ID: IRCNE2013021768
Date: 2013-02-23

According to “ComputerWorld”, Microsoft has disclosed that it recently fell victim to the same type of cyberattack that targeted Apple and Facebook.
"During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations," the company said on its Security Response Center website Friday.
"We have no evidence of customer data being affected and our investigation is ongoing," it said.
Microsoft joins a list of companies that've recently reported being hacked, including Facebook, Apple, Twitter, The New York Times and The Wall Street Journal.
Apple and Facebook were both targeted via a vulnerability in Oracle's Java platform, and Microsoft said Friday it was hit by a similar attack.
"This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries," it said.
The Times, the Journal and Apple each pointed at China as the source of the attacks. Twitter didn't say where it thought the attacks originated but urged 250,000 of its users to change their passwords.
China has denied involvement in the attacks.

Related Posts:
Apple hit by malware attack
Facebook targeted by hackers, says no user data compromised
Twitter hacked

ID: IRCNE2013021767
Date: 2013-02-23

According to "cnet", Adobe has issued a patch to plug up critical security holes in its Reader and Acrobat software.
Released yesterday, the security updates address flaws that could cause the applications to crash and potentially let an attacker gain control of an infected computer. Adobe confirmed last week that the exploits have already led to some targeted attacks against vulnerable systems.
The patches are directed toward the following products and versions:

• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh, and Linux
• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

The fixes will update the version of Reader or Acrobat. For example, applying the patch to Adobe Reader X 10.1.5 will update it to version 10.1.6.
Those of you who use either product may receive an update notification the next time you launch the software. If not, you can trigger the update by clicking on the Help menu and selecting the command to Check for Updates.
The latest versions can also be downloaded directly via the following links:

• Adobe Reader for Windows
• Adobe Reader for Macintosh
• Adobe Reader for Linux
• Adobe Acrobat for Windows
• Adobe Acrobat for Macintosh

Adobe is urging all users of both programs to apply the patches.

Related Links:
Adobe to release emergency patches for Reader, Acrobat
Adobe confirms targeted attacks due to security hole in Reader

شماره: IRCNE2013021766
تاريخ:02/12/91

روز دوشنبه نيويورك تايمز گزارش داد كه برخي از مراكز دولتي در چين با استفاده از روش هاي پيچيده كه منجر به در اختيار گرفتن حساب هاي كاربري قربانيان مي شود، هك شده اند. روز گذشته شركت گوگل اعلام كرد كه اين هك مختص چين نيست و در حال حاضر در تمام كشورها به طور گسترده، اين روش هاي هك توسط هكرها استفاده مي شود.
مايك هرن، مهندس امنيت گفت: در مقايسه با پنج سال گذشته، بسياري از كلاهبرداري هاي غيرقانوني، جعل كردن يا پيام هاي هرزنامه اي از طرف كساني كه براي شما شناخته شده هستند، اتفاق مي افتد. اگر چه فيلتر كننده هاي هرزنامه بسيار قدرتمند عمل مي كنند، به عنوان مثال در جيميل كمتر از يك درصد از ايميل هاي هرزنامه به inbox وارد مي شود. اما به احتمال زياد اين پيام هاي ناخواسته بيشتر از طرف كساني فرستاده مي شوند كه قبلا با آن ها در ارتباط بوده ايد. در نتيجه، در سال 2010 هرزنامه نويسان تاكتيك هاي خود را تغيير دادند و امروزه شاهد هستيم كه ارسال پيام هاي جعلي از حساب هاي كاربري جيميل افزايش يافته است.
شركت گوگل اظهار داشت كه براي دور زدن اين فيلترها، هرزنامه نويسان به حساب هاي كاربري قانوني نفوذ مي كنند و هرزنامه ها را به حساب هايي كه با حساب مذكور در ارتباط هستند، ارسال مي كنند. گوگل اشاره مي كند كه اين حملات بسيار جدي مي باشند.
هرن اظهار داشت كه يك مهاجم با استفاده از رمزهاي عبور به سرقت رفته، مي تواند روزانه ميليون ها حساب كاربري جيميل را هك نمايد.
شركت گوگل به كاربران خود توصيه مي كند كه براي حساب هاي خود از تاييد هويت دو مرحله اي استفاده نمايند و گزينه هاي بازيابي را تنظيم كنند.

