Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again

Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again 

Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".  

Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:

•  Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
•  Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
•  Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
•  Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) 

Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again"https://www.voiceofgreyhat.com/2012/09/Google-Hackers-Who-Unleashed-Hydraq-Trojan-Strikes-Again.html</a>

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 

Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.

-Source (The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10"https://www.voiceofgreyhat.com/2012/11/VUPEN-Researchers-Have-0Day-Exploit-for-Windows8-IE10.html</a>

Microsoft shows class in disclosing Google zero-day

Back in June of last year, Tavis Ormandy, a Google engineer in Switzerland, caused quite a stir. As Gregg Keizer reported at the time, Ormandy told Microsoft about a previously unknown security hole in Windows on June 5, and on June 9 he published a full description of the vulnerability, including proof-of-concept code, on the Full Disclosure mailing list.

Microsoft blew a corporate gasket. Mike Reavey, the director of the Microsoft Security Response Center, blogged the following day, "Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."

Omandy responded that he was acting on his own behalf, not as a Google employee, but Reavy didn't buy it. The relationship between Microsoft and Google turned from frosty to frigid.

Last week, Microsoft showed its mettle by publicly issuing a new policy and two new "Microsoft Vulnerability Research Advisories" -- a completely new breed of Microsoft malware-fighting animal.

The policy is a nine-page document saying, basically, that when Microsoft discovers a zero-day flaw in some other vendor's product, Microsoft will work with the vendor to fix the vulnerability -- and make sure it's fixed before telling the world: "If attacks are underway in the wild, and the vendor is still working on the update, then both the finder and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers."

There are exceptions to the private reporting restriction. The policy allows Microsoft to divulge details if the vulnerability becomes known to the public at large, when there's evidence that the vulnerability is being used, or when the vendor doesn't respond.

That last point has become a bone of contention with several security researchers who claim that Microsoft hasn't responded quickly enough -- or, indeed, hasn't responded at all -- to their reports of Microsoft vulnerabilities. To be fair, no one has yet determined precisely how long it takes for a lack of response to result in a vendor being classified as "unresponsive."

Microsoft accompanied the new procedure with two new MSVR advisories, dubbed MSVR11-001and MSVR11-002. It comes as no surprise that both of them describe previously undocumented security holes in Google products that had been patched by Google. (MSVR11-002 describes a problem in both Google Chrome and Opera.)

Neither vulnerability is particularly interesting. The first one, a buffer overflow, allows arbitrary code to run, but only in the confines of the Chrome sandbox. It was fixed in Chrome Version 6.0.472.59, which was released seven months ago. The second requires advance knowledge of a specific local IP address. It was fixed in Chrome 8.0.552.215, which was released four months ago. Apparently, Microsoft held onto both reports, pending final publication of their new policy.

If you or someone in your organization ever stumbles on a zero-day vulnerability in a software product, take a few minutes to look over Microsoft's policy. I won't get sucked into debating the virtues of Full Disclosure versus Coordinated Disclosure, but it would certainly be instructive to see how Microsoft says it would treat you and your organization if the shoe were on the other foot.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft shows class in disclosing Google zero-day"https://www.voiceofgreyhat.com/2011/04/microsoft-shows-class-in-disclosing.html</a>

Zero-Day Vulnerability In Flash Patched By Adobe

Zero-Day Vulnerability In Flash Patched By Adobe 

Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Affected Version:- 

• Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems

• Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 

Recommendation From Adobe:-

Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.

Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability In Flash Patched By Adobe"https://www.voiceofgreyhat.com/2012/02/zero-day-vulnerability-in-flash-patched.html</a>

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

Zero-Day Vulnerability Found in The Server Monitoring Software of HP

After the massacre of HP LaserJet Printers yet again another product of HP (server monitoring software) has been infected with zero-day vulnerability. Hewlett-Packard have already issued a security warning to its customers about two security vulnerabilities in its Operations Agent server monitoring software. The vulnerabilities were reported to HP by Luigi Auriemma via TippingPoint's Zero Day Initiative (ZDI). According to the company, unspecified errors in the enterprise software for AIX, HP-UX, Linux, Solaris and Windows can be exploited by a remote attacker to compromise a vulnerable system and execute arbitrary code. Both of these errors have a CVSS 2.0 (Common Vulnerability Scoring System) base score of 10.0, the highest.

