14 total posts
Nvidia releases driver update to fix security exploit
Nvidia has quietly released a new set of drivers to patch up a security flaw found within the Display Driver service, which came to light via a U.K.-based researcher on Christmas day.
If you happen to be an owner of a GeForce graphics processing unit (GPU), then the quiet release of the latest GeForce-based drivers is certainly worth a quick download.
On Saturday, the firm made the new WHQL-certified graphics drivers -- version 310.90 -- available. The release notes say that the file "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." However, it does not mention the fact that U.K. researcher Peter Winter-Smith discovered a flaw in December which makes the display driver service vulnerable to buffer overflow and code injection attacks. In other words, the security flaw could potentially be used by a remote attacker with a domain account to gain access to a system running older drivers.
In addition to killing off the security flaw, the driver update also comes complete with a number of bug fixes and performance enhancements for some gaming titles. New 3D Vision profiles have been added, and faster performance will improve a number of PC games including Call of Duty: Black Ops 2 and Assassin's Creed III.
Continued : http://www.zdnet.com/nvidia-releases-driver-update-to-fix-security-exploit-7000009448/
Also: NVIDIA Releases Fix For Dangerous Display Driver Exploit
Related: Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines
See Vulnerabilities & Fixes : NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability
I have Nvidia GeForce 310 installed
on my Windows 7 64-bit computer. I'm not sure if I should install NVidia GeForce 310.90 drivers.
I have an old gpu.
I use old drivers.
I don't game.
It works fine.
I'd like to get the security update.......however....Nvidia imbedded the thing in a 160MB download.
That download gets me all the drivers and bells+whistles to support the latest gpu's and fixes for games.
I'm a little hesitant to apply that to my old gpu and muck things up.
For now I'm just going to sit on it and search for a way to update nvvsvc.exe.....that's where the security issue is......without having to update everything.
Any luck finding a workaround
to updating nvvsvc.exe without having to install the entire security update?
Nvvsvc.exe is a nvidia driver helper.
I have not found a good explanation of what it's for.
Based on this w7 machine.
Nvvsvc.exe is not a running process.
Under services I do see nvidia driver helper.
That service points to nvvsvc.exe.
I have that service disabled.....its been disabled for a long time.
I have not found anything that does not function.
My plans are to ignore this thing and not go looking for trouble.
Rather than installing the new version, I've set options
for Nvidia Display Driver Services Properties to "disabled" for Startup Type and "stopped" for Service Status in order to protect my pc against the security flaw. After reading what the update entailed on Nvidia's website, it looked like it primarily corrected bugs that affected gaming and little else. Not being a gamer, I'm going to take a pass on the update. Thanks for your advice.
Crimeware Author Funds Exploit Buying Spree
The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.
An exploit pack is a software toolkit that gets injected into hacked or malicious sites, allowing the attacker to foist a kitchen sink full of browser exploits on visitors. Those visiting such sites with outdated browser plugins may have malware silently installed. In early October 2012, security researchers began noticing that a new exploit pack called Cool Exploit Kit was showing up repeatedly in attacks from "ransomware," malicious software that holds PCs hostage in a bid to extract money from users.
"Kafeine," a French researcher and blogger who has been tracking the ties between ransomware gangs and exploit kits, detailed Cool's novel use of a critical vulnerability in Windows (CVE-2011-3402) that was first discovered earlier in the year in the Duqu computer worm. Duqu is thought to be related to Stuxnet, a sophisticated cyber weapon that experts believe was designed to sabotage Iran's nuclear program.
Continued : http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/
DHS website falls victim to hacktivist intrusion
Hacktivist group NullCrew recently announced a succesful intrusion (though intrusionette might be a better word) against a website in the DHS.GOV domain hierarchy.
DHS, of course, is the United States Department of Homeland Security.
The intrusionetted site was studyinthestates.dhs.gov, intended to help foreigners find out if and how they might be able to study at US schools, colleges and universities.
It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.
That's where you construct a URL that persuades the server to navigate to a part of the web server you aren't supposed to be able to access, and to retrieve content from there.
Continued : http://nakedsecurity.sophos.com/2013/01/07/dhs-website-falls-victim-to-hacktivist-intrusion/
Fake "Facebook Security Team" account asks for credentials
An account posing as that of the Facebook Security Team has been spotted sending warnings to random users, trying to fool them into believing that their Facebook account will be suspended due to a violation of the social network's Terms of Service: [Screenshot]
The message offers a link for verifying the account, and it takes users to a third party Facebook application that requests them to enter their Facebook page name, email or phone and password.
If entered and submitted, that information is automatically sent to the scammers behind this phishing scheme and used to hijack the account.
If you have fallen for the trick, try to access your account. If you are able to do so, change your password immediately. If you have already been locked out, report the compromise and Facebook will help you regain control of the account.
Ubisoft investigating compromised Uplay accounts
According to a report by GameSpy, users on Ubisoft's forums have been complaining about having lost access to their accounts on the company's Uplay online service. Starting around 30 December, many of the affected users say they have received emails telling them that the email addresses for their accounts had been changed to addresses associated with particular sites under the Russian .ru and .su top-level domains, suggesting that the hacks are part of a larger attack by a hacker or group of hackers. According to GameSpy, Ubisoft has confirmed the situation and said that "a limited number" of accounts are affected. No personal or financial details were compromised, according to the company.
Ubisoft did not give details of how the hackers managed to breach the accounts, but access for affected users was restored promptly once staff in charge of the matter returned from their holiday breaks. Some users in the forum thread in question claimed to have randomly generated passwords for their Uplay account. Uplay is Ubisoft's DRM and multiplayer matchmaking system; users who lost access to their accounts were unable to play games registered through it.
Continued : http://www.h-online.com/security/news/item/Ubisoft-investigating-compromised-Uplay-accounts-1778618.html
Also: Ubisoft probes sudden rash of hijack attacks on gamers' accounts
Internet Explorer zero-day exploit found on more websites...
.. Fingers point towards Elderwood Project
Paul Baccas, a researcher at SophosLabs, has uncovered two new sites which have been hit by the recently-discovered Internet Explorer zero-day remote code execution vulnerability.
The attacks bear all the hallmarks of previous infections spread by the so-called Elderwood Project.
First up is a website serving the Uyghur people of East Turkestan: [Screenshot]
A folder called "netyanus" had been created on the website, containing the following files:
The website has since been cleaned-up of its malware infection, but clearly whoever infected it had an interest in infecting anyone who visited the site.
Continued : http://nakedsecurity.sophos.com/2013/01/07/internet-explorer-zero-day-attack-websites/
Iran Developing Software to Control Social-Networking Sites
Iran is developing "intelligent software" to control how Iranians can access social-networking sites, according to Associated Press.
The new software will prevent Iranians from being exposed to malicious content while allowing them to take advantage of the "useful aspects" of the Internet, said Iran's chief of police, Gen. Esmail Ahmadi Moghadam, AP reported. Moghadam did not specify which social networking sites would be controlled or when the software will go live.
"The designing of intelligent software to control social networking Web sites" is underway, Moghadam said.
The Iranian government heavily restricts access to social networking sites such as Facebook and Twitter as well as other sites that authorities believe promote dissent or are morally corrupt as part of its strict censorship policy. However, many Iranians bypass the official filters using proxy software and Virtual Private Networks (VPN).
Continued : http://securitywatch.pcmag.com/none/306619-iran-developing-software-to-control-social-networking-sites
Also: Iran Designing Software for Controlled Social Media Access