DSH is Taking Anonymous More Seriously & Issued A Security Bulletin To Warn About The Upcoming Cyber Threats

The Department of Homeland Security is beginning to take Anonymous and other non-professional cyber-attackers more seriously as it issues a warning about potential attacks.

The United States Department of Homeland Security warned the security community about potential attacks from hacking collective Anonymous over the next few months. The Sept. 2 security bulletin from the DHS National Cyber-Security and Communications Integration Center warned financial services companies to be on the lookout for attackers operating under the Anonymous umbrella to "solicit ideologically dissatisfied, sympathetic employees" to the cause. The collective recently took to Twitter to persuade employees within the financial sector to hand over information and access to enterprise networks. Though such attempts may have been unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the DHS bulletin warned.

DHS issued the bulletin primarily for cyber-security professionals and staff in charge of protecting critical infrastructure. The bulletin also refer to new tools that Anonymous may be using in launching future attacks. Anonymous has been primarily using the Low Orbit Ion Cannon, a fairly simple testing software that can ping a server repeatedly, to launch its distributed denial of service attacks. Some of the members have been working on a new DDoS tool, based on JavaScript,  dubbed #RefRef.

The new attack tool is said to be capable of using the server's own resources and processing power to launch a denial of service attack against itself, but "so far it's unclear what the true capabilities of #RefRef are," the DHS said in the bulletin. The tool is slated to be released Sept. 17.

DHS also referenced the "Apache Killer" Perl script that can be used to launch denial of service attacks against Web servers running the popular Apache software. Apache developers released a patch earlier this week to fix the vulnerability in Apache 2.2. Administrators have been urged to patch their servers immediately.

The DHS also mentioned three cyber-attacks and civil protests Anonymous has already announced. "Occupy Wall Street" is the first scheduled one, for Sept. 17. Announced by a group Adbusters in July and actively supported by Anonymous, the goal is to get 20,000 individuals to gather on Wall Street to protest various U.S. government policies. Similar rallies targeting financial districts are being planned in Madrid, Milan, London, Paris and San Francisco.

Another protest in October, also led by Adbusters, is scheduled to be held at the Washington, D.C. National Mall to mark the 10th anniversary of the war in Afghanistan. There is also the supposed Nov. 11 attack against Facebook and Project Mayhem, scheduled for Dec. 21, 2012, DHS warned. There are indications that Project Mayhem would be a combination of physical disruption and targeting of information systems.

The bulletin itself is unusual in that DHS hasn't commented on the activities of Anonymous ever since the group stepped up its efforts over the past few months, attacking federal agencies and private corporations to protest a wide range of issues. As anyone following the security space undoubtedly knows, there have been at least one or two attacks by Anonymous, even more, each week for the past few months, so the bulletin may be just stating the obvious when warning of future potential attacks.

"Anonymous has shown through recently reported incidents that it has members who have relatively more advanced technical capabilities who can also marshal large numbers of willing, but less technical, participants for DDOS activities," the DHS said.

-News Source (e-Week)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DSH is Taking Anonymous More Seriously & Issued A Security Bulletin To Warn About The Upcoming Cyber Threats"https://www.voiceofgreyhat.com/2011/09/dsh-is-taking-anonymous-more-seriously.html</a>

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Microsoft released June 2012 Security bulletin to close a total of 27 security holes in its products, among them 13 in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync, Windows Kernel and Dynamics AX. The company separately announced changes to its automatic updater to block untrusted security certificates. Microsoft updated the updater tool after researchers uncovered how the Flame malware had gamed the process. The most important updates are bundled in the cumulative Internet Explorer patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. Another urgent update is MS12-036, which concerns denial of service and remote code execution vulnerabilities in the Remote Desktop features built into all supported versions of Windows. The third critical update affects the .NET Framework (MS12-038). The remaining 4 updates are rated "important" by Microsoft and close code execution bugs in Lync and privilege escalation holes in Dynamics AX and Windows.

