Spyware, Viruses, & Security forum


NEWS - January 16, 2013

by Carol~ Forum moderator / January 16, 2013 3:43 AM PST
New Java Exploit Fetches $5,000 Per Buyer

Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java, KrebsOnSecurity has learned.

On Sunday, Oracle rushed out a fix for a critical bug in Java that had been folded into exploit kits, crimeware made to automate the exploitation of computers via Web browser vulnerabilities. On Monday, an administrator of an exclusive cybercrime forum posted a message saying he was selling a new Java 0day to a lucky two buyers. The cost: starting at $5,000 each.

The hacker forum admin's message, portions of which are excerpted below, promised weaponized and source code versions of the exploit. This seller also said his Java 0day — in the latest version of Java (Java 7 Update 11) — was not yet part of any exploit kits, including the Cool Exploit Kit I wrote about last week that rents for $10,000 per month. From his sales pitch:

Continued : http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/
Post a reply
Discussion is locked
You are posting a reply to: NEWS - January 16, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 16, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Oracle Releases 86 Patches for January Critical Patch Update
by Carol~ Forum moderator / January 16, 2013 4:34 AM PST

This week's relentless onslaught of security patches continued late Tuesday afternoon when Oracle released its quarterly Critical Patch Update, a healthy dose of 86 security updates across all major product lines including Oracle Database and MySQL Server.

The most serious may be a critical privilege escalation vulnerability (CVE-2012-3220) in Oracle Database Server. An attacker who is authenticated and has the Create Table privilege can exploit this flaw to gain control of the underlying Windows systems.

"This type of vulnerability would likely be exploited in conjunction with another attack to elevate privileges from the database to the operating system," said Ross Barrett, senior manager of security engineering at Rapid7. "Oracle Database is their flagship product and to say it is widely deployed is putting it mildly."

Oracle has been under harsh criticism for much of the young year, primarily for a zero-day vulnerability in Java 1.7u10. Exploits for the previously undisclosed flaw were being hosted in a number of exploit kits and attacks have already been seen in the wild dropping ransomware and assorted other malware. Oracle did respond quickly with an out-of-band Java 1.7 u11 update that addressed the sandbox-bypass vulnerability, but security experts still recommend disable Java and warn there are ways to bypass the security enhancements in the latest Java update.

Continued : https://threatpost.com/en_us/blogs/oracle-releases-86-patches-its-january-critical-patch-update-011613

Oracle's January patches close 86 holes
Oracle delivers 86 security fixes
Oracle Fixes 86 Security Flaws in Massive Critical Patch Update

Also See: Vulnerabilities / Fixes - January 16, 2013

Collapse -
"Aaron's Law" would partly de-fang Computer Fraud and Abuse
by Carol~ Forum moderator / January 16, 2013 5:27 AM PST
.. Act

In a posting to the online forum that Aaron Swartz co-founded, Rep. Zoe Lofgren on Tuesday night proposed legislation that would dial back the ferocity of the charges that were used against the internet activist.

Zofgren, a US Democratic Congresswoman from California, said in her Reddit posting that many are "deeply troubled" as details of the government's involvement in the events leading up to the activist's death unfold:

"His family's statement about this speaks volumes about the inappropriate efforts undertaken by the U.S. government. There's no way to reverse the tragedy of Aaron's death, but we can work to prevent a repeat of the abuses of power he experienced."

In that statement, the Swartz family called Aaron's death - an apparent suicide - the product of "a criminal justice system rife with intimidation and prosecutorial overreach."

Lofgren's so-called "Aaron's Law" [PDF of the bill's draft] would change the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute—laws that formed the basis of 13 felony counts of hacking and wire fraud [PDF] brought against Swartz.

Continued : http://nakedsecurity.sophos.com/2013/01/16/aaron-swartz-computer-fraud-abuse-act/

"Aaron's law," Congressional investigation in wake of Swartz suicide
Fans of dead data 'liberator' Swartz press Obama to sack D.A.
Collapse -
Bouncer kit perfect for laser-focused phishing campaigns
by Carol~ Forum moderator / January 16, 2013 5:27 AM PST

Researchers have unearthed a new type of phishing kit that allows crooks to target specific users and keep away others in order to keep the scheme hidden from knowing eyes and security firms for as long as it's possible.

"The bouncer phishing kit targets a preset email list for each campaign. A user ID value is generated for the targeted recipients, sending them a unique URL for access to the attack," Limor Kessem, Cybercrime and Online Fraud Communications Specialist at RSA, explained in a blog post.

"Here's the interesting part - much like a night club's bouncer list - any outsider attempting to access the phishing page is redirected to a '404 page not found' error message. Unlike the usual IP-restricted entry that many older kits used, this is a true—depending on how you look at it—black hat whitelist."

As other, non specified potential visitors are "turned away", those at whom the attack was aimed are immediately faced with an attack page on the same hijacked website. The credentials submitted to and collected from this page are sent to the attackers.

Continued : http://www.net-security.org/malware_news.php?id=2378

Collapse -
Protecting Against Attacks Similar to "Red October"
by Carol~ Forum moderator / January 16, 2013 6:37 AM PST

From the F-Secure Antivirus Research Weblog:

The targeted attack campaign dubbed Red October raises an interesting question for people working on the frontline of corporate security. How to defend one's own organization against such attacks? And the good news is that at least for campaigns such as Red October, the information has been available for a long time already.

