شماره: IRCNE2013041821
تاريخ:31/01/92

با توجه به گزارش منتشر شده توسط سايمانتك، مجرمان سايبري به طور فزاينده اي، شركت هاي كوچك را مورد هدف قرار مي دهند زيرا اين شركت ها از سيستم هاي دفاعي پيچيده استفاده نمي كنند.
در سال 2011، شركت هايي با 250 كارمند، 18 درصد مورد حمله مجرمان سايبري قرار گرفته اند در حالي كه اين ميزان در سال 2012 به 31 درصد افزايش يافته است.
در اين كزارش آمده است: گرچه حمله به شركت هاي كوچك در مقايسه با حمله به شركت هاي بزرگ، سود كمتري براي مجرمان سايبري دارد اما اين نكته قابل توجه است كه شركت هاي كوچك به دفاع سايبري خود توجه كمتري مي كنند.
در سال 2012، شركت هايي با 251 تا 2500 كارمند 19 درصد مورد هدف قرار گرفته اند و شركت هايي با بيش از 2500 كارمند نيز 50 درصد مورد هدف قرار گرفته اند. شركت سايمانتك اظهار داشت كه حملات سايبري كشف شده در سال 2012 نسبت به سال 2011، 42 درصد افزايش يافته است.
با توجه به اين گزارش، بيشتر حملات با 24 درصد، عليه صنعت ساخت بوده است. پس از آن بخش هاي مالي و بيمه با 19 درصد و خدمات غير معمول با 17 درصد هدف حملات سايبري قرار گرفته اند.

ID: IRCNE2013041824
Date: 2013-04-20

According to "techworld", the volume, duration and frequency of distributed denial-of-service (DDOS) attacks used to flood websites and other systems with junk traffic have significantly increased during the first three months of this year, according to a report released Wednesday by Florida-based DDOS mitigation provider Prolexic.
The average attack bandwidth seen by Prolexic during the first quarter of 2013 was of 48.25 Gbps, an eightfold increase over the last quarter of 2012, when attack bandwidth averaged at 5.9Gbps.
About 25 percent of attacks against Prolexic's customers during the first three months of 2013 were modest and had an average bandwidth of under 1Gbps. However, 11 percent had an average bandwidth of more than 60Gbps, suggesting that attackers are becoming more organized and better equipped to launch large-scale attacks, the company said.
It's not just the bandwidth of attacks that increased, but also their packet-per-second (pps) rates, which averaged at 32.4 million pps during the first quarter of the year, Prolexic said.
While a large attack bandwidth might overload a target's Internet uplink, leaving it unable to handle other legitimate traffic, a high packet-per-second rate can create problems for the routing and other networking equipment of ISPs, carriers and even DDOS mitigation providers.
The number of DDOS attacks in Q1 2013 increased by 1.75 percent over the last quarter of 2012 and by 21.75 percent over the same period of last year.

ID: IRCNE2013041823
Date: 2013-04-20

According to “ComputerWorld”, researchers from security firm Trusteer have found a new variant of the Gozi banking Trojan program that infects a computer's Master Boot Record (MBR) in order to achieve persistence.
The Master Boot Record (MBR) is a boot sector that resides at the beginning of a storage drive and contains information about how that drive is partitioned. It also includes boot code that runs before the operating system starts.
Sophisticated malware that uses MBR rootkit components, like TDL4, also known as Alureon or TDSS, are part of the reason why Microsoft built the Secure Boot feature into Windows 8. This malware is hard to detect and remove and can even survive operating system reinstallation procedures.
"Even though MBR rootkits are considered highly effective they haven't been integrated into a lot of financial malware," Trusteer researcher Etay Maor said Thursday in a blog post. "One exception was Mebroot rootkit that was used to deploy Torpig (aka Sinowal/Anserin)."
The new Gozi MBR rootkit component waits for Internet Explorer to be launched and then injects malicious code into the process. This allows the malware to intercept traffic and perform Web injections inside the browser like most financial Trojans programs do, Maor said.
The fact that a new variant of Gozi was discovered shows that cybercriminals continue to use this threat despite the fact that its main developer and some of his accomplices were arrested and indicted.
The new variant detected by the Trusteer researchers is very similar to an older version, except for the additional MBR rootkit component, Maor said. "This may indicate that a new rootkit is being sold in the cybercriminals' forums and is adopted by malware authors."
While some dedicated tools for removing MBR rootkits do exist, many experts recommend wiping the entire hard drive and recreating the partitions in order to ensure a clean start if the computer has been infected with such a threat, Maor said.

