| |
 |
 |
 |
|
|
|
|
Date: 15 March 2013
Click here for printable version
Greetings,
Operation Ababil, a campaign that the Izz ad-Din al-Qassam Cyber Fighters group has been actioning since September last year started its third phase last week. The group is using distributed denial of service attacks against American banks in order to protest against the anti-Islam film: Innocence of Muslims. This attack made JPMorgan Chase & Co.'s web site inaccessible to some of their users throughout Tuesday 12th of March 2013.
Ars technica released a very disturbing but informative article about a community of ethically challenged individuals who compromise unsuspecting and unknowing victim's machines with remote administration tools (RAT). RATs aren't new tools; they are even an essential part of most IT specialists' toolkit. There are many different versions of RATs; VNC, Terminal Services, LogMeIn and GoToAssist are a list of the most known tools. The specific versions that are used by these malicious people include specific, easy to use functions that are clearly designed to invade people's privacy, such as taking control of the compromised machine's webcam or microphone. These individuals go to the point of publicly humiliating their victims or "slaves" as they describe them by posting unflattering photos of them on forums. This may be all fun and games for these script-kiddies/hackers but the possible physical and mental issues that this may have on their victims is horrendous. This is all the more reason to share our security knowledge and help people who do not know how to protect their machines from these usually simple attacks.
Please don't forget that this week was the second week of the month and as usual this brought us lots of updates to apply on our ever useful machines called computers and mobile devices. All the usual culprits; Adobe Flash - check, Internet Explorer - check, Microsoft Silverlight - check, Microsoft Kernel mode drivers - check...oh...wait a minute this is interesting, this particular bulletin (MS03-027) comprises of three vulnerabilities concerning the USB Descriptor - it seems that arbitrary code with administrative privileges can be executed from a flash drive without any users actually being logged in. Yes, this does require physical access to the machine, but realistically how hard is it to get into an office building? Have you thought about your physical security? What about all those laptops that are outside the confines of your protected buildings? Definitely get these patches installed on your machines as soon as possible.
This week's collection of bulletins (in no particular order) goes to:
1) ESB-2013.0367 - [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction
https://www.auscert.org.au/17182
Microsoft patched nine vulnerabilities - Arbitrary code or commands can be run with the same privileges of a logged in user that accesses a specially crafted web page. This definitely needs to be patched.
2) ESB-2013.0374 - [Win][Linux][Apple iOS][Android][OSX] Adobe Flash Player & AIR: Multiple vulnerabilities
https://www.auscert.org.au/17189
Adobe patched four vulnerabilities - A user that accesses a specially crafted SWF file may lead to an application crash and the execution of arbitrary code. As always patch Flash as soon as possible.
3) ESB-2013.0355 - [UNIX/Linux][Debian] sudo: Root compromise - Existing
account
https://www.auscert.org.au/17170
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. Sudo should never be vulnerable to exploits. Patch it now! Sophos released an interesting article about CVE-2013-1775.
4) ESB-2013.0392 - [OSX] OS X Mountain Lion: Multiple vulnerabilities
https://www.auscert.org.au/17207
Apple has released a new update for OS X Mountain Lion v10.8.3 and their first security update 2013-001. This update solves 17 vulnerabilities.
5) ESB-2013.0391 - [OSX] Safari: Multiple vulnerabilities
https://www.auscert.org.au/17206
Apple has released a new update for Safari which brings its browser to version Safari 6.0.3. This update resolves 17 vulnerabilities.
Stay safe, stay patched and have a good week end,
Ananda.
|
|
|
|
 |
|
 |
|
|