ID: IRCNE2013041809
Date: 2013-04-07

According to "scmagazine", the release Tuesday of a new version of Mozilla's web browser brought fixes for 13 vulnerabilities, and offered improved browsing security features.
Firefox 20 addresses five "critical" flaws that could allow an attacker to run malicious code or install software “requiring no user interaction beyond normal browsing,” a security advisory from Mozilla said.
The latest version also offers a download panel for easier tracking of files that have been downloaded using Firefox.
Also packaged with the new release is functionality that allows users to change their browsing privacy status, without closing or restarting the browser.

ID: IRCNE2013041808
Date: 2013-04-07

According to "itpro", the average enterprise organisation is hit by a malware attack every three minutes, according to a new report by security vendor FireEye.
The company tracked 89 million malware events that took place across the globe during the second half of 2012, and used the findings to create the latest edition of its Advanced Threat Report.
The document’s aim is to provide organisations with an insight into the wide range of cyber attacks that regularly bypass IT security systems.
Its findings suggest enterprise firms experience a malware event (in the form of a malicious email file attachment or web link, for example) once every three minutes, with technology companies among those most frequently targeted.
Zheng Bu, senior director of research at FireEye, said enterprises should take note of this attack rate and prepare their defences accordingly.
“Malware writers spend enormous effort on developing evasion techniques that bypass legacy security systems,” he said.
The report also shed light on some of the most popular attack methods employed by cyber criminals during malware delivery campaigns, as well as some less common ones.
For example, spear phishing emails were flagged as the most common means of initiating a malware attack, while ZIP files emerged as the preferred choice to deliver malware.
“Instances of malware [were] uncovered that execute only when users move a mouse, a tactic that could dupe current sandbox detection systems since the malware doesn’t generate any activity,” said FireEye in a statement.
“In addition, malware writers have also incorporated virtual machine detection to bypass sandboxing.”
David Harley, security research fellow at anti-virus vendor ESET, said spear phishing and social engineering techniques are popular with cyber criminals because of how easily they evade detection.
“As such, technical defences like spam filters and firewalls are less likely to pick them up.” said Harley.
“The best defences are multi-layered. These involve efficient updating and patching [and] not relying on a single layer/security solution, such as a firewall or Intrusion Prevention System (IPS).”

ID: IRCNE2013041807
Date: 2013-04-07

According to “ITPro”, Malwarebytes security researchers claim to have discovered a new type of Java exploit kit that delivers two malwares in one attack – a move they have dubbed “the split”.
The Redkit exploit kit, which exploits Java vulnerabilities, was first detected in the wild in 2012.
Meanwhile, anti-virus vendor McAfee said in January that it was increasing in popularity and prevalence, but Malwarebytes now claims this is the first time it or any other exploit kit has been seen delivering two malicious codes at once.
We can expect several different malware samples within the payload, but there is a critical mass
Jerome Segura, senior security researcher at Malwarebytes, who explains in an upcoming blog post how the ‘split’ Redkit exploit kit was discovered, told IT Pro this technique is likely to become more popular.
“Since I started detecting this trick, I am seeing it a lot more within packet captures. For now it is still only part of the Redkit exploit kit, but it is just a matter of time before someone else copies it,” Segura said.
Segura also explained that while in theory this type of ‘split’ exploit kit could contain any number of malware files, there is a limit to how many can be wrapped together before it starts to cause problems for the kit itself.
“We can expect several different malware samples within the payload, but there is a critical mass. Too many samples could start conflicting with one another and also attract attention,” he claimed.

