NEWS - January 07, 2013

Nvidia has quietly released a new set of drivers to patch up a security flaw found within the Display Driver service, which came to light via a U.K.-based researcher on Christmas day.

If you happen to be an owner of a GeForce graphics processing unit (GPU), then the quiet release of the latest GeForce-based drivers is certainly worth a quick download.

On Saturday, the firm made the new WHQL-certified graphics drivers -- version 310.90 -- available. The release notes say that the file "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." However, it does not mention the fact that U.K. researcher Peter Winter-Smith discovered a flaw in December which makes the display driver service vulnerable to buffer overflow and code injection attacks. In other words, the security flaw could potentially be used by a remote attacker with a domain account to gain access to a system running older drivers.

In addition to killing off the security flaw, the driver update also comes complete with a number of bug fixes and performance enhancements for some gaming titles. New 3D Vision profiles have been added, and faster performance will improve a number of PC games including Call of Duty: Black Ops 2 and Assassin's Creed III.

Continued : http://www.zdnet.com/nvidia-releases-driver-update-to-fix-security-exploit-7000009448/

Also: NVIDIA Releases Fix For Dangerous Display Driver Exploit

Related: Nvidia Display Driver Service Attack Escalates Privileges on Windows Machines

See Vulnerabilities & Fixes : NVIDIA Graphics Drivers for Windows "nvsr" Named Pipe Buffer Overflow Vulnerability

The author of Blackhole, an exploit kit that booby-traps hacked Web sites to serve malware, has done so well for himself renting his creation to miscreants that the software has emerged as perhaps the most notorious and ubiquitous crimeware product in the Underweb. Recently, however, the author has begun buying up custom exploits to bundle into a far more closely-held and expensive exploit pack, one that appears to be fueling a wave of increasingly destructive online extortion schemes.

An exploit pack is a software toolkit that gets injected into hacked or malicious sites, allowing the attacker to foist a kitchen sink full of browser exploits on visitors. Those visiting such sites with outdated browser plugins may have malware silently installed. In early October 2012, security researchers began noticing that a new exploit pack called Cool Exploit Kit was showing up repeatedly in attacks from "ransomware," malicious software that holds PCs hostage in a bid to extract money from users.

"Kafeine," a French researcher and blogger who has been tracking the ties between ransomware gangs and exploit kits, detailed Cool's novel use of a critical vulnerability in Windows (CVE-2011-3402) that was first discovered earlier in the year in the Duqu computer worm. Duqu is thought to be related to Stuxnet, a sophisticated cyber weapon that experts believe was designed to sabotage Iran's nuclear program.

Continued : http://krebsonsecurity.com/2013/01/crimeware-author-funds-exploit-buying-spree/

Hacktivist group NullCrew recently announced a succesful intrusion (though intrusionette might be a better word) against a website in the DHS.GOV domain hierarchy.

DHS, of course, is the United States Department of Homeland Security.

The intrusionetted site was studyinthestates.dhs.gov, intended to help foreigners find out if and how they might be able to study at US schools, colleges and universities.

It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.

That's where you construct a URL that persuades the server to navigate to a part of the web server you aren't supposed to be able to access, and to retrieve content from there.

Continued : http://nakedsecurity.sophos.com/2013/01/07/dhs-website-falls-victim-to-hacktivist-intrusion/

An account posing as that of the Facebook Security Team has been spotted sending warnings to random users, trying to fool them into believing that their Facebook account will be suspended due to a violation of the social network's Terms of Service: [Screenshot]

The message offers a link for verifying the account, and it takes users to a third party Facebook application that requests them to enter their Facebook page name, email or phone and password.

If entered and submitted, that information is automatically sent to the scammers behind this phishing scheme and used to hijack the account.

If you have fallen for the trick, try to access your account. If you are able to do so, change your password immediately. If you have already been locked out, report the compromise and Facebook will help you regain control of the account.

Continued: http://www.net-security.org/secworld.php?id=14186

According to a report by GameSpy, users on Ubisoft's forums have been complaining about having lost access to their accounts on the company's Uplay online service. Starting around 30 December, many of the affected users say they have received emails telling them that the email addresses for their accounts had been changed to addresses associated with particular sites under the Russian .ru and .su top-level domains, suggesting that the hacks are part of a larger attack by a hacker or group of hackers. According to GameSpy, Ubisoft has confirmed the situation and said that "a limited number" of accounts are affected. No personal or financial details were compromised, according to the company.

Ubisoft did not give details of how the hackers managed to breach the accounts, but access for affected users was restored promptly once staff in charge of the matter returned from their holiday breaks. Some users in the forum thread in question claimed to have randomly generated passwords for their Uplay account. Uplay is Ubisoft's DRM and multiplayer matchmaking system; users who lost access to their accounts were unable to play games registered through it.

Continued : http://www.h-online.com/security/news/item/Ubisoft-investigating-compromised-Uplay-accounts-1778618.html

Also: Ubisoft probes sudden rash of hijack attacks on gamers' accounts

Iran is developing "intelligent software" to control how Iranians can access social-networking sites, according to Associated Press.

The new software will prevent Iranians from being exposed to malicious content while allowing them to take advantage of the "useful aspects" of the Internet, said Iran's chief of police, Gen. Esmail Ahmadi Moghadam, AP reported. Moghadam did not specify which social networking sites would be controlled or when the software will go live.

"The designing of intelligent software to control social networking Web sites" is underway, Moghadam said.

The Iranian government heavily restricts access to social networking sites such as Facebook and Twitter as well as other sites that authorities believe promote dissent or are morally corrupt as part of its strict censorship policy. However, many Iranians bypass the official filters using proxy software and Virtual Private Networks (VPN).

Continued : http://securitywatch.pcmag.com/none/306619-iran-developing-software-to-control-social-networking-sites

Also: Iran Designing Software for Controlled Social Media Access