Versions prior to 11.03.12 on all supported platforms are affected; upgrading to 11.03.12 corrects the problems. A full list of affected versions, and patch download information can be found in the company's security advisory. HP advises all administrators to install the patches as soon as possible. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-Day Vulnerability Found in The Server Monitoring Software of HP"https://www.voiceofgreyhat.com/2012/07/zero-day-vulnerability-found-in-server.html</a>

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700

Those people who wander in many underground hackers community, knows very well that several unethical equipment such as Botnet, Zero-day exploit, black hole exploit kit, malware, undisclosed vulnerabilities and so on were sold there for different prices. Those products were generally priced between $5-$500, but today I will talk about an expensive product, which listed itself top on the black market. I am talking about a new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts. According to the blog post of Krebs on Security -A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits. The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. The hacker posted the following video to demonstrate the exploit for potential buyers. 

“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!” -said the hacker.  

In response Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video. “Fixing it is easy, most XSS are corrected by simple code change,” Martinez said. “Once we figure out the offending URL we can have new code deployed in a few hours at most.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Egyptian Hackers Selling Zero-day Exploit of Yahoo Mail For $700"https://www.voiceofgreyhat.com/2012/11/Egyptian-Hacker-Selling-Zero-day-Exploit-of-Yahoo-Mail.html</a>

Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference

 Zero-Day Vulnerability in "Cloud" Revealed at TakeDown Conference

 

Almost every IT companies across the globe acknowledging "Cloud" technology to store large amount of data while reducing the cost. Also almost 99% of them assumes that data is being stored offsite it is securely preserved and they no longer have to worry about risk. But this assumption proved wrong when security experts at TechDown Conference reveled zero-day vulnerability in Cloud. “Au contraire. Risk cannot be outsourced,” says professional ethical hacker, Dave Chronister of Parameter Security (St. Louis, MO). Mr. Chronister went onto say, “It’s because of this mindset that hackers are preying upon the cloud and are gaining control of huge stores of information through a single attack” - which is exactly what Mr. Chronister recently did. Mr. Chronister went onto say, “During a recent cloud security audit, I was able to identify a zero day exploit and within minutes gained access to the cloud sphere and every system that was on that cloud—giving me complete control. Needless to say, the client was shocked because they were touting their cloud offering as 100% secure.”
Bringing his real-world cloud hacking experience to event goers at TakeDownCon in Dallas in May, his presentation entitled “The Cloud is a Smoke Screen” provides eye-opening information about the false sense of security cloud providers and users possess. Specifically, Chronister’s presentation will:-

• Expose various cloud vulnerabilities

• Address cloud security issues

• Provide insight into selecting cloud providers and questions to ask with     regards to data security, risk and incident response

• Offer ways to successfully implement your own cloud solution and mitigate risk

• Share his real-world experiences hacking multiple cloud environments

• And much more

-Source (TechDown)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-day Vulnerability in "Cloud" Revealed at TakeDown Conference"https://www.voiceofgreyhat.com/2012/04/zero-day-vulnerability-in-cloud.html</a>

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.

Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.

• Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
• Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones

• Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.

Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability"https://www.voiceofgreyhat.com/2012/09/Microsoft-Issues-fixit-To-Close-IE-0day-Vulnerability.html</a>

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering

Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering 

Russian anti virus firm & security giant  Kaspersky Lab has released an anti-spam and anti-malware application called Linux Mail Security which can be integrated into different type of Linux-based mail server to fight spam and block malicious attachments. The latest spam-fighting features – including Reputation Filtering and Enforced Anti-Spam Updates Service  help to filter out zero-hour spam, while our new ZetaShield technology helps to shield businesses from zero-day and targeted attacks. Designed for integration with a range of Linux-based mail systems, Kaspersky Linux Mail Security delivers the security, flexibility and ease of management that businesses and ISPs demand. 

