Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13

Information regarding a vulnerability that allows remote users to crash servers and authenticated users to execute arbitrary code. A patch has been released, and it’s highly advised to upgrade your software as soon as possible!

More information:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1899

Mozilla releases security updates to multiple applications

Mozilla has released updates to some of their applications in order to correct some critical security issues.
It is recommended to upgrade as soon as possible to the versions below, should you be using any of them:
Firefox 20.0
Firefox ESR 17.0.5
Thunderbird 17.0.5
Thunderbird ESR 17.0.5
SeaMonkey 2.17

More information: http://www.mozilla.org/security/announce/

Critical BIND vulnerability – Millions of DNS servers around the world affected

Information regarding a highly critical remote BIND issue affecting 9.7, 9.8 and 9.9 has surfaced, affecting millions of DNS servers around the globe. It’s been marked as Critical and is remote exploitable. When exploited, it causes a DoS.

“A flaw in a library used by BIND 9.7, 9.8, and 9.9, when compiled on Unix and related operating systems, allows an attacker to deliberately cause excessive memory consumption by the named process, potentially resulting in exhaustion of memory resources on the affected server. This condition can crash BIND 9 and will likely severely affect operation of other programs running on the same machine.”

Patching this issue should be on the absolute top of the priority list for anyone running BIND.

More info: https://kb.isc.org/article/AA-00871

Cisco IOS Multiple DoS Vulnerabilities

Information regarding 7 DoS vulnerabilities for Cisco IOS was released yesterday by Cisco.
All of them are regarding DoS attacks, so it’s recommended to upgrade as soon as possible.

Cisco IOS Software Internet Key Exchange Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike

Cisco IOS Software Smart Install Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall

Cisco IOS Software Zone-Based Policy Firewall Session Initiation
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce

Cisco IOS Software Network Address Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat

Cisco IOS Software Protocol Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt

Cisco IOS Software Resource Reservation Protocol Denial of Service
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp

Cisco IOS Software IP Service Level Agreement Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla

Mozilla Firefox / Thunderbird / SeaMonkey – Multiple Vulnerabilities

A weakness and multiple vulnerabilities have been reported in [Mozilla Firefox], Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

The weakness and the vulnerabilities are reported in [Firefox versions prior to 19,] Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.

These are marked as “Highly critical”, and it’s therefore suggested that you update your software as soon as possible.
You can find the updates here:
SeaMonkey: http://www.seamonkey-project.org/
Thunderbird: http://www.mozilla.org/en-US/thunderbird/
Firefox 19: Either simply go to Help, About in your browser to download the latest version if it didn’t already auto update, or visit http://www.mozilla.org/en-US/firefox/fx/#desktop

Firefox 19 also contains their all new built-in PDF reader, which means that both Chrome and Firefox now has built in PDF readers. Those wanting to secure themselves from last week’s Adobe Acrobat Reader vulnerability could therefore choose Firefox as the alternative as well.

More information:
http://secunia.com/advisories/52280/
http://secunia.com/advisories/52249/
http://secunia.com/advisories/52286/

Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

The Adobe Flash version information page can be found here: http://www.adobe.com/software/flash/about/

More information:
http://www.adobe.com/support/security/bulletins/apsb13-05.html

Basefarm SIRT Newsletter #2

Basefarm SIRT weekly newsletter #2
Year – Week: 2013 – 06

Basefarm SIRT is the Security Incident Response Team of the Basefarm Group. We are posting weekly newsletters with the latest security information which we find interesting to the Basefarm Blog.

Preface
As you remember from last week, The New York Times had been severely compromised for four months before it was noticed (during which time their anti-virus software only located 1 our of 55 malwares on their servers). The New York Times believes that the hackers gained entry through a spear-phishing attack, which means employees was sent emails containing malware attachments or links to sites with malware. Since then, Wall Street Journal, Washington Post, US Federal Reserve and Twitter (where it seems the attackers gained access to information of 250 000 accounts) has also come forward that they were compromised.

So what does this show?
Amongst other things, no matter what security systems are in place, no company can with a straight face say they are never going to be compromised. There will always be some ways in, so the goal is making sure there are as few of those as possible, which is why we try to do as much proactive security work as we can.

The reality is unfortunately that the easiest way in is usually through you – a human that clicks on a phishing mail or gets a malware payload through one of your outdated plugins. Cisco released their 2013 Annual Security Report, and it shows that most malware today gets into your system through your common news or business sites, and they do so by compromising ad networks said sites are using.

