Basefarm SIRT Newsletter #4

BF-SIRT NEWSLETTER #4
Year – Week: 2013 – 08
https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Weekly Summary
This week, a lot of high profile companies have come forward about being victims of attacks. Companies like Apple and Facebook fell victims of Java exploits when browsing a well-known iOS developer forum, causing their computers to be taken over by attackers. This once again goes to show the importance of keeping your systems updated as much as you can and removing software you don’t need. If there’s need for a browser plugin such as Java or Adobe Acrobat Reader, then don’t have it activated in your primary browser but simply keep it enabled in a secondary browser for those specific Java websites.

NBC.com was also compromised this week, causing everyone visiting the site (many tens of thousands) to be redirected to a site serving malware. The malware exploited previously known Java and Adobe Acrobat Reader vulnerabilities to take control over the victim’s computers.

There’s also been reported by The New York Times that a unit within the Chinese Army is seen as tied to hacking against the U.S. China in turn denied this accusation.

On the good side of things, Google have released information that they have reduced the number of compromised accounts by 99.7% since their peak in 2011.

We have also launched a website for those interested in reading up on Basefarm SIRT. You can find the page here: https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Sources:

http://threatpost.com/en_us/blogs/nbc-website-hacked-leading-visitors-citadel-banking-malware-022113

http://threatpost.com/en_us/blogs/ios-developer-site-core-facebook-apple-watering-hole-attack-022013
https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766
http://googleblog.blogspot.com/2013/02/an-update-on-our-war-against-account.html
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

Important Software Security updates
Java 7 / Java 6: http://bfblogg.wpengine.com/?p=1085
Mozilla updates (Firefox, Thunderbird, Seamonkey): http://bfblogg.wpengine.com/?p=1084
Google Chrome: http://bfblogg.wpengine.com/?p=1098
Adobe Acrobat Reader: http://bfblogg.wpengine.com/?p=1100

Security tips
In light of the latest breaches, we’d like to suggest that you have a look at the software and browser plugins you have installed on your system(s).
Unfortunately, depending on an antivirus just doesn’t cut it, as malware is transforming and mutating which means your antivirus won’t find the reported malware signature. Attackers are also applying vulnerabilities faster and faster, which means that the time between disclosure of a vulnerability to the time when it’s being exploited through ad networks or hijacked sites is much shorter these days.

The first step is to simply check which software you have installed, and uninstalling the ones you don’t have an explicit need for.
Once you have uninstalled the applications and browser plugins you don’t need, it’s time to update them.

You can check your browser plugins up-to-date status on the following page: https://browsercheck.qualys.com/

As for your software, it’s a matter of visiting the developer’s webpage and verifying that you’re using the latest version of their software.
To keep your OS automatically patched through Windows Update or Mac’s Software Update goes without saying.

Security news
Chinese Army unit is seen as tied to hacking against U.S.
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

China says U.S. hacking accustations lack proof
http://www.reuters.com/article/2013/02/20/us-china-hacking-idUSBRE91I06120130220

DDoS attack on on bank hid $900,000 Cyberheist
http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Freezing Android devices break disk encryption
http://www.net-security.org/secworld.php?id=14433

February 1st – 16th cyber attacks timeline
http://hackmageddon.com/2013/02/18/1-16-february-2013-cyber-attacks-timeline/