Adobe Acrobat Reader updated APSB13-07

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

These updates are marked as Critical, and it’s recommended that those who require Adobe Acrobat Reader to apply them directly.
We do however suggest that you evaluate the need for Adobe Acrobat Reader and instead follow the guide lines we made in our previous Adobe Acrobat Reader post: http://bfblogg.wpengine.com/blog/2013/02/13/zero-day-exploit-for-adobe-acrobat-reader/.

More information:
http://www.adobe.com/support/security/bulletins/apsb13-07.html

Google Chrome 25.0.1364.87

Google has released an update to their browser, and all users are suggested to update as soon as possible to avoid exploitation.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates

Mozilla Firefox / Thunderbird / SeaMonkey – Multiple Vulnerabilities

A weakness and multiple vulnerabilities have been reported in [Mozilla Firefox], Thunderbird and SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, and compromise a user’s system.

The weakness and the vulnerabilities are reported in [Firefox versions prior to 19,] Thunderbird versions prior to 17.0.3 and SeaMonkey versions prior to 2.16.

These are marked as “Highly critical”, and it’s therefore suggested that you update your software as soon as possible.
You can find the updates here:
SeaMonkey: http://www.seamonkey-project.org/
Thunderbird: http://www.mozilla.org/en-US/thunderbird/
Firefox 19: Either simply go to Help, About in your browser to download the latest version if it didn’t already auto update, or visit http://www.mozilla.org/en-US/firefox/fx/#desktop

Firefox 19 also contains their all new built-in PDF reader, which means that both Chrome and Firefox now has built in PDF readers. Those wanting to secure themselves from last week’s Adobe Acrobat Reader vulnerability could therefore choose Firefox as the alternative as well.

More information:
http://secunia.com/advisories/52280/
http://secunia.com/advisories/52249/
http://secunia.com/advisories/52286/

Java 7 update 15 / Java 6 update 41

A new version of Java has been released (version 7 update 15 and version 6 update 41), fixing four “Highly Critical” security vulnerabilities.
You can download the latest version here: http://www.java.com
Those running Windows can either chose to turn on automatic updates to be sure to always have the latest version: http://www.java.com/en/download/help/java_update.xml
Remember to delete any previous installed Java versions from your system when you update. See http://java.com/en/download/faq/remove_olderversions.xml for assistance with this.
This is the final public release of java 1.6.0 and Oracle will not provide more free security fixes for version 6.

We also suggest that users follow the guide lines in this post: http://bfblogg.wpengine.com/blog/2013/02/02/java-1-7-0_13-update-fixes-50-security-vulnerabilities/

More information:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html

Basefarm SIRT Newsletter #3

BF-SIRT INTERNAL NEWSLETTER #3
Year – Week: 2013 – 07
https://www.basefarm.com/en/technical-support/Basefarm-SIRT/

Weekly Summary
Bit9, the security company that is used by many Fortune 100 firms and the U.S. Government for their software and network security was compromised last Friday. The attackers compromised Bit9’s network by gaining entry to some computers inside the Bit9 network where they had unfortunately forgot to install their own software. Said attackers then signed certain malware as “safe”, which gave them the ability to deploy malware on the target, which was protected by Bit9. It was also found out that an exploit had been sitting on one of LA Times Websites for six weeks, redirecting users to a Blackhole exploit kit. This reiterates the importance of doing continuous security and vulnerability checks on your websites.

Sources:
https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/
http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/

Important Software Security updates
Windows: http://bfblogg.wpengine.com/?p=1034
Adobe Flash Player: http://bfblogg.wpengine.com/?p=1036
Adobe Acrobat Reader: http://bfblogg.wpengine.com/?p=1044

Security tips
Two-factor auth means additional security in the way that you have more than one authentication factor, and you are already using it today with your bank (in order to get money out of the ATM you need to input both a Card and a PIN code). You can enable two-factor authentication on a lot of services such as Google/Gmail, Lastpass, Facebook, Dropbox, Yahoo! Mail, Amazon Web Services and WordPress, and its advised to do so. Of course, using two factor auth does not mean you’re complete safe though as you could for example become the victim of a Man In The Middle attack, so continue being careful after you have activated it.

You can find information on how to enable two-factor authentication here: http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now

Security news
Kids ‘using coding skills to hack’ friends on games, expert says
http://www.bbc.co.uk/news/technology-21371609

Montana TV warns of ZOMBIE ATTACK in epic prank hack
http://www.theregister.co.uk/2013/02/12/spoof_zombie_apocalypse_warning/

Adobe Flash Player 0-day and HackingTeam’s Remote Control System
http://www.securelist.com/en/blog/208194112/Adobe_Flash_Player_0_day_and_HackingTeam_s_Remote_Control_System

Japanese “cat hacker” suspect caught
http://www.wired.co.uk/news/archive/2013-02/12/japanese-cat-hacker-caught

iOS 6.1 Hack allows iPhone lock screen bypass
http://thehackernews.com/2013/02/ios-61-hack-allows-iphone-lock-screen.html

Zero-day exploit for Adobe Acrobat Reader

Adobe has aknowledged a zero-day exploit for their Adobe Acrobat Reader product, and it’s currently being exploited in the wild.
It appears that all versions of Adobe Acrobat Reader are affected by this, and there is at this time no update available that fixes the issue.