شماره: IRCNE2013041806
تاريخ: 17/01/91

شركت امنيتي سوفوس يك به‌روز رساني براي نرم‌افزار مورد استفاده در ابزار امنيتي گذرگاه وب خود عرضه كرده است كه سه آسيب‌پذيري جدي را در واسط كاربري محصول Web Applianceاين شركت برطرف مي‌كند.
اين آسيب‌پذيري‌ها مي‌توانند به مهاجمان اجازه دهند كه به فايل‌هاي پيكربندي حاوي اطلاعات حساسي مانند كلمات عبور ساير سرويس‌هاي شبكه داخلي دسترسي پيدا كنند، دستورات را به عنوان يك كاربر با حق دسترسي بالا اجرا نمايند و حملات سرقت هويت را عليه كاربران اجرا كنند.
Sophos Web Protection Appliance به ارائه سرويس‌هاي فيلتر URL، تحليل بلادرنگ محتواي وب و اعمال سياست دسترسي وب مي‌پردازد. اين ابزار همچنين داراي قابليت اسكن ترافيك HTTPS رمز شده با استفاده از گواهينامه‌هاي CA خودساخته بر روي تمامي سيستم‌هاي نهايي است.
به گفته محققان امنيتي شركت اتريشي SEC Conult كه اين آسيب‌پذيري‌ها را كشف كرده‌ند، مهاجمان مي‌توانند با سوء استفاده از يكي از آسيب‌پذيري‌هاي مذكور، كليد CA خصوصي ذخيره شده بر روي اين ابزار را سرقت كرده و براي اجراي حملات man-in-the-middle عليه كاربران شبكه داخلي مورد استفاده قرار دهند.
محققان SEC Consult اين آسيب‌پذيري‌ها را در تاريخ 21 ماه فوريه به سوفوس گزارش داده‌اند.
بنا بر راهنمايي امنيتي سوفوس كه در وب‌سايت اين شركت منتشر شده است، اين مشكلات با عرضه نسخه 3.7.8.2 نرم‌افزار Sophos Web Appliance در مارس 2013 برطرف شده‌اند. اين نسخه در روز 18 مارس براي يك گروه از كاربران داخلي، در روز 25 مارس بر اي گروه بزرگ‌تري از كاربران و در روز 1 آوريل براي تمامي كاربران در دسترس قرار گرفت.
به گفته سوفوس، اين نرم‌افزار بايد ظرف مدت چند روز به‌طور خودكار به‌روز رساني گردد. اما كاربران مي‌توانند به‌روز رساني دستي را نيز از طريق صفحه Configuration > System > Updates در واسط كاربري اين محصول انجام دهند.
محققان SEC Consult اعتقاد دارند كه ممكن است اين ابزار آسيب‌پذيري‌هاي بيشتري داشته باشد.

شماره: IRCNE2013041805
تاريخ:17/01/92

محققان امنيتي آزمايشگاه كسپراسكي يك كمپين هرزنامه اي را بر روي اسكايپ شناسايي كردند. اين كمپين يك نوع بدافزار را با قابليت هاي Bitcoin گسترش مي دهد.
Bitcoin يا BTC يك پول ديجيتالي غيرمتمركز است كه از اوايل امسال، محبوبيت آن افزايش يافته است و براي سرمايه گذاران و مجرمان سايبري بسيار جذاب مي باشد.
BTC ها با توجه به يك الگوريتم خاص بر روي كامپيوترهايي كه از منابع GPU و CPU استفاده مي كنند، توليد مي شود.اين عمليات را استخراج Bitcoin مي نامند و معمولا توسط كاربراني اجرا مي شود كه كامپيوترهاي چند GPU را اداره مي كنند.
مجرمان سايبري دريافتند كه توزيع Bitcoin ها، كاري بي نقص براي بات نت ها است و در نتيجه بدافزارهايي را توسعه دادند كه مي توانند از CPUها و GPUهاي كامپيوترهاي آلوده شده براي توليد Bitcoin ها سوء استفاده نمايند.
Dmitry Bestuzhev، يك محقق بدافزار در آزمايشگاه كسپراسكاي در وبلاگي اظهار داشت كه اين كمپين هرزنامه اي جديد روز پنج شنبه بر روي اسكايپ كشف شد. اين هرزنامه با استفاده از پيام هايي مانند " اين يك عكس مورد علاقه من از شماست"، كاربران را فريب مي دهد تا به آدرس bit.ly جعلي بروند.بازديد كاربران از آدرس bit.ly باعث مي شود تا فايلي با عنوان skype-img-04_04-2013.exe كه يك نصب كننده بدافزار است، دانلود گردد.
با توجه به اظهارات Bestuzhev، ميانگين كليك كردن بر روي اين آدرس جعلي بسيار بالاستو در هر ساعت بالاي 2000 كليك انجام مي گيرد. او گفت: بسياري از قربانيان در ايتاليا قرار دارند. پس از آن كشورهاي روسيه، لهستان، كاستاريكا، اسپانيا، آلمان، اوكراين و ديگر كشورها قرار مي گيرند.
اين بدافزار به يك سرور فرماندهي و كنترل در آلمان متصل مي شوند و بدين طريق تكه هاي ديگري از بدافزار را دريافت مي كنند. اين بدافزار كارهاي بسياري انجام مي دهد اما جالب ترين كار آن، اجراي برنامه كاربردي Bitcoin بر روي ماشين آلوده مي باشد.
نتيجه اين آلودگي براي كاربراني كه توسط اين بدافزار آلوده شده اند آن است كه به طور غيرطبيعي CPU ماشين آن ها مشغول به كار مي باشد. Bestuzhev گفت: اين كمپين كاملا فعال است. اگر CPU ماشين شما بسيار درگير مي باشد و تمامي منابع CPU شما در حال استفاده است، ممكن است به اين بدافزار آلوده شده باشيد.

