يك صفحه وب دستكاري شده خاص براي تزريق كد مخرب مورد استفاده قرار بگيرند و به مهاجم اجازه دهند تا كنترل يك كامپيوتر را در اختيار بگيرد.
افرادي كه از ويندوز سرور 2012 استفاده مي كنند بايد نگاهي به بولتن MS13-039 بياندازند. اين به روز رساني يك آسيب پذيري را در Microsoft Web IIS برطرف مي نمايد كه مي تواند در حملات انكار سرويس مورد سوء استفاده قرار بگيرد. به سازمان ها توصيه مي شود تا در اسرع وقت اين اصلاحيه را اعمال نمايند.
هفت بولتن باقي مانده در رده امنيتي "مهم" قرار دارند و مشكلاتي را در Lync، Publisher، Word، Visio، Windows Essentials، .Net و Windows kernel برطرف مي نمايند.

مطالب مرتبط:
اصلاحيه فوري مايكروسافت براي IE8

شماره: IRCNE2013051843
تاريخ:25/02/92

شركت ادوب روز سه شنبه محصولات Reader، فلش پلير و ColdFusion خود را به منظور برطرف نمودن چندين آسيب پذيري حياتي، به روز رساني نمود. در حال حاضر يكي از رخنه هاي اصلاح شده ColdFusion هدف حمله مهاجمان قرار دارد.
در راهنمايي امنيتي شركت ادوب آمده است: به روز رساني هاي Adobe Reader و آكروبات شامل برطرف شدن 27 آسيب پذيري مي باشد كه 24 آسيب پذيري مي تواند منجر به اجراي كد دلخواه گردد. يكي از رخنه ها مي تواند به مهاجم اجازه دهد تا از محافظت sandbox در Adobe Reader عبور نمايد.
شركت ادوب به كاربران Reader و آكروبات توصيه مي كند تا نرم افزارهاي خود را به جديدترين نسخه به روز رساني نمايند. آخرين نسخه هاي اين محصولات عبارتند از: Adobe Reader XI نسخه 11.0.03، Adobe Reader X نسخه 10.1.7 و Adobe Reader نسخه 9.5.5 براي ويندوز و مكينتاش، Adobe Reader نسخه 9.5.5 براي لينوكس،Adobe Acrobat XI نسخه 11.0.03، Adobe Acrobat X نسخه 10.1.7 و Adobe Acrobat نسخه 9.5.5 براي ويندوز و مكينتاش.
به روز رساني منتشر شده براي فلش پلير 13 آسيب پذيري را برطرف مي نمايد كه مي توانند منجر به ايجاد خرابي در اين نرم افزار شوند و به طور بالقوه به مهاجمان اجازه دهند تا كنترل سيستم هاي آلوده شده را در اختيار بگيرند.
كاربران فلش پلير براي ويندوز و مكينتاش بايد اين نرم افزار را به نسخه 11.7.100.202 به روز رساني نمايند و كاربران فلش پلير براي لينوكس بايد اين نرم افزار را به نسخه 11.2.202.285 به روز رساني نمايند.
نرم افزار فلش پلير كه بر روي گوگل كروم و IE10 قرار دارد به طور خودكار از طريق مكانيسم به روز رساني مربوط به اين مرورگرها، به روز رساني مي شوند.
يك برطرف كننده امنيتي نيز براي نرم افزار ColdFusion نسخه هاي 10، 9.0.2، 9.0.1 و 9.0 منتشر شده است. اين برطرف كننده دو رخنه را برطرف مي كند. يكي از اين رخنه ها منجر به اجراي كد از راه دور مي شود و ديگري مي تواند به يك كاربر غيرمجاز اجازه دهد تا از راه دور فايل هاي ذخيره شده بر روي يك سرور آسيب پذير را بازيابي كند.