Key Features:- 

• Advanced antivirus engine- Kaspersky Linux Mail Security includes the latest version of Kaspersky Lab’s award-winning antivirus engine – with behaviour stream signatures – to help detect and remove malicious attachments from incoming emails.
• 
  
• Zero-Day Exploit and Targeted Attack (ZETA) Shield- Kaspersky’s ZetaShield offers protection against unknown malware and exploits – to defend you from zero-day and zero-hour attacks and APTs (Advanced Persistent Threats).
• 
  

Powerful Anti-Spam Engine- Kaspersky Linux Mail Security provides the latest version of Kaspersky’s anti-spam engine – including two powerful new technologies:

• Enforced Anti-Spam Updates Service – uses push technology, directly from the Kaspersky cloud, to deliver real-time updates. By reducing the ‘update window’ from 20 minutes to approximately 1 minute, the Enforced Anti-Spam Updates Service helps to defend businesses against zero-hour spam and spam epidemics.
• Cloud-assisted Reputation Filtering – fights against unknown spam, to enhance the spam capture rate and reduce the number of false positives.

Kaspersky Security Network -The cloud-based Kaspersky Security Network (KSN) gathers data from millions of participating users’ systems around the world to help defend your system from the very latest viruses and malware attacks. Potential threats are monitored and analysed – in real-time – to help block dangerous actions, before harm is caused.

Attachment filtering- The new Format Recogniser feature can filter attachments – using information about file type, name and message size. This helps businesses to enforce their email usage policy and can help to address corporate liability issues that can arise when users try to distribute illegal music or video files via the corporate email system.

Improved!Global Blacklists and Whitelists- In addition to creating corporate blacklists or whitelists, administrators can manage ‘allowed’ or ‘denied’ senders email – using IPv4 and IPv6, wildcards and regular expressions.

Personal Blacklists and Whitelists- Users also can create their own blacklists and whitelists.

Backup and personal backup with flexible search -Blocked email is quarantined in a backup system. If the system uses Microsoft Active Directory or OpenLDAP, individual users can access their personal backup via the web so they’re less likely to need to call your helpdesk.

Integration with most popular MTAs (Postfix, Sendmail, Exim, qmail and CommunigatePro)- Kaspersky Linux Mail Security lets you select the method of integration, depending on your choice of Mail Transfer Agent (MTA) – so you can integrate as a filter or using a Milter API.

Antivirus command line file scanner- The Kaspersky Anti-Virus On-Demand Scanner can be used for on-demand virus checking of objects – which can include directories, regular files and devices such as hard drives, flash drives and DVD-ROMs.

Amavisd-new- Kaspersky Linux Mail Security supports integration with Linux mail systems using the high-performance AMaViS interface.

Monitoring and Reporting features- 

• SNMP (Simple Network Management Protocol) support – any type of event can be monitored using SNMP events and traps
• A new dashboard gives an at-a-glance view of status and monitoring
• Detailed, flexible reporting in PDF format – for customisable reports that help in the monitoring and analysis of security and policies
• Notification system – informs administrators and document owners about policy violation incidents
• Detailed logs – on all product actions, to help in identifying problems

Easy to deploy, maintain and manage- 

• System administrators can run manual updates or set the rules for fully automatic updates of antivirus, anti-spam and ZetaShield
• Integration with Active Directory and OpenLDAP
• Rich email traffic management rules – administrators can create rules according to corporate security policies
• IPv6 support
• Scalable architecture – the entire system can be easily migrated from a test server to a production environment

Kaspersky Linux Mail Security will support the following Linux distributions - Red Hat Enterprise Linux 6.2 Server, Fedora 16, SUSE Linux Enterprise Server 11 SP2, Debian GNU/Linux 6.0.4 Squeeze, CentOS 6.2, openSUSE Linux 12.1, Ubuntu 10.04 LTS; 12.04 LTS, Mandriva Enterprise Server 5.2, FreeBSD 8.3, 9.0, Canaima 3.0, Asianux 4 SP1. 

For Detailed Information Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kaspersky Releases Linux Mail Security With Anti-malware, Anti-spam & Content Filtering"https://www.voiceofgreyhat.com/2012/09/Kaspersky-Releases-Linux-Mail-Security.html</a>

eEye to Showcase IT Security Solutions that Simplify Vulnerability and Compliance Management at SecureWorld Expo in Atlanta

eEye Digital Security, a provider of IT security and unified vulnerability management solutions, will exhibit at the SecureWorld Expo in Atlanta, Georgia, May 3-4, 2011. The company’s CTO, Marc Maiffret, will participate as an industry expert on a network security panel discussion. The conference brings together the security leaders, experts, senior executives, and policy makers who shape the direction of security across Information Security, Physical Security, Compliance, IT Audit, Computer Forensics, Enterprise Risk Management, Business Continuity, and Security Management.

eEye invites the media and SecureWorld Expo attendees to explore the company's latest innovations, demonstrated in Booth 313, primarily the company’s Retina CS Management solution, Retina Insight reporting engine, as well as add-on modules for Configuration Compliance, Government Regulatory Reporting, and Patch Management.

eEye CTO, Marc Maiffret, will offer insights on the Industry Expert Panel, "Network Security: Finding the Right Management Program," to be held on Tuesday, May 3, 1:15-2:00 PM during the Open Vendor Sessions portion of the conference.

