ID: IRCNE2012121698
Date: 2012-12-11

According to "techworld", security researchers have presented proof-of-concept code capable of accessing the database driving a Microsoft ERP system and then diverting funds while avoiding immediate detection.
Tom Eston and Brett Kimmel of vendor SecureState presented the would-be malware this week at the Black Hat Abu Dhabi conference.
Makers of corporate enterprise resource planning (ERP) systems include Oracle and SAP, while Microsoft's Dynamics Great Plains software is for midsize businesses.
What the researchers did was find a way to access the Microsoft SQL Server database through the Great Plains client. Before that can occur, a cybercriminal would have to trick a Great Plains user into clicking on a malicious email attachment or visit a web site capable of downloading the code. Once the code is installed, it can intercept communications over ODBC between the client and the database and also inject commands, Neely said.
"One of the goals [of the research] is to encourage accounting departments to adopt more stringent controls that could detect these attacks," Neely said.
Despite the critical importance of ERP security, the software often goes unpatched for long periods of time, because of the complexity of updating the often highly customised systems.
In May, consulting firm Onapsis released a study showing 95 percent of more than 600 SAP systems tested were vulnerable to attack, mainly because patches had not been applied.

ID: IRCNE2012121697
Date: 2012-12-11

According to "computerworld", Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins -- a type of virtual currency -- using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones.
However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol.
Tor hidden services are most commonly Web servers, but can also be Internet Relay Chat (IRC), Secure Shell (SSH) and other types of servers. These services can only be accessed from inside the Tor network through a random-looking hostname that ends in the .onion pseudo-top-level domain.
The malware behind this botnet is distributed through Usenet, a system originally built at the beginning of the 1980s as a distributed discussion platform, but now commonly used to distribute pirated software and content, commonly known as "warez."
The Skynet malware has several components: an IRC-controlled bot that can launch various types of DDoS attacks and perform several other actions, a Tor client for Windows, a so-called Bitcoin mining application and a version of the Zeus Trojan program, which is capable of hooking into browser processes and stealing log-in credentials for various websites.
The impact of botnets on the Tor network itself really depends on the scale of abuse, Guarnieri said. One feature of the Skynet botnet is that each infected machine becomes a Tor relay, which ironically makes the network larger and able to sustain the load, he said.
"One countermeasure that companies or ISPs could eventually enforce in their firewall is to drop all packets that originate from known TOR nodes, in order to minimize the amount of potentially malicious traffic they receive," Botezatu said. "Of course, they might also end up blacklisting a number of legit Tor users looking for anonymity."

شماره: IRCNE2012121696
تاريخ:18/09/91

يك مقاله منتشر شده توسط شركت Checkpoint نشان مي دهد كه هكرها در شرق اروپا، به شكل نظام مندي قادر هستند تا حدود 47 ميليون دلار را با استفاده از تروجاني كه به گوشي هاي هوشمند نفوذ مي كند، به سرقت ببرند. اين تروجان ملقب به "Eurograbber" مي باشد و يك نوع تروجان است كه بر اساس تروجان هاي بانكي زئوس و Zitmo نوشته شده است.
به گفته اين شركت، با متوقف كردن احراز هويت دو مرحله اي پيام هاي متني ارسال شده به كاربران تلفن هاي همراه، مقاديري در حدود 500 تا 250000 يورو از بيش از 30000 حساب مشتريان بانك به سرقت مي رود. اين تروجان در مراحل مختلفي صدمه مي زند. پس از آن كه ندانسته بر روي يك پست الكترونيكي سرقت هويت كليك مي شود يا از طريق مشاهده يك وب سايت مخرب، اين تروجان بر روي كامپيوتر قرباني دانلود مي گردد. هنگامي كه يكي از مشتريان بانك به حساب كاربري بانك خود وارد مي شود، نشست بانكي متوقف شده و يك كد جاوا اسكريپت خرابكار به صفحه بانكي تزريق مي گردد. سپس مشتري هشدار "ارتقاء امنيت" را دريافت مي كند كه از وي درخواست مي شود براي ارتقاء امنيت بر روي لينكي كه از طريق پيام كوتاه به شماره تلفن همراه او فرستاده مي شود، كليك نمايد.
اين مرحله باعث دانلود يك فايل به همراه نوعي از تروجان Zitmo بر روي تلفن همراه مشتري مي شود و مشتري يك كد تاييد را دريافت مي كند كه بايد از طريق صفحه نمايش در صفحه بانكي جعلي وارد نمايد. پس از وارد كردن اين كد، پيامي مبني بر اتمام ارتقاء امنيت نشان داده مي شود و تروجان مي تواند شروع به كار كند.
هرچند تروجان Eurograbberگوشي هاي هوشمند بلك بري و اندرويد را هدف قرار داده است، به نظر مي رسد كه گونه اي از آن براي مدل هاي ويندوز طراحي شده است. با توجه به مستندات اين شركت امنيتي تمامي كاربران بانك هاي خصوصي و شركتي تحت تاثير اين حمله قرار دارند. اين حملات از ايتاليا آغاز شده و پس از آن به كشورهاي آلمان، اسپانيا و هلند رسيده است. در حال حاضر موارد مشاهده شده تنها در اروپا قرار دارند اما اين امكان وجود دارد كه كشورهاي خارج از اتحاديه اروپا نيز تحت تاثير تروجان Eurograbber قرار بگيرند.

