Security Alerts

IT Security Alerts
Information Security Alerts

A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we are seen reports from iSight identifying a cyber espionage campaign already in progress to compromise exposed system

The vulnerability Exploitation is identified by CVE-2014-4114, and also known as Sandworm. It was been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is reported as been used in early September  to infect victims with malicious attachments, primarily PowerPoint files. Although the attackers used PowerPoint as its attack vector.

 

The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

 

Risk Level

The Risk level appears high, because if one group could design a worm to exploit the hole, then someone will try to recode the worm and make it wide spread.

Impact – we are only at the early stage of trying to understand what we are looking at. But the if the vulnerability allows the possibility to download and execute a file that the potential impact is extremely High

 

http://www.tripwire.com/state-of-security/incident-detection/microsoft-windows-zero-day-exploit-sandworm-used-in-cyber-espionage-cve-2014-4114/

 

iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign – See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.mDSsxZ8j.dpuf

http://www.isightpartners.com/2014/10/cve-2014-4114/

.

 

http://www.theregister.co.uk/2014/10/14/isight_microsoft_announce_windows_and_windows_server_0day/


.

.
Russian Hackers Target EU, NATO

Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?

 

Report from SAMS ISC

 

Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)

 

 

Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX

 

 

How to fix bash code injection flaw on CentOS/RedHat 6x Server

 

 

HackerKast Shellshock- September 25, 2014 – WhiteHat Security

 

A number of UK, US and Australian iPad and iPhone users are experiencing some issues with their Apple devices. A message, saying something like this is popping up on their screens:
 
iPhone's and iPads under attack
 
Device hacked by Oleg Pliss. For unlock device…
In order to unlock the device Mr Pliss is asking for the modest sum of $100/€50 Now.. although the mechanism used to hack these accounts is still unclear, it seems the attackers got hold of the victims' iCloud login credentials and locked their devices remotely. It is speculated that the attackers got hold of these credentials from another data breach and just guessed that Apple users would use the same information.
 
If you haven't become a Victum of this attack
 
  1. Enable 2FA (2-factor authentication) right now for your iCloud account. This will prevent someone holding your iCloud login details to access it. Instructions on how enable 2FA can be found on Apple's support site: http://support.apple.com/kb/HT5570
  2. Change your iCloud password as a preventive measure, especially if you are using the same password for different sites. Instructions on how to do this can be found on Apple’s support site: http://support.apple.com/kb/PH2617
  3. Don’t pay the ransom
 
Steps to take so you do not become a Victum
 
  1. If the attackers have set a passcode on your device, instructions on how to bypass the lock can be found on Apple's support site: http://support.apple.com/kb/ht1212 However, this requires resetting the device, which would erase all information that is not backed up.
  2. In case you cannot recover control of your device, you might need to contact Apple’s support customer care. Here are the phone numbers: http://support.apple.com/kb/he57
 
 
 
This attack is believe to have originated from a physhing email attack where user were informed their "Apple ID has been Disabled for Security Reasons!" which was acutall a tricl to steal their apple login details

Cyber Criminals are starting a Skype based campaign aimed at spreading malicious software. We have heard reports of many users reported receiving messages that appear to come from their friends in their Skype contact lists. These messages are part of a a social engineering agains skype user.
 

Read More: http://countermeasures.trendmicro.eu/skype-worm-spreading-fast/

Due to a security flaw in the Samsung Galaxy S3 your phones data can be wipe just by surfing web pages (on a compromised website). Hackers have become aware of this security flaw and they are placing hidden code in webpages that will trigger the remote wipe feature of this phone without the permission or any input from the phones user. This code is presently circulating online through websites but it’s also possible that attackers may adopt the code to a test message distribution method, QR code or NFC tag.

Other reports on the internet are saying that they have uncovered more codes built into Samsung devices that could be used in other attacks like killing the phones SIM card. Beside claim we have not seen any evidence of such code yet.

It is also believed that this code may also trigger a factory reset on Galaxy S2 and other Samsung devices that use Samsung's "TouchWiz" interface.

How to Protect you self for this issue:
Backup you Smart Phone content, and check regularly on the Samsung website to see if they have released an update to fix your phone.
The only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps.