شماره: IRCNE2013021765
تاريخ: 2/12/91

يك تروجان جديد سيستم‌هاي Mac OS X كه ايجاد كننده راه نفوذ مخفي است، در حال انتشار است. اين تروجان سعي مي‌كند يك ارتباط امن با يك هكر راه دور ايجاد نمايد تا از اين طريق، اطلاعات خصوصي قرباني را جمع‌آوري كرده و براي وي ارسال كند.
اين بدافزار كه توسط شركت امنيتي اينتگو با نام Pintsized معرفي شده است، مشكوك به استفاده از يك پياده‌سازي تغيير يافته OpenSSH است كه يك ارتباط امن با يك سرور راه دور برقرار مي‌كند.
استفاده از يك ارتباط رمز شده، تشخيص و رديابي اين بدافزار را سخت‌تر مي‌نمايد، به‌خصوص كه اين بدافزار از پروتكل SSH عادي استفاده مي‌كند. بعلاوه، اين بدافزار سعي مي‌كند با تغيير قيافه فايل‌هاي خود به شكل اجزاي سيستم پرينت OS X، خود را پنهان نمايد. از جمله اجزايي كه فايل‌هاي اين بدافزار خود را به شكل آنها درمي‌آورند، مي‌توان به موارد زير اشاره كرد:

• com.apple.cocoa.plist
• cupsd (Mach-O binary)
• com.apple.cupsd.plist
• com.apple.cups.plist
• com.apple.env.plist

اينتگو مشخص نكرده است كه اين فايل‌ها در كجاي سيستم عامل قرار مي‌گيرند، ولي مانند بدافزار قبلي OS X، نياز به گزينه‌اي وجود دارد كه به‌طور خودكار در هنگام راه اندازي سيستم يا ورود كاربر، اين بدافزار نيز شروع به كار نمايد. در OS X، دايركتوري‌هاي متنوعي با اين مشخصه وجود دارند. اين دايركتوري‌ها از يك ساختار ليست دارايي (plist) استفاده مي‌كنند و مي‌توانند براي هدف قرار دادن يك فايل اجرايي و اجراي هميشگي آن بر روي سيستم، مورد استفاده قرار گيرند.
بنابراين براي بررسي آلودگي سيستم خود به اين بدافزار، دايركتوري‌هاي زير را در سيستم باز كرده و فايل‌هاي فوق را در آنها جستجو نماييد:

• /System/Library/LaunchDaemons
• /System/Library/LaunchAgents
• /Library/LaunchDaemons
• /Library/LaunchAgents
• ~/Library/LaunchAgents

از آنجايي‌كه توسعه دهندگان بدافزار از اين فولدرها براي اجراي بدافزار خود در OS X استفاده مي‌كنند، يك راه ساده براي تشخيص هر نوع سوء استفاده از آنها اين است كه هشداري را تنظيم كنيد كه هر زمان كه فايلي به آنها اضافه گردد، به شما اطلاع دهد. در اين لينك نحوه انجام اين كار شرح داده شده است.
علاوه بر بررسي اين فولدرها، شما مي‌توانيد يك فايروال معكوس مانند Little Snitch نيز نصب نماييد كه هر زمان كه برنامه‌اي سعي در ايجاد ارتباط با يك سرور راه دور را داشته باشد، به شما اطلاع مي‌دهد.
در حال حاضر هنوز مشخص نيست كه اين بدافزار چگونه حمله خود را آغاز مي‌كند، و آسيب‌پذيري مورد استفاده آن، مستند است يا ناشناخته. اما به هر حال اين بدافزار هنوز چندان گسترش نيافته است.