Because of this, we recommend uninstalling Adobe Acrobat Reader if you have it on your computer, as your current operating system probably have built in support for reading pdf files anyway.
There is a built in pdf viewer in Mac OS X, Windows 8 and Ubuntu. Those running Windows 7 or below could install Google Chrome and use the pdf reader that’s built into browser.

UPDATE: Since this post, Firefox 19 has been released which also has a built in PDF reader.

More information: http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html

Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

The Adobe Flash version information page can be found here: http://www.adobe.com/software/flash/about/

More information:
http://www.adobe.com/support/security/bulletins/apsb13-05.html

Microsoft’s Patch Tuesday solves 57 (critical) security vulnerabilities

Today is the regular Patch Tuesday for Microsoft, and this time the update will solve 57 different vulnerabilities (in 12 different packages depending on which software you’re using).
Five of these packages are listed as critical, so it’s important that you run Windows Update as soon as you can on your clients/servers.
There is always the question of “should I update now, or should I wait until others have reported that the patch works okay?”. To me, testing the patches in a non-production environment and then deploy in production as well as quickly as posible goes without saying, but those who doesn’t have that ability need to assess the risk.

This risk of patching can of course mean that you run into a bug with the patch, while the risk of Not updating means that attackers will most certain be looking into which issues were fixed and how they can be exploited – and then exploit it on the systems which haven’t been already patched. In my opinion, the risk of not patching outweighs the risk of patching.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb

Basefarm SIRT Newsletter #2

Basefarm SIRT weekly newsletter #2
Year – Week: 2013 – 06

Basefarm SIRT is the Security Incident Response Team of the Basefarm Group. We are posting weekly newsletters with the latest security information which we find interesting to the Basefarm Blog.

Preface
As you remember from last week, The New York Times had been severely compromised for four months before it was noticed (during which time their anti-virus software only located 1 our of 55 malwares on their servers). The New York Times believes that the hackers gained entry through a spear-phishing attack, which means employees was sent emails containing malware attachments or links to sites with malware. Since then, Wall Street Journal, Washington Post, US Federal Reserve and Twitter (where it seems the attackers gained access to information of 250 000 accounts) has also come forward that they were compromised.

So what does this show?
Amongst other things, no matter what security systems are in place, no company can with a straight face say they are never going to be compromised. There will always be some ways in, so the goal is making sure there are as few of those as possible, which is why we try to do as much proactive security work as we can.

The reality is unfortunately that the easiest way in is usually through you – a human that clicks on a phishing mail or gets a malware payload through one of your outdated plugins. Cisco released their 2013 Annual Security Report, and it shows that most malware today gets into your system through your common news or business sites, and they do so by compromising ad networks said sites are using.

Sources:
http://www.networkworld.com/news/2013/020113-lesson-learned-in-cyberattack-on-266335.html
http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html
http://blog.twitter.com/2013/02/keeping-our-users-secure.html
http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html


Important Software Security updates

Java 7 (Update 13) / Java 6 (Update 39)
http://www.java.com/en/download/index.jsp

Firefox (18.0.2)
http://www.getfirefox.com/

Adobe Flash (11.5.502.149 (Win and Mac), 11.3.379.14 (Windows 8) and 11.2.202.262 (Linux))
http://get.adobe.com/flashplayer/

For those using Firefox, you can go to the following page to see if your plugins are up-to-date:
https://www.mozilla.org/en-US/plugincheck/

Security tips
In the rise of the latest plugin vulnerabilities causing havoc on the web (Java and Flash), we suggest that those who have the ability to do so should enable click-to-play in their browsers. Doing this means that plugins such as Java (which should be fully disabled by default in your main browser anyway) or Adobe Flash won’t automatically load in your browser unless you click on the object.

You can find information on click-to-play for your browser at these locations:
http://www.ghacks.net/2012/07/21/configuring-chromes-click-to-play-feature/
https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/

Security news
Microsoft and Symantec hijacks the “Bamital” Botnet
http://krebsonsecurity.com/2013/02/microsoft-symantec-hijack-bamital-botnet/

Canada Joins the DNSSEC Party
http://www.darkreading.com/blog/240147786/canada-joins-the-dnssec-party.html

China is world’s most malware-ridden nation
http://www.net-security.org/malware_news.php?id=2404

Where do you get malware from?
http://www.securitybistro.com/blog/?p=5384
http://www.net-security.org/secworld.php?id=14355

High Risk Flash Vulnerability

Unfortunately, there have been multiple zero-day exploits released for a couple of versions of Adobe Flash today. This could potentially mean that the news site you browse daily could be using ads from an ad-network which has been compromised and serves malware to your system (it’s actually one of the most common way of being compromised today, see “more information”). We advise everyone to update their Adobe Flash plugin as soon as possible to put yourself at a lesser risk of being compromised.

You can download the latest version of Adobe Flash here: http://get.adobe.com/flashplayer/
You can verify which version of Adobe Flash you have installed, as well as see the latest version available, on this url: http://www.adobe.com/software/flash/about/

More information:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
http://www.securitybistro.com/blog/?p=5384