شماره:IRCNE2012121695
تاريخ: 18/09/91

مايكروسافت اعلام كرده است كه در سه‌شنبه اصلاحيه ماه دسامبر، هفت به روزرساني امنيتي را براي برطرف ساختن 11 آسيب‌پذيري امنيتي منتشر خواهد كرد كه از جمله آنها مي‌توان به اولين آسيب‌پذيري كشف شده در جديدترين مرورگر مايكروسافت يعني IE 10 اشاره كرد.
پنج عدد از هفت به روزرساني اين ماه بسيار مهم و دو عدد ديگر مهم ارزيابي شده‌اند. مايكروسافت همچنين آسيب‌پذيري‌هاي موجود در ويندوز 8، ويندوز RT و ويندوز سرور 2012 را برطرف خواهد ساخت.
بنا بر گفته يك متخصص امنيتي، آسيب‌پذيري موجود در IE مربوط به مديريت حافظه در "استفاده بعد از آزاد سازي" است و مستقيماً IE9 و IE10 را هدف قرار داده است. البته اين آسيب‌پذيري در ديگر نسخ IE نيز برطرف خواهد شد.
با احتساب اصلاحيه امنيتي ماه دسامبر، مايكروسافت در سال 2012 مجموعاً 83 بولتن امنيتي را منتشر ساخته كه 17 درصد نسبت به سال گذشته كاهش داشته است.

اخبار مرتبط:
انتشار اصلاحيه‌هاي مايكروسافت
نخستين آسيب‌پذيري‌هاي حياتي در ويندوزهاي 8 و RT
فروش آسيب‌پذيري ويندوز 8

ID: IRCNE2012121696
Date: 2012-12-08

According to "zdnet", a paper released by Checkpoint suggests that hackers working in Eastern Europe have systematically been able to swipe approximately $47 million through the use of a trojan that infiltrates smartphones. The infestation, dubbed "Eurograbber", is a trojan variant based on the Zeus and Zitmo banking malware.
According to the firm, by intercepting two-step authentication text messages sent to mobile phone users -- with a particular bend towards BlackBerry and Android models -- amounts ranging between 500 and 250,000 euros have been stolen from over 30,000 banking customers.
Eurograbber hits in multiple stages. After unknowingly clicking on a phishing email -- and possibly through visiting a malicious website -- the trojan is downloaded on to the victim's computer. Once a banking customer logs into their bank account, the banking session is intercepted and malicious javascript code is injected into the banking page. The customer is then notified of a "security upgrade" and instructed to click on an attached link via an SMS message sent to their submitted mobile phone number.
This stage triggers a file download to the customer's mobile with a variant of the Zitmo trojan customised for different operating systems, namely Android, BlackBerry and Windows, and the customer receives a "verification code" which they must input through their desktop on the now-malicious banking page.
Once input, the javascript informs the banking customer the security upgrade is complete, and the trojan's work can begin.
The Eurograbber trojan, although targeted at Android and BlackBerry smartphones, has also been found to include variants designed for Windows models. According to the research firm, both corporate and private banking users have been affected.
Attacks began in Italy, and soon the exploit hit the shores of Germany, Spain and Holland. Cases have only been documented in Europe so far, but it is possible that countries outside of the European Union may also eventually become targets of the Eurograbber trojan.

