News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
April 18, 2014, 12:42:34
Pages: [1] 2 3 ... 10
 1 
 on: Today at 03:31:02 
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Facebook Chat Verification used for SPAM
- http://blog.trendmicro.com/trendlabs-security-intelligence/fake-facebook-chat-verification-used-for-spam/
Apr 17, 2014 - "Facebook users are once again the target of a malicious scheme—this time in the form of a notification about “Facebook Chat”. The spammed notification pretends to come from the “official Facebook Chat Team.” A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement.
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/04/FB-chat-spam1.jpg
The spam tries to sound urgent to convince users to verify their accounts. To do so, they are first asked to to go to a Pastebin URL and are instructed to copy a specific code. The set of instructions differ depending on what browser is being used (Google Chrome, Mozilla Firefox, or Internet Explorer). Users are then directed to a shortened link and are asked to press a particular function key (F12 for Google Chrome users, for example). After clicking on the console tab, users are supposed to paste the provided Javascript code into the address bar, then press Enter. This actually gives bad guys access to the user’s account, giving them the capability to auto-tag anyone in the users’ friends list and start the cycle of victimizing other account users... From the get-go, users should know that there is -no- product called “Facebook Chat,” let alone a team that sends out a supposed “advisory” to its users. The social media site’s official instant messaging feature is called Facebook Messenger, which also the name of its stand-alone app. Earlier this month, Facebook announced* that Android and iOS users will be required use this stand-alone app by eliminating the chat features of the traditional app versions of the site. Facebook has taken action against threats like this by releasing an official announcement. The official Facebook warning** notes, “This is a variant on the self-XSS attack. By pasting the code in the browser console, the user gives the code access to their account. The code usually posts the same scam on other people’s walls, and subscribes the user to pages controlled by the attacker – but it could do much worse things”..."
* http://mashable.com/2014/04/09/facebook-requiring-messenger/

** https://www.facebook.com/selfxss
___

Zeus with your coffee ...
- https://www.securelist.com/en/blog/8207/Would_you_like_some_Zeus_with_your_coffee
Apr 16, 2014 - "Cybercriminals often like to use a bogus letter to trick people into opening malicious attachments. There are two tricks that make this work: a message from a familiar name (a bank, social network, service provider or other organization that might interest the recipient) and an intriguing or alarming subject. An attack based on -fake- messages supposedly from coffee chain Starbucks combined the two.
> https://www.securelist.com/en/images/vlweblog/blog_vergelis_starbucks.jpg
The detected distribution claimed... a recipient's friend made an order for him to celebrate a special occasion in a Starbucks coffee shop. That mysterious friend wished to remain anonymous, enjoying the intrigue he was creating, but was sending out invitations with details of a special menu, which is available in the attachment. In the end they wished the recipient an awesome evening. All the messages were sent out with high importance. Besides, the addresses, created on the Gmail and Yahoo! free mail services, changed from letter to letter and seemed to be randomly generated combinations like incubationg46@, mendaciousker0@ and so on. The attachment was a .exe file and the cybercriminals made no effort to mask it with an archive or double filename extension. They seemed to be sure a happy recipient would open the attachment without any suspicion. Kaspersky Lab detects the attached file as Rootkit.Win32.Zbot.sapu - a modification of one of the most notorious spyware family Zbot (ZeuS). These applications are used by cybercriminals to steal confidential information. This version of Zbot is able to install a rootkit Rootkit.Win32.Necurs or Rootkit.Win64.Necurs, which disrupts the functioning of antiviruses or other security solutions."
___

Google patches Android icon Hijacking vuln
- http://www.securityweek.com/google-patches-android-icon-hijacking-vulnerability
Apr 15, 2014 - "Researchers at FireEye have identified a vulnerability affecting Google Android that could be exploited to lead users to malicious sites. According to FireEye*, the issue allows a malicious app with 'normal' protection level permissions to target legitimate icons on the Android home screen and modify them to point to attack sites or the malicious app itself without notifying the user. The issue has been acknowledged by Google, which has released a patch to its OEM partners..."
* http://www.fireeye.com/blog/technical/2014/04/occupy_your_icons_silently_on_android.html
Apr 14, 2014

- https://atlas.arbor.net/briefs/index#-561580891
Elevated Severity
17 Apr 2014

 Evil or Very Mad  Sad

 2 
 on: April 17, 2014, 19:56:27  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

