Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - October 24, 2014

Oct 24, 2014 1:30AM PDT
Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

Graham Cluley @ the Optimal Security Blog:

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks.

Microsoft has issued a security advisory about a critical remote code execution flaw in all versions of Windows apart from Windows Server 2003.

That would be bad enough. But what makes things worse is that malicious hackers are aware of the as-yet-unpatched security hole and are actively exploiting it in what Microsoft calls "limited, targeted attacks" through Microsoft PowerPoint.

Fortunately, the attacks seen to date do require some user interaction to succeed on Windows computers running with UAC (User Access Control) enabled, as a consent prompt is displayed. Unfortunately, many users are in the habit of simply ignoring such messages, and clicking to make them go away.

Continued : http://blog.lumension.com/9501/hackers-exploit-windows-zero-day-flaw-in-targeted-powerpoint-attacks/

Related:
Microsoft warns on yet another zero-day security flaw
Windows 0-day exploited in ongoing attacks, temporary workarounds offered
Microsoft discloses severe Office zero-day flaw, publishes quick fix

Discussion is locked

- Collapse -
Apple warns about organized network attacks against iCloud..
Oct 24, 2014 4:01AM PDT
.. users

In the wake of the claims that the Chinese authorities have mounted a MITM attack against iCloud and Microsoft account holders by redirecting them to spoofed login pages, Apple has published an update of iCloud.com security.

They didn't name the Chinese government as the attacker. Instead, they simply said that they were "aware of intermittent organized network attacks using insecure certificates to obtain user information."

"These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser," they made sure to note, then followed with some advice for users on how to check whether the login page they are on is the legitimate one.

Continued : http://www.net-security.org/secworld.php?id=17523
- Collapse -
Cisco Patches Three-Year-Old Telnet Remote Code Execution ..
Oct 24, 2014 4:01AM PDT
.. Bug in Security Appliances

There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years.

The FreeBSD Project first disclosed the vulnerability in telnet in December 2011 and it was widely publicized at the time. Recently, Glafkos Charalambous, a security researcher, discovered that the bug was still present in several of Cisco's security boxes, including the Web Security Appliance, Email Security Appliance and Content Security Management Appliance. The vulnerability is in the AsyncOS software in those appliances and affects all versions of the products.

If the Telnet service is enabled on a vulnerable appliance, a remote attacker can execute arbitrary code.

Continued : http://threatpost.com/cisco-patches-three-year-old-telnet-remote-code-execution-bug-in-security-appliances/108980

Related : Cisco patches three-year-old remote code-execution hole
- Collapse -
Disaster as CryptoWall encrypts US firm's entire server ..
Oct 24, 2014 4:02AM PDT
.. installation

"Paying ransom was quicker than backups"

"Here is a tale of ransomware that will make your blood run cold," announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn't exaggerating.

One of his firm's customers contacted him on 14 October for advice on how to buy Bitcoins after all seven of its servers containing 75GB of data had been encrypted by a recent variant of the hated CryptoWall ransom Trojan.

An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them to hand the anonymous professional a work day to forget.

Continued: http://news.techworld.com/security/3582363/disaster-as-cryptowall-encrypts-us-firms-entire-server-installation/
- Collapse -
iMessage SPAM floods US mobile networks
Oct 24, 2014 4:02AM PDT

"iSpam knockoff goods scam"

China-based counterfeiters are spamvertising knock-off designer goods using Apple iMessage instead of using conventional email spam runs.

iMessage has been hit with the single largest US mobile spam campaign this year. The campaign, which has been going on for months, was large enough to account for more than 80 per cent of all reported mobile messages in the US, according to messaging security outfit CloudMark.

A test purchase by cloudMark of a knock-off designer bag revealed that counterfeit merchandise was delivered, evidence that the crooks behind the scam are not simply interested in stealing the credit card numbers of "bargain hunters" prepared to risk buying goods promoted through iSpam. Purchasers are likely to be disappointed by the quality of the goods they receive, however, as a blog post by CloudMark explains.

Continued: http://www.theregister.co.uk/2014/10/24/chinese_imessage_spam_floods_us/

- Collapse -
Adobe Updates Digital Editions Following Privacy Controversy
Oct 24, 2014 5:26AM PDT

In response to accusations that it's spying on users of the e-book reader application Adobe Digital Editions, Adobe Systems has released a new version of the software that addresses some of the reported issues.

Earlier this month, reports surfaced about Adobe collecting information from Digital Editions 4.0 users, including the books they read and the ones stored in their library. Researchers also noticed that all the data was sent back to Adobe's servers without being encrypted.

"Adobe Digital Editions allows users to view and manage eBooks and other digital publications across their preferred reading devices—whether they purchase or borrow them. All information collected from the user is collected solely for purposes such as license validation and to facilitate the implementation of different licensing models by publishers," Adobe said at the time.

Continued : http://www.securityweek.com/adobe-updates-digital-editions-following-privacy-controversy

Related:
Adobe begins encrypting user data collected from Digital Editions app
Adobe spies on readers: EVERY DRM page turn leaked to base over SSL

- Collapse -
Apple Drops SSL 3.0 for Push Notification due to Poodle Flaw
Oct 24, 2014 5:26AM PDT

The Bitdefender "HOT for Security" Blog:

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple's announcement.

The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol.

"Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected," the announcement said.

Continued : http://www.hotforsecurity.com/blog/apple-drops-ssl-3-0-for-push-notifications-due-to-poodle-flaw-10675.html