-
« Home
Pages
-
Categories
- Categories
- About OSG
- Adobe
- AI
- Amazon
- Android
- Anti-Virus
- Apple
- Attacks
- Banking trojan
- Breaking
- Business Continuity
- Card theft
- CISA
- Cloud
- Community
- Computers and Internet
- COVID
- Cryptocurrency
- Cyber security
- DDoS
- Disaster Recovery
- Dont wait
- End of Life
- Endpoint Security
- EV
- Exploit Warning
- FBI
- Fraud
- HAck
- Hoax
- IDN homograph attacks
- Insider threat
- IoT
- Leaked Credentials
- Linux
- Malware
- MichTech360.com News
- Microsoft
- Microsoft Patches
- Misconfiguration
- Mozilla
- NIST
- O365
- Online Fraud
- Outage
- Patch Available
- Patch Management
- Phishing
- POC
- POS
- Privacy
- Privacy Alert
- ransomware
- SAP
- Scam
- Security Education
- Skimming
- Smartphones
- Social Engineering
- Social Media
- Spam
- Supply Chain
- Supply Chain Attack
- Support OSGonline
- Technology
- Uncategorized
- Virus
- VPN
- Vulnerability
- WFH
- Windows 10
- Wireless
- WordPress
- Work Life Balance
- Zero Day
- Categories
-
Archives
- May 2024
- April 2024
- March 2024
- January 2024
- December 2023
- November 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- April 2014
- May 2013
- June 2012
- March 2012
- December 2011
- November 2011
- August 2011
- July 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- November 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- April 2008
- February 2008
- September 2007
- August 2007
- July 2007
- June 2007
- January 2007
- December 2006
Monthly Archives: January 2010
While reading the Windows story in the ISC site, I was drawn to mention of an Apple Security Update that was released today. It contains numerous updates for various MAC OS X 10.x operating systems. These are the kind of issues that the MAC faithful don’t mention when they declare their OS of choice is so “secure” and not subject to the kinds of problems that MS operating systems are. Taken from the Apple Security Update:
- Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution
- A remote attacker may cause an unexpected application termination of cupsd
- Multiple vulnerabilities in Adobe Flash Player plug-in
- Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
- Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution
- An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
The link to the Apple update: http://support.apple.com/kb/HT4004
As if things weren’t troubling enough for Microsoft, another vulnerability disclosed today and included exploit code. The Internet Storm Center (ISC) mentions that this vulnerability exists in operating systems dating back to Windows NT 3.1 and involves the support for 16-bit applications. It continues through all versions of Windows since then, including Windows 7 and Windows Server 2008. The release was posted to a security email list.
The email author claims that nothing malicious was intended by the release and that he notified Microsoft of the vulnerability in June of 2009. No patch is available and the vulnerability remained undisclosed until today. To demonstrate his desire to have the vulnerability patched, the author detailed workarounds to mitigate this vulnerability, including providing links YouTube videos.
This vulnerability has considerable potential. We’re frankly surprised that there hasn’t been more public mention of this vulnerability; especially with exploit code having been released with the notice. Privilege escalation means that code of choice can be run with additional security rights either by a user or by a remote attacker.
MS announced they will be releasing a patch for the Internet Explorer vulnerability before the regular cycle in February. Commercial administrators will want to review the impact of the patch and test it. Residential customers will want to plan on getting the patch during Windows Update that will most likely run at night.
As mentioned previously, this vulnerability is already being exploited, which makes this a serious concern. Be sure to get the patch manually at home if you don’t have Windows Update set to run automatically.
A few days ago, Microsoft released an advisory about a vulnerability in Internet Explorer that is being exploited. According to a McAfee blog, this vulnerability was used in the attacks on Google in China earlier in the week. McAfee found this vulnerability while researching attempted penetration into several large organizations. Although most visible attacks have been against Internet Explorer 6.0, IE versions 7 and 8 are also vulnerable on all recent versions of Windows; that’s workstations AND servers.
United States Computer Emergency Readiness Team (US-CERT) issued Vulnerability Note VU#492515 on the subject. In it, they recommend the following workarounds:
- Set the Internet zone security setting to "High"
- Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone
- Enable DEP for Internet Explorer 6 Service Pack 2 or Internet Explorer 7
This vulnerability allows remote execution of the code of choice of the attacker. Internet Explorer is “less” vulnerable if Data Execution Prevention (DEP) is enabled. This is enabled by default in IE8. To help users enable DEP, they have provided a Knowledge Base article with a clickable “FIX IT NOW” wizard to turn it on. You can find it here. Microsoft further makes recommendations on their site dedicated to “Online Safety”.
McAfee has assigned moniker “Operation Aurora” to this attack. With the events of the Haiti Earthquake and relief efforts, news stories surrounding the Massachusetts special election next week and Health Care Reform proceedings, and any other social newsworthy event, this security concern is not going to go away soon; especially when “news” consumers are sure to click on any sensational report.
No patch is available yet and may not be until the normal patch cycle (next one in February). Malware authors are expected to “turn up the heat”. Don’t be surprised if additional attacks are found in mailboxes tonight and tomorrow.
As expected, many of the domains that were being registered are malicious. According to ZDnet, several hundred that have been found are serving up malware that is pretending to be anti-virus and system messages.
The end result is bogus content related to Red Cross and other relief efforts. Google searches reveal the sites are already appearing in the first 10 slots in returns. Sunbelt Software identify one here:
The Internet Storm Center (ISC) has another picture here:
In a press release issued today, the FBI has issued a fraud alert to remind internet users that they should be very cautious when approached about donations for relief efforts. The emotion being played out in on TV and the internet makes the public easy prey for criminals. Using tragedies from the past, the FBI recommends the following when considering donations:
- Do not respond to any unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
- Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail or social networking sites.
- Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group’s existence and its nonprofit status rather than following a purported link to the site.
- Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
- Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
- Do not give your personal or financial information to anyone who solicits contributions: Providing such information may compromise your identity and make you vulnerable to identity theft.
Computer security experts have always warned about public events that become instruments of attack. Like watching a car wreck, we are attracted to the promise of disaster videos. For others, the calling to "help" causes them to click on links in emails when faced with a donation need. Unfortunately, the vast majority of these are bogus emails with ill intent.
The Internet Storm Center (ISC) posted a reminder of these possibilities in a detailed article here.
I wouldn’t find it surprising if emails started showing up in mailboxes about the recent Tonight Show debacle.
OSG: Bits, Bytes and Packets 