A Polish security firm discovered two new vulnerabilities to add to this year's list of Java zero day bugs. The two newly found vulnerabilities are referred to as “issue 54” and “issue 55." Apparently, one of the flaws fixed in Oracle’s
recent patches for Java is under attack and when that bug is
paired with another, separate vulnerability, the sandbox in the latest
build of Java can be bypassed. There is already code being distributed to exploit the vulnerability. On the plus side, it appears that the vulnerability only affects Java’s
SE 7 software and is associated with a problem with Java Reflection API. Speaking of Java zero-day vulnerabilities, SecurityObscurity has a post dedicated to CVE-2013-0422.
Tuesday, March 5, 2013
Thursday, January 3, 2013
Internet Explorer Zero-Day Flaw Continues
This attack uses Adobe Flash to exploit a vulnerability in Internet Explorer 8. Microsoft claims that the vulnerability only affects Internet Explorer 6-8 and that people using Internet Explorer 9-10 are not impacted. The attack involves the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate.
The network penetration testing community already has the tools to test for it. There is now a Metasploit module (ie_cdwnbindinfo_uaf) that emulates this attack. This also menas that the vulnerability will be exploited rapidly, users are encouraged to take immediate mitigation steps. Users running Windoes XP should use a browser other than Internet Explorer and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff. Microsoft's workaround options can be found at:
http://technet.microsoft.com/en-us/security/advisory/2794220
and at:
Microsoft FixIt workaround:
http://support.microsoft.com/kb/2794220
Tuesday, December 18, 2012
Samsung Galaxy SIII and Note II Can Be Easily Hacked
A serious exploit that affects certain Exynos devices has been found. It appears that the Samsung kernel allows read and write access to all physical memory on the device, including the kernel itself. In essence, the kernel is the "brain" of the operating system. With this vulnerability, it is easy for anyone to obtain root access to the device and also makes it possible to execute code code injections and RAM dumps from apps containing malware available in the Google Play store.
The exploit appears to work on any device running a Exynos 4210 or 4412 processor. We have previously seen other vulnerabilities in Samsung Galaxy devices. This one, in particular, is very dangerous given the amount of malware-infected apps in the Google Play store.
SMS Trojan For Macs: Apple Users - You Are Not Immune
A new variant of the SMSSend Trojan is targeting Mac users. A variation of his trojan originally started by tricking users into entering their cell phone number in order to continue the installation of what appeared to be an official software installer. After supplying attackers with their phone number, the victim would unknowingly agree to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis. This particular Trojan imitated the VKMusic 4 program, a popular Russian music client. VKMusic 4 Mac has now been added to Apple's Xprotect.plist blacklist. Apple promptly patched the issue.
Wednesday, November 21, 2012
Trojan Communicates Through Google Docs
Many trojans and other malware use IRC chat to communicate with the command and control. Botnets are infamous for using this feature to communicate with their botmaster in this manner. However, according to Symantec, the Trojan Backdoor.Makadocs hides in Rich Text
Format (RTF) and Microsoft Word documents and injects malicious code via
Trojan.Dropper. The Trojan uses the Google Docs service’s Viewer feature to communicate with its command-and-control (C&C) server.
"Google docs has a function called viewer that retrieves the resources of another URL and displays it," said Takashi Katsuki of Symantec. "Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server." He added that "it is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall."
Malware authors already use Twitter and Facebook for C&C in addition to IRC Chat. Now Google Docs is another participant.
"Google docs has a function called viewer that retrieves the resources of another URL and displays it," said Takashi Katsuki of Symantec. "Basically, this functionality allows a user to view a variety of file types in the browser. In violation of Google's policies, Backdoor.Makadocs uses this function to access its C&C server." He added that "it is possible that the malware author has implemented this functionality in an attempt to prevent the direct connection to the C&C from being discovered. The connection to the Google docs server is encrypted using HTTPS, thereby making it difficult to be blocked locally. It is possible for Google to prevent this connection by using a firewall."
Malware authors already use Twitter and Facebook for C&C in addition to IRC Chat. Now Google Docs is another participant.
Tuesday, November 6, 2012
Cyberwar? Iran Wants "indigenous cyber defense model"
According to Iran's state affiliated Fars News Agency, a senior Iranian military commander said Monday that Iran needs a new strategy to protect its infrastructure from computer attacks.
"Cyber threats against Iran's national security infrastructure have found a special place and share in enemies' hostile strategy,” the Deputy Chief of Staff of the Iranian Armed Forces for Basij and Defense Culture said. “Given the country's current conditions it is necessary to consider (developing) an indigenous cyber defense model as our important priority."
According to the Irani official, the US and Israel own a major share of infrastructural companies and hi-tech firms to the very same end. "Thus, Iran is necessitated to design a new model for cyber defense." Iran claims that the Stuxnet worm is an American and Israeli effort dating back to 2006, designed to set back Iranian nuclear enrichment.
"Cyber threats against Iran's national security infrastructure have found a special place and share in enemies' hostile strategy,” the Deputy Chief of Staff of the Iranian Armed Forces for Basij and Defense Culture said. “Given the country's current conditions it is necessary to consider (developing) an indigenous cyber defense model as our important priority."
According to the Irani official, the US and Israel own a major share of infrastructural companies and hi-tech firms to the very same end. "Thus, Iran is necessitated to design a new model for cyber defense." Iran claims that the Stuxnet worm is an American and Israeli effort dating back to 2006, designed to set back Iranian nuclear enrichment.
Saturday, November 3, 2012
Twenty Five Percent of Android Apps Present Security Risks
Do people really pay attention to the laundry list of permissions presented to the user when installing Android apps? Why would a wallpaper or a board game need access to a user's GPS data or call history? Bit9 examined the security permissions of more than 400,000 Android applications. Its CTO stated that “a significant percentage of Google Play apps have access to potentially sensitive and confidential information.” “When a seemingly basic app such as a wallpaper requests access to GPS data, this raises a red flag. Likewise, more than a quarter of the apps can access email and contacts unbeknown to the phone user, which is of great concern when these devices are used in the workplace.”
Other findings included:
Other findings included:
- 42 percent of applications access GPS location data, and these include wallpapers, games and utilities
- 31 percent access phone calls or phone numbers
- 26 percent access personal data, such as contacts and email
- 9 percent use permissions that can cost the user money
Subscribe to:
Posts (Atom)