3 Million Credit, Debit Cards stolen in Michaels, Aaron Brothers breaches
- http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/
Apr 17, 2014 - "Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards. The disclosure, made jointly in a press release* posted online and in a statement on the company’s Web site**, offers the first real details about the breach... The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing. “After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,” the statement reads. The Michaels breach first came to light just weeks after retail giant Target Corp. said that cyber thieves planted malware on cash registers at its stores across the nation, stealing more than 40 million credit and debit card numbers between Nov. 27 and Dec. 15, 2013. That malware was designed to siphon card data when customers swiped their cards at the cash register. According to Michaels, the affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. The company says there is no evidence that other customer personal information, such as name, address or debit card PIN, was at risk in connection with this issue... Regarding Aaron Brothers, Michaels Stores said it has confirmed that between June 26, 2013 and February 27, 2014, 54 Aaron Brothers stores were affected by this malware..."
* http://www.businesswire.com/news/home/20140417006352/en/Michaels-Identifies-Previously-Announced-Data-Security-Issue
Apr 17, 2014

** http://www.michaels.com/corporate/payment-card-notice-faqs,default,pg.html
Apr 17, 2014

- http://www.reuters.com/article/2014/04/17/us-michaelsstores-cybercrime-idUSBREA3G27N20140417
Apr 17, 2014

 Evil or Very Mad Evil or Very Mad  Sad

 3 
 on: April 17, 2014, 07:20:50  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-018 ...
- http://support.microsoft.com/kb/2936068
Last Review: April 16, 2014 - Rev: 3.0
___

Microsoft fixes Windows 8.1 Update for corporate WSUS servers
- http://www.infoworld.com/t/microsoft-windows/microsoft-fixes-windows-81-update-corporate-wsus-servers-240654
April 16, 2014 - "...  it will continue to make Windows 8.1 security patches available to WSUS customers until August's Patch Tuesday. Previous announcements said that patches to Windows 8.1 would be cut off in May. This stay of execution for this patch applies only to those who receive security patches through WSUS. Windows 8.1 customers who get their patches through Windows Update (or Microsoft Update) have to install the Windows 8.1 Update/KB 2919355 patch by May 13 if they wish to continue receiving security patches for their machines..."
 
- http://blogs.technet.com/b/wsus/archive/2014/04/16/solution-to-kb2919355-preventing-interaction-with-wsus-3-2-over-ssl.aspx
16 Apr 2014

- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Last Review: Apr 18, 2014 - Rev: 13.0

- https://support.microsoft.com/kb/2959977
Last Review: April 17, 2014 - Rev: 3.0

 Exclamation Question

 4 
 on: April 16, 2014, 12:28:54  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Something still evil on 66.96.223.192/27
- http://blog.dynamoo.com/2014/04/something-still-evil-on-669622319227.html
16 April 2014 - "Last week I wrote about a rogue netblock hosted by Network Operation Center* in the US. Well, it's still spreading malware but now there are -more- domains active on this range. A full list of the subdomains I can find are listed here [pastebin**]. I would recommend that you apply the following blocklist:
66.96.223.192/27
andracia .net
..."
(Long list at the dynamoo URL above.)
* http://blog.dynamoo.com/2014/04/something-evil-on-669622319227.html

** http://pastebin.com/RQfE69hn
___

Netflix-themed tech support SCAM ...
- http://blog.malwarebytes.org/fraud-scam/2014/04/netflix-themed-tech-support-scam-comes-back-with-more-copycats/
April 16, 2014 - "A few weeks ago we blogged about this Netflix phishing scam -combined- with fake tech support that was extorting private information and money from people. The scam worked by asking unsuspecting users to log into their Netflix account and enter their username and password into a -fraudulent- website. After collecting the personal details, the perpetrators used a fake warning to state the particular account had been suspended. All this effort was really about leading potential victims into a trap, by making them call a 1-800 number operated by -fake- tech support agents ready to social engineer their mark and collect their credit card details. A slightly new variant is once again making the rounds with the same goal of funnelling traffic to -bogus- ‘customer support’ hotlines:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/04/blurred_netflix.png
... this time around the scammers behind it are expanding the phishing pages to other online services as well to target a wider audience. Crooks are buying online ads for each brand such as this one on Bing for “netflix tech support number”:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/04/bingad1.png
... The quality of leads you get from targeted advertising is much higher than that from random cold calls. If you can attract people already looking for help and offer them your service, chances are conversion rates will be higher..."

 Evil or Very Mad Evil or Very Mad  Sad

 5 
 on: April 16, 2014, 11:55:41  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

WordPress 3.9 released
- https://wordpress.org/download/
Apr 16, 2014 - "The latest stable release of WordPress (Version 3.9) is available..."

- https://wordpress.org/news/2014/04/smith/
"... available for download or update in your WordPress dashboard. This release features a number of refinements..."