ID: IRCNE2013041822
Date: 2013-04-20

According to “TechWorld”, Google’s Play store security has once again been embarrassed by the discovery of an ambitious botnet that sneaked past its app vetting systems to infect possibly huge numbers of Android users.
Lookout Mobile Security, which spotted the ruse, said it had tracked down 32 apps that seemed to be tied into what at first looked like just another advertising network with its own SDK, now dubbed ‘BadNews’.
The dastardly part is that the apps themselves appear innocent but come with the ability to contact a command and control server in order to push a range of genuinely malicious apps, including the AlphaSMS toll fraud app widely circulated by East European gangs.
In an attempt to remain unnoticed for as long as possible, the designers of BadNews designed the apps to behave legitimately for a period of time before hitting the user with bogus update requests at which point trouble begins.
The apps themselves included games and screensavers and were the work of four developers who might or might not be aware that their apps were being used as covers to get BadNews on to smartphones.
The company estimated the number of times potentially malicious apps were downloaded at between two and five million, including updates and earlier versions of apps that weren’t malicious.
Not all these downloads will therefore equate to infections but it is clear that large number of users could have been hit by malware from the one location, Google Play, they might reasonably assume to be safe.
Google was informed of the issue and had suspended the developer accounts, Lookout said, but it is hard to escape the uneasy feeling that criminals are successfully targeting Google’s Play at will.
“BadNews is a significant development in the evolution of mobile malware because it has achieved very wide distribution by using a server to delay its behaviour,” said Lookout researcher, Marc Rogers.

ID: IRCNE2013041821
Date: 2013-04-20

According to "computerworld", cybercriminals are increasingly targeting small businesses due to their less sophisticated defenses, according to a new report from Symantec.
Companies with 250 employees or less absorbed 18% of targeted cyberattacks in 2011, but the figure jumped to 31% in 2012, Symantec said in its Internet Security Threat Report 2013, released on Tuesday.
"While it can be argued that the rewards of attacking a small business are less than what can be gained from a large enterprise, this is more than compensated by the fact that many small companies are typically less careful in their cyberdefenses," the report said.
Organizations between 251 employees to 2,500 were targeted 19% of the time, with companies with more than 2,500 employees making up the remaining 50%, Symantec said. The company said it detected a 42% increase overall in cyberattacks in 2012 compared to 2011.
The most attacked industry in 2012 was manufacturing, at 24%. It was followed by finance, insurance and real estate companies at 19% and by non-traditional services at 17%, Symantec said.

شماره: IRCNE2013041820
تاريخ: 29/10/92

شركت گوگل، كنترل هاي مديريتي و ادمين را تقويت كرده است تا كاركنان فناوري اطلاعات، كنترل بهتري بر روي مرورگر كروم كاربران داشته باشند.
اين شركت قابليتي براي بخش هاي فناوري اطلاعات اضافه كرده است تا بتوانند پيكربندي محيط كاري را بر روي مرورگر كروم نصب شده بر روي رايانه هاي خانگي كارمندان اعمال نمايند. به اين ترتيب، كاربراني كه بر روي رايانه هاي خانگي كار مي كنند مي توانند به برنامه هاي Web كاري خود دسترسي داشته باشند.
Cyrus Mistry، مدير ارشد محصولات در وبلاگي نوشت: با مديريت مبتني بر وب، ادمين هاي فناوري اطلاعات مي توانند بيش از 100 خط مشي و تنظيمات گوگل را براي كارمندان خود از طريق پنل ادمين گوگل به دلخواه تنطيم نمايند.
گوگل هم چنين يك فرمت جديد كروم را با نام Legacy Browser Support معرفي نمود كه ادمين هاي فناوري اطلاعات مرورگر را پيكربندي مي نمايند به طوري كه براي سايت هاي خاص و برنامه هاي Web اي كه با مرورگر قديمي بهتر كار مي كنند، مي تواند يك مرورگر قديمي را راه اندازي نمايد.

شماره: IRCNE2013041819
تاريخ: 29/10/92

در گزارشي كه اخيرا توسط شركت Independent Security Evaluators of Baltimore منتشر شده، آمده است كه مسيرياب هاي Wi-Fi كه در خانه يا شركت خود استفاده مي كنيد، به راحتي هك مي شود.
محققان دريافتند كه 13 مسيرياب بي سيم معروف مي توانند توسط مهاجمان نسبتا ماهر مورد سوء استفاده قرار بگيرند. تمامي 13 مسيرياب ارزيابي شده مي توانند از طريق شبكه محلي مورد حمله قرار گيرند و چهار مسيرياب هيچ نشست مديريتي فعالي را درخواست نمي دهند. يازده مسيرياب مي توانند از يك شبكه WAN مانند شبكه وايرلس مورد حمله قرار گيرند.
در اين گزارش اشاره مي شود كه تمامي اين 14 دستگاه داراي آسيب پذيري هاي بحراني هستند كه مي توانند توسط "مهاجمان راه دور" مورد سوء استفاده قرار بگيرند و مي توانند از راه دور منجر به دسترسي غيرمجاز به مسيرياب شوند.
در اين گزارش هارينگتون توضيح مي دهد كه چرا هك شدن مسيرياب ها به يك مشكل بزرگ تبديل شده است. او اشاره مي كند كه نكته اي كه در اين مورد قابل توجه مي باشد آن است كه اگر شما يك مسيرياب را مورد حمله قرار دهيد، در واقع توانسته ايد كه از فايروال عبور نماييد. در نتيجه مي توانيد به شماره كارت هاي اعتباري، اسناد محرمانه، رمزهاي عبور، عكس ها و هر چيز ديگري دسترسي يابيد.
محقق امنيتي ISE گفت: ما به تمامي توليدكنندگان درباره آسيب پذيري هاي كشف شده، هشدار مي دهيم.