Through this security bulletin Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET"https://www.voiceofgreyhat.com/2012/06/microsoft-security-bulletin-june-2012.html</a>

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole 

Microsoft released March 2012 Security bulletins to close a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

The first of these is a "critical-class" issue in RDP that could be exploited by an attacker to remotely execute arbitrary code on a victim's system. Although RDP is disabled by default, many users enable it so they can administer their systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported to company by the Zero Day Initiative (ZDI), Microsoft says that it has yet to see any active attacks exploiting these in the wild, but warns that, "due to the attractiveness of this vulnerability to attackers", it anticipates "that an exploit for code execution will be developed in the next 30 days". Because of this it recommends that installing the updates should be made a priority. 

Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem. A second "moderate-class" denial-of-service (DoS) which can cripple an RDP server was also fixed.

A brief overview of all of these updates, including descriptions about each of the vulnerabilities, can be found in Microsoft's Security Bulletin Summary for March 2012.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole"https://www.voiceofgreyhat.com/2012/03/microsoft-security-bulletin-march-2012.html</a>

Microsoft Patches Serious 34 Vulnerabilities

In today's Patch Tuesday, Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important. Wolfgang Kandek, Qualys CTO, comments: "The only bulletin with a known expoit in the wild is MS11-046, a local privilege escalation flaw in the "afd.sys" driver. IT admins can check with their end-point security providers for coverage, but should include this bulletin high on their to-do lists in any case, as it is only a matter of time until we see more attackers use malware taking advantage of this exploit to gain control of your workstations."

Here are the bulletins:-

Vulnerability in OLE Automation 
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.

Vulnerability in .NET Framework and Microsoft Silverlight
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Vulnerability in Threat Management Gateway Firewall Client 
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.

Vulnerability in Windows Kernel-Mode Drivers
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Distributed File System
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Vulnerability in SMB Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

Vulnerability in .NET Framework
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Cumulative Security Update for Internet Explorer
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Vector Markup Language
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in MHTML
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Microsoft Excel
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.

Vulnerability in Ancillary Function Driver
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Vulnerability in Hyper-V Could
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Vulnerability in SMB Server
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.

Vulnerability in the Microsoft XML Editor
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Vulnerability in Active Directory Certificate Services Web Enrollment
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Patches Serious 34 Vulnerabilities"https://www.voiceofgreyhat.com/2011/06/microsoft-patches-serious-34.html</a>

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

As per schedule two software giants Microsoft and Adobe today each issued security bulletin to plug security holes in their vulnerable products. The patch batch from Microsoft fixes at least 11 flaws in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting. The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. 

Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012. Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected. Microsoft said that this patch the highest priority security update this month. “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.” Other notable fixes from Microsoft this month include a .NETupdate, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update. In March 2012 Security bulletins Microsoft closed a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

After Microsoft here comes the turn for Adobe &  they updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, Windows, Mac or Linux (v. 9.5.1).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">"April Patch" By Microsoft & Adobe Closed Critical Security Holes"https://www.voiceofgreyhat.com/2012/04/april-patch-by-microsoft-adobe-closed.html</a>

Adobe Released Security Bulletin to Patch Multiple Vulnerable Products

Adobe released a security bulletin to patch their multiple vulnerable products. Here are the list with detail information of those products.

• APSB11-19 – Security update available for Adobe Shockwave Player (Critical)
• APSB11-20 – Security update available for Adobe Flash Media Server (Critical)
• APSB11-21 – Security update available for Adobe Flash Player (Critical)
• APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical)
• APSB11-23 – Security updates available for RoboHelp (Important)

Security update available for Adobe Shockwave Player:-

 
Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions update to Adobe Shockwave Player 11.6.1.629.

Security update available for Adobe Flash Media Server :-

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux.
This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system. Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively.

Security update available for Adobe Flash Player :-

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7 for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Security update available for Adobe Photoshop CS5 :-

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5.

Security updates available for RoboHelp :-

An important vulnerability has been identified in RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8. A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations. 

-News Source (Adobe & Help Security)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Released Security Bulletin to Patch Multiple Vulnerable Products"https://www.voiceofgreyhat.com/2011/08/adobe-released-security-bulletin-to.html</a>

Microsoft Releases Patch Fixes for Windows Server and PowerPoint

Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

 Microsoft addressed two security bulletins in May’s Patch Tuesday release. Security experts said administrators should apply the fixes immediately—because, despite their small size, they address significant threats.

Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings.

The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name-resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WINS in Windows Server should apply the patch immediately as attackers could remotely cause a denial of service, according to Wolfgang Kandek, the CTO of Qualys.

“What might make the WINS vulnerability appealing to attackers is that it is a server-side issue,” Joshua Talbot, security intelligence manager, Symantec Security Response, told eWEEK.

Unlike other threats, attackers don’t have to trick a user into doing anything since it’s just a matter of finding a vulnerable server and feeding the machine “a malicious string of data,” according to Talbot. It is also a more serious issue on Windows Server 2003 than on 2008 because Windows Server 2008 has built-in protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). However, attackers can still create exploit code to get past those security features, Talbot said.

The other “important” bulletin (MS11-036) addressed a security flaw in all versions of Microsoft Office Power Point except Office 2010. The bug would allow attackers to take full control of the target machine as soon as the user opens a malicious PPT file.

Both WINS and PowerPoint vulnerabilities are fairly significant, according to Tyler Reguly, technical manager of security research and development at nCircle. File-format vulnerabilities are “popular exploits” but WINS is remote code execution, so it was “difficult” to decide which was the “biggest risk today.”

Microsoft listed both vulnerabilities using the new exploitability ratings. The PowerPoint bulletin was rated a “1” for a consistent exploit code likely for older software releases, but 0 for latest software because Office 2010 is not affected. The WINS patch was rated a “2” on both the latest and older versions because it affected all versions.

The updated rating system is intended to make it easier for IT administrators to determine their risk level, according to Microsoft.

“With massive updates such as we had in April, it’s easy to get overwhelmed. Microsoft’s new index simplifies the process, which will help IT administrators to prioritize which patches they tackle first,” said Dave Marcus, director of security research and communications at McAfee Labs.

The small release means administrators should “brace themselves for a larger update” in June, according to Kandek.

To complicate things for IT administrators, a fake Patch Tuesday update is making the rounds, according to security researchers at Websense Security Labs ThreatSeeker network. The malware is spread via a link inside an email message supposedly from “Microsoft Canada Co.” which informs users that Microsoft has issued a “Security Update for Microsoft Windows OS,” wrote Amon Sanniez, associate security researcher at Websense. Clicking on the link downloads the fake patch to the computer and infects the system with a Zeus Trojan variant, according to Sanniez.

It “ties in almost perfectly” with the real Patch Tuesday updates from Microsoft, Sanniez said.

The email looks quite legitimate and shows “some effort” went into the creation, as the message is presented in both English and French, and the display names within the headers actually say the mail originated from Microsoft Canada.

The malicious executable is currently not being detected by most major antivirus products tracked on VirusTotal, so IT managers should be careful that none of their staff members or users click on the link to get the security update. Websense said it is a low-volume threat, possibly aimed at a handful of companies. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Releases Patch Fixes for Windows Server and PowerPoint"https://www.voiceofgreyhat.com/2011/05/microsoft-releases-patch-fixes-for.html</a>

AVG Premium Security

 

AVG Technologies today announced AVG Premium Security, the all-new and only Internet security solution that actively surveys the Web for incidents of stolen identity. Available now for US$69.99, the product includes AVG Identity Alert, AVG Internet Security and AVG Quick Tune.
Placing identity protection at the center of the new offering, AVG Identity Alert scours criminal web pages, chat rooms and bulletin boards to determine whether a customer's personal information has been used, traded or sold online. By monitoring a user's e-mail address and debit and credit card numbers—the three primary elements of an online identity—the system notifies the user if personal details appear somewhere they shouldn't.

AVG Identity Alert also provides an Identity Theft Risk Score, which evaluates online theft risk based on behavioral characteristics, and an Identity Theft Restoration Kit, which provides documentation, sample letters and other tools for restoring an identity should it be compromised.
AVG Premium Security is also comprised of the award-winning AVG Internet Security, which offers signature anti-virus, anti-spyware, AVG Protective Cloud Technology and the AVG Community Protection Network. Finally, AVG Quick Tune contains four of the 16 features available in the company's popular PC Tuneup, including the disk defragmenter, junk file removal, registry cleaner and broken shortcut removal.

