March 7, Help Net Security – (International) Siesta cyber espionage campaign targets many industries. Researchers at Trend Micro discovered a cyberespionage campaign dubbed Siesta that is targeting several industries, including energy, financial services, healthcare, and defense. The campaign uses malware that enters dormancy at regular intervals and when active, sends out spoofed emails to various companies containing a malicious link that drops both a legitimate .pdf file and a malicious executable file. Source: http://www.net-security.org/secworld.php?id=16490
March 7, Softpedia – (International) Over 40 bugs, including 4 security vulnerabilities, fixed in Joomla 3.2.3. The newest version of Joomla, Joomla 3.2.3, was released for download, closing four security vulnerabilities. Users were advised to update their installations immediately. Source: http://news.softpedia.com/news/Over-40-Bugs-Including-4-Security-Vulnerabilities-Fixed-in-Joomla-3-2-3-431030.shtml
March 7, The Register – (International) comiXology’s Phantom Zone breached by villainous Haxxor. E-comics service comiXology informed customers that attackers had breached its systems and accessed a database containing usernames, email addresses, and encrypted passwords. All customers were required to change their passwords as a precaution. Source: http://www.theregister.co.uk/2014/03/07/comixologys_phantom_zone_breached_by_evil_haxxor/
March 6, SC Magazine – (International) ‘Dendroid’ RAT trojanizes apps, enables compromise of Android devices. A researcher at Symantec reported discovering a new HTTPS remote access trojan (RAT) dubbed Dendroid for sale on underweb marketplaces. Dendroid allows attackers to add malicious code to legitimate Android apps in order to gain remote access to infected devices. Source: http://www.scmagazine.com/dendroid-rat-trojanizes-apps-enables-compromise-of-android-devices/article/337191/
March 6, IDG News Service – (International) Cisco patches flaws in routers, wireless LAN controllers. Cisco Systems released firmware updates for several models of small business routers and wireless LAN controllers, addressing vulnerabilities that could allow attackers to compromise devices or perform denial of service (DoS) attacks. Source
March 5, V3.co.uk – (International) ChewBacca and Zeus malware found on Tor. A researcher at Kaspersky Lab reported that an average of 900 hidden criminal services are operating through the The Onion Router (TOR) anonymity network, including malicious infrastructure, money laundering, and the sale of malware toolkits and stolen information. Source
In this blog I address some of the confusion on upgrading and obtaining the latest certifications from Citrix. I have been taking Citrix courses and exams since 1998 (good old WinFrame 1.7, dating myself there), and throughout the years I have upgraded my certifications with Citrix as new versions and products came to market. There has been some confusion on what exams need to be taken to upgrade from a CCEE (Citrix Certified Enterprise Engineer) to the new CCP-AD (Citrix Certified Professional-Apps and Desktops).
Citrix now offers three focuses around certification: Apps and Desktops; Networking; and Mobility. This blog addresses the Apps and Desktop focus. The networking focus is about NetScaler and Mobility is about XenMobile.
Within the Apps and Desktop focus there are three certifications: CCA-AD, CCN-AD, and CCE-AD (Associate, Professional, and Expert, respectively). If your current CCEE or CCIA certification hasn’t expired, you can take the respective upgrade path. For example, if you are a CCEE currently and your certification hasn’t expired, you will only need to take the 1Y0-300 exam (CCN-AD). However if your certificate has expired, you would have to take the 1Y0-200 (CCA-AD) exam and the 1Y0-300. To find out if your certification has expired visit the following site: https://i7lp.integral7.com/durango/do/login?ownername=citrix&channel=citrix&basechannel=citrix
For more information on the upgrade process take a look at this site:
Citrix provides exam preps for all exams, which is extremely helpful in pinpointing the topics to study. Gotham is a Citrix Authorized Learning Center (CALC); we can provide training at our site in Montvale, NJ, customer onsite training and/or virtual training for Citrix courses. Please speak with your account manager for further information.