- https://core.trac.wordpress.org/browser/tags/3.9

 Exclamation

 6 
 on: April 15, 2014, 19:03:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Oracle Critical Patch Update Advisory - April 2014
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Apr 15, 2014

- https://blogs.oracle.com/security/entry/april_2014_critical_patch_update
Apr 15, 2014

- https://www.us-cert.gov/ncas/current-activity/2014/04/16/Oracle-Releases-April-2014-Security-Advisory
April 16, 2014 - "Oracle has released its Critical Patch Update for April 2014 to address -104- vulnerabilities across multiple products. This update contains the following security fixes:
• 2 for Oracle Database Server
• 20 for Oracle Fusion Middleware
• 3 for Oracle Hyperion
• 10 for Oracle Supply Chain Products Suite
• 8 for Oracle PeopleSoft Products
• 1 for Oracle Siebel CRM
• 1 for Oracle iLearning
• 37 for Oracle Java SE
• 3 for Oracle and Sun Systems Products Suite
• 5 for Oracle Virtualization
• 14 for Oracle MySQL ..."

Oracle Database Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixDB

Oracle Fusion Middleware Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixFMW

Oracle Hyperion Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixHYP

Oracle PeopleSoft Enterprise Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixPS

Oracle Siebel CRM Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSECR

Oracle Supply Chain Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSCP

Oracle Java SE Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA

Oracle and Sun Systems Products Suite Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSUNS

Oracle Linux and Virtualization Products Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixOVIR

Oracle MySQL Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL
___

Oracle Java Cloud Service ...
- https://blogs.oracle.com/security/entry/oracle_java_cloud_service_april
Apr 17, 2014
___

- https://atlas.arbor.net/briefs/index#814257545
Extreme Severity
17 Apr 2014

 Exclamation

 7 
 on: April 15, 2014, 18:37:54  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Java SE 8u5
- http://www.oracle.com/technetwork/java/javase/downloads/index.html
Apr 15, 2014

Release Notes
- http://www.oracle.com/technetwork/java/javase/8train-relnotes-latest-2153846.html

Oracle Java SE Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
___

Recommended Version 7 Update 55
- https://www.java.com/en/download/manual.jsp

Release Notes - 7u55
- http://www.oracle.com/technetwork/java/javase/7u55-relnotes-2177812.html
"...  This JRE (version 7u55) will expire with the release of the next critical patch update scheduled for July 15, 2014..."
___

- https://secunia.com/advisories/57932/
Release Date: 2014-04-16
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
CVE Reference(s): CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428
... vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 51 and prior
* JDK and JRE 6 Update 71 and prior
* JDK and JRE 5 Update 61 and prior
* JDK and JRE 8
Solution: Apply updates...
Original Advisory:
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA

 Exclamation

 8 
 on: April 14, 2014, 19:48:50  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Adobe Reader Mobile 11.2 released
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
April 14, 2014
CVE Numbers: CVE-2014-0514
Platform: Android
Summary: Adobe has released a security update for Adobe Reader Mobile for the Android operating system. This update addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users update their product installations...
Solution: Adobe recommends users of Adobe Reader Mobile update to the newest version, available here: https://play.google.com/store/apps/details?id=com.adobe.reader
This update addresses a -critical- vulnerability in the software..."
___

- https://secunia.com/advisories/57928/
Release Date: 2014-04-15
Criticality: Highly Critical
Where: From remote
Impact: System access ...
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0514
... vulnerability is reported in versions 11.1.3 and prior.
Solution: Update to version 11.2.
Original Advisory: APSB14-12:
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html

 Exclamation

 9 
 on: April 14, 2014, 10:17:52  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

VMSA-2014-0004.3 - VMware product updates address OpenSSL security vulnerabilities
- http://www.vmware.com/security/advisories/VMSA-2014-0004.html
Updated on: 2014-04-17
... Change log:
2014-04-14 VMSA-2014-0004
Initial security advisory in conjunction with the release of Horizon Workspace Server 1.8 and 1.5 updates on 2014-04-14
2014-04-15 VMSA-2014-0004.1
Updated security advisory in conjunction with the release of Horizon Mirage Edge Gateway 4.4.2 patch on 2014-04-15
2014-04-16 VMSA-2014-0004.2
Updated security advisory in conjunction with the release of vCloud Networking and Security 5.5.2 and 5.1.4 on 2014-04-16
2014-04-17 VMSA-2014-0004.3
Updated security advisory in conjunction with the release of Workstation 10.0.2, Fusion 6.0.3, Player 6.0.2 and Horizon Workspace Client 1.8.1 on 2014-04-17
___