ID :IRCNE2012121695
Date: 2012-12-07

Computerworld - Microsoft today announced it will deliver seven security updates next week to patch 11 vulnerabilities, including the first that apply to Internet Explorer 10 (IE10), the company's newest browser.
As it did last month, Microsoft will also patch Windows 8, Windows RT and Windows Server 2012, its new desktop, tablet and server operating systems.
Five of the seven updates will be marked as "critical," Microsoft's highest threat ranking, while the remaining pair will be labeled "important," the Redmond, Wash. developer said in an advance warning published today.
Andrew Storms, director of security operations at nCircle Security, put the IE update atop his tentative to-do list. Others did, too, including Paul Henry, a researcher with Arizona-based Lumension.
If Microsoft ships all seven of the planned updates -- occasionally it holds one back at the last minute -- the company will have issued 83 security bulletins in 2012, a 17% drop from 2011's 100 updates, said Storms.

Related Topics
Microsoft patches critical flaws in Windows 8, Windows RT
Windows 8, RT to get first critical security patches
Windows 8 zero-day vulnerability goes on sale

شماره: IRCNE2012121694
تاريخ: 17/09/19

آخرين گزارش امنيتي شركت Sophos نشان مي دهد كه 80 درصد حملات بدافزارها در سال 2012 از طريق سايت هاي معتبر اتفاق افتاده اند و از اين سايت ها به سايت هاي مخرب هدايت شده اند.
اين شركت امنيتي برخي از مشاهدات كليدي سال 2012 را برجسته سازي كرده و مشكلاتي كه در سال 2013 ممكن است اتفاق بيفتد را توضيح مي دهد.
در اين گزارش آمده است كه سال 2012، سال پلت فرم هاي جديد و بدافزارهاي مدرن بوده است. با توجه به اين گزارش، بدافزارهاي مدرن با سوء استفاده از اين روند، چالش هاي جديدي را براي متخصصان فناوري اطلاعات ايجاد كرده اند.
در اين مطالعه هم چنين پرخطرترين و امن ترين كشورها در برابر حملات بدافزارها مشخص شده است. هنگ كنگ به عنوان خطرناك ترين كشور با 23.5 درصد در صدر اين جدول قرار دارد. كشورهاي تايوان، امارات متحده عربي، مكزيك و هند در رده هاي بعدي قرار دارند.
نروژ با 1.81 درصد به عنوان امن ترين كشور شناخته مي شود و كشورهاي سوئد، ژاپن، انگلستان و سوئيس در رده هاي بعدي قرار گرفته اند.
شركت امنيتي Sophos براي سال 2013 پيش بيني مي كند كه حملات بدافزارها بيشتر بر روي پلت فرم ها باشد و كمتر از طريق سوء استفاده از سيستم هاي امنيتي قديمي شركت ها صورت گيرد. هم چنين به نظر مي رسد با افزايش شديد در حملات مهندسي اجتماعي بر روي كليه پلت فرم ها، شاهد كاهش سوء استفاده از آسيب پذيري هاي بازار باشيم.