Number: IRCNE2013041820
Date: 2013/04/18

According to “computerworld”, Google has beefed up the administration and management controls that IT staff have over their users' Chrome browsers.
Google has added the ability for IT departments to apply the workplace configuration of Chrome browsers to Chrome browsers installed on employees' home computers.
That way, users working on their home computers can have access to their work Web apps, custom themes and app store by logging into Chrome with their Google Apps for Business or Google Apps for Education accounts, the company said Tuesday.
"With cloud-based management, IT administrators can customize more than 100 Chrome policies and preferences for their employees from the Google Admin panel," wrote Cyrus Mistry, senior product manager, Chrome for Business & Education, in a blog post.
Google also announced a new Chrome extension called Legacy Browser Support that lets IT administrators configure the browser so that it will launch an older browser for certain sites and Web applications that run better with a "legacy" browser.
"IT managers simply define which sites should launch from Chrome into an alternate browser, and then set this Chrome policy for all employees," Mistry wrote.

Number: IRCNE2013041819
Date: 2013/04/18

According to “cnet”, the Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.
The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a "moderately skilled adversary with LAN or WLAN access." All 13 routers evaluated can be taken over from the local network, with four of those requiring no active management session. Eleven of the 13 can be taken over from a Wide-Area Network (WAN) such as a wireless network, with two of those requiring no active management session.
The report notes that all 14 of the devices had critical security vulnerabilities that could be exploited by a "remote adversary" and could lead to unauthorized remote control of the router.
Harrington further explained why router hacking could turn into a big problem. "What's notable about this is that if you compromise the router, then you're inside the firewall. You can pick credit card numbers out of e-mails, confidential documents, passwords, photos, just about anything," he said.
"We notified all vendors about all vulnerabilities that we found," said ISE security analyst Jake Holcomb. "We're in the process of receiving Common Vulnerability and Exposure (CVE) numbers" for tracking information security vulnerabilities.

شماره: IRCNE2013041818
تاريخ: 28/01/91

روز گذشته اوراكل 128 ترميم براي آسيب‌پذيري‌هاي امنيتي عرضه كرد كه صدها محصول را تحت تأثير قرار مي‌دهند.
اين توليدكننده نرم‌افزار و سازنده جاوا در آگهي خود اظهار كرد كه چهار اصلاحيه اين مجموعه شامل ترميم‌هايي براي محصولات پايگاه داده اوراكل مي‌باشد كه مي‌تواند از راه دور و بدون نياز به نام كاربري و كلمه عبور مورد سوء استفاده قرار گيرد.
29 ترميم امنيتي نيز براي Oracle Fusion Middleware عرضه شده است كه 22 اصلاحيه آن از حملات بدون نياز به احراز هويت جلوگيري مي‌كنند.
اجزاي تحت تأثير عبارتند از Oracle HTTP Server، JRockit، WebCenter و WebLogic.
همچنين شش ترميم امنيتي براي Oracle E-Business Suite، سه ترميم امنيتي براي Oracle Supply Chain Products Suite و 11 ترميم امنيتي نيز براي Oracle PeopleSoft Products عرضه شده است.
ده‌ها ترميم ديگر نيز براي محصولات مختلف Sun و نرم‌افزار تجاري اوراكل به‌طور جداگانه عرضه شد.
اين به‌روز رساني حياتي شامل ترميم‌هايي بيش از ترميم‌هاي عرضه شده در اصلاحيه ماه ژانويه است كه شامل 86 ترميم بود.
پلاگين وب جاوا كه توسط اوراكل توسعه داده شده است نيز به‌روز رساني‌هايي شامل 42 اصلاحيه امنيتي دريافت كرد.
از اين مجموعه، فقط سه آسيب‌پذيري از نوعي هستند كه از راه دور قابل سوء استفاده نمي‌باشند، به اين معنا كه اين نرم‌افزار مي‌تواند بر روي يك شبكه بدون نياز به نام كاربري و كلمه عبور هدف حمله قرار گيرد.
نسخه‌هاي نرم‌افزار جاواي تحت تأثير اين به‌روز رساني شامل جاوا 5 (به‌روز رساني 41) و نسخه‌هاي پيش از آن، جاوا 6 (به‌روز رساني 43) و نسخه‌هاي پيش از آن و جاوا 7 (به‌روز رساني 17) و نسخه‌هاي پيش از آن مي‌باشد. جاوا FX 2.2.7 و نسخه‌هاي پيش از آن نيز تحت تأثير اين آسيب‌پذيري‌ها قرار دارند.