SECURITY WARNINGS & Notices - Please post them here

[REDACTED]

Jindřich Kubec   September 19th, 2012

New Microsoft IE Zero-day attack

http://blog.avast.com/2012/09/19/new-msie-0day-attack/#more-9550

[CharleyO]

***

Bank of America Hit By Cyber Attack

Bank of America’s (BAC) website was experiencing sporadic outages on Tuesday related to a cyber attack that may be tied to an Islamic terrorist group, according to a source close to the matter.

The Charlotte, N.C.-based bank’s namesake site, bankofamerica.com, was not loading as of 4:15 p.m. ET and has been inaccessible for some users.

A source confirms to FOX Business that Bank of America’s website was in fact hit by a cyber attack. It was a “technical attack” that was focused on BofA’s domain name service (DNS) infrastructure.

A BofA spokesman said "some customers may experience occasional slowness" but the bank is "working to ensure full availability." BofA wouldn't comment on the attacks specifically, but the spokesman said, "I can tell you we continuously take proactive measures to secure our systems."

A group called “Izz ad-din Al qassam Brigades” has claimed responsibility on PasteBin, which is a forum commonly used by these types of groups, including Anonymous, to issue threats or to brag about cyber attacks. In addition to the BofA attack, Izz ad-din Al qassam also said it is targeting the website of the New York Stock Exchange.

If I were a BoA customer (thankfully I'm not), I would not be doing any on-line banking for this week.

Read more at :
http://www.foxbusiness.com/industries/2012/09/18/bank-america-website-experiencing-sporadic-outages/?cmpid=cmty_twitter_fb


***

[CharleyO]

***

Real-World Developers Still Not Coding Securely

Though secure development lifecycle advocates have shown the cost benefits of catching vulnerabilities before apps go live, organizations still don't embed security into development

The extreme pressure on developers from line-of-business leaders to push out new web application feature sets as quickly as possible, combined with a lack of security development objectives or actionable security guidance, continues to negatively impact web application vulnerability levels. A new study out this week based on a survey conducted by Forrester Research on behalf of Coverity showed web application incidents still remain expensive as a result of these vulnerabilities and are costing some organizations hundreds of thousands to millions of dollars.

Read more at :
http://www.darkreading.com/vulnerability-management/167901026/security/news/240007576/real-world-developers-still-not-coding-securely.html


***

[CharleyO]

***

Exploit beamed via NFC to hack Samsung Galaxy S3 (Android 4.0.4)

According to Erasmus, the exploit was delivered via NFC, the short-range wireless technology allows the sharing of small payloads of data between an NFC tag and an Android-powered device.   The hackers exploited a weakness in the way NFC is implemented in the Galaxy S3 to deliver a malicious file that was automatically opened by the Android document viewer.

Once the file opened, the team exploited a zero-day flaw in the document viewer to launch a code execution attack.  A second Android privilege escalation vulnerability, also zero-day, was then used to get full rights on the device.

Read more at :
http://www.zdnet.com/exploit-beamed-via-nfc-to-hack-samsung-galaxy-s3-android-4-0-4-7000004510/


***

[CharleyO]

***

Majority of companies suffered a web application security breach

Web application security incidents have become increasingly common and expensive, with the majority of companies experiencing at least one breach in the last 18 months and many companies losing hundreds of thousands, if not millions, of dollars as a result, according to Forrester Consulting.

At the same time, the study found that the majority of companies have yet to implement secure development practices, most often citing time-to-market pressures, funding and the lack of appropriate technologies suitable for use during development as their primary roadblocks.

See & read more at :
http://www.net-security.org/secworld.php?id=13613


***

[CharleyO]

***

Anonymous: behind the masks of the cyber insurgents

Since 2008, the internet collective have hacked the CIA, the Sun newspaper, the Church of Scientology and a host of other large corporations, sparking a global police crackdown last year. But who and what are Anonymous? A radical new form of activism – or just bored teenagers? We talk to some of the 'hacktivists' and the experts who tracked them down in the deep web.