ID: IRCNE2012121694
Date: 2012-12-07

According to "techworld", a recent Sophos threat report, Security Threat Report 2013, has found that 80 percent of malware attacks in 2012 were redirects from legitimate sites.
The security vendor highlighted some key observations for 2012 and what is expected for 2013.
It said that 2012 was a year of new platforms and modern malware. According to Sophos, modern malware is taking advantage of these trends, creating new challenges for IT security professionals.
The study also ranked the riskiest and safest countries for experiencing a malware attack.
Hong Kong topped the list as the most risky country, with a 23.5 percent threat exposure rate.
Taiwan, UAE, Mexico and India followed respectively with 21.3 percent, 20.8 percent, 19.8 percent and 17.4 percent threat exposure rate.
Norway was named the safest country with a 1.81 percent threat exposure rate. Sweden followed with 2.59 percent; Japan with 2.63 percent; UK with 3.51 percent; and Switzerland with 3.81 percent. Australia made it into the top 20 safest countries, ranking at 15.
Sophos predicts that in 2013, increased availability of malware testing platforms will make it more likely for malware to slip through traditional business security systems.
However it also predicted that the market will see a decrease in vulnerability exploits offset by a sharp rise in social engineering attacks across a wide array of platforms.

شماره: IRCNE2012121693
تاريخ:16/09/91

توييتر توانايي هكرها براي ارسال توييت ها و انجام عمليات ديگر از طرف كاربران قرباني را محدود ساخت اما برخي از كاربران بايد به منظور محافظت حساب كاربري خود، گزينه PIN را فعال نمايند.
روز دوشنبه يك محقق امنيتي به نامJonathan Rudenberg اظهار كرد كه يك آسيب پذيري پيام كوتاه را در توييتر كشف كرده است كه به افرادي كه شماره تلفن همراه ديگران را دارند اين اجازه را مي دهد كه به جاي آن اشخاص مطالبي را توييت كنند.
توييتر به كاربران خود اجازه مي دهد تا حساب هاي كاربري خود را بوسيله ارسال دستوراتي از طريق پيام هاي كوتاه كنترل نمايند.
منشاء اين مشكل پيام هاي متني است كه مي توانند جعل شوند و سرويس هايي وجود دارد كه به كاربران اجازه مي دهند تا اين امور را به راحتي انجام دهند.
اگر يك مهاجم شماره تلفن همراه يكي از كاربران توييتر را بداند و آن كاربر از شماره تلفن همراه خود براي ارسال توييت ها استفاده كرده باشد، مهاجم مي تواند بدون دسترسي به تلفن آن كاربر، توييت هايي را از طرف آن ارسال نمايد.
يك نماينده توييتر از طريق پست الكترونيكي اعلام كرد كه در حال حاضر اين آسيب پذيري برطرف شده است. با اين وجود به نظر مي رسد اين ترميم به طور خودكار تمامي كاربران را محافظت نمي كند زيرا Rudenberg معتقد است كه مي تواند در حال حاضر نيز از اين آسيب پذيري استفاده نمايد.
Rudenberg روز سه شنبه در يك پست الكترونيكي گفت كه كاربراني كه از مدهاي بلند استفاده مي كنند در برابر اين مشكل آسيب پذيري هستند و براي محافظت بيشتر مي توانند ويژگي كد PIN را فعال نمايند.

مطالب مرتبط:
يك رخنه امنيتي در توييت كردن از طريق پيام كوتاه

ID: IRCNE2012121693
Date: 2012-12-06

According to "computerworld", Twitter has restricted the ability of attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts, but some users need to enable a PIN option in order to be protected.
On Monday, a developer and security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service).
Twitter allows users to control their accounts by sending commands via text messages to phone numbers set up by the company.
The problem is that the origin of text messages can be spoofed and there are services that allow users to do this easily.
If an attacker knows the phone number of a Twitter user and that user associated his phone number with his account, the attacker can issue SMS commands on behalf of the user without actually having access to his phone.
"Our team has already addressed this vulnerability," a Twitter representative said Tuesday via email.
However, it turns out that Twitter's fix does not automatically protect all users. Rudenberg was still able to demonstrate the vulnerability on a test account after Twitter said the vulnerability was addressed.
"Users that use the long codes are vulnerable to spoofing, but can enable the PIN code feature," Rudenberg said Tuesday via email.