شماره: IRCNE2013021764
تاريخ:02/12/91

روز گذشته شركت موزيلا فايرفاكس 19 را منتشر كرد و يك نرم افزار مشاهده PDF را در مرورگر قرار داد. هم چنين فايرفاكس 19 شامل اصلاحيه هايي براي 13 آسيب پذيري امنيتي مي شود كه 10 آسيب پذيري در رده امنيتي "بحراني" قرار دارند.
برخلاف نرم افزار مشاهده PDF موجود در كروم، كه در داخل sandbox ضد كد سوء استفاده مرورگر قرار دارد، فايرفاكس چنين دفاعي را در نظر نگرفته است. حتي بدون sandbox، موزيلا ادعا مي كند كه نرم افزار مشاهده PDF آن از پلاگين هاي سنتي مانند Adobe Reader امن تر است. Bill Walker و Brendan Dahl مدير مهندسي و مهندس نرم افزار در موزيلا اظهار داشتند كه بسياري از اين پلاگين ها به طور اختصاصي با كد منبع بسته شده همراه هستند و مي توانند به طور بالقوه با استفاده از آسيب پذيري هاي امنيتي اطلاعات كاربران را افشاء نمايند. اما متخصصان امنيتي معتقدند كه به احتمال زياد نرم افزار مشاهده PDF فايرفاكس داراي اشكالات مخصوص به خود مي باشد.
روز گذشته موزيلا 13 آسيب پذيري را اصلاح نمود كه 10 آسيب پذيري در رده "با خطر بسيار بالا"، يك آسيب پذيري در رده "با خطر بالا" و دو آسيب پذيري در رده "با خطر متوسط" قرار دارند.
موزيلا در راهنمايي امنيتي روز سه شنبه خود گفت: نيمي از اين اشكالات توسط Abhishek Arya از تيم امنيتي كروم گزارش شده اند.
سه گزارش از شش گزارش منتشر شده توسط Arya، آسيب پذيري استفاده پس از آزادسازي بوده اند كه يك نوع مشكل مديريت حافظه است.
نسخه هاي ويندزو، مكينتاش و لينوكس فايرفاكس 19 را مي توان به صورت دستي از سايت موزيلا دانلود نمود. در حال حاضر نسخه هاي نصب شده به طور خودكار ارتقاء مي بايند. نسخه بعدي فايرفاكس روز دوم آوريل سال 2013 منتشر خواهد شد.

شماره: IRCNE2013021763
تاريخ: 2/12/91

اپل روز سه‌شنبه اعلام كرد كه قرباني يك حمله بدافزاري شده و تعداد كمي از سيستم‌هاي اين شركت، مورد سوء استفاده قرار گرفته‌اند.
به گفته اپل، اين حمله بدافزاري با يك آسيب‌پذيري در پلاگين جاوا مرتبط است.
اين شركت اظهار داشت كه هيچ مدركي مبني بر نشت داده‌ها يافت نشده است و اين شركت در حال همكاري با دستگاه‌هاي قانوني براي كشف منبع اين بدافزار است.
اپل سيستم‌هاي آلوده را از شبكه خود جدا كرده است.
اين بدافزار از طريق يك وب‌سايت مربوط به توسعه دهندگان نرم‌افزار، به كامپيوترهاي اين شركت رسيده است. همين بدافزار با حمله بدافزاري اخير به فيس‌بوك نيز مرتبط است.
اپل ابزاري را عرضه مي‌كند كه سيستم‌هاي مك را اسكن كرده و اين بدافزار جاوا را حذف مي‌نمايد. اوراكل نيز يك به‌روز رساني براي جاوا عرضه كرده است كه اين آسيب‌پذيري را برطرف مي‌كند.
نگراني‌هاي امنيتي باعث شد كه اپل از Mac OS X Lion به بعد، از افزودن جاوا به‌طور پيش‌فرض به سيستم عامل‌هاي خود خودداري نمايد. به هر حال كاربران مي‌توانند جاوا را به‌طور مستقل نصب كنند. زماني كه جاوا نصب مي‌گردد، پس از 35 روز و درصورتي‌كه مورد استفاده قرار نگيرد به‌شكل خودكار غيرفعال مي‌شود.

مطالب مرتبط:
فيس بوك، هدف حمله هكرها

ID: IRCNE2013021766
Date: 2013-02-20

According to "cnet", the New York Times' report Monday of state-sponsored hacking in China drew new attention to the sophisticated techniques that would-be infiltrators use to gain access to victims' accounts. But it's not just China, Google said today -- the techniques used against U.S. government agencies and corporations are being used increasingly by hackers around the world.
"Compared to five years ago, more scams [and] illegal, fraudulent, or spammy messages today come from someone you know," security engineer Mike Hearn said in a blog post. "Although spam filters have become very powerful -- in Gmail, less than 1 percent of spam e-mails make it into an in-box -- these unwanted messages are much more likely to make it through if they come from someone you've been in contact with before. As a result, in 2010 spammers started changing their tactics -- and we saw a large increase in fraudulent mail sent from Google Accounts."
Google says that to get around spam filters, spammers are breaking into legitimate accounts and sending mail to that account's contacts. And the attacks can be quite serious.
"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Hearn wrote. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."
The company recommends users take their own steps to secure their accounts: use two-step verification, and set up recovery options. Even that might not keep the most sophisticated hackers at bay, but it's a start.

