BF-SIRT Newsletter 2014-39

Welcome to the newsletter! The biggest news this week is obviously how the “Shellshock” Bug Spells Trouble for Web Security. McAfee have also released a Phishing Quiz a few weeks ago, which is still worth taking if you mised it the first time around. You can also find information as how a European cyber crime ring has been exposed after 12 years.

Top 5 Security links
“Shellshock” Bug Spells Trouble for Web Security
Quick notes about the bash bug, its impact, and the fixes so far
Google to turn on encryption by default in next Android version
V3 Security Summit: European cyber crime ring exposed after 12 years
Game pirates ‘donate’ compute power to Bitcoin miners

Top 5 Business Intelligence links
McAfee Phishing Quiz
Thwarting Ransomware Attacks
High-volume DDoS attacks on the rise
Report: Intrustion prevention systems made a comeback in 2013
Home Depot completes malware elimination in all U.S. stores

BF-SIRT Newsletter 2014-38

Welcome to the newsletter! This week we have stories such as how Breach at Goodwill Vendor Lasted 18 Months and that Citadel Trojan phishes its way into petrochem firm’s webmail. We also have information as to how SNMP DDoS Scans Spoof Google Public DNS Server and that a Study concludes ‘Heartbleed’ flaw was unknown before disclosure. From our own posts we have mentioned the latest iOS 8 update.

Top 5 Security links
Information Sharing on Threats Seen as a Key for Auto Makers
Securing virtual machines: Considerations for the hybrid cloud
Everything you need to know about POS malware
Breach at Goodwill Vendor Lasted 18 Months
Citadel Trojan phishes its way into petrochem firm’s webmail

Top 5 Business Intelligence links
Study concludes ‘Heartbleed’ flaw was unknown before disclosure
Researchers unlock TorrentLocker encryption
Hacked Brazilian Newspaper Site Targets Router DNS Settings
SNMP DDoS Scans Spoof Google Public DNS Server
Hackers penetrated systems of key defense contractors

Basefarm Posts
iOS 8

iOS 8

Apple has released the latest version of its mobile OS on Wednesday, and in it has fixed over 50 vulnerabilities, many of which are very serious:
Two vulnerabilities allowed a local attacker to escalate privileges and install unverified (likely malicious) applications
A validation issue in the handling of update check responses allowed an attacker with a privileged network position to cause an iOS device to think that it is up to date even when it is not
Two vulnerabilities in CoreGraphics made it possible for a maliciously crafted PDF file to terminate apps or execute arbitrary code
Several vulnerabilities in the IOHIDFamily kernel extension made it posible for a malicious app to read kernel pointers, which can be used to bypass kernel address space layout randomization, or to execute arbitrary code with system privileges (the latter was also made possible by the existence of several IOKit bugs)
A Libnotify bug allowed a malicious application may be able to execute arbitrary code with root privileges
Two Safari vulnerabilities made it possible for attackers and websites to intercept or harvest user credentials
12 WebKit bugs could have been misused by attackers to execute arbitrary code on the device by simply creating a malicious website and tricking users into visiting it.
With iOS 8, Apple has also updated its certificate trust policy and has randomised the MAC address to prevent potential device tracking attacks via passive WiFi scans.

If you can, it’s a good idea to update to iOS 8, because all these bugs remain unpatched in all earlier version of the OS.

More information:
http://www.net-security.org/secworld.php?id=17378
http://support.apple.com/kb/HT6441

BF-SIRT Newsletter 2014-37

Welcome to the newsletter! This week it’s being available two days in advance, but that doesn’t meant it’s got less interesting news in it! Among the highlights for this week are how an OS X version of Windows backdoor has been spotted, and Why Google is Hurrying the Web to Kill SHA-1 as well as a forum post with 5 million “compromised” Google accounts. Other included news are how Malicious advertising have hit Amazon, YouTube and Yahoo according to Cisco, and of course it’s also time for Patch Tuesday September 2014.

Top 5 Security links
China is now 99.8% sure you’re you, thanks to world’s-best facial recognition wares
Report: China’s underground activity doubled last year
OS X version of Windows backdoor spotted
5 million “compromised” Google accounts leaked
Robin Hood virus: Chinese hackers target nation’s wealthy

Top 5 Business Intelligence links
Malicious advertising hits Amazon, YouTube and Yahoo, Cisco says
Apple CEO says iCloud security will be strengthened
One in five Massachusetts residents breached in 2013
Goodwill announces breach, more than 800K payment cards compromised
Why Google is Hurrying the Web to Kill SHA-1

Basefarm Posts
Patch Tuesday September 2014

Patch Tuesday September 2014

Another month, another patch tuesday!

For this month’s Patch Tuesday, Microsoft have, amongst other things, released updates for Internet Explorer, which addresses 37 CVEs. The other updates include an update to Improve Credentials Protection and Management(adds additional users’ credentials when logging into a Windows 7 or Windows Sever 2008 R2 system, as well as Security Advisory 2905247 – Insecure ASP.Net Site Configuration Could Allow Remote Code Execution and Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.

Adobe on the other hand have opted to just supply updates to Adobe Flash for today, and will have updates available for Adobe Reader and Acrobat on the 15th of September.

More information:
https://technet.microsoft.com/library/security/ms14-sep
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html

BF-SIRT Newsletter 2014-36

Welcome to the newsletter! This week’s top stories include follow-up information regarding the story we posted last week regarding Norwegian companies being under attack, as well as information regarding the Russian-made tool that grabs nude selfies from iCloud accounts.

Top 5 Security links
Dance like a Dragonfly, sting like a Bear.
Data on 97K Bugzilla users posted online for about three months
CryptoWall surpasses CryptoLocker in infection rates
Linux systems infiltrated and controlled in a DDoS botnet
Android IMSI-Catcher Detector (AIMSICD)

Top 5 Business Intelligence links
160,000 new malware samples appear each day
The Russian-made tool that grabs nude selfies from iCloud accounts
Semalt botnet hijacked nearly 300k computers
80% of business users are unable to detect phishing scams
Game theory: Cyber preparedness