Researchers have uncovered active malware attacks that exploit a critical and previously unknown vulnerability in the latest versions of Microsoft’s Internet Explorer browser.
The attacks are being waged by the same malware group that recently exploited a separate, zero-day vulnerability in Oracle’s Java software framework. The attacks install the Poison Ivy backdoor trojan when unsuspecting people browse a booby-trapped website using a fully patched version of Windows XP running the latest versions of IE 7 or IE 8, according to a blog post published Monday Morning by Jaime Blasco, a researcher with security firm Alien Vault.
The underlying vulnerability can be exploited on many computers running Windows Vista and Windows 7, and it also affects version 9 of the Microsoft browser, said HD Moore, CSO of security firm Rapid7 (and the chief architect of the open-source Metasploit tool kit used by penetration testers and hackers). He said a Metasploit module researchers already added to the framework works against the later operating systems when Oracle’s Java Standard Edition 6 or Microsoft’s Visual C runtime library is installed. The software add-ons make otherwise protected systems vulnerable by allowing attackers to bypass a malware defense known as ASLR, or address space layout randomization, that debuted in Windows Vista.
“What may be most worrying is that Windows Vista and 7 don’t protect you,” Moore told Ars. “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS. The surprising thing about this is the fact they (Metasploit researchers) got to work across every one of these platforms.”
The exploits circulating in the wild may be relying on other methods to override the more limited defenses included in the Service Pack 3 version of Windows XP. According to Eric Romang, the researcher who disclosed the IE attacks over the weekend, they require the victim to be running Adobe’s Flash Player, possibly to carry out what’s known as a “heap spray” (another technique for bypassing ASLR). The attacks are being carried out by the same gang that waged the recent stealth attacks against critical vulnerabilities in Java. The files used in the latest wave of attacks (cataloged here, here, here, and here) had little or no detection by the 34 most widely used antivirus programs, at least at the time Romang published his blog post. It wouldn’t be surprising for detection to ramp up quickly in the next few hours.
Yunsun Wee, director, Microsoft Trustworthy Computing, said in a statement that Microsoft is aware of “targeted attacks potentially affecting some versions of Internet Explorer” and are investigating.
“We have confirmed that Internet Explorer 10 is not affected by this issue,” she wrote. She went on to recommend customers install EMET 3.0. Short for Enhanced Mitigation Experience Toolkit, the Microsoft utility brings enhanced security protections to Windows, particularly earlier versions of the operating system. Later in the day, Microsoft expanded on those recommendations in an advisory posted to the company’s website.
Read the rest of the story at http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/
In a news article from ExtraTorrent site, Australian authorities have attested that Romanian hackers have somehow managed to steal over $25,000,000 from 500,000 Australian credit cards. According to the report there are only four people involved in the crime and they are still at large.
The country’s Federal Police is currently working with international law enforcement agencies an attempt to arrest the organized online hackers. The intrusion seems to have come after the attackers took out a number of merchants whose individual computer systems appeared to be compromised.
News data say that there’s evidence that the same hacker group has been responsible over a hack into of the American chain of Subway restaurants.
Four citizens of Romania have in effect been accused over millions of dollars in credit card fraud that affected around 80,000 bank customers. The so-called “syndicate” used to find its targets by simply scanning the website for vulnerable point of sale terminals. The Australian Police claimed that the borderless nature of this law-breaking would cause much of the new trouble for the authorities authorities. The matter is that not only do the police need to co-operate with other enforcement agencies, but also require international and private sector co-operation in order to track and to take down the criminals.
However, this is obviously not very easy to do. The police can’t take down the online hackers because they are finding even softer potential victims with local chippies with vulnerable and open point of sale machines than the attackers do with either banks or supermarket chains.
In order to prevent credit card theft or other cyber criminal activity, businesses are advised to secure their computer terminal with the latest intrusion prevention softwares.
Tinman Michael Dell got furious with his teen daughter after the girl made a mockery of the $2,700,000 Dell annually spent on security protection of his family.
Numerous media reports confirmed that Michael Dell had to shut down his daughter Alexa’s Twitter account after the girl revealed so much about both his and her movements online that it was very easy to plan any kind of attack.
Alexa Dell, 18 years old, has been detailing her every move on social networks like Twitter and Facebook down to the exact arrival times in New York and a list of her favorite shopping hot spots. This actually was enough to give her minders a heart attack, because such information allowed any kidnapper to work out a decent plan. The last straw was when Alexa Dell went as far as to publish her high school graduation dinner invitation which foretold the place and the time her parents would be within a few of weeks.
In the meantime, Michael Dell pays around $2,700,000 annually for the security protection of his family, including Alexa, who makes it almost impossible to keep her movements in secret. The estimations were provided from Dell’s regulatory filings.
Children publishing on social networking services are fast becoming a nightmare for the security companies who are hired to look after rich CEOs and their families. Aside from kidnapping, the posting personal data on social media websites can lead to various security breaches. For instance, a well informed hacker can use some of the posted information to guess passwords and try to hack private and business emails or servers. Such intrusions may have inexplicable consequences.
Image credit to: The Telegraph via Facebook.
A new piece of malware is trying to take advantage of Opera’s popularity as a mobile browser alternative on Android smartphones. Cybercriminals have created a new variant of Opfake that bundles the real Opera Mini version 6.5 so as to further mask what the malware is actually doing (earning its creators money from unsuspecting users by sending international text messages). GFI, which first discovered the malware, is calling this particular threat Trojan.AndroidOS.Generic.A. The package is named “com.surprise.me” while the file name is “opera_mini_65.apk” (both can easily be changed).
As you can see above, two sets of “Permission to Install” pages are displayed during installation. The first (above in the middle), comes from the malware itself: it asks for read and modify rights to all SMS and MMS messages, read rights to all contacts stored on the smartphone, modify or delete rights to the SD card, and so on. The second (above on the right) one appears once users agree to install the first, which is simply the permissions required for the legitimate Opera Mini browser.
This particular threat is interesting because it shows that OpFake is evolving. Instead of trying to mimic a popular app, OpFake now simply installs the real version. As a result, the user is less suspicious that something is wrong. “More than likely, users will not be aware that something might have infiltrated their phones until the bill arrives,” a GFI spokesperson said in a statement.
read the rest of the story at ZDNet
Two U.S. senators are calling for a federal investigation of the power grid’s potential cybersecurity vulnerabilities after a CNET article last month raised security concerns.
The request for a probe comes from Sens. Joseph Lieberman (I-CT), the chairman of the Senate Homeland Security Committee, and Susan Collins (R-ME), the panel’s senior Republican, who warned that lapses “could undermine part of the security system protecting our grid.”
They sent a letter yesterday to the Federal Energy Regulatory Commission asking for an “expeditious comprehensive investigation into these allegations,” which deal with digital signatures the industry uses for authentication.
A FERC spokesman responded to a request for comment this afternoon by saying: “We don’t comment publicly on letters from members of Congress. The commission will respond to the senators in due course.”
Jesse Hurley, co-chair of the North American Energy Standards Board’s Critical Infrastructure Committee, told CNET last month that the mechanism for creating digital signatures is insufficiently secure because not enough is being done to verify identities and some companies are attempting to weaken standards to fit their business models.
“These certificates protect access to control systems,” Hurley said. “They protect access to a $400 billion market. They protect access to trading systems. They also protect access to machines that do things like turn generators off. If you issue a fraudulent certificate or you’re lax… the consequences could be disastrous.” The U.S. electrical grid has already become a target of cyberattacks, with Chinese and Russian hackers reportedly penetrating it over the Internet.
read the story at ZDNet