February 25, Securityweek – (International) Mozilla fixes 17 vulnerabilities in Firefox 36. Mozilla released version 36 of its Firefox browser closing 17 vulnerabilities and flaws, including 4 rated as critical. Source
February 25, Help Net Security – (International) New DDoS attack and tools use Google Maps plugin as proxy. PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be sent from proxies to their denial of service (DDoS) targets. Researchers identified more than 150,000 potential Joomla reflectors on the internet, many of which remain vulnerable to be used for this type of attack. Source
February 25, Threatpost – (International) Ramnit botnet shut down. Europol Cybercrime Centre (EC3) investigators, Microsoft, AnubisNetworks, and Symantec carried out an operation to shut down the Ramnit botnet’s 7 command and control (C&C) servers and redirected traffic from 300 domains used by the botnet. EC3 estimated that more than 3.2 million Windows computers have been infected with the botnet via spam campaigns, phishing scams, and drive-by downloads that installed malicious code to grant attackers access to banking credentials and other log-in information. Source
February 24, Securityweek – (International) McAfee: Popular mobile apps remain vulnerable to MitM flaws found last year. Intel Security’s McAfee Labs reported that almost 75 percent of the most popular mobile apps found vulnerable to man-in-the-middle (MitM) attacks remain exposed to attacks since they were first identified in a September 2014 analysis by the Computer Emergency Response Team (CERT) at Carnegie Mellon University. Source
February 23, SC Magazine – (International) Older vulnerabilities a top enabler of breaches, according to report. Hewlett Packard security researchers reported that 44 percent of known breaches happened as a result of server misconfigurations and vulnerabilities discovered years ago. The report cites 33 percent of identified exploit samples from Microsoft Windows, 11 percent from Adobe Reader and Acrobat, 6 bugs in Oracle Java, and 2 flaws in Microsoft Office flaws. Source
February 23, Securityweek – (International) Norton update caused Internet Explorer to crash. Symantec released a new version of the Intrusion Prevention System (IPS) definition package after a corrupt file in the previous release caused the 32-bit version of Microsoft’s Internet Explorer web browser to crash on computers running Norton Security, Norton Security with Backup, Norton 360, and Norton Internet Security. Source
February 23, Softpedia – (International) Comodo’s PrivDog breaks HTTPS security possibly worse than Superfish. A security researcher discovered that Comodo’s PrivDog browsing privacy protection tool compromised browsing security by acting as a man-in-the-middle (MitM), intercepting and replacing all certificates with its own, causing browsers to accept every HTTPS certificate regardless of authority. The issue could affect nearly 64,000 users worldwide, and PrivDog released an update with a fix for the issue. Source
February 23, Softpedia – (International) CSIS security group warns of fake emails using its name. CSIS security experts discovered an email campaign that spoofed the company’s email address and used an employee’s name to distribute a malicious attachment and deploy malware on the recipients’ machines. The Danish-based company provides security services for some of the largest global banks and acts as a consultant to governments, media, and businesses. Source
I was out to dinner with my parents the other night and my mother started getting on my case. You know, the way mothers do.
Yes, I’m a grown man and my mother still calls me Kenneth when she’s angry with me.
“I’ve been reading the paper and there are all these security problems all the time. Aren’t you supposed to be fixing this? There must be something you can do to stop it. It seems like quite a problem.”
Mothers. How is it that they can bundle up a wonderful compliment (I’m capable of fixing it) with a sort of backhanded insult (I’m too lazy to bother fixing it) and throw some guilt on top (security breaches are apparently my fault)?
Which leads me to explaining to my mother (who’s 70), why it’s not fixed yet.
“Look, Mom, if I had some kind of box I could sell people that would make this all go away, I surely would. And I would be rich like Elvis and buy you a big white Cadillac. But, sorry, no such box exists.”
“Here’s the problem. We used know what attacks looked like, and we would look for them and stop them. Now the hackers are smarter. They know what we’re looking for so they make sure their attacks look different.”
“Given this, there’s only one way to look for bad things. We have to know what good things look like and find the things that aren’t good. We have to know what normal looks like. Then we can find the hackers.”
“Some of this can be pretty easy. If your firewall is communicating on a regular basis with North Korea and you don’t have any customers there, that’s not normal. But most of it is pretty hard. Most companies are so large and complicated they really have no understanding of what normal looks like.”
“They do business in dozens of countries and have thousands of applications. It’s very difficult to normalize.”
“So, that’s the problem. Does that make sense?”
Unfortunately, this didn’t really help. My mother must have been a Fortune 500 CEO in her last life.
She simply said, “Sounds like a load of excuses to me. Blah, Blah, Normal. Please just fix it so I can use my credit card on the Internet again.”
February 23, The Register – (International) Cisco IPv6 processing bug can cause DoS attacks. Cisco announced that its NCS 6000 and Carrier Routing System (CRS-X) contain an IPv6 software bug that attackers could repeatedly exploit by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card to cause an extended denial of service (DoS) condition. Source
February 23, Securityweek – (International) Superfish SSL interception library found in several applications: Researchers. Security researchers discovered that the Komodia Redirector and SSL Digestor, originally used by the Superfish software preinstalled on Lenovo laptops, can be found in several products, and at least 12 Facebook applications using the SSL interception library. The researchers stated that Komodia’s proxy software does not properly implement SSL or validate certificates, enabling attackers to potentially hijack affected users’ connections. Source