Security updates available for Adobe Flash Player (APSB13-08)

Today, a Security Bulletin (APSB13-08) has been posted to address security issues in Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux.

Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target Flash Player in Firefox.

Adobe recommends users apply the updates for their product installations.

You can get the latest version here: http://www.adobe.com/go/getflash

More information: http://www.adobe.com/support/security/bulletins/apsb13-08.html

Java, the gift that keeps on giving

Security researchers have released information about two exploits affecting Java 7 that when combined allows an attacker to completely bypass the Java sandbox to install malware etc.
There is at this time no fix from Oracle for this issue.
We suggest that users follow the guide lines in this post: http://blog.basefarm.com/blog/2013/02/02/java-1-7-0_13-update-fixes-50-security-vulnerabilities/

More information:
http://news.softpedia.com/news/Zero-Day-Vulnerability-Affecting-Java-7-Update-15-and-Earlier-Versions-Identified-332157.shtml
http://www.security-explorations.com/en/SE-2012-01-status.html

Basefarm SIRT Newsletter #4

BF-SIRT NEWSLETTER #4
Year – Week: 2013 – 08
https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Weekly Summary
This week, a lot of high profile companies have come forward about being victims of attacks. Companies like Apple and Facebook fell victims of Java exploits when browsing a well-known iOS developer forum, causing their computers to be taken over by attackers. This once again goes to show the importance of keeping your systems updated as much as you can and removing software you don’t need. If there’s need for a browser plugin such as Java or Adobe Acrobat Reader, then don’t have it activated in your primary browser but simply keep it enabled in a secondary browser for those specific Java websites.

NBC.com was also compromised this week, causing everyone visiting the site (many tens of thousands) to be redirected to a site serving malware. The malware exploited previously known Java and Adobe Acrobat Reader vulnerabilities to take control over the victim’s computers.

There’s also been reported by The New York Times that a unit within the Chinese Army is seen as tied to hacking against the U.S. China in turn denied this accusation.

On the good side of things, Google have released information that they have reduced the number of compromised accounts by 99.7% since their peak in 2011.

We have also launched a website for those interested in reading up on Basefarm SIRT. You can find the page here: https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Sources:

http://threatpost.com/en_us/blogs/nbc-website-hacked-leading-visitors-citadel-banking-malware-022113

http://threatpost.com/en_us/blogs/ios-developer-site-core-facebook-apple-watering-hole-attack-022013
https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766
http://googleblog.blogspot.com/2013/02/an-update-on-our-war-against-account.html
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

Important Software Security updates
Java 7 / Java 6: http://blog.basefarm.com/?p=1085
Mozilla updates (Firefox, Thunderbird, Seamonkey): http://blog.basefarm.com/?p=1084
Google Chrome: http://blog.basefarm.com/?p=1098
Adobe Acrobat Reader: http://blog.basefarm.com/?p=1100

Security tips
In light of the latest breaches, we’d like to suggest that you have a look at the software and browser plugins you have installed on your system(s).
Unfortunately, depending on an antivirus just doesn’t cut it, as malware is transforming and mutating which means your antivirus won’t find the reported malware signature. Attackers are also applying vulnerabilities faster and faster, which means that the time between disclosure of a vulnerability to the time when it’s being exploited through ad networks or hijacked sites is much shorter these days.

The first step is to simply check which software you have installed, and uninstalling the ones you don’t have an explicit need for.
Once you have uninstalled the applications and browser plugins you don’t need, it’s time to update them.

You can check your browser plugins up-to-date status on the following page: https://browsercheck.qualys.com/

As for your software, it’s a matter of visiting the developer’s webpage and verifying that you’re using the latest version of their software.
To keep your OS automatically patched through Windows Update or Mac’s Software Update goes without saying.