VMSA-2014-0004 - VMware product updates address OpenSSL security vulnerabilities
- http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-14
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 - 5.0
___

VMware OpenSSL TLS/DTLS Heartbeat Vulnerabilities - Multiple Products ...
- https://secunia.com/advisories/57770/
Last Update:  2014-04-18
Criticality: Moderately Critical
Where: From remote
Impact: Exposure of sensitive information ...
Original Advisory:
- http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2076225
Purpose: The VMware Security Engineering, Communications, and Response group (vSECR) is investigating the OpenSSL issue dubbed "Heartbleed" (CVE-2014-0160).
This article reflects the status of the ongoing investigation.
Resolution: The following is a response to the current situation with the software security vulnerability dubbed Heartbleed:
The VMware Security and Engineering teams are working on remediation for the VMware products that have been impacted. VMware is acutely aware of the seriousness of the Heartbleed vulnerability, and all available resources are being directed toward a resolution amidst this industry-wide situation. VMware plans to release updated products and patches for all affected products in this article by April 19th. Please check this article for any updates or exceptions to this timeframe. See the lists below for affected products, and refer to the Resolution/mitigation section for steps to protect your systems while updates are being prepared...

- http://blog.socialcast.com/socialcast-response-to-heartbleed-aka-cve-2014-0160/
Apr 9, 2014

 Exclamation  Sad

 10 
 on: April 14, 2014, 06:19:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Canada taxpayer data stolen in Heartbleed breach
- http://www.reuters.com/article/2014/04/14/us-canada-tax-heartbleed-idUSBREA3D0XZ20140414
Apr 14, 2014 - "Canada's tax-collection agency reported on Monday that the private information of some 900 people had been stolen from its computer systems as a result of vulnerabilities caused by the 'Heartbleed' bug. The breach allowed someone to extract social insurance numbers, which are used for employment and gaining access to government benefits, and possibly some other data, the Canada Revenue Agency said... Police are investigating and the country's privacy commissioner has been informed, it said. Right in the heart of tax-filing season, the CRA shut down access to its online services last Wednesday because of the bug, which is found in widely used Web encryption technology..."

Canadian charged in 'Heartbleed' attack on tax agency
- http://www.reuters.com/article/2014/04/16/us-cybersecurity-heartbleed-arrest-idUSBREA3F1KS20140416
Apr 16, 2014 - "Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the "Heartbleed" bug to steal taxpayer data from a government website, the Royal Canadian Mounted Police (RCMP) said on Wednesday. In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site. The suspect, Stephen Solis-Reyes, was arrested at his home in London, Ontario on Wednesday and faces criminal charges of unauthorized use of computer and mischief in relation to data... Police seized Solis-Reyes computer equipment and scheduled his court appearance for July 17, 2014..."
___

- https://blogs.akamai.com/2014/04/heartbleed-update-v3.html
April 13, 2014 7:20 PM - "Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys.  We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community.  The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for improving the openssl codebase. In short: we had a bug. An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others. In particular, we only try to protect d, p, and q, but not d mod (p-1), d mod (q-1), or q^{-1} mod p.  These intermediate extra values (the Chinese Remainder Theorem, or CRT, values) are calculated at key-generation time as a performance improvement. As the CRT values were not stored in the secure memory area, the possibility exists that these critical values for the SSL keys could have been exposed to an adversary exploiting the Heartbleed vulnerability. Given any CRT value, it is possible to calculate all 6 critical values. As a result, we have begun the process of rotating all customer SSL keys/certificates.  Some of these certificates will quickly rotate; some require extra validation with the certificate authorities and may take longer. In parallel, we are evaluating the other claims made by the researcher, to understand what actions we can take to improve our customer protection."

- https://blogs.akamai.com/2014/04/heartbleed-a-history.html
April 16, 2014 - "In the interest of providing an update to the community on Akamai's work to address issues around the Heartbleed vulnerability, we've put together this outline as a brief summary:
• Akamai, like all users of OpenSSL, was vulnerable to Heartbleed.
• Akamai disabled TLS heartbeat functionality before the Heartbleed vulnerability was publicly disclosed.
• In addition, Akamai went on to evaluate whether Akamai's unique secure memory arena may have provided SSL key protection during the vulnerability window when we had been vulnerable; it would not have.
• Akamai is reissuing customer SSL certificates, due to the original Heartbleed vulnerability...
We are currently reviewing a revised version of our secure memory arena with some external researchers and developers.  Once we are more confident that it more closely achieves its goals, we will contribute this code to the community. We also plan to evaluate how we can better collaborate and support the open source community."

 Sad

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.722 seconds with 16 queries.