شماره:IRCNE2013041804
تاريخ: 17/01/92

در سه‌شنبه اصلاحيه ماه آوريل، مايكروسافت نه آسيب‌پذيري را اصلاح خواهد نمود كه دو عدد از آنها بسيار خطرناك ارزيابي شده‌اند.
مطابق معمول اطلاعات زيادي در مورد آسيب‌پذيري‌ها منتشر نشده است تا از سوءاستفاده‌هاي احتمالي هكرها جلوگيري به عمل آيد. مايكروسافت در اطلاعيه‌اي اعلام كرده است كه آسيب‌پذيري ها در ويندوز، IE، آفيس و چند نرم‌افزار سرور وجود دارند.
اولين آسيب‌پذيري بسيار خطرناك همه نسخه‌هاي IE را تحت تأثير قرار مي‌دهد: IE 6، 7 و 8 بر روي ويندوز XP، IE 7، 8 و 9 بر روي ويندوز ويستا و IE 8، 9 و 10 بر روي ويندوز 7 و IE 10 بر روي ويندوز 8 و ويندوزهاي مبتني بر RT. اين آسيب‌پذيري از طريق وب‌سايت‌هاي حاوي بدافزار قابل سوءاستفاده است.
دومين آسيب‌پذيري بسيار خطرناك بر روي ويندوز xp، ويندوز ويستا و ويندوز 7 تأثير مي‌گذارد ولي بر روي ويندوز 8 يا ويندوز‌هاي مبتني بر RT تأثيري ندراد. هكرها مي‌توانند با سوءاستفاده از اين آسيب‌پذيري حق دسترسي خود را ارتقا بخشيده و حملات را در مقياس وسيع‌تري به انجام رسانند.
به روزرساني‌ها در نهم آوريل منتشر خواهند شد.

ID: IRCNE2013041806
Date: 2013-04-06

According to “ComputerWorldUK”, security vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities in the product's Web-based user interface.
The vulnerabilities could allow attackers to gain access to configuration files containing sensitive information like plaintext passwords for other internal network services, execute commands as a highly privileged system user and launch phishing attacks against users of the appliance.
The Sophos Web Protection Appliance provides URL filtering, real-time Web content analysis and Web access policy enforcement. It also has the ability to scan encrypted HTTPS Web traffic by using self-generated Certificate Authority (CA) certificates deployed on all endpoints.
According to security researchers from Austria-based security firm SEC Consult, who found the vulnerabilities, attackers could exploit one of the flaws to steal the private CA key stored on the appliance and use it to launch man-in-the-middle traffic interception attacks against users on the internal network.
The SEC Consult researchers reported the vulnerabilities to Sophos on 21 February.
"The issues reported were resolved with the 3.7.8.2 release of the Sophos Web Appliance software in March 2013," Sophos said in an advisory published on its website this week. "This went to an initial group of customers on March 18, to a larger group on March 25 and will be made available to all remaining customers on April 1."
Appliances should be updated automatically within a few days after the fixed version has been released. However, customers can also initiate a manual update from Configuration > System > Updates page in the product's interface, Sophos said.
The SEC Consult researchers believe that the appliance might have more vulnerabilities.

