BF-SIRT Newsletter 2014-44

Welcome to the newsletter! This week you can read about A Window into russia’s cyber espionage operations and how a Coalition sheds more light on Hikit threat, Axiom spy group. You can also find information about Cyber Attacks on U.S. Companies in 2014, as well as how cyberattacks is the most imminent threat to U.S., Economy

Top 5 Security links
A Window into russia’s cyber espionage operations
Coalition sheds more light on Hikit threat, Axiom spy group
Hackers reportedly target unclassified White House network
Tor Project flags Russian ‘exit node’ server for delivering malware
Operation Pawn Storm

Top 5 Business Intelligence links
Cyberattacks Most Imminent Threat to U.S., Economy
Cyber Attacks on U.S. Companies in 2014
246 percent spike in Apple-themed phishing scams
The ‘Backoff’ malware linked to data breaches is spreading
Replay” Attacks Spoof Chip Card Charges

BF-SIRT Newsletter 2014-43

Welcome to the newsletter! This week we cover things such as how Cyber attacks now cost businesses $1.6m per incident and how Akamai sees record-setting spikes in size and volume of DDoS attacks. There’s also news of how Google Accounts Now Support Security Keys, and that Vietnam police hunt hackers behind mass outage.

Top 5 Security links
The case of the modified binaries
Modular Malware for OS X Relies on Open-Source Keylogger Code
Attackers change home routers’ DNS settings via malicious code injected in ads
PIN analysis
Vietnam police hunt hackers behind mass outage

Top 5 Business Intelligence links
Cyber attacks now cost businesses $1.6m per incident
Google Accounts Now Support Security Keys
Cyberespionage group launches sophisticated phishing attacks against Outlook Web App users
Akamai sees record-setting spikes in size and volume of DDoS attacks
Spike in Malware Attacks on Aging ATMs

BF-SIRT Newsletter 2014-42

Welcome to the newsletter! This week we’ve had quite a few things happen. On one side, we had SandWorm (which Microsoft has now patched in Patch Tuesday October 2014), and on the other side we’ve had the SSLv3 POODLE vulnerability as well as the SSLv3 POODLE vulnerability.

Top 5 Security links
Hong Kong democracy activist websites compromised
POODLE vulnerability: The end of life of SSL 3.0
Seleznev Arrest Explains ‘2Pac’ Downtime

Top 5 Business Intelligence links
Malware Based Credit Card Breach at Kmart
Security vendors claim progress against Chinese group that hacked Google
Possible SSLv3 Vulnerability
SandWorm
SSLv3 POODLE vulnerability
Patch Tuesday October 2014
Drupageddon

Drupageddon

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

This vulnerability can be exploited by anonymous users.

More information:
https://www.drupal.org/SA-CORE-2014-005

Patch Tuesday October 2014

Another month, another patch tuesday!

Microsoft issued eight security bulletins that address over two dozen vulnerabilities, including previously mentioned SandWorm.

Adobe has released security hotfixes for ColdFusion versions for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.

Adobe has also released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Oracle has released critical updates to a large amount of software (see link below), but amongst the most noticable are Oracle Database, Solaris, MySQL, VirtualBox and Java.

More information:
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://technet.microsoft.com/library/security/ms14-oct

SSLv3 POODLE vulnerability

As mentioned yesterday a SSLv3 vulnerability did come out during the night. The vulnerability, called POODLE (Padding Oracle On Downgraded Legacy Encryption), have had some documentation released, and
Google have created a blog post regarding it.

CIRCL have summarised how to fix this quite well, and as yesterday the suggested remediation is to simply disable SSLv3 where possible.

SandWorm

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.

Exploitation of this vulnerability was discovered in the wild in connection with a cyber-espionage campaign that iSIGHT Partners attributes to Russia.

This is making the rounds in the news, which isn’t surprising given the potential source as well as targets, but should you as an end user be worried over this? Probably not – in most cases. The vulnerability isn’t released in the wild, which means that you’d need to be the target for a very specific group of people to be hit by this. You should however of course still tread with caution until tomorrow’s Windows Update which will fix this vulnerability.

More information:
http://www.isightpartners.com/2014/10/cve-2014-4114/

Possible SSLv3 Vulnerability

“The Register has learned that news of yet another security vulnerability – this time in SSL 3.0 – is probably imminent.”
While this is currently unverified, it’s still good to take a look at if any services of yours are using SSLv3. SSLv3 came out in 1996, and have since been superseded by TLSv1.0, TLSv1.1 and eventually TLSv1.2.

The recommendation is to disable SSLv3, although this does mean that those using Windows XP (which has been End of Life for a while now) with Internet Explorer 6 (but Internet Explorer 7 would work) are unable to access the service.

More information:
http://www.theregister.co.uk/2014/10/14/nasty_ssl_30_vulnerability_to_drop_tomorrow/

BF-SIRT Newsletter 2014-41

Welcome to the newsletter! This week we cover information about how there’s been a SQL Injection Vulnerability in ‘Yahoo! Contributors Network’ and how the Silk Road Lawyers Poke Holes in FBI’s Story. In light of the latest celebrity leaks we’ve also included a story about the Top 5 celebrity hacks.

Top 5 Security links
SQL Injection Vulnerability in ‘Yahoo! Contributors Network’
Tyupkin Malware Hacking ATM Machines Worldwide
Top 5 celebrity hacks
Bugzilla bug tracker fixes zero-day bug revealing bug
Silk Road Lawyers Poke Holes in FBI’s Story

Top 5 Business Intelligence links
Twitter sues US federal agencies in attempt to remove the gag around surveillance
Huge Data Leak at Largest U.S. Bond Insurer
News from land of patch rewards
Dubai police add facial recognition to Google Glass
AT&T hit by insider breach; “change your passcode” it warns

BF-SIRT Newsletter 2014-40

Welcome to the newsletter! This week you can find stories on The Unpatchable Malware That Infects USBs Is Now on the Loose and more information about Shellshock in the Wild. You can also read about how it is Inside the NSA’s Private Cloud and that CloudFlare rolls out free SSL encryption to all.

Top 5 Security links
The Unpatchable Malware That Infects USBs Is Now on the Loose
You dirty RAT! Hong Kong protesters infected by iOS, Android spyware
Silk Road Lawyers Poke Holes in FBI’s Story
International hackers charged over Call of Duty and Apache helicopter software theft
Shellshock in the Wild

Top 5 Business Intelligence links
JP Morgan sees 76 million customer accounts hacked
CloudFlare rolls out free SSL encryption to all
Security incidents are up – and pricier! – but infosec budgets are dwindling
FBI opens Malware Investigator portal to industry
Inside the NSA’s Private Cloud