ID: IRCNE2012041451
Date: 2012-04-02

According to "techworld", Flash Player 11.2 introduces a new updating mechanism that can be configured to check for and deploy updates in the background automatically, without requiring user interaction. The feature has been in Adobe's plans for a long time and is expected to decrease the number of outdated Flash Player installations that attackers can target.
"The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks," said Peleus Uhley, platform security strategist at Adobe. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach. We are hoping to have similar success."
Of course, this will only happen after the vast majority of users upgrade to Flash Player 11.2. When Adobe Flash Player 11.2 is installed, users are asked to choose an update method. The available choices are: install updates automatically when available (recommended), notify me when updates are available, and never check for updates (not recommended).
The silent updater will try to contact Adobe's update server every hour until it succeeds. If it receives a valid response from the server that no update is available, it will wait 24 hours before checking again.
For now, the automatic update option is only available for Flash Player on Windows, but Adobe is working on implementing it for Mac versions as well, Uhley said.

ID: IRCNE2012041450
Date: 2012-04-02

According to “CNet”, security firm Sophos is warning about a scam on Twitter that is designed to trick people into filling out a survey with the promise of possibly winning a prize.
Basically, the scam is triggered by Twitter posts mentioning "Draw Something." A Twitter account that is not affiliated with game creator OMGPOP is offering prizes to people who have referenced the game in a tweet and encouraging them to visit a Web site called drawsomethingwinner.com, where they are prompted to answer a few questions supposedly to claim an award, senior technology consultant for Sophos said on the Sophos blog.
Completing the survey apparently does nothing more than help the scammers earn a commission, so don't expect any prize, he said.
Meanwhile, it's unknown what the scammers are doing exactly with the survey data or contact information being collected, but it's possible the information could be used to send people spam or phishing e-mails, or even sign people up for premium rate text service, according to Sophos.
"The scam survey that you are taken to varies according to where in the world you are. So, some may well ask you for your e-mail address," Sophos consultant told. "Others may ask you for your mobile phone number (and sign you up for expensive premium rate services). Typically they also ask for name, address, date of birth, etc."
Sophos has reported the account as spam to Twitter, and hopefully the Twitter account will be shut down, he said.
The success of Draw Something has been astonishing. The app, which works on iPhones, iPads, and Android devices, is believed to be the fastest spreading app ever. It's been downloaded more than 35 million times since it launched in early February.

ID: IRCNE2012041448
Date: 2012-04-02

According to “InternetNews”, Microsoft together with law enforcement has taken action in an attempt to weaken the nefarious Zeus malware botnet in an operation codenamed, Operation b71. The Zeus botnet is among the prolific forms of malware on the Internet today, installing keyloggers on zombie PCs that are then used to relay users' private financial information to criminals.
U.S. Marshalls accompanied Microsoft and its financial services partners in a raid that captured Zeus botnet command and control servers in Scranton, Pennsylvania and Lombard, Illinois. Those servers sat behind two Internet Protocol (IP) addresses that have also been seized. Going a level deeper those servers were attached to at least 800 domains that were also secured during the law enforcement bust.
Microsoft isn't the only one that is concerned about Zeus. VeriSign's iDefense security business unit recently identified the Zeus botnet as one of the top cyber security trends of 2011. The reason why Zeus has become so prevalent now is the fact that over the course of the last year it has evolved into an open source crimeware kit.
"We've always seen a steady evolution of new techniques and tactics by malware authors," Rick Howard, General Manager of Verisign iDefense, told InternetNews.com. "But the fact that the owner of Zeus released it to the wild, means that now that it's out there and every malware author on the planet can learn from it."
Howard noted that any malware author can now put Zeus-like functionality into their own code. He expects that a large amount of malware this year will converge on the same capabilities that are included in Zeus.

ID: IRCNE2012041447
Date: 2012-04-02

According to "techworld", security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.
The rogue emails appear to target Tibetan activist organisations and distribute booby-trapped Microsoft Word documents that exploit a known remote code execution vulnerability in Microsoft Office for Mac, according to malware experts from security firm AlienVault.
"This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X," said AlienVault security researcher Jaime Blasco.
Security researchers from Mac antivirus vendor Intego believe that the attacks might become more widespread.
"The attack will be very effective on those who have not updated their copies of Microsoft Office, or aren't running antivirus software," the Intego researchers said.
If the vulnerability is exploited successfully, the rogue Word files will install a previously unknown Mac OS X Trojan horse. The remote attackers can instruct this malware to download, upload and delete files.
"While, in the past, we did not see this type of attack targeting Macs, it is clear that the game has changed, and that we are entering a new period of Mac malware," the Intego researchers said.
Mac users are advised to keep the software installed on their computers up to date, especially the popular applications, and to run an antivirus program at all times.

