Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - October 14, 2014

Oct 14, 2014 10:51AM PDT
Sandworm APT Team Found Using Windows Zero Day Vulnerability

UPDATE -A cyberespionage team, possibly based in Russia, has been using a Windows zero day vulnerability to target a variety of organizations in several countries, including the United States, Poland, Ukraine and western Europe. The vulnerability, which will be patched today by Microsoft, is trivially exploitable and researchers say that the team behind the attacks has been using it since August to deliver the Black Energy malware.

Researchers at iSIGHT Partners said that the team, which they've dubbed Sandworm, likely has been active since 2009 and has been using the Windows vulnerability CVE-2014-4114 in conjunction with a series of other flaws in order to compromise users at government agencies, NATO, academic institutions, a telecom, defense and energy firms. The attackers use highly targeted spearphishing emails in order to lure users into opening a rigged PowerPoint file that contains the exploit code for the vulnerability. Once the exploit code fires, it then downloads the Black Energy malware and begins gathering sensitive data for exfiltration.

Continued : http://threatpost.com/sandworm-apt-team-found-using-windows-zero-day-vulnerability/108815

Related:
Suspected Russian "Sandworm" cyber spies targeted NATO, Ukraine
Microsoft patches SandWorm 0-day

Discussion is locked

- Collapse -
Dropbox wasn't hacked, says leaked credentials are from ..
Oct 14, 2014 10:58AM PDT
... unrelated services

Dropbox has denied that they have been hacked, and that the login credentials leaked by a unknown individual on Pastebin are those of Dropbox users.

The leaker released the first batch of credentials some 12 hours ago, and has asked interested users to donate bitcoins in order for the leaks to continue. In the following hours, he or she continued to leak batches even though only one donation was made.

Simultaneously, more batches have been released by the same or another person, and another bitcoin address has been provided fo the donations (none have yet been given).

Continued : http://www.net-security.org/secworld.php?id=17488

Related:
7 million Dropbox username/password pairs apparently leaked [Updated]
Dropbox dismisses claims of hack affecting 7 million accounts
- Collapse -
Microsoft, Adobe Push Critical Security Fixes
Oct 14, 2014 10:59AM PDT
Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks.

Earlier today, iSight Partners released research on a threat the company has dubbed "Sandworm" that exploits one of the vulnerabilities being patched today (CVE-2014-4114). iSight said it discovered that Russian hackers have been conducting cyber espionage campaigns using the flaw, which is apparently present in every supported version of Windows. The New York Times carried a story today about the extent of the attacks against this flaw.

In its advisory on the zero-day vulnerability, Microsoft said the bug could allow remote code execution if a user opens a specially crafted malicious Microsoft Office document. According to iSight, the flaw was used in targeted email attacks that targeted NATO, Ukrainian and Western government organizations, and firms in the energy sector.

Continued : http://krebsonsecurity.com/2014/10/microsoft-adobe-push-critical-security-fixes/

Related: Fixes for IE, Flash Player in October Patch Tuesday Release
- Collapse -
BlackBerry 10 Devices Open to Bug That Allows Malicious App
Oct 14, 2014 10:59AM PDT
.. Installation

BlackBerry has patched a vulnerability in its BlackBerry 10 devices that could allow an attacker to intercept users' traffic to and from the BlackBerry World app store and potentially install malware on a targeted device.

The vulnerability is a weakness in the integrity checking system that BlackBerry uses to verify the apps that users download. If an attacker is able to gain a man-in-the-middle position between a user and the BlackBerry World servers, he could replace the legitimate requested app with malware. BlackBerry officials say that the vulnerability only affects the devices running BlackBerry 10, and recommend that install the new version of the World app as soon as possible.

Continued : http://threatpost.com/blackberry-10-devices-open-to-bug-that-allows-malicious-app-installation/108830