March 5, Help Net Security – (International) New Android devices sold with pre-installed malware. The founder of Marble Security reported finding data-stealing malware disguised as Netflix apps pre-installed on several customers’ new Android devices. Several Samsung, Asus, LG, and Motorola phones and tablets were found with the pre-installed malware. Source
March 5, The Register – (International) New design flaw found in crypto’s TLS: Pretend to be a victim online. Researchers with the French National Institute for Research in Computer Science and Control developed a new man-in-the-middle (MitM) attack against the Transport Level Security (TLS) protocol that can under certain conditions allow an attacker to intercept a user’s login credentials and disguise themselves as the user on servers that accept the same credential. Source
March 5, The Register – (International) GNU security library GnuTLS fails on cert checks: Patch now. An issue in the GnuTLS security library was identified that could allow any certificate to be accepted as legitimate, affecting hundreds of applications that use the library. Red Hat and GnuTLS issued patches for users and advised them to apply the patch promptly. Source
March 3, Softpedia – (International) Meetup down for days due to DDoS attack allegedly ordered by a competitor. Social networking portal Meetup was hit by a distributed denial of service (DDoS) attack beginning February 27 that took the portal’s Web site offline for several days. An attacker contacted the company, claimed responsibility, and demanded a payment to end the attack. Source: http://news.softpedia.com/news/Meetup-com-Down-for-Days-Due-to-DDOS-Attack-Allegedly-Ordered-by-a-Competitor-430290.shtml
March 1, Softpedia – (International) Uroburos: Espionage rootkit allegedly created by Russian intelligence agency. Researchers at G Data analyzed a sophisticated rootkit dubbed Uroburos that can compromise Windows systems in order to execute commands, steal files, capture traffic, and add new modules to itself. The researchers believe the rootkit was created by a Russian intelligence agency and has been in operation since 2011. Source: http://news.softpedia.com/news/Uroburos-Espionage-Rootkit-Allegedly-Created-by-Russian-Intelligence-Agency-430030.shtml
February 28, IDG News Service – (International) Gameover malware tougher to kill with new rootkit component. Sophos researchers reported that a new variant of the Gameover banking malware that steals online banking credentials includes a kernel-level rootkit called Necurs that can make the malware more difficult to remove from infected systems. Source: http://www.networkworld.com/news/2014/022814-gameover-malware-tougher-to-kill-279308.html
March 4, Dark Reading – (International) Researchers create legal botnet abusing free cloud service offers. Researchers presenting at the RSA Conference the week of February 24 demonstrated how they were able to create a botnet by abusing trial accounts for several platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) offers. The botnet was created by automating PaaS and IaaS trial sign-up processes and could be used to perform massive port scans, Bitcoin mining, and to manipulate sweepstakes, among other tasks. Source: http://www.darkreading.com/researchers-create-legal-botnet-abusing/240166428
March 4, Help Net Security – (International) 300,000 routers compromised in DNS hijacking campaign. Researchers with Team Cymru found that around 300,000 small office/home office routers have been compromised and had their DNS settings changed to two IP addresses in the U.K. in order to allow them to perform man-in-the-middle (MitM) attacks. The researchers found that the attack dates to at least mid-December 2013 and has mostly affected routers in Europe and Asia. Source: http://www.net-security.org/secworld.php?id=16473
March 4, Softpedia – (International) 19 security fixes included in latest Chrome 33 update. Google released an update for its Chrome browser, Chrome version 33.0.1750, which addresses 19 security issues. Source: http://news.softpedia.com/news/19-Security-Fixes-Included-in-Chrome-33-0-1750-146-Update-430494.shtml
March 3, Softpedia – (International) Flaw in Yahoo! Suggestions allowed hackers to delete 1.5 million posts and comments. A security researcher identified and reported an Insecure Direct Object Reference Vulnerability (IDORV) in Yahoo’s Suggestions Web site that could have allowed attackers to escalate their privileges and delete large amounts of posts and comments. Yahoo addressed the issue within 2 days. Source: http://news.softpedia.com/news/Flaw-in-Yahoo-Suggestions-Allowed-Hackers-to-Delete-1-5-Million-Posts-and-Comments-430303.shtml
March 3, Threatpost – (International) Four vulnerabilities found in Oracle Demantra. Researchers at Portcullis identified four vulnerabilities in Oracle’s Demantra business software that could allow attackers to steal sensitive information, carry out phishing attacks, modify application content, or perform other attacks. Source: http://threatpost.com/four-vulnerabilities-found-in-oracle-demantra/104574
February 28, The Register – (International) Apple slams shut TEN code execution holes in QuickTime on Windows. Apple released a patch that fixes 10 serious bugs in the Windows version of its QuickTime media player that allowed malicious video files to execute arbitrary code. Source.
February 28, Softpedia – (International) Experts find vulnerabilities in RSA Conference 2014 Android application. Six flaws were discovered in the RSA Conference 2014 app, with the most severe potentially allowing an attacker to exploit a man-in-the-middle (MitM) attack. Another vulnerability could give access to a file containing information of every user who signed up for the conference through the app’s SQLite database file. Source.
February 28, Softpedia – (International) Gameover borrows kernel-mode rootkit from Necurs malware. Security researchers warned that a new version of Gameover, the peer-to-peer (P2P) version of the Zeus trojan, has introduced a kernel-mode rootkit from Necurs in order to target users. The new variant is delivered via spam runs and is more difficult to remove. Source.
February 25, Softpedia – (International) Cybercriminals use Pony botnet to steal 700,000 account credentials, virtual currencies. Experts found that cybercriminals managed to steal more than 700,000 credentials for Web sites, email accounts, File Transfer Protocol (FTP) servers, Secure Shell (SSH), and Virtual Desktops utilizing the Pony botnet. The botnet was also used to steal $220,000 worth of virtual currencies targeting Bitcoin and other virtual currency wallets. Source: http://news.softpedia.com/news/Cybercriminals-Use-Pony-Botnet-to-Steal-700-000-Account-Credentials-Virtual-Currencies-429170.shtml
February 25, Softpedia – (International) EC-Council says its servers haven’t been hacked. EC-Council announced that its Web site was targeted by a hacker who redirected the site’s visitors via a Domain Name System (DNS) hijack to a defacement page hosted by a Finland-owned company. The organization stated that its servers were not breached and continues to investigate the incident. Source: http://news.softpedia.com/news/EC-Council-Says-Its-Servers-Haven-t-Been-Hacked-429307.shtml
February 23, Dark Reading – (International) Researchers bypass protections in Microsoft’s EMET security tool. Bromium Labs researchers found a flaw in Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) 4.1 that could potentially allow attackers to sneak malware past it through bypassing several key defenses, taking advantage of its reliance on known vectors of return-oriented programming (ROP) exploitation attack methods. Source: http://www.darkreading.com/attacks-breaches/researchers-bypass-protections-in-micros/240166227