How to Test your Phone
You can test your phone by entering any one of the two codes provide here:

*2767*688#
or
*2767*2878#

Please make BACKUP of your all data on your phone before use this code because it you phone is vulnerable the code will wipe all data on your phone and reset it back to factory default.

Devices from other Android manufacturers appear to be unaffected
 

Internet Scam Alert

This morning a Social Engineering attack targeting people in Ireland was identified. The attackers are trying to trick people into going to their website, by sending people a fake email that is made to look as if it has come from the Irish Revenue about a tax refund.

The domain been used for this attack is registered to an address in Australia

 

If you recieve this email do not click on hte link

 

From: Revenue – Irish Tax & Customs Notice <service@revenue-refund.com>
Date: 30 July 2012 07:32:47 GMT+01:00
To: <
>
Subject: Online Security Notification


Revenue – Irish Tax & Customs Online Confirmation

This e-mail has been sent to you by Revenue – Irish Tax & Customs to inform you that we must pay you back 278 EUR.
Please complete all the information to process your refund

Please allow 2 weeks for you money to be availabe in your account.
Total refund amount: 278 EUR

To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:

Revenue – Irish Tax & Customs Online Confirmation

Thank you for your prompt attention to this matter. Do not reply to this e-mail.
Mail sent to this address cannot be answered.

Member 818779

© Revenue – Irish Tax & Customs 2012

SCAM ALERT

From: kimberly krause [mailto:kkrause0911@gmail.com]
Sent: Friday, March 16, 2012 9:19 PM
To:

Subject: my fund release

 

Message body:

I have know ben told buy the bank of new york that my funds have ben put in to bank of amierca and bank of amierca is saying that they need a document from you claiming my 10.5 mill in funds are not a scam or some thing to that mater can you please give them what they are requesting that way I can get my long overdue funds THANK YOU SINCERLY MRS.KIMBERLY KRAUSE

 

Internet SCAM

An internet Scam target at Bank of Ireland 365 customer has been detected. The Hackers are sending email to targeting Irish email address with a message saying that your account has been temporally limited. This emails is designed to look as if it has come from Bank of Ireland 365 online banking. The emails that we have received have not come from Bank of Ireland and the link in the email  does not take you to a bank of Ireland server. This is a social engineering attack by cybercriminal to steal your banking login details.

If you have already fallen victim to this attack change your banking login details immediately.

 

————————————————————————————–.

From: 365 Online [mailto:no-reply@365online.ie]
Sent: Friday, March 09, 2012 12:45 PM
To: niall@securityitrust.com
Subject: Your account has been temporarily limited. ID: 201203WJS2

 

Bank of Ireland 365 internet scam

Dear Customer,

Your account has been temporarily limited.
To remove the limitation from your account
please confirm your credit card details on file.

 

For confirmation, please click the link below:

Sign In to 365online account  – (Link to fake website desgned to look like 365 Online). 

We apologise for any inconvenience caused.
Thank you.

——————————————————–.

If you are a user of Norton Antivirus software, this is not the news you want to hear. According to reports Symantec has confirmed that they were compromised by a group of hackers known as “The Lords of Dharmaraja”.  This hacking group claim they have possession of the Norton Antivirus source. According to Symantec the code is from old Norton versions, some ov which are no longer sold.

The hacking group made claim that they will publishing the source code on line. The fear is that other hackers will use this information to craft virus/code to exploit the antivirus. Knowing how the software identifies malicious processes could allow a hacker to work around it. However the potential damage this code can cause is only something Symantec knows.

We have seen some reports that claim the code was not stolen from Symantec directly but from a Third Party.

The hackers claim to be from India and call themselves The Lords of Dhamaraja.

 

  1. —   ——–  —–  
  2. \  \ \ \_\   \/  /\ \
  3.  \  \ \ \_\  / \ \_\ \
  4.  /  _\/_/  \_\  \_\ \_\,,,^++^,,,
  5. /__/TEAM++The Lords of Dharmaraja++
  6. Releze 003+
  7. +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Scam Alert

From: insurance@fdic.gov [mailto:insurance@fdic.gov]
Sent: Thursday, September 15, 2011 11:06 AM
To:
Subject: [Spam] FDIC: About your business accounts

 
Dear Business Owner,
 
We have important information about your financial institution.
Please click here to find further details.
This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership
________________________________________
 
Questions for FDIC?
Contact Us