“When you combine the shocking security lapses we have seen out of very high profile and respected brands such as Sony, Epsilon and Citigroup in the past few months with the liability shift toward consumers, it is clear that identity theft protection tools are no longer a nice to have,” said J.R Smith, CEO, AVG Technologies. “Banks and corporations are at an important tipping point, showing strong indications that they will no longer simply cover losses, and expecting the online users to share equal responsibility in taking appropriate security measures that ultimately protect each other from malicious attacks.”

In 2010 alone, IC3, the FBI/National White Collar Crime Center partnership, reported more than 300,000 individual complaints of Internet crime. Identity theft was one of the top three complaints, next to non-delivery of payment or merchandise and scams using the FBI's name.
“The key to combating internet crime is real-time intelligence and protection,” Smith added. “Our identity-theft tools offer consumers access to the kind of timely intelligence they need to more effectively monitor and protect their personal information. Credit report-driven tools are much slower and therefore give thieves a massive head start, making clean-up and recovery of identity theft under those circumstances very difficult for the average consumer.”

“To protect our 110 million active customers around the globe, AVG will now extend beyond local Internet security and anti-virus protection to provide customers with a digital bodyguard dedicated to protecting their names and identities online,” said Tony Anscombe, AVG's Ambassador of Free Products. “Even if an identity is compromised outside a user's home network, AVG Premium Security can still discover it. Bottom line: we offer vital peace of mind, virtually eliminating the perils often associated with surfing the Web.”

 

For more information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">AVG Premium Security"https://www.voiceofgreyhat.com/2011/07/avg-premium-security.html</a>

Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-

• Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
• Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
• Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
• Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
• Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 

• Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.243 and earlier versions for Linux
• Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)"https://www.voiceofgreyhat.com/2012/11/Adobe-Patches-Security-Holes-in-Flash-Player-AIR.html</a>

Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched

A Stanford University student recently discovered a security flaw with Adobe’s Flash Player that allowed malicious users to activate your webcam and microphone without your knowledge. They could then tap into the video and audio to watch and listen to your every move. OK, that sounded a lot less sensationalist in my head. Unfortunately, up until a few days ago, this exploit very much existed and Adobe was working feverishly on a fix. Feross Aboukhadijeh, the aforementioned Stanford student, wrote about the flaw on October 18.
According to Feross Aboukhadijeh:-

"I discovered a vulnerability in Adobe Flash that allows any website to turn on your webcam and microphone without your knowledge or consent to spy on you. It works in all versions of Adobe Flash that I tested. I’ve confirmed that it works in the Firefox and Safari for Mac browsers. Use one of those if you check out the live demo. There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux)."

Video Demo:-

Later Adobe issued a critical update for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild. The details of the Adobe security bulletin explain, "This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444)," adding, 

"Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
The zero-day bug fixed today is similar to a flaw in Flash that was patched in June. Coincidentally, both the June vulnerability, and this one patched today were reported to Adobe by Google.

To download the Patch and more about Adobe Security Bulletin Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched"https://www.voiceofgreyhat.com/2011/10/adobe-flash-zero-day-exploit-which.html</a>

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities

It seems Adobe remained very busy while issuing security updates in their products. Few days ago Adobe closed a newly found Zero-day hole in its popular Flash Player program. Now it comes the time for Photoshop, Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. In the case of the Windows and Mac versions of Adobe Photoshop, a vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.

Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. This upgrade resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references: www.securityfocus.com/bid/52634/).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities"https://www.voiceofgreyhat.com/2012/05/security-bulletin-for-photoshop-adobe.html</a>

Microsoft to issue critical Windows bulletin, revamps Exploitability Index

Microsoft is planning a light patching month in May, indicating in its advance notification to customers on Thursday that it would issue two bulletins on Patch Tuesday, one rated “critical,” addressing a vulnerability in Microsoft Windows.

