12 total posts
I wonder how many looked out their windows, across the field, where grammy and gramps were buried?
Microsoft, Adobe Release Critical Security Updates
Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.
Five of the 12 patches Microsoft released today earned its most dire "critical" label, meaning these updates fix vulnerabilities that attackers or malware could exploit to seize complete control over a PC with no help from users.
Thirteen of the 57 bugs squashed in Microsoft's patch batch address issues with Internet Explorer; other critical patches fix problems in the Windows implementation of Vector Markup Language (VML), Microsoft Exchange, and flaws in the way Windows handles certain media files. The remaining critical patch fixes a flaw that is present only on Windows XP systems.
Updates are available via Windows Update or from Automatic Update. A note about applying these Windows patches: Today's batch includes an update for .NET, which in my experience should be applied separately. In nearly every case where I've experienced problems updating Windows, a huge .NET patch somehow gummed up the works. Consider applying the rest of the patches first, rebooting, and then installing the .NET update, if your system requires it.
Continued : http://krebsonsecurity.com/2013/02/microsoft-adobe-release-critical-security-updates/
February 2013 Microsoft Security Bulletins - Volume is High but a Handful are Critical
Microsoft Patches Critical IE Vulnerabilities
DARPA, FIDO Alliance Join Race to Replace Passwords
Nearly everyone agrees that passwords are the bane of Internet security. For years, industry thinkers have somewhat vaguely referenced the need for Internet fingerprints capable of reliably verifing identities online. Yet here we are, it's 2013 and passwords remain the primary means of authenticating users onto networks and workstations.
Two groups today announced projects bent on taking passwords to the curb. The first is an industry group calling itself the FIDO (Fast IDentity Online) Alliance. It consists of the computer-maker, Lenovo, the security firm, Nok Nok Labs, the online payment giant, PayPal, the biometrics experts, Agnito, and the authentication specialists, Validity. The second is the Defense Advanced Research Project Agency (DARPA), a research and development arm of the Defense Department.
DARPA's Active Authentication program initially sought to develop tools designed to protect desktop workstations. The program is entering its second phase, in which the agency is calling for research that sets out to establish behavioral biometrics based on discernible cognitive processes and the observable ways that users naturally interact with their environment while using their computing devices. The Active Authentication program will also need to develop what DARPA is calling a "biometric platform," that integrates all available biometrics into a single device that carries out the actual business of authentication.
Continued : https://threatpost.com/en_us/blogs/darpa-fido-alliance-join-race-replace-passwords-021213
Android becoming mobile malware magnet, says report
"As for the breakdown of Android malware, Blue Coat noted 58 percent was Android root exploits and rogue software. "
The Android platform is becoming a key mobile target for cybercriminals, who are getting much more efficient with their malware, according to a Blue Coat Systems report.
In a mobile malware report (pdf), Blue Coat notes that Android is a popular target. Here's a look at the volume of Android malware: [Screenshot]
Blue Coat noted:
'The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent six months, WebPulse also blocked an increasing number of unique malicious Android applications.'
As for the breakdown of Android malware, Blue Coat noted 58 percent was Android root exploits and rogue software. Android malware via malnets---networks designed to deliver malicious payloads---was 40 percent of the total.
Continued : http://www.zdnet.com/android-becoming-mobile-malware-magnet-says-report-7000011197/
7,000 Fake Indentities Equals 200 Million USD
From the F-Secure Antivirus Research Weblog:
Most people are aware of identity theft these days, and that it's a relatively easy way for criminal types to make money (by accessing credit). But we've wondered, at what point does it become easier to fake, rather than to steal identities?
The FBI answered that question last week when it arrested 13 people on charges of bank fraud. [Screenshot]
The defendants are alleged to have used thousands of fake identities, documents, and companies to get tens of thousands of credit cards. And they cashed out two hundred million dollars.
Our favorite detail?
"Law enforcement discovered approximately $70,000 in cash in the oven of one defendant."
Guess the freezer was full...
Prediction: as more of our personal identity becomes digital, and as schemes such as the one above become more common — we'll spend less time protecting our identity than we will trying to prove it isn't fake.
