March 4, Softpedia – (International) Strong SSL/TLS ciphers downgraded to use weak crypto key in FREAK attack. A security researcher at INRIA and the Microsoft Research Team identified a serious vulnerability in the implementation of secure sockets layer (SSL) and transport layer security (TLS) protocols on Apple and Android devices that can be abused through man-in-the-middle (MitM) attacks that capitalize on abandoned policies to force the use of weak RSA keys, potentially leaving a wide range of government and other Web sites vulnerable. The researchers have dubbed the attack FREAK (Factoring RSA Export Keys), and Akamai cloud platform announced that it patched the vulnerability. Source
March 4, Securityweek – (International) Google fixes 51 vulnerabilities with release of Chrome 41. Google addressed 51 security issues and added new apps, extension application program interfaces (APIs), and stability and performance improvements in the release of Google Chrome version 41. The addressed vulnerabilities include 13 high-severity and 6-medium-severity issues discovered by external researchers. Source
March 3, Softpedia – (International) Banking malware targets almost 1,500 financial institutions in 86 countries. Security researchers from Symantec reported an analysis of 999 banking malware configurations that targeted 1,467 financial institutions worldwide in 2014, most of which were in the U.S. where consumers have been attacked with 95 percent of the trojans analyzed. The analysis also revealed that 4.1 million users’ systems had been compromised in 2014. Source
March 3, Threatpost – (International) New POS malware uses mailslots to avoid detection. Security researchers from Morphick discovered that the new LogPOS point-of-sale (PoS) malware uses Microsoft Windows’ mailslots technology to avoid detection, inject code, and act like a client while it relays stolen payment card numbers to a command and control (C&C) server. Source
Citrix announced the release of XenMobile 10 this past January although it was officially available for download in February. XenMobile 10 brings some new features and some much needed enhancements.
New Features and Enhancements
I will not go over all the new stuff (you can read that here), however I do want to go over the new features and enhancements that I have heard many customers requesting.
- XenMobile Server – Citrix combined the AppController and XenMobile Device Manager server into a single virtual appliance (XenServer, vSphere and Hyper-V). This is huge as architecture and administration are much easier.
- Policy creation – in the past, XenMobile required a policy to be created for a specific mobile OS, now we can create a single policy that can be applied for IOS, Droid and Windows devices.
- HA/DR – with previous versions setting up high availability and disaster recovery for XenMobile was, to put it nicely, a pain. With XM 10, it is much more straightforward due to the consolidation of services and the virtual appliance.
- Worx enhancements – there are many new features within the core Worx apps (WorxMail, WorxWeb, etc.). One I would like bring up specifically as I know it has been asked in the past is that WorxNotes now has Exchange support.
As mentioned, there are other features/enhancements that were released but I have heard customers ask for the items mentioned above. For existing XenMobile customers Citrix has an upgrade tool from version 9 to 10. For more information please contact your Gotham Account Manager.
March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue. Source
March 2, Softpedia – (International) Privilege escalation glitch found in Toshiba software. SmartNet researchers discovered a path privilege escalation vulnerability in Toshiba’s Bluetooth Stack for Windows and Service Station that could allow attackers to take over control of computers by implementing malicious programs, and alter or delete information stored on hard disks. Toshiba released updates for its vulnerable products. Source
March 2, Softpedia – (International) Vulnerabilities in Blu-ray players open door for network compromise. Security researchers at NCC Group discovered security flaws in the software and hardware of Blu-ray players that could allow attackers to use poorly implemented Java to create malicious discs in order to bypass auto-run protection mechanisms through a sandbox escape and execute arbitrary code automatically. The second vulnerability was achieved by launching a library from a USB drive plugged into the device and the Web browser which could allow modifications of the firmware in order to remove anti-piracy technology. Source
March 2, Information Week Dark Reading – (International) Uber Takes Over 5 Months To Issue Breach Notification. 50,000 Uber drives just being told now that their names and license numbers were exposed. Uber, the service that allows users to hire cars or conduct ride shares via mobile app (which has been banned in several cities), announced last Friday that it had experienced a data breach that exposed the names and license numbers of approximately 50,000 current and former Uber drivers. Source
February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source
February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be sent from proxies to their denial of service (DDoS) targets. Researchers identified more than 150,000 potential Joomla reflectors on the internet, many of which remain vulnerable to be used for this type of attack. Source
February 25, Threatpost – (International) Ramnit botnet shut down. Europol Cybercrime Centre (EC3) investigators, Microsoft, AnubisNetworks, and Symantec carried out an operation to shut down the Ramnit botnet’s 7 command and control (C&C) servers and redirected traffic from 300 domains used by the botnet. EC3 estimated that more than 3.2 million Windows computers have been infected with the botnet via spam campaigns, phishing scams, and drive-by downloads that installed malicious code to grant attackers access to banking credentials and other log-in information. Source
February 24, Securityweek – (International) McAfee: Popular mobile apps remain vulnerable to MitM flaws found last year. Intel Security’s McAfee Labs reported that almost 75 percent of the most popular mobile apps found vulnerable to man-in-the-middle (MitM) attacks remain exposed to attacks since they were first identified in a September 2014 analysis by the Computer Emergency Response Team (CERT) at Carnegie Mellon University. Source