Sources:
http://www.networkworld.com/news/2013/020113-lesson-learned-in-cyberattack-on-266335.html
http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html
http://blog.twitter.com/2013/02/keeping-our-users-secure.html
http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html


Important Software Security updates

Java 7 (Update 13) / Java 6 (Update 39)
http://www.java.com/en/download/index.jsp

Firefox (18.0.2)
http://www.getfirefox.com/

Adobe Flash (11.5.502.149 (Win and Mac), 11.3.379.14 (Windows 8) and 11.2.202.262 (Linux))
http://get.adobe.com/flashplayer/

For those using Firefox, you can go to the following page to see if your plugins are up-to-date:
https://www.mozilla.org/en-US/plugincheck/

Security tips
In the rise of the latest plugin vulnerabilities causing havoc on the web (Java and Flash), we suggest that those who have the ability to do so should enable click-to-play in their browsers. Doing this means that plugins such as Java (which should be fully disabled by default in your main browser anyway) or Adobe Flash won’t automatically load in your browser unless you click on the object.

You can find information on click-to-play for your browser at these locations:
http://www.ghacks.net/2012/07/21/configuring-chromes-click-to-play-feature/
https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/

Security news
Microsoft and Symantec hijacks the “Bamital” Botnet
http://krebsonsecurity.com/2013/02/microsoft-symantec-hijack-bamital-botnet/

Canada Joins the DNSSEC Party
http://www.darkreading.com/blog/240147786/canada-joins-the-dnssec-party.html

China is world’s most malware-ridden nation
http://www.net-security.org/malware_news.php?id=2404

Where do you get malware from?
http://www.securitybistro.com/blog/?p=5384
http://www.net-security.org/secworld.php?id=14355

Basefarm SIRT Newsletter #1

Basefarm SIRT NEWSLETTER #1
Year – Week: 2013 – 05

Welcome to the first weekly security newsletter from your Basefarm SIRT team! In this newsletter we try to collect the latest weekly security news that we find worthwhile. As always, we continue sending out flash messages for critical issues that we find, but that does not mean the information is any less important for those who want to have safe and secure systems. We’d love to get feedback, so please send thoughts, suggestions, things we should add etc. to sirt@basefarm.com .

For those who aren’t familiar with what a SIRT team is, you can find information here:
http://www.cert.org/csirts/csirt_faq.html

Preface
It’s been quite a busy week with WordPress and UPnP vulnerabilities affecting millions of servers and networks. The biggest world wide news story of the week was of course the fact that the New York Times found out that their network had been compromised by Chinese hackers who got access to email accounts of senior staff, stole passwords for the corporate network for every New York Times employee and gained direct access to 53 personal computers of The New York Time employees. This went on for four months before it got noticed. The latest report from Arbor also shows that the DDoS attacks rose quite a bit during 2012 (+20% in bandwidth, +11% higher packet rates and a +41% rise in complex (multi-vector) DDoS attacks).

Important Software Security updates
iOS 6.1 for those with an iPhone.
http://support.apple.com/kb/HT5642

VLC Player 2.0.6 is available for those using VLC as their media player.
http://www.videolan.org/security/sa1302.html

Opera 12.13 is available for those using the Opera Browser.
http://my.opera.com/desktopteam/blog/2013/01/30/12-13-final-released

Security tips
Secure your passwords in Firefox
Setting a master password
Firefox: “Tools -> Options -> Security / Passwords -> Use a master password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Set Master Password”
Changing your master password
Firefox: “Tools -> Options -> Security / Passwords -> Change Master Password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Change Master Password” (not shown unless a master password is set)
http://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Security news
Chinese hackers sit inside the network of New York Times for months without being spotted.
http://www.wired.com/threatlevel/2013/01/new-york-times-hacked/

US Cyber Command Seeks to Quintuple Cybersecurity Force.
http://www.washingtonpost.com/world/national-security/pentagon-to-boost-cybersecurity-force/2013/01/19/d87d9dc2-5fec-11e2-b05a-605528f6b712_story.html

Israel Strengthening its Cyber Stance.
http://www.businessweek.com/news/2013-01-27/israeli-troops-swap-guns-for-computers-as-cyber-attacks-increase

FBI Investigating Leak of US Stuxnet Involvement.
http://www.washingtonpost.com/world/national-security/fbi-is-increasing-pressure-on-suspects-in-stuxnet-inquiry/2013/01/26/f475095e-6733-11e2-93e1-475791032daf_story.html