SECURITY WARNINGS & Notices - Please post them here

[Asyn]

GlobalSign suspend issuing SSL certificates
http://www.h-online.com/security/news/item/GlobalSign-suspend-issuing-SSL-certificates-1338634.html

[Left123]

Win32/Delf.QCZ also known as "Avast enchanced protection mode"
Additional details http://www.eset.com/about/blog/blog/article/win32delf-qcz-additional-details/

Something interesting and new?

When someone logs in from the infected computer, the credentials are stored in the registry.

[Pondus]

Mouse attack   


Netragard’s Hacker Interface Device (HID).
http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/

We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas. With all of these limitations in place, we were tasked with penetrating into the network from the perspective of a remote threat, and succeeded.

[Nesivos]

Sorry if this is a double post

Monthly Malware Statistics: August 2011
August in Figures

The following statistics were compiled in August using data collected from computers running Kaspersky Lab products:

193,989,043 networks attacks were blocked;
64,742,608 web-borne infections were prevented;
258,090,156 malicious programs were detected and neutralized on user computers;
80,155,498 heuristic verdicts were registered.

August is traditionally one of the busiest months for the information security industry, despite the summer holiday season. Two of the top security conferences take place in August in the US: BlackHat and Defcon. These two events are a popular platform for announcing the results of top studies and not only discuss the results of the past year, but address the issues looming on the horizon. New attack methods are discussed at the conferences, in addition to different hacking technologies — some of which, unfortunately, are subsequently applied in malicious programs. Furthermore, the summer holiday season creates additional problems for individual computer users and organizations alike. People on vacation use the Internet more frequently at Internet cafes, free WiFi hotspots, airports, etc., which means they are outside of their usual security perimeter and have higher chances of becoming the victims of malicious users.

Out-of-the-box activity

Let’s take a closer look at some of the new malicious programs and malicious technologies employed by “the other side” in August.

Ice IX: the bastard child of ZeuS

http://www.securelist.com/en/analysis/204792190/Monthly_Malware_Statistics_August_2011

[Asyn]

Security breach on kernel.org
http://kernel.org/#news
http://linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/
http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html

Security breach at Linux Foundation
http://www.h-online.com/open/news/item/Security-breach-at-Linux-Foundation-1340733.html

[Asyn]

GlobalSign suspend issuing SSL certificates
http://www.h-online.com/security/news/item/GlobalSign-suspend-issuing-SSL-certificates-1338634.html

Incident Response
http://www.globalsign.com/company/press/090611-security-response.html

[Asyn]

Return of the BIOS trojans
http://www.h-online.com/security/news/item/Return-of-the-BIOS-trojans-1341421.html

[Pondus]

more on BIOS malware

Malware burrows deep into computer BIOS to escape AV - Mebromi rootkit also targets master boot record
http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/

[Pondus]

Android banking trojan intercepts security texts - Thought you were so clever, Mr Banker Guy
http://www.theregister.co.uk/2011/09/14/spyeye_targets_android_phones/

[CharleyO]

***

Adobe 'Critical' Security Update Removes Fraudulent DigiNotar Certificates

Adobe (NSDQ:ADBE) joined Microsoft (NSDQ:MSFT) with its own “Patch Tuesday,” issuing a security update that repaired a slew of critical flaws in numerous versions of Reader and Acrobat products, including potential vulnerability to attacks resulting from fraudulent DigiNotar certificates.

Specifically, the Adobe security update repaired critical flaws in Adobe Reader 10.1 and earlier versions for Windows and Mac OS X, as well as Adobe Reader 9.4.2 and earlier versions for UNIX and Adobe Acrobat X and earlier versions for Windows and Mac OS X.

http://www.crn.com/news/security/231601428/adobe-critical-security-update-removes-fraudulent-diginotar-certificates.htm;jsessionid=PCjw2qxsScayBtDzSLwHzw**.ecappj01?cid=nl_sec


***

[CharleyO]

***

Microsoft Fixes Office, Excel Flaws In 'Non-Critical' Patch Tuesday Release

Microsoft (NSDQ:MSFT) issued a modest patch load for its September Patch Tuesday release, but coupled the security bulletin with yet another update blacklisting more fraudulent DigiNotar SSL certificates.

Microsoft’s Patch Tuesday bulletin mildly surprised the security community by containing just five updates, none of which were deemed with the highest severity ranking of "critical."

http://www.crn.com/news/security/231601362/microsoft-fixes-office-excel-flaws-in-non-critical-patch-tuesday-release.htm?cid=nl_sec


***

[Asyn]

Report: Japanese defence contractor hacked
http://www.h-online.com/security/news/item/Report-Japanese-defence-contractor-hacked-1345461.html
http://www.reuters.com/article/2011/09/19/mitsubishiheavy-computer-idUSL3E7KJ0BD20110919

[Hermite15]

Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

[Asyn]

Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Thanks for that info logos..!

[Hermite15]

Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Thanks for that info logos..!

yeah this could be the worse security related disaster ever.