The software giant said the critical bulletin addresses a single Windows vulnerability affecting Windows Server 2003, 2008 and 2008 r2. A second bulletin, rated “important” addresses two flaws in Microsoft Office PowerPoint 2002, 2003 and 2007, as well as Microsoft Office 2004 and 2008 for Mac. The bulletins are scheduled to be issued on May 10.

Exploitability Index changes
In addition, Microsoft announced changes to its Exploitability Index, designed to help IT administrators prioritize patching deployments. The index assigns a number based on the likelihood of functioning exploit code surfacing over the first 30 days of a patch release.

The revamped index will include two index ratings per vulnerability, assigning a rating for the most recent platform and for older versions of the software. The goal of the changes are to make vulnerability assessment more clear and digestible for customers, wrote Maarten Van Horenbeeck, senior security program manager, in the Microsoft Security Response Center blog.

“This change makes it easier for customers on recent platforms to determine their risk given the extra security mitigations and features built in to Microsoft’s newest products,” wrote Van Horenbeeck. “Under the previous system, vulnerabilities were given an aggregate rating across all product versions.”

Van Horenbeeck said the Exploitability Index was criticized for not taking into account more recent mitigations implemented in the operating systems, such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other technologies that are in place to help prevent exploitation of vulnerabilities. ASLR, for example, is not implemented by default on Windows XP.

Denial of service risk

The revamped Exploitability Index will also take into account the risk posed by denial-of-service (DoS) attacks, which can cause a system to become unresponsive or crash. The index will indicate whether a DoS attack would be “permanent,” making a program or operating system crash and causing it to be unresponsive during an attack.

“For administrators of Internet-facing services, this can often be the difference between a highly important, and insignificant vulnerability,” wrote Van Horenbeeck.

In an review of Exploitability Index ratings over the last eight months, Microsoft found that out of a total of 256 ratings, 97 issues were less serious or not applicable in the latest version of the product. There were seven instances in which the most recent product version was affected and not older platforms.

Paul Henry, security and forensic analyst at vulnerability management vendor, Lumension Security Inc., said the revamped index improves upon an already helpful assessment tool for administrators who need to fine tune their priorities.

"Microsoft already does the best job in the industry with background info on their patches and now they have taken it up another notch," Henry wrote in an email message.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft to issue critical Windows bulletin, revamps Exploitability Index"https://www.voiceofgreyhat.com/2011/05/microsoft-to-issue-critical-windows.html</a>

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)"https://www.voiceofgreyhat.com/2011/08/microsoft-plugs-internet-explorer.html</a>

FBI Said: Anonymous is Not so Anonymous Anymore

Anonymous is not so anonymous anymore. The computer hackers, chat-room denizens and young people who make up the loosely affiliated Internet collective have drawn the attention of the FBI, the Department of Homeland Security and other federal investigators. What was once a small group of pranksters has become a potential national security threat, federal officials say. The FBI has carried out more than 75 raids and arrested 16 people this year in connection with illegal hacking claimed by Anonymous.
Since June, Homeland Security has issued three “bulletins” warning cybersecurity professionals of hacking successes and future threats by Anonymous and related groups — including a call in Manhattan to physically occupy Wall Street on Sept. 17 to protest various U.S. government policies.
San Francisco police arrested more than 40 protesters last month during a rowdy demonstration organized by Anonymous that disrupted the evening commute. The group called for the demonstration after the Bay Area Rapid Transit system blocked cellphone service in San Francisco stations to quell a planned protest over a police shooting on a subway platform.
“Anonymous’ activities increased throughout 2011 with a number of high-profile attacks targeting both public- and private-sector entities,” one of the bulletins issued last month said.
Some members of the group have called for shutting down Facebook in November over privacy issues, though other Anonymous followers are disavowing such an attack, underscoring just how loosely organized the group is and how problematic it is to police.

“Anonymous insist they have no centralized operational leadership, which has been a significant hurdle for government and law enforcement entities attempting to curb their actions,” an Aug. 1 Homeland Security bulletin noted. “With that being said, we assess with high confidence that Anonymous and associated groups will continue to exploit vulnerable publicly available Web servers, Web sites, computer networks and other digital information mediums for the foreseeable future.”
Followers posting to Twitter and conversing on Internet Relay Chat insist there are no defined leaders of Anonymous and that it’s more of a philosophy than a formal club, though a small group of members do the most organizing online.