شماره: IRCNE2012031446
تاريخ: 12/01/91

اخيرا Opera، مرورگر وب Mac OS X، به نسخه 11.62 به روز رساني شده است. در اين به روز رساني 6 رخنه امنيتي اصلاح شده است.
جزئيات آسيب پذيري هاي اصلاح شده به شرح زير مي باشد:

• با توجه به گزارش جردي چنل مساله اي كه مي توانست براي فريب كاربران به اجراي دانلودها استفاده شود، برطرف شده است.
• مساله اي كه در جايي ك محتويات تداخل پيدا مي كردند و مي توانست كاربران را به منظور اجراي دانلودها فريب دهد، برطرف شده است.
• مساله اي كه در جايي كه history.state مي توانست حالت داده را از صفحات بين دامنه اي افشاء نمايد برطرف شده است.

به كاربران توصيه مي شود كه هر چه سريعتر به آخرين نسخه به روز رساني نمايند.

ID: IRCNE2012031446
Date: 2012-03-31

According to "zdnet", The Opera Web browser for Mac OS X has been recently updated to version 11.62, with the latest update patching six security holes.
Details on the fixed vulnerabilities:

• Fixed an issue where small windows could be used to trick users into executing downloads, as reported by Jordi Chancel; see our advisory
• Fixed an issue where overlapping content could trick users into executing downloads, as reported by Jordi Chancel; see our advisory
• Fixed an issue where history.state could leak the state data from cross domain pages; see our advisory

Users are advised to update to the latest versions immediately, either through the browser’s built-in updater, or directly download the latest version from Opera’s web site.

شماره: IRCNE2012031445
تاريخ: 10/01/91

ادوبي، فلش پلير نسخه 11.2 را منتشر ساخت و دو آسيب پذيري مهم اجراي كد دلخواه را برطرف كرد.
يكي از آسيب پذيري هاي اصلاح شده مربوط به چگونگي بررسي دامنه هاي امنيتي URL توسط نسخه هاي قديمي فلش پلير مي شود و تنها پلاگين Flash Player ActiveX براي اينترنت اكسپلورر بر روي ويندوز 7 و ويستا را تحت تاثير قرار مي دهد.
هر دو آسيب پذيري مي توانند باعث ايجاد تخريب حافظه شوند و مي توانند از راه دور براي اجراي كد دلخواه مورد سوء استفاده قرار بگيرند.
به كاربران فلش پلير نسخه 11.1.102.63 و نسخه هاي پيش از آن براي ويندوز، مكينتاش، لينوكس و سولاري توصيه مي شود كه به فلش پلير نسخه 11.2 به روز رساني نمايند و به كاربران فلش پلير نسخه 11.1.111.7 براي اندرويد توصيه مي شود كه به فلش پلير نسخه 11.1.111.8 به روز رساني نمايند.

ID: IRCNE2012031445
Date: 2012-03-29

According to "techworld", Adobe have released Flash Player 11.2, addressing two critical arbitrary code execution vulnerabilities.
One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.
Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely.
Users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris are advised to update to the new Adobe Flash Player 11.2 for their respective platforms. Users of Adobe Flash Player 11.1.111.7 for Android are advised to update to Flash Player 11.1.111.8.

شماره: IRCNE2012031444
تاريخ: 08/01/91

گوگل در ششمين به روز رساني امنيتي براي كروم نسخه 17، نه آسيب پذيري را برطرف كرد.
شش آسيب پذيري داراي رده امنيتي "بالا" است، يك آسيب پذيري داراي رده امنيتي "متوسط" و دو آسيب پذيري داراي رده امنيتي "پايين" است.
سه تن از چهار پژوهشگري كه رخنه هاي كروم نسخه 17 را گزارش داده بودند، به تازگي از سوي گوگل به رسميت شناخته شده اند.
مي توانيد به روز رساني هاي كروم نسخه 7 را براي ويندوز، مكينتاش و لينوكس از روي وب سايت گوگل دانلود نماييد. كاربراني كه در حال اجراي مرورگر هستند از طريق به روز رساني بي سرو صدا به طور خودكار نسخه جديد را دريافت مي كنند.

شماره: IRCNE2012031443
تاريخ: 08/01/91

محققان امنيتي از ترندميكرو گزارش داده اند كه كنترل سايت هاي WordPress در اختيار هكرها قرار گرفته است و در حال حاضر اين سايت ها براي ارائه كدهاي سوء استفاده و بدافزار به كاربراني كه بر روي لينك هاي مخرب كليك مي نمايند، به خدمت گرفته شده اند.
با توجه به ترندميكرو، مجرمان سايبري هويت شركت هاي Better Business Bureau و LinkedIn را در ايميل هاي هرزنامه اي جعل كرده اند و بدين ترتيب كاربران نهايي و شركت ها را فريب داده تا بر روي لينك هاي مخربي كه در ايميل آن ها قرار دارد، كليك نمايند.
پس از كليك كردن بر روي اين لينك ها، كاربران در معرض كيت هاي سوء استفاده و بدافزار هاي وب Black Hole قرار مي گيرند. اين لينك ها از كدهاي سوء استفاده CVE-2010-0188 و CVE-2010-1885 استفاده مي نمايند.
به كاربران نهايي و كاربران شركت ها توصيه مي شود تا اطمينان حاصل كنند كه از نسخه هاي منسوخ شده نرم افزارها و پلاگين هاي مرورگر استفاده نمي كنند و هم چنين از تعامل با اين گونه ايميل ها اجتناب نمايند.