Security news
Chinese Army unit is seen as tied to hacking against U.S.
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

China says U.S. hacking accustations lack proof
http://www.reuters.com/article/2013/02/20/us-china-hacking-idUSBRE91I06120130220

DDoS attack on on bank hid $900,000 Cyberheist
http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Freezing Android devices break disk encryption
http://www.net-security.org/secworld.php?id=14433

February 1st – 16th cyber attacks timeline
http://hackmageddon.com/2013/02/18/1-16-february-2013-cyber-attacks-timeline/

Adobe Acrobat Reader updated APSB13-07

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

These updates are marked as Critical, and it’s recommended that those who require Adobe Acrobat Reader to apply them directly.
We do however suggest that you evaluate the need for Adobe Acrobat Reader and instead follow the guide lines we made in our previous Adobe Acrobat Reader post: http://blog.basefarm.com/blog/2013/02/13/zero-day-exploit-for-adobe-acrobat-reader/.

More information:
http://www.adobe.com/support/security/bulletins/apsb13-07.html

Google Chrome 25.0.1364.87

Google has released an update to their browser, and all users are suggested to update as soon as possible to avoid exploitation.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates

Mozilla Firefox / Thunderbird / SeaMonkey – Multiple Vulnerabilities

A weakness and multiple vulnerabilities have been reported in [Mozilla Firefox], Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

The weakness and the vulnerabilities are reported in [Firefox versions prior to 19,] Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.

These are marked as “Highly critical”, and it’s therefore suggested that you update your software as soon as possible.
You can find the updates here:
SeaMonkey: http://www.seamonkey-project.org/
Thunderbird: http://www.mozilla.org/en-US/thunderbird/
Firefox 19: Either simply go to Help, About in your browser to download the latest version if it didn’t already auto update, or visit http://www.mozilla.org/en-US/firefox/fx/#desktop

Firefox 19 also contains their all new built-in PDF reader, which means that both Chrome and Firefox now has built in PDF readers. Those wanting to secure themselves from last week’s Adobe Acrobat Reader vulnerability could therefore choose Firefox as the alternative as well.

More information:
http://secunia.com/advisories/52280/
http://secunia.com/advisories/52249/
http://secunia.com/advisories/52286/

Övervinn e-poststressen

Under min tid på Ericsson höll jag ett antal presentationer i ämnet “E-mail, stress och hur man kan hantera hundratals nya mail om dagen”, och implementerade själv en metod som jag gillade. Jag har normalt en helt tom inbox här på Basefarm. (Och nej, det räknas inte att gömma alla nya mail i en separat mapp!)

Metoden som jag använder är The Four D’s. (Se t.ex. en mycket bra artikel här: http://www.microsoft.com/atwork/productivity/email.aspx#fbid=Fpj5lWnkRNt. En annan artikel om samma ämne.)

Den går ut på att man går igenom inboxen, uppifrån och ner, och ställer nedanstående frågor för vart och ett av mailen:

  1. Delete it
    Innehåller mailet info du kommer behöva inom 6 månader? Kan du hitta informationen någon annan stans? Om ej, ta bort det! Innehåller det viktig eller användbar info kan man i stället arkivera det.
  2. Do it
    Går det att utföra på mindre än 2 minuter? Gör det direkt. (Ta sen bort det!)
  3. Delegate it
    Om det inte går att utföra på 2 minuter, går det att delegera till någon? (Ta bort det ur inboxen efter du skickat det. En fiffig funktion som finns i Outlook är att sätta follow-up-flaggan vilken hjälper dig att hålla koll. Mailet finns kvar i “Skickat”-mappen)
  4. Defer it
    Sätt upp det på en att-göra-lista, eller flagga det med follow-up och lägg det i en “Deferred”-mapp

Enligt Microsoft kan (enligt länken i artikeln ovan)
50% av alla mail kan raderas eller arkiveras
30% av alla mail kan delegeras eller hanteras inom två minuter
20% kan sättas till att-göra-listan eller kalendern

Jag en stor fan av att sätta upp regler för automatisk taggning av de mail som kommer in. Förr var det inne att sortera in alla mail i mappar, men den senaste trenden är att tagga alla mail med kategorier och behålla dem i inkorgen, så de är enkelt sökbara, och bara hantera olästa mail. Är ett mail läst skall det ha hanterats och kan glömmas bort. Du kan således byta ut “ta bort” mot “markera som läst” i stegen ovan om du vill vara trendig.

