copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


AusCERT Week in Review for 15th February 2013

Date: 15 February 2013

Click here for printable version


It seems that even the major IT security companies are vulnerable to hackers, another major player, Bit9 revealed that their network was breached and its code signing certificates were part of the bounty. Bit9 uses the approach of white-listing applications that are safe to run, it uses the code signing certificate to prove that the applications are “Trusted”. This seems to be the trend in IT Security as black-listing seems to be becoming less and less effective. The unauthorised party were reported to have used the code signing certificate to sign multiple malicious applications and spread them to Bit9’s customers. This also demonstrates how hackers are using side-channelled attacks and ever more sophisticated attacks (i.e. Watering hole-attacks), to compromise specific targets.

On a bit more light-hearted note, TV emergency reports were broadcast in Michigan and Montana, USA that the dead were rising up! This was of course a hack that must have brought on quite a bit of shame on the different channels that did broadcast the reports. This attack was probably much more sophisticated than the now-common mobile traffic signs hack with the “Zombies ahead” message, which requires only the knowledge of a default password. Please note that although this is quite amusing, doing so is illegal and can possibly have major consequences as the mobile Traffic signs are present for a reason.

As this was the second Tuesday of the month, Microsoft and Adobe have released their habitual monthly patches. This was a big month for Microsoft Security Patches; actually the 2nd largest security batch of patches for Microsoft since they started their Patch Tuesday Model. Microsoft fixed 56 vulnerabilities spread over 12 security bulletins . Five of these Bulletins have been deemed “Critical” and should be patched as soon as possible. Adobe released updates for Flash Player and Shockwave player that address remote code execution vulnerabilities.

Adobe have also released a notification message concerning a zero-day vulnerability in Adobe Reader and Adobe Acrobat, there is no patch for this vulnerability as of yet. We will update our ESB with the details of the patch as soon as we are made aware of one. Please keep your anti-virus signatures up-to-date as signatures of the malicious PDF files will most likely be created and pushed to your preferred virus scanning engine.

As per usual, here’s a quick list of bulletins that need to be looked at:

1/ ESB-2013.0175.2 - [Win][VMware ESX][OSX] VMWare Products: Increased privileges - Existing account

2/ ESB-2013.0184 - [Win] Internet Explorer: Multiple vulnerabilities

3/ ESB-2013.0185 - ALERT [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction

4/ ESB-2013.0198 - [Win][Linux][Android][OSX] Adobe Flash Player: Multiple vulnerabilities

5/ ESB-2013.0197 - [Win][UNIX/Linux][Debian] Ruby on Rails: Multiple vulnerabilities

Stay safe, stay patched and have a good week end!