From a technical point of view, the targeted attacks used by Red October look very much like any other corporate espionage. The attackers need to get a user to click on an interesting looking document, and then the program being used to view the document needs to be vulnerable to attack, after which the system needs to allow a payload to be written to disk, after which the payload needs to be able to communicate back to a C&C server.

So in order to foil the attack, we as defenders need to be able to prevent any of the stages and then the attack is failure from a data stealing point of view, even as there might be need for cleanup.

The first and most obvious defense is of course user education, all users should be trained to be suspicious of any documents coming from external sources. Especially if they are not expecting that party to send a document. But unfortunately a moment of inattention is all that it required to open something that should have just been deleted. Thus education alone is not enough.

Continued : http://www.f-secure.com/weblog/archives/00002487.html

Rocra Espionage Malware Campaign Uncovered After 5 Years of Activity
Java Exploit Linked to Red October Malware Campaign

Collapse -
Zaxby's Restaurants Hit With Data Breach
by Carol~ Forum moderator / January 16, 2013 6:37 AM PST

"The restaurant chain is investigating a breach that may have exposed customer data at more than 100 of its locations"

The chicken food chain Zaxby's is warning customers that hackers may have compromised customer credit card data at locations throughout the country.

According to the company, suspicious files were identified on computer systems at several of the chain's restaurants in places as varied as Florida, Alabama and Georgia. All totaled, roughly 100 locations are listed as possibly affected. The company did not say when or how exactly the chain locations were hacked, and did not respond to a request for more information before publication.

However, in an interview with CRN, Blake Bailey, chief financial officer for Zaxby's, says the firm was told Nov. 9 by one of its credit card processors that potentially fraudulent activity had been traced to some of the company's restaurants. According to the CRN report, the malware was not on the point-of-sale systems at the restaurants, making this breach different from recent attacks on Barnes & Noble and other retailers. Instead, Bailey tells CRN, the malware was found on hard drives on computers located at the restaurants.

Continued : http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240146429/zaxby-s-restaurants-hit-with-data-breach.html.html

Also: Zaxby's Chicken Chain Warns of Possible Credit Card Thefts

Collapse -
Malware Infecting US Power Plant SCADA Systems
by Carol~ Forum moderator / January 16, 2013 7:36 AM PST

Critical power generation systems inside two US power plants were infected with "known sophisticated malware" that spreads via USB drives, reports the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The malware, which the team didn't name, infected a handful of machines during a software update initiated by an outside technician. With supervisory control and data acquisition (SCADA) systems vital in flipping switches and turning dials inside power plans, remote access to such equipment could enable a saboteur or hacker to cause serious infrastructure damage.

"When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits," according to the ICS-CERT report (pdf). "Initial analysis caused particular concern when one sample was linked to known sophisticated malware."

Continued : http://www.hotforsecurity.com/blog/malware-infecting-us-power-plant-scada-systems-5050.html

Malware infects US power facilities through USB drives
Viruses infect vital control systems at TWO US power stations

Collapse -
Chrome 25 to Support Unprefixed Content Security Policy
by Carol~ Forum moderator / January 16, 2013 7:36 AM PST

Google is continuing to introduce new security technologies in its Chrome browser, and the latest addition on the horizon is support for unprefixed Content Security Policy, a behind-the-scenes improvement designed to prevent malicious script injections. The technology is included in the beta of Chrome 25, which was released earlier this week, and will soon find its way into the stable channel.

One of the many attack vectors that have made life easier for the bad guys in the last few years is cross-site scripting. This attack relies on specific vulnerabilities in Web applications that allow attackers to get their own malicious scripts onto a legitimate Web page. Browsers will then run those scripts as if they were part of the trusted Web page, enabling the attacker to plant malicious code on a victim's machine or steal sensitive data.

Content Security Policy is one mechanism for preventing these kinds of attacks by allowing users to define which content sources they trust. Chrome then will run scripts only from those trusted sources, creating a whitelist of known good content sources and ignoring content from all other sources.

Continued : https://threatpost.com/en_us/blogs/chrome-25-support-unprefixed-content-security-policy-011613

Collapse -
Facebook Graph Search is an awesome tool for phishing attack
by Carol~ Forum moderator / January 16, 2013 7:37 AM PST

"Graph Search makes it easier for cyber criminals to gather relevant details that can be used to target phishing attacks more effectively."

Facebook shook the tech world's foundation a bit with the announcement of Graph Search capability. Users are anxious for a chance to play with the new feature, and attackers are looking forward to this potent new weapon, er, tool as well.

In a nutshell, Facebook Graph Search is a search engine that allows you to find things based on relationships and context--basically drawing from the limitless pool of Likes, tags, and check-ins posted by a billion Facebook members.

From a search perspective, Graph Search seems like a very powerful tool--something that makes search more personally relevant, and a concept that should have Google worried a bit. You can search based on people, places, friends, and interests. For example, you can do a search for "friends who like The Beatles and live in Chicago," or "Italian restaurants my friends have visited nearby."

However, it's a bit of a double-edged sword as well. Andrew Storms, director of security operations for nCircle, says, "The new Facebook Graph Search is a phishers' dream come true. It takes the micro-targeting capabilities that have been available to online advertisers for years and puts them into the hands of cyber criminals."

Continued : http://www.networkworld.com/news/2013/011613-facebook-graph-search-is-an-265890.html

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.