| |
 |
 |
 |
|
|
|
|
Date: 01 March 2013
Click here for printable version
Greetings,
Earlier this week at the RSA Conference 2013, Tillman Werner, a researcher from CrowdStrike, performed a live demonstration of the sinkholing of thousands of bots belonging to version C of the Kelihos botnet. The Kelihos botnet has been responsible for large volumes of pharmaceutical spam, bitcoin wallet theft, and credential harvesting over the past few years. The original Kelihos A botnet was disabled in September 2011, and the second version Kelihos B was taken down in Feburary 2012. This third incarnation, Kelihos C, came up and running within a mere 20 minutes of Kelihos B shutting down. Werner has developed a method of peer-to-peer poisoning which diverts bots from the botnet's command and control server making them talk to his sinkhole instead, stating that "every peer that checks into the sinkhole should never talk to the botnet again".
Researchers from Duo Security, a two-factor authentication provider, have identified a problem with Google's authentication system which has allowed them to gain full control over users' Gmail accounts. The flaw, which is located in the auto-login mechanism of Chrome and in the latest versions of Android, allowed the researchers to use ASP to gain access to the recovery and two-step verification settings for a Google account. The auto-login mechanism allows users to link their mobile devices or Chromebooks with their Google accounts so that they do not need to manually authenticate with any Google-related pages. More information can be found over at Duo Security's blog.
As a result of the compromise of a server used to process support requests for the cPanel website management application, the providers of the software are warning users to immediately change their systems' root passwords. The e-mail, which was posted on a community forum, stated "While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with "sudo" or "su" for root logins, we recommend you change the account password." Additionally the cPanel Security Team stated that they "... do not know the exact nature of the compromise... [so they] ... are asking customers to take immediate action on their own servers." At this stage it is unclear how many cPanel users are affected by the compromise.
This week's top five bulletins (in no particular order):
1) ASB-2013.0026 - [Win][Linux][OSX] Google Chrome: Multiple vulnerabilities
This week's obligatory web browser update goes out to Google Chrome. Many vulnerabilities have been identified in Google Chrome prior to versions 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac.
2) ASB-2013.0027 - [UNIX/Linux] Kerberos: Denial of service - Remote/unauthenticated
A denial of service vulnerability has been identified in MIT Kerberos 5 prior to Release 1.11.
3) ESB-2013.0289 - ALERT [Win][Linux][OSX] Flash Player: Multiple vulnerabilities
Adobe released a Flash Player update to address vulnerabilities that were being exploited in the wild.
4) ESB-2013.0290 - [RedHat] Oracle Java SE 6: Notification of end of public updates
Red Hat ends public updates for Java SE 6 as of 28 February, 2013. Red Hat advises that administrators consider using one of a number of other alternative Java implementations such as OpenJDK 6, IBM's Java SE 6, OpenJDK 7, IBM's Java SE 7, or Oracle Java SE 7 for continued support.
5) ESB-2013.0297 - [UNIX/Linux][NetBSD] grep: Execute arbitrary code/commands - Existing account
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code.
Have a great weekend!
Jonathan
|
|
|
|
 |
|
 |
|
|