“Anonymous is not a group, it does not have leaders, people can do ANYTHING under the flag of their country,” wrote one of the more vocal members who asked not to be identified.

“Anything can be a threat to National Security, really,” the member said in an e-mail interview. “Any hacker group can be.”

Fore More Info click Here

-News Source (Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">FBI Said: Anonymous is Not so Anonymous Anymore"https://www.voiceofgreyhat.com/2011/09/fbi-said-anonymous-is-not-so-anonymous.html</a>

Cyber Shield deal Between India & US

India and the US today inked a pact on cybersecurity to intensify information exchange on threats to computers and networks and initiate joint work on technologies against cyber-attacks.

A joint statement on the India-US strategic dialogue has announced the cybersecurity agreement among new initiative by the two countries. These initiatives also include a plan to develop a software platform to make available non-sensitive government data to the public and to award $3 million each year to entrepreneurial projects that commercialise technologies to improve health.

A memorandum of understanding between the Indian and the American Computer Emergency Response Teams (CERT) is expected to lead to routine exchange of information on vulnerabilities and co-operation on cybersecurity technologies, Indian CERT officials said.

“This comes at a time when cybersecurity-related incidents are increasing in number and becoming more and more sophisticated,” said Gulshan Rai, director-general of the Indian CERT, a division of the ministry of communications and information technology.

Rai said the MoU is expected to lead to greater exchange of information between Indian and US CERTs about known and emerging threats, specific vulnerabilities of computers and networks and open opportunities for joint technology development.

The CERTs track and catalogue threats, advocate protective mechanisms, and respond to attacks on computer systems in the two countries.

The latest monthly security bulletin from India’s CERT says 151 computer security-related incidents were reported during May 2011 alone, among which more than half involved “phishing” — an attack or an intrusion that involves some form of identity theft.

Last year, unidentified hackers, believed to be based in China, had penetrated computers in sensitive Indian government offices, including the National Security Council secretariat, and stolen documents on missiles, and personal and financial data of Indian officials.

India already has cybersecurity pacts, primarily for the exchange of information, with Japan and Korea and is planning to develop one with Finland.

The cybersecurity pact followed consultations led by the Indian and the US National Security Councils on prospects for bilateral co-operation on cybersecurity issues, held on Monday, a joint statement on the India-US strategic dialogue said.

The joint statement also said the Nasa has “reiterated its willingness to discuss potential co-operation with the Indian Space Research Organisation on human spaceflight”.

While the Nasa offer comes on the eve of the retirement of the US Space Shuttle, space experts believe Nasa has accumulated enormous expertise on human spaceflight — for instance, in the area of onboard life support systems — that could help India in its own long-term plans to develop a space capsule large enough to carry two astronauts into a low-earth orbit for a short mission.

The open source software platform that India and the US plan to create is intended to help make available to the public all non-sensitive government information through a user-friendly website.

It is expected to be patterned on the lines of America’s own government data websitewww.data.gov which began with 47 government data sets in May 2009, but has more than 392,000 data sets today.

“We have all kinds of data there — data sets on infant car seats, airline statistics, hospitals,” said Aneesh Chopra, the chief technology officer in the US, who is also assistant to US President Barack Obama.

An Indian government official said India is preparing a policy initiative to get myriad government departments into making non-sensitive data — from education to health to public infrastructure — public through a so-called National Data Sharing Access Policy (NDSAP). The official who spoke on condition of anonymity said this NDSAP is yet to be approved by the Union cabinet.

Among other initiatives, the India-US science and technology endowment board established in 2009 has decided to award $3 million annually to projects proposed by entrepreneurs for commercialisation of technologies to improve health and empower citizens.

The first call for proposals has already attracted more than 380 joint India-US proposals and the first set of awards will be announced in September this year.

                                     
                                                                                                                                                                             -News Source (The Telegraph)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cyber Shield deal Between India & US"https://www.voiceofgreyhat.com/2011/07/cyber-shield-deal-between-india-us.html</a>