Man kan också använda regler för att färglägga mailen för att få en enkel överblick, t.ex. brukar jag göra så här: mail där jag bara är kopierad visas i grått, mail från chefen blir röda, gruppmail är gröna, privata mail blir blå, och övriga svarta.

Ett sista tips – jag ser till att aldrig radera eller rensa min Skickat-mapp. På så vis kan jag alltid ha spårbarhet på alla mail jag hanterat.

Lycka till!

Java 7 update 15 / Java 6 update 41

A new version of Java has been released (version 7 update 15 and version 6 update 41), fixing four “Highly Critical” security vulnerabilities.
You can download the latest version here: http://www.java.com
Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version: http://www.java.com/en/download/help/java_update.xml
Remember to delete any previous installed Java versions from your system when you update. See http://java.com/en/download/faq/remove_olderversions.xml for assistance with this.
This is the final public release of java 1.6.0 and Oracle will not provide more free security fixes for version 6.

We also suggest that users follow the guide lines in this post: http://blog.basefarm.com/blog/2013/02/02/java-1-7-0_13-update-fixes-50-security-vulnerabilities/

More information:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html

Basefarm SIRT Newsletter #3

BF-SIRT INTERNAL NEWSLETTER #3
Year – Week: 2013 – 07
https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Weekly Summary
Bit9, the security company that is used by many Fortune 100 firms and the U.S. Government for their software and network security was compromised last Friday. The attackers compromised Bit9’s network by gaining entry to some computers inside the Bit9 network where they had unfortunately forgot to install their own software. Said attackers then signed certain malware as “safe”, which gave them the ability to deploy malware on the target, which was protected by Bit9. It was also found out that an exploit had been sitting on one of LA Times Websites for six weeks, redirecting users to a Blackhole exploit kit. This reiterates the importance of doing continuous security and vulnerability checks on your websites.

Sources:
https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/
http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/

Important Software Security updates
Windows: http://blog.basefarm.com/?p=1034
Adobe Flash Player: http://blog.basefarm.com/?p=1036
Adobe Acrobat Reader: http://blog.basefarm.com/?p=1044

Security tips
Two-factor auth means additional security in the way that you have more than one authentication factor, and you are already using it today with your bank (in order to get money out of the ATM you need to input both a Card and a PIN code). You can enable two-factor authentication on a lot of services such as Google/Gmail, Lastpass, Facebook, Dropbox, Yahoo! Mail, Amazon Web Services and WordPress, and its advised to do so. Of course, using two factor auth does not mean you’re complete safe though as you could for example become the victim of a Man In The Middle attack, so continue being careful after you have activated it.

You can find information on how to enable two-factor authentication here: http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now

Security news
Kids ‘using coding skills to hack’ friends on games, expert says
http://www.bbc.co.uk/news/technology-21371609

Montana TV warns of ZOMBIE ATTACK in epic prank hack
http://www.theregister.co.uk/2013/02/12/spoof_zombie_apocalypse_warning/

Adobe Flash Player 0-day and HackingTeam’s Remote Control System
http://www.securelist.com/en/blog/208194112/Adobe_Flash_Player_0_day_and_HackingTeam_s_Remote_Control_System

Japanese “cat hacker” suspect caught
http://www.wired.co.uk/news/archive/2013-02/12/japanese-cat-hacker-caught

iOS 6.1 Hack allows iPhone lock screen bypass
http://thehackernews.com/2013/02/ios-61-hack-allows-iphone-lock-screen.html

Zero-day exploit for Adobe Acrobat Reader

Adobe has aknowledged a zero-day exploit for their Adobe Acrobat Reader product, and it’s currently being exploited in the wild.
It appears that all versions of Adobe Acrobat Reader are affected by this, and there is at this time no update available that fixes the issue.

Because of this, we recommend uninstalling Adobe Acrobat Reader if you have it on your computer, as your current operating system probably have built in support for reading pdf files anyway.
There is a built in pdf viewer in Mac OS X, Windows 8 and Ubuntu. Those running Windows 7 or below could install Google Chrome and use the pdf reader that’s built into browser.

UPDATE: Since this post, Firefox 19 has been released which also has a built in PDF reader.

More information: http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html