ID: IRCNE2013051846
Date: 2013-05-15

According to "computerworld", the Android threat landscape is growing in both size and complexity with cybercriminals adopting new distribution methods and building Android-focused malware services, according to a report from Finnish security vendor F-Secure.
The number of mobile threats has increased by nearly 50 percent during the first three months of 2013, from 100 to 149 families and variants, F-Secure said in its Mobile Threat Report for Q1 2013 that was released on Tuesday. Over 91 percent of those threats target the Android platform and the rest target Symbian.
"While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend," the F-Secure researchers said in the report.
Traditionally, Android malware writers have tricked mobile users into installing malicious applications on their devices by passing them off as legitimate apps on Google Play or third-party app stores. According to the F-Secure researchers, the new email-based distribution method now extends the risk of malware infection to Android users who are not actively searching for new apps, but are regularly checking email from their phones and tablets.
However, not only financially motivated cybercriminals have started using email to distribute Android malware -- hacker groups behind targeted attacks do it too.

ID: IRCNE2013051845
Date: 2013-05-15

According to “ComputerWorld”, hackers are finding it pays to call ahead before sending malware-laden email.
Symantec has seen what it describes as a sophisticated social engineering campaign aimed at French-speaking accounting and finance department employees. The victim is called and asked in French if they can process an invoice sent by email.
The style of attack, known as "spear phishing," has been used against French organizations, including subsidiaries in Romania and Luxembourg.
"There is evidence to suggest that these attacks began as early as February 2013, however, it was only more recently in April that phone calls were being placed prior to sending the victim the phishing email," Symantec wrote on its blog.
The attackers obtain the victim's phone number and email -- both pieces of information that are generally easy to find. Their targets would have access to sensitive financial information, and handling invoices would be part of their normal course of business.
"Since handling invoices is something they would do on a regular basis, this lure has the potential to be quite convincing," Symantec wrote. "Each element of this attack requires careful planning and contributes to the overall success rate of the attack."
The email contains either a malicious link or an attachment, which is malware. Symantec said the attached program is a variant of "W32.Shadesrat," which is a remote access Trojan that hackers use to steal information from a computer.
Shadesrat can steal passwords and conduct distributed denial-of-service attacks, according to a writeup from Symantec from 2011.
The company said the attackers may have just limited information on their targets and recommended those receiving a call ask additional questions to verify the caller is legitimate. Sensitive information should also be encrypted.

ID: IRCNE2013051844
Date: 2013-05-15

According to "computerworld", just 11 days after issuing an advisory, Microsoft has released a patch for a bug in Internet Explorer 8 that bedeviled the U.S. Department of Labor earlier this month.
This IE8 security bulletin (MS13-038) is one of 10 that Microsoft released Tuesday as part of its "Patch Tuesday" release of bug fixes and security bulletins that the company routinely issues on the second Tuesday of each month.
Microsoft marked MS13-038 as critical and the company, along with other security firms, are advising those still running IE8 to apply the fix immediately. Using an altered Labor Department Web page, attackers used this vulnerability in an attempt to install malicious code on any visitor's machine running IE8. Microsoft issued a temporary fix for this vulnerability last week.
The other critical bulletin, MS13-037, also affects Internet Explorer. This update resolves 11 issues that would have made it easy to inject malicious code into the browser from a specially crafted Web page, allowing the user to take control of a computer.
Those running Windows Server 2012 should take an immediate look at MS MS13-039. This update fixes a vulnerability in the Microsoft Web IIS (Internet Information Services) that could be used in a Denial of Service (DoS) attack, through the use of an HTTP packet. Because it would be relatively simple to craft an attack using this vulnerability, organizations should apply this update as soon as possible, because exploits based on this vulnerability might start appearing in as little as a few weeks, according to Tripwire.
The seven remaining bulletins -- none critical but all deemed important -- address bugs in Microsoft's Lync, Publisher, Word, Visio, Windows Essentials, .Net, and the Windows kernel.

Related Link:
May's Patch Tuesday to fix two critical flaws in Internet Explorer
Microsoft releases emergency patch for critical IE8 zero-day exploit