Basefarm SIRT Newsletter #5

BF-SIRT NEWSLETTER #5
Year – Week: 2013 – 09
https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Weekly Summary
This week, Microsoft also admitted to have been affected by the same attack that hit Apple and Facebook.
Information on how Apple devices running the latest update can get their data compromised if the attacker has physical access to the phone was also divulged, so it’s important to not leave your phone unattended. Should your phone be lost or stolen, it’s important to do a remote wipe as soon as you can. Cpanel also released information that root passwords belonging to servers of their customers that had been used by their technical support had been compromised, leaving many customers at risk. They have sent advice to affected customers to change their root or account passwords. There has also been a lot of discussions, as was expected, during the week regarding the validity of Mandiant’s APT1 report about how China is sponsoring hacking against the US.

Sources:
http://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx
http://arstechnica.com/apple/2013/02/researchers-find-yet-another-way-to-get-around-ios-6-1-passcode/
http://nakedsecurity.sophos.com/2013/03/01/cpanel-suffers-break-in-loses-root-passwords/
http://roer.com/2013/02/26/apt1-matching-data-to-your-hypothesis-is-not-the-same-as-proving-your-case/
https://www.mandiant.com/blog/netizen-research-bolsters-apt1-attribution/

Important Software Security updates
Adobe Flash Player
Java

Security tips
As the “Sports holidays” are currently on-going in Sweden (and other countries), we’d like to remind everyone to keep your mobile devices that you bring on your holiday secure. You can read some tips about this on the following site: http://bfblogg.wpengine.com/blog/2012/12/21/mobile-security/

Security news
Stuxnet 0.5 – the missing link.
http://www.symantec.com/connect/blogs/stuxnet-05-missing-link

Phishing has gotten Very good.
http://www.schneier.com/blog/archives/2013/03/phishing_has_go.html

At the vulnerability Oscars, the winner is… Buffer overflows!
http://www.veracode.com/blog/2013/02/at-the-vulnerability-oscars-the-winner-is-buffer-overflow/

How much does it cost to buy 10 000 US based malware infected hosts?
http://blog.webroot.com/2013/02/28/how-much-does-it-cost-to-buy-10000-u-s-based-malware-infected-hosts/

The MiniDuke Mystery
http://www.securelist.com/en/blog/208194129/The_MiniDuke_Mystery_PDF_0_day_Government_Spy_Assembler_0x29A_Micro_Backdoor