For a period in 2011, LulzSec – an offshoot of Anonymous, the internet "hacktivist" collective who came to prominence around the time of the Wikileaks affair – wreaked a trail of chaos across the web. Their actions ranged from the transgressive – they had taken down the CIA's website and hacked into Sony's database and released more than a million user names and passwords – to the absurd: after the American network PBS aired a critical documentary about Julian Assange, LulzSec hacked into their website and replaced the homepage with an article about Tupac Shakur, the (very much dead) rapper, which bore the headline "Tupac Still Alive in New Zealand". During the Arab spring, members of the group hacked and defaced Tunisian and Egyptian government sites. One hacker, Tflow (later discovered to be a 16-year-old London schoolboy), allegedly wrote a webscript that enabled activists to circumvent government snooping.

Read much more at :
http://www.guardian.co.uk/technology/2012/sep/08/anonymous-behind-masks-cyber-insurgents

[CharleyO]

***

Over 9 million PCs infected - ZeroAccess botnet uncovered

ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows.

ZeroAccess uses a peer-to-peer network to download plugin files which carry out various tasks designed to generate revenue for the botnet owners. Our researchers monitored this network for a period of two months to discover where in the world the peers were located and what kind of files the botnet was being instructed to download.

We found the IP addresses of infected machines from a total of 198 countries ranging from the tiny island nation of Kiribati to the Himalayan Kingdom of Bhutan, as can be seen when the infected machines are plotted on a world map.

See & read more at :
http://nakedsecurity.sophos.com/2012/09/19/zeroaccess-botnet-uncovered/?utm_campaign=naked%2Bsecurity&utm_medium=status%2Bmessage&utm_source=twitter


***

[essexboy]

MSFixit to install the  EMET for the IE vulnerability .. Also a patch is being issued tomorrow via windows updates http://support.microsoft.com/kb/2757760

[CharleyO]

***

DoS Attacks Continue to Move Up OSI Stack

Denial of service attacks continue to become increasingly prevalent in the world of the black hat, and also continue to move up the OSI stack from the network level toward the application level, according to the most recent research to be released by Imperva.

 While early versions of DoS attacks that tended to focus at the network layer were aimed at shutting down server ports, the most modern strategies moved straight up the stack to the application level, according to Tal Beery, Security Researcher at Imperva, a Redwood Shores, Calif.-based company focused on application and data security.

Read much more at :
http://www.crn.com/news/security/240007652/imperva-study-dos-attacks-continue-to-move-up-osi-stack.htm?cid=nl_sec&elqTrack=true


***

[CharleyO]

***

Mac Attacks: Top 10 Bugs Targeting Apple

More Secure, Or Maybe Not

While some people claim that Macs are more secure, others maintain that they merely present a lower profile, given that most businesses for a long time standardized almost exclusively on the PC except, of course, for a smattering of artsy folks who were allowed to use Macs.

With the growth of Mac use comes the growth of Mac specific malware. This is in relation to the OS since just a couple of years ago Apple changed from using specialty hardware to becoming just another PC (non-specialty hardware) with a different OS than Windows, etc. Expect to see more Mac malware in the future.

See & read more at :
http://www.crn.com/slide-shows/security/240007729/mac-attacks-top-10-bugs-targeting-apple.htm?pgno=1


***

[CharleyO]

***

New TDL4 Bootkit Malware Variant Hits Fortune 500

Security vendor Damballa Labs has discovered a new variant of the TDSS/TDL4 malware that has apparently hit about 250,000 unique victims and at least 46 Fortune 500 companies, governmental agencies and ISP networks.

 The malware uses highly secure domain generation algorithm (DGA)-based command-and-control (C&C) for communication, providing the controllers with details on click-fraud activity while at the same time avoiding network layer domain blacklists and signature-based filters

Read much more at :
http://www.crn.com/news/security/240007636/new-tdl4-bootkit-malware-variant-hits-fortune-500.htm?cid=nl_sec&elqTrack=true


***

[CharleyO]

***

Microsoft Security Bulletin MS12-063 - Critical

This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.

Read more at :
http://technet.microsoft.com/en-us/security/bulletin/ms12-063


***

[bob3160]

***

Microsoft Security Bulletin MS12-063 - Critical

This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.

Read more at :
http://technet.microsoft.com/en-us/security/bulletin/ms12-063


***

Since this exploit is related to the flash player, there is also an update available for Windows 8.
Reading about it will not help..... Updating will. 

[CharleyO]

***

There is a link for updating in the article.   


***

[bob3160]

***

There is a link for updating in the article.   


***

You don't need a link simply use the Windows Update function.