Spyware, Viruses, & Security forum


NEWS - February 20, 2013

by Carol~ Forum moderator / February 20, 2013 5:15 AM PST
Adobe Patches Sandbox Escape Vulnerability in Reader and Acrobat

Adobe today released a patch for two vulnerabilities being exploited in the wild that enabled attackers to pull off the first confirmed sandbox escape against Adobe Reader.

The vulnerabilities (CVE-2013-0640 and CVE-2013-0641) could cause a crash and allow an attacker to remotely run malware on a compromised computer. They affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems.

Exploits were discovered by security company FireEye; spear phishing messages were sending victims infected PDF files purporting to be a travel visa application form called Visaform Turkey. Most of the messages were written in Italian. Researchers at Kaspersky Lab were among the first to confirm the sandbox escape, adding that the exploit worked against a fully patched 64-bit Windows 7 machine and Adobe Reader 11.0.1.

Continued : https://threatpost.com/en_us/blogs/adobe-patches-sandbox-escape-vulnerability-reader-and-acrobat-022013

Adobe Patches Sandbox-Escaping Vulnerabilities in Reader, Acrobat
Adobe updates Reader and Acrobat to patch vulnerabilities being exploited in the wild

See: Security Updates for Adobe Reader and Acrobat (APSB13-07)
Post a reply
Discussion is locked
You are posting a reply to: NEWS - February 20, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - February 20, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oracle plugs security holes: Updates for Java 1.4 to 7
by Carol~ Forum moderator / February 20, 2013 5:17 AM PST

On Tuesday night, Oracle published the promised update for the emergency "Critical Patch Update" that the company released earlier than scheduled, three weeks ago. The update affects all Java runtime environments from version 1.4 up to and including the current version 7.

This update is designed to close three holes with the highest threat rating of 10. These vulnerabilities have the CVE identifiers CVE-2013-1484, CVE-2013-1486 and CVE-2013-1487 and can be exploited remotely without authentication. They affect libraries, deployment components and, once again, JMX; the Java Management Extensions were at the centre of the holes discovered by security researcher Adam Gowdiak.

Continued : http://www.h-online.com/security/news/item/Oracle-plugs-security-holes-Updates-for-Java-1-4-to-7-1806784.html

Oracle releases five new Java fixes
Oracle Patches Critical Java Flaws in 7u15

Also see: Critical Patch Update for Java SE Released

Collapse -
Apple patches the Java hole its own developers fell into -
by Carol~ Forum moderator / February 20, 2013 6:17 AM PST
... eventually

Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. [[Screenshot]

Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off.

Curiously, Cupertino did push out a patch early in February, but only for OS X 10.6 users. Lion and Mountain Lion users have been in limbo until now.

Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases).

This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled.

Both Facebook and Apple have now admitted to being owned due to malicious Java code hosted inadvertently by a website popular with mobile developers.

Twitter, too, admitted to a breach recently, didn't say how it happened, but suggestively invited everyone to turn off Java in their browser as part of its official statement.

Continued : http://nakedsecurity.sophos.com/2013/02/20/apple-patches-its-own-java-hole/

Related: Apple Victim of Facebook, Twitter Hackers; Java to Blame
Collapse -
Timeline: Hacks Related to Apple
by Carol~ Forum moderator / February 20, 2013 6:17 AM PST

From the F-Secure Antivirus Research Weblog:

The hacks related to Apple involve a lot of complexities. Let's review the time line:

February 1st: Twitter's Director of Information Security, Bob Lord, posted "Keeping our users secure" on Twitter's blog. On a Friday. The weekend of the NFL's Super Bowl. Lord explained that Twitter had been hacked, and that 250,000 accounts have had their passwords reset as a result. Lord advised people to disable Java's browser plugin.

February 1st: The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issues Alert (TA13-032A) warning of multiple vulnerabilities in Oracle Java.

February 1st: Oracle releases a critical patch update for Java (JRE 7 Update 11 and earlier).

February 4th: Monday. We asked contacts at Apple: Based on Lord's post, we suspect a Mac payload, do you have any samples that you are allowed to share with us? The reply: "Twitter has not shared any samples with us."

February 4th: our post "What is Java technology and why do I need it?" speculated that a Twitter developer's Mac had been compromised via Java's browser plugin, and also noted with interest that Apple's XProtect was blocking Java 7 Update 11 (and earlier).

Continued : http://www.f-secure.com/weblog/archives/00002507.html

Collapse -
Bit9 Breach Began in July 2012
by Carol~ Forum moderator / February 20, 2013 6:18 AM PST
Malware Found Matches Code Used Vs. Defense Contractors in 2012

Cyber espionage hackers who broke into security firm Bit9 initially breached the company's defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.