ID: IRCNE2013041805
Date: 2013-04-06

According to "computerworld", security researchers from Kaspersky Lab have identified a spam message campaign on Skype that spreads a piece of malware with Bitcoin mining capabilities.
Bitcoin (BTC) is a decentralized digital currency that has seen a surge in popularity since the beginning of the year and is currently trading at over $130 per unit making it an attractive investment for legitimate currency traders, but also cybercriminals.
BTCs are generated according to a special algorithm on computers using their CPU and GPU resources. This operation is called Bitcoin mining and is usually performed by users who operate multi-GPU computer rigs. However, mining efforts can also be pooled for better results.
Cybercriminals have figured out that distributed Bitcoin mining is a perfect task for botnets and have started developing malware that can abuse the CPUs and GPUs of infected computers to generate Bitcoins.
A new spam campaign spotted Thursday on Skype tricks users into visiting a rogue bit.ly URL by using messages like "this is my favorite picture of you" as bait, Dmitry Bestuzhev, a malware researcher at Kaspersky Lab, said in a blog post.
Visiting the rogue URL prompts users to download a file called skype-img-04_04-2013.exe that's a malware installer with a low antivirus detection rate, he said.
According to Bestuzhev, the average click rate for the rogue URL is high, at over 2,000 clicks per hour. "Most of potential victims live in Italy then Russia, Poland, Costa Rica, Spain, Germany, Ukraine and others," he said.
The malware dropper connects to a command and control server in Germany and downloads additional pieces of malware. The malware does many things, but the most interesting one is to run a bitcoin mining application on the machine, the researcher said.
Users affected by this malware will experience abnormally high CPU usage on their computers as a result of the infection. "The campaign is quite active," Bestuzhev said. "If you see your machine is working hard, using all available CPU resources, you may be infected."

ID :IRCNE2013041804
Date: 2013-04-06

According to ZDnet, in this month's roundup of security flaws, Microsoft said it will patch nine vulnerabilities in total, two of them rated "critical."
As usual, little information is provided about the flaws to ensure attackers can't exploit the flaws in advance of the upcoming release. But in today's advanced security bulletin, the software giant warns of flaws in both Windows, Internet Explorer, Microsoft Office and some of its server software.
The first critical flaw affects all versions of Internet Explorer, including: Internet Explorer 6, 7 and 8 on Windows XP; Internet Explorer 7, 8 and 9 on Windows Vista; and Internet Explorer 8, 9 and 10 in Windows 7. It also affects Internet Explorer 10 on Windows 8 and Windows RT-based tablets.
The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware-laden websites.
The second critical update affects Windows XP (Service Pack 3), Windows Vista (Service Pack 2) and Windows 7 — but not Windows 8 or Windows RT-based devices, such as Surface tablets. The patch will fix a flaw that allows an attacker to elevate privileges, such as from the more secure "user" to "administrator" privileges, opening up the core system files to attack and thus a greater scope for malware injection.
It's likely that, in line with previous months, Microsoft may also dish out a number of non-security related fixes to its Surface Pro and Surface RT tablets.
Any machines at home or at work with these affected systems will be patched in just under a week when Microsoft releases the software patches and fixes.
The software fixes will be released on April 9 through the usual update channels, such as Windows and Microsoft Update.

شماره: IRCNE2013031803
تاريخ: 11/01/92

سرويس iMessage شركت اپل در برابر حمله سيل‌آساي پيغام‌ها و يا حمله پيغام‌هاي طولاني آسيب‌پذير است.
بر اساس گزارشي از The Next Web، گروه كوچكي از برنامه‌نويسان و توسعه دهندگان نرم‌افزار، خود را هدف چنين حمله‌اي يافته‌اند.
به گفته The Next Web، منبع اين حمله احتمالاً كسي است كه دستي در نرم‌افزارهاي دزدي iOS دارد. همچنين اين فرد يا افراد از حساب‌هاي ايميل بلا استفاده براي اين كار استفاده كرده‌اند كه رديابي يا مسدود كردن حملات بعدي را مشكل مي‌سازد.
iMessage، پلتفورم پيغام دهي اپل است كه بين دستگاه‌هاي iOS و Mac مورد استفاده قرار مي‌گيرد. اين ويژگي در iOS 5 و در Mac OS X در نسخه 10.8 Mountain Lion افزوده شد. اپل در ماه ژانويه اظهار كرد كه كاربران در حال حاضر روزانه بيش از دو ميليارد پيغام بر روي اين سرويس ارسال مي‌كنند.