IT Security Alerts
Information Security Alerts
IT Security Alerts
Information Security Alerts
A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we are seen reports from iSight identifying a cyber espionage campaign already in progress to compromise exposed system
The vulnerability Exploitation is identified by CVE-2014-4114, and also known as Sandworm. It was been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is reported as been used in early September to infect victims with malicious attachments, primarily PowerPoint files. Although the attackers used PowerPoint as its attack vector.
The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.
The Risk level appears high, because if one group could design a worm to exploit the hole, then someone will try to recode the worm and make it wide spread.
Impact – we are only at the early stage of trying to understand what we are looking at. But the if the vulnerability allows the possibility to download and execute a file that the potential impact is extremely High
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign – See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.mDSsxZ8j.dpuf
Russian Hackers Target EU, NATO
Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?
Report from SAMS ISC
Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)
Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX
How to fix bash code injection flaw on CentOS/RedHat 6x Server
HackerKast Shellshock- September 25, 2014 – WhiteHat Security
Cyber Criminals are starting a Skype based campaign aimed at spreading malicious software. We have heard reports of many users reported receiving messages that appear to come from their friends in their Skype contact lists. These messages are part of a a social engineering agains skype user.
Due to a security flaw in the Samsung Galaxy S3 your phones data can be wipe just by surfing web pages (on a compromised website). Hackers have become aware of this security flaw and they are placing hidden code in webpages that will trigger the remote wipe feature of this phone without the permission or any input from the phones user. This code is presently circulating online through websites but it’s also possible that attackers may adopt the code to a test message distribution method, QR code or NFC tag.
Other reports on the internet are saying that they have uncovered more codes built into Samsung devices that could be used in other attacks like killing the phones SIM card. Beside claim we have not seen any evidence of such code yet.
It is also believed that this code may also trigger a factory reset on Galaxy S2 and other Samsung devices that use Samsung's "TouchWiz" interface.
How to Protect you self for this issue:
Backup you Smart Phone content, and check regularly on the Samsung website to see if they have released an update to fix your phone.
The only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps.
How to Test your Phone
You can test your phone by entering any one of the two codes provide here:
Please make BACKUP of your all data on your phone before use this code because it you phone is vulnerable the code will wipe all data on your phone and reset it back to factory default.
Devices from other Android manufacturers appear to be unaffected
This morning a Social Engineering attack targeting people in Ireland was identified. The attackers are trying to trick people into going to their website, by sending people a fake email that is made to look as if it has come from the Irish Revenue about a tax refund.
The domain been used for this attack is registered to an address in Australia
If you recieve this email do not click on hte link
From: Revenue – Irish Tax & Customs Notice <firstname.lastname@example.org>
Date: 30 July 2012 07:32:47 GMT+01:00
Subject: Online Security Notification
This e-mail has been sent to you by Revenue – Irish Tax & Customs to inform you that we must pay you back 278 EUR.
Please allow 2 weeks for you money to be availabe in your account.
To ensure that your service is not interrupted, we request you to confirm and update your information today by following the link below:
Thank you for your prompt attention to this matter. Do not reply to this e-mail.
© Revenue – Irish Tax & Customs 2012
From: kimberly krause [mailto:email@example.com]
Sent: Friday, March 16, 2012 9:19 PM
Subject: my fund release
I have know ben told buy the bank of new york that my funds have ben put in to bank of amierca and bank of amierca is saying that they need a document from you claiming my 10.5 mill in funds are not a scam or some thing to that mater can you please give them what they are requesting that way I can get my long overdue funds THANK YOU SINCERLY MRS.KIMBERLY KRAUSE
An internet Scam target at Bank of Ireland 365 customer has been detected. The Hackers are sending email to targeting Irish email address with a message saying that your account has been temporally limited. This emails is designed to look as if it has come from Bank of Ireland 365 online banking. The emails that we have received have not come from Bank of Ireland and the link in the email does not take you to a bank of Ireland server. This is a social engineering attack by cybercriminal to steal your banking login details.
If you have already fallen victim to this attack change your banking login details immediately.
From: 365 Online [mailto:firstname.lastname@example.org]
Sent: Friday, March 09, 2012 12:45 PM
Subject: Your account has been temporarily limited. ID: 201203WJS2
Your account has been temporarily limited.
To remove the limitation from your account
please confirm your credit card details on file.
For confirmation, please click the link below:
Sign In to 365online account – (Link to fake website desgned to look like 365 Online).
We apologise for any inconvenience caused.
If you are a user of Norton Antivirus software, this is not the news you want to hear. According to reports Symantec has confirmed that they were compromised by a group of hackers known as “The Lords of Dharmaraja”. This hacking group claim they have possession of the Norton Antivirus source. According to Symantec the code is from old Norton versions, some ov which are no longer sold.
The hacking group made claim that they will publishing the source code on line. The fear is that other hackers will use this information to craft virus/code to exploit the antivirus. Knowing how the software identifies malicious processes could allow a hacker to work around it. However the potential damage this code can cause is only something Symantec knows.
We have seen some reports that claim the code was not stolen from Symantec directly but from a Third Party.
The hackers claim to be from India and call themselves The Lords of Dhamaraja.
Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Thursday, September 15, 2011 11:06 AM
Subject: [Spam] FDIC: About your business accounts
Dear Business Owner,
We have important information about your financial institution.
Please click here to find further details.
This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership
Questions for FDIC?