| |
 |
 |
 |
|
|
|
|
Date: 01 February 2013
Click here for printable version
Greetings,
A newly discovered piece of mobile malware identified by NQ Mobile, known as "Bill Shocker" has infected over 620,000 users in China and is believed to pose a further threat to Android devices worldwide. The malware is an SDK which has infected a number of popular apps in China, including messaging and news apps that are distributed by third-party app stores and retail installation channels. "Bill Shocker" can take remote control of mobile devices, including their contact lists, Internet connections, dialling and SMS functions, which are then used to send text message spam while racking up enormous phone bills and eating through bundled data quotas. Best practice can help to avoid infection by this and other mobile malware, such as ensuring that apps are only installed from trusted sources, and permissions requested by applications are monitored to ensure that they are not requesting far greater permissions than are necessary to perform their function. There are also numerous mobile security applications available from trusted vendors that can aid in keeping your mobile device safe.
According to a list from McAfee, the United States is host to the greatest concentration of botnet C&C servers in the world, with 631 active servers. The next closest country, the British Virgin Islands has 237 servers, and the Netherlands coming in third place with 154 servers. The stats however may be fairly worthless seeing as many of the locations of these servers could be spoofed, however one thing is for certain - with botnets making up numbers in the millions, and the production of malware apparently growing at a faster rate than ever before (also stated in a report by McAfee in September last year) this problem isn't going anywhere any time soon.
This week's top five bulletins (in no particular order):
1) ESB-2013.0122 - ALERT [Linux][Appliance] libupnp: Multiple vulnerabilities
Earlier this week, on the 29th Jan, HD Moore and Rapid7 published a whitepaper and blog detailing security flaws in the portable SDK for UPnP (Universal Plug and Play) which affect a countless number of network devices. US-CERT were quick to release this bulletin indicating that products from vendors such as Cisco, Fujitsu, Hauwei, Linksys, NEC, Siemens, Sony and more are potentially at risk from these issues.
2) ESB-2013.0114 - ALERT [Win][Linux][RedHat] libvirt: Root compromise - Remote/unauthenticated
Redhat announced that Libvirt - a library for managing and interacting with the virtualisation capabilities of Linux - is vulnerable to a potential remote/unauthenticated root compromise. Administrators should patch this as soon as possible!
3) ESB-2013.0132 - [Cisco] Cisco Portable SDK: Multiple vulnerabilities
Following up on Rapid7's research and US-CERT's bulletin on UPnP flaws, Cisco released this bulletin which indicates that a number of specific Cisco products are susceptible to exploitation of these issues which could allow for code execution or denial of service.
4) ESB-2013.0116 - [Apple iOS] iOS : Multiple vulnerabilities
Apple released an update for iOS for iPhones, iPads and iPods which covers a 27 CVEs worth of vulnerabilities!
5) ESB-2013.0119 - [Win] GE Intelligent Platforms Proficy Cimplicity: Multiple vulnerabilities
ICS-CERT issued an advisory detailing two vulnerabilities in GE's Cimplicity which is a Client/Server-based human-machine interface/supervisory control and data acquisition (HMI/SCADA) application. Potential impacts include code execution, denial of service and the unauthorised access of privileged data.
Security on the Move 14th March, Intercontinental at the Rialto, Melbourne
A must attend event for those who live in Melbourne – come along to Security on the Move, AusCERT’s one day conference that will put the spotlight on information in Melbourne. This day is a chance for security professionals to learn about the challenges and opportunities in their own backyards, connect with talented industry neighbours and speak face-to-face with the experts at AusCERT who sit at the coal face of emerging threats. Registrations are open now - just $99.
AusCERT Member Briefing at Security on the Move, 14th March 5:00 pm, Intercontinental at the Rialto, Melbourne
Following AusCERT’s Security on the Move in Melbourne on 14th March, AusCERT will host a members-only briefing. Last year we surveyed you for your thoughts on AusCERT’s bulletins. Come along, join us for a drink and some canapés, hear the results and how we’re responding to your feedback. We’ll also give you a strategy update and other AusCERT member-only news. For catering, please RSVP to claire[at]auscert.org.au. We look forward to seeing you there. For members in other states, we plan to hold similar briefings. Coming soon!
The AusCERT2013 Call for Presentations and Tutorials is now CLOSED.
Thank you to all who made submissions. We received 140 papers and thank our IT security community for this fantastic response. The quality of the conference program is going to be very high - it's going to be a great conference! We hope you can join us and look forward to seeing you there. Registrations will open this month, so please mark the conference dates in your calendar. AusCERT2013: 20th-24th May 2013. This time it’s personal.
Have a great weekend!
Jonathan
|
|
|
|
 |
|
 |
|
|