Earlier this month, KrebsOnSecurity broke the story of the breach at Waltham, Mass.-based Bit9, which involved the theft of one of the firm's private digital certificates. That certificate was used to sign malicious software, or "malware" that was then sent to three of the company's customers. Unlike antivirus software, which tries to identify and block known malicious files, Bit9's approach helps organizations block files that aren't already digitally signed by the company's own certificates.

After publishing a couple of blog posts about the incident, Bit9 shared with several antivirus vendors the "hashes" or unique fingerprints of some 33 files that hackers had signed with the stolen certificate. KrebsOnSecurity obtained a list of these hashes, and was able to locate two malicious files that matched those hashes using Virustotal.com — a searchable service and database that lets users submit suspicious files for simultaneous scanning by dozens of antivirus tools.

Continued : http://krebsonsecurity.com/2013/02/bit9-breach-began-in-july-2012/
Collapse -
"il0vetheWhopper" doesn't cut it: Twitter calls for..
by Carol~ Forum moderator / February 20, 2013 7:25 AM PST
... tougher passwords

Amid the ongoing epidemic of hacks and account breaches at major companies and online services, Twitter officials are once again reminding users how to beef up the security of their passwords.

A blog post published Tuesday night by Twitter Director of Information Security Bob Lord came a day after the official Twitter account for Burger King was hacked by pranksters who used their unauthorized access to publish tweets falsely claiming the fast food chain had been sold to arch-rival McDonald's. Lord's post also followed a similar compromise of Jeep's Twitter account, resulting in the Chrysler division's logo being replaced with one belonging to competitor Cadillac. The account takeovers came almost three weeks after hackers pierced Twitter's defenses and stole cryptographically protected password data belonging to some 250,000 users.

Continued : http://arstechnica.com/security/2013/02/il0vethewhopper-doesn-cut-it-twitter-calls-for-tougher-passwords/

Also: Twitter entreats users to use better passwords
Collapse -
Firefox 19 brings PDF viewer and 4 critical security fixes
by Carol~ Forum moderator / February 20, 2013 7:26 AM PST

The latest release of Mozilla's Firefox open source web browser, version 19, brings few new features but does close four critical security holes. The release notes list only the arrival of PDF.js, the PDF viewer written in JavaScript, as a new feature. This, it is hoped, should reduce users' exposure to malicious PDF documents which exploit third party PDF reader plugins to get access to the underlying operating system.

Alongside improvements in startup performance, the desktop version of Firefox 19 also adds, disabled by default, an experimental Remote Web Console, which can connect to Firefox for Android and Firefox OS web applications and interact with them from within the desktop installation of Firefox. Another experimental addition is a Browser Debugger for add-on and browser developers.

Continued : http://www.h-online.com/security/news/item/Firefox-19-brings-PDF-viewer-and-4-critical-security-fixes-1806437.html

Related: Rid yourself of Adobe: New Firefox 19.0 gets JAVASCRIPT PDF viewer

@ The Mozilla Blog: Firefox introduces PDF viewer to browse the Web without interruption

Collapse -
Google blocks Adblock Plus in Android security tweak
by Carol~ Forum moderator / February 20, 2013 7:26 AM PST

The maker of Adblock Plus is upset its users must jump through hoops to get its advert-banishing app working on devices running Android - the mobile OS made by advertising giant Google.

The complaint follows moves by Google that made it more difficult for Google Chrome users to use Adblock Plus as a browser extension.

The Android app no longer works out of the box on non-rooted devices running Android 4.1.2 or 4.2.2. Instead it shows a warning box telling users they must manually configure a proxy server: that's because the app works by routing web traffic through a server running on the handheld that filters out websites' adverts before they appear in a browser.

But Google took the position that there is a significant security risk in allowing software to automatically redirect web connections in this manner. The internet giant has now fenced off proxy configuration because malicious programs can use it to intercept users' data and endanger their privacy.

Continued : http://www.theregister.co.uk/2013/02/20/google_adblock_plus/

Collapse -
New E-shop offers access to 100's of hacked PayPal accounts
by Carol~ Forum moderator / February 20, 2013 7:26 AM PST
New underground E-shop offers access to hundreds of hacked PayPal accounts

Dancho Danchev @ the Webroot Threat Blog:

On a daily basis, largely thanks to the efficiency-centered malicious campaigns circulating in the wild, cybercriminals get access to tens of thousands of accounting credentials across multiple Web properties, and most disturbingly, online payment processing services like PayPal.

We've recently spotted a newly launched underground E-shop that's exclusively selling access to hacked PayPal accounts. How much does it cost to purchase a hacked PayPal account on the underground marketplace these days? What pricing method is the cybercriminal behind the service using, and does the newly launched E-shop share any similarities with the E-shop selling access to hacked PayPal accounts that we profiled in 2012?

Let's take a peek inside the E-shop.

More details:

Sample login page for the E-shop: [Screenshot]

Continued : http://blog.webroot.com/2013/02/20/new-underground-e-shop-offers-access-to-hundreds-of-hacked-paypal-accounts/
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.