ZeroAccess Most Active Botnet in Q4 2012, Kindsight Reports
The ZeroAccess botnet closed out 2012 as the most active botnet in the wild, according to a malware report (pdf) from security vendor Kindsight.
ZeroAccess is mainly designed to distribute malware as part of a massive ad-click fraud campaign that at one point last year was estimated to be raking in as much as $100,000 a day for its operator. Another version of the botnet also makes money through Bitcoin mining. According to Kindsight, versions of the ZeroAccess botnet occupied the number one and seven spots on the list of top high-level malware threats on the Web.
ZeroAccess is so prevalent because it uses an aggressive pay-per-install affiliate campaign to spread malware - something the botnet's controllers can afford because it is earning top dollar through ad-click fraud, explained Kevin McNamee, security architect at Kindsight.
"The first version of ZeroAccess used rootkit technology to evade antivirus software," he said. "But the latest version doesn't even bother--it disables the antivirus during the installation process."
"Once installed, ZeroAccess keeps a low profile and doesn't do anything to draw attention to itself," he continued. "Users don't know they're infected. The peer-to-peer command-and-control (C&C) protocol doesn't have any centralized control service that can be monitored or taken out. This also means that the C&C can't be traced back to an individual or group. It doesn't use the DNS infrastructure that carriers commonly monitor to detect bot activity and doesn't generate any traffic anomalies that can be detected either."
Continued : http://www.securityweek.com/zeroaccess-most-active-botnet-q4-2012-kindsight-reports
Any news on how to remove this one?
As far as I know..
As far as I know, HitmanPro claimed to. Whether it still does (or ever did) I don't know. I'm left to believe it depends upon the variant and which combination of tools are used.
I've read of some successes. Personally, I'd only feel comfortable restoring the OS.
Hitman Pro required you to have the OS DVD.
And since most machines don't have such, repair could not be done. Also, you must have the paid version.
I'm a bit surprised how bad this one damages the OS and not much response from MSFT and others.
DaVinci surveillance malware distributed via zero-day Flash
... Player exploit, researchers say
"The attacks targeted activists from the Middle East, according to Kaspersky Lab researchers"
Political activists from the Middle East were targeted in attacks that exploited a previously unknown Flash Player vulnerability to install a so-called lawful interception program designed for law enforcement use, security researchers from antivirus vendor Kaspersky Lab said Tuesday.
Last Thursday, Adobe released an emergency update for Flash Player in order to address two zero-day -- unpatched -- vulnerabilities that were already being used in active attacks. In its security advisory at the time, Adobe credited Sergey Golovanov and Alexander Polyakov of Kaspersky Lab for reporting one of the two vulnerabilities, namely the one identified as CVE-2013-0633.
On Tuesday, the Kaspersky Lab researchers revealed more information about how they originally discovered the vulnerability. "The exploits for CVE-2013-0633 have been observed while monitoring the so-called 'legal' surveillance malware created by the Italian company HackingTeam," Golovanov said in a blog post.
Continued : http://www.networkworld.com/news/2013/021213-davinci-surveillance-malware-distributed-via-266656.html
Obama Cybersecurity Executive Order Expected Tomorrow
This week figures to be a high-profile time for cybersecurity on Capitol Hill. Reports say President Barack Obama will issue a long-awaited executive order shortly after tonight's State of the Union address, while another stab at getting the controversial CISPA cybersecurity bill signed into law could make its way to Congress tomorrow as well. The president is expected to discuss the executive order during tonight's address.
Twice last year, lawmakers failed to approve bills that would establish information security and data protection standards for critical infrastructure systems. The second swing and miss last fall led to rampant speculation the Obama administration would issue an executive order after the November presidential election.
The order is expected to focus on bolstering the security posture of utilities and lay out a minimum security standard for providers of SCADA and industrial control system equipment. Other areas of the bill will cover information sharing and designate how private companies can have easier access at security clearances in order to consume and share classified attack and vulnerability information, a Reuters report said last week.
Continued : https://threatpost.com/en_us/blogs/obama-cybersecurity-executive-order-expected-tomorrow-021213
Obama may issue order on defense against cyber attacks on Wednesday
Obama Said Near Issuing Executive Order on Cybersecurity