ID: IRCNE2013021765
Date: 2013-02-20

According to “CNet”, a new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information.
The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server.
The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of the OS X printing system, specifically the following:

• com.apple.cocoa.plist
• cupsd (Mach-O binary)
• com.apple.cupsd.plist
• com.apple.cups.plist
• com.apple.env.plist

Intego does not state where these files are placed in the OS, but as with prior malware in OS X this requires an option to automatically launch the malware whenever the system is started or when a user logs in, which in OS X is the various launch agent directories in the system. Launch agents use a property list (plist) structure, and can be used to target a binary executable (such as the mentioned "cupsd" one above) to keep it always running on the system.
Therefore, to check for this malware, open the following directories in the system to check for the presence of any of the above files:

• /System/Library/LaunchDaemons
• /System/Library/LaunchAgents
• /Library/LaunchDaemons
• /Library/LaunchAgents
• ~/Library/LaunchAgents

Because malware developers use these folders as a means of running their malware in OS X, one easy way to detect any misuse of them is to set up an alert that will notify you whenever files are added to them. Here it is outlined how to do this with tools and services that are included in OS X.
In addition to monitoring these folders, you can also install a reverse firewall like Little Snitch, which will notify you whenever a program attempts to make a connection to a remote server.
Currently it is unknown how the malware initiates its attack, whether it uses a previously documented vulnerability or one that is yet to be disclosed; however, the malware is not known to be widespread and is primarily being discussed on various security mailing lists. Nevertheless, by checking for the presence of the above files in the system's Launch Agent and Launch Daemon folders you should be able to determine if your system is free of it.

ID: IRCNE2013021764
Date: 2013-02-20

According to "computerworld", Mozilla yesterday released Firefox 19, adding a built-in PDF viewer to the browser.
Firefox 19 also included patches for 13 security vulnerabilities, 10 pegged as "critical," the company's most severe threat ranking.
Unlike Chrome's PDF viewer, which operates inside the browser's anti-exploit sandbox, Firefox's does not sport similar defenses. And that matters, as PDF documents are often rigged with malicious code.
Even sans a sandbox, Mozilla claimed its PDF viewer would be more secure than traditional plug-ins such as Adobe Reader. "Many of these plug-ins come with proprietary, closed source code that could potentially expose users to security vulnerabilities," said Bill Walker and Brendan Dahl, engineering manager and software engineer at Mozilla, respectively, in a January blog announcing the viewer.
But security experts have pointed out that Firefox's PDF viewer will likely suffer bugs of its own.
Mozilla also patched 13 vulnerabilities, 10 critical, one marked "high" and two pegged "moderate," in Firefox today.
Nearly half of the bugs were reported by Abhishek Arya, better known as "Inferno," of the Chrome security team, Mozilla said in one of today's advisories, making this the third Firefox upgrade running where Arya has accounted for a major part of the reported vulnerabilities.
Three of the six reported by Arya were use-after-free vulnerabilities, a type of memory management bug that Google's security engineers have rooted out in droves from Chrome and, increasingly, other browsers.
Windows, Mac and Linux editions of Firefox 19 can be downloaded manually from Mozilla's site. Already-installed copies will upgrade automatically.
The next version of Firefox is scheduled to ship April 2, 2013.

ID: IRCNE2013021763
Date: 2013-02-20

According to “ComputerWorld”, Apple on Tuesday said it was a victim of a malware attack when a small number of systems inside the company were compromised.
The malware attack was tied to a vulnerability in a Java plug-in for browsers, Apple said in a statement sent via email.
"There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware," the statement reads.
Apple isolated the infected systems from its network.
The malware reached Apple computers through a website for software developers. The same malware is also tied to recent malware attacks against Facebook.
Apple is releasing a tool that scans Macs and removes the Java malware. Oracle has also released an update to Java that fixes the vulnerability.
Security concerns prompted Apple to stop adding Java to the operating system by default starting with Mac OS X Lion. However, users can install it independently. If Java is installed, it is automatically disabled after 35 days if not used.

Related Posts:
Facebook targeted by hackers, says no user data compromised