“It’s part of the eEye philosophy to regularly engage in dialogue with other security leaders and the IT security community at large,” said Marc Maiffret, CTO, eEye. “As a speaker on the Network Security panel, I’d like to open communication around some simple, practical tactics that IT professionals can use to significantly improve the security of their organization.”

At the event, eEye will encourage SecureWorld Expo attendees to take advantage of several free, online resources that the company provides to the IT security community. Retina Community is a free vulnerability scanner for up to 32 IPs, now being used by nearly four thousand organizations. Zero Day Tracker provides a catalogue of the newest zero-day vulnerabilities, instructions for quick remediation, and a historical record of past vulnerabilities.eEye’s Vulnerability Expert Forum (VEF), hosted by Maiffret and the eEye Research Team, is a popular monthly webinar attended by hundreds of IT security professionals seeking insight and information on recently announced critical vulnerabilities from Microsoft and other software vendors.

eEye is participating in SecureWorld Expo’s “Dash for Prizes.” Attendees can register at the eEye Booth (313) throughout the two-day conference to win an Amazon Kindle and a $25 gift card. Winners will be announced during the last break of the conference on Wednesday, May 4. Attendees must be present to win.

About eEye Digital Security 
Since 1998, eEye Digital Security has made vulnerability and compliance management simpler and more efficient by providing the only unified solution that integrates assessment, mitigation, protection, and reporting into a complete offering with optional add-on modules for configuration compliance, regulatory reporting, and integrated patch management. eEye’s world-renowned research and development team is consistently the first to uncover critical vulnerabilities and build new protections into our solutions to prevent their exploit. Thousands of mid-to-large-size private-sector and government organizations, including the largest vulnerability management installations in the world, rely on eEye to protect against the latest known and zero-day vulnerabilities. More at eeye.com.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">eEye to Showcase IT Security Solutions that Simplify Vulnerability and Compliance Management at SecureWorld Expo in Atlanta"https://www.voiceofgreyhat.com/2011/04/eeye-to-showcase-it-security-solutions.html</a>

IE Flaw Can Cause Zero-Day Exploit

A security breach of Internet Explorer could occur if a hacker hijacks session cookies from users' visits to a Web site, According to Rosario Valotta, an Italian security researcher. In a process coined "cookiejacking" by Valotta, the stolen data can be used to carry out a zero-day attack. Successfully compromised systems can be installed with malware, send messages or forge clicks. The researcher warns that this flaw affects all versions of Microsoft’s Internet browser. The exploit only occurs when a user drags and drops an object across the PC screen. Valotta was able to test this by creating a Facebook game where users dragged articles of clothing to reveal an undressed photo of a woman. "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server, " Valotta told Reuters. "And I've only got 150 friends." To be leveraged into a zero-day attack a hacker would need to create an IFrame element in a Web site and have a user select the entire cookie. Using Valotta's Facebook demonstration as an example, the cookie would be hidden in the article of clothing object. Once a user drags the piece of clothing, this violates the browser’s cross-zone interaction policy, and allows the attacker access to the victim’s system. To add another level of difficulty when performing this attack, the exploit involves hackers knowing a potential victim’s Windows username and which OS version is being used -- before getting the user to select the entire content of the harmful cookie. While Microsoft is investigating the discovered flaw, Microsoft spokesman Jerry Bryant believes there is little risk of vulnerability being exploited. "Given the level of required user interaction, this issue is not one we consider high risk," said Bryant.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">IE Flaw Can Cause Zero-Day Exploit"https://www.voiceofgreyhat.com/2011/05/ie-flaw-can-cause-zero-day-exploit.html</a>

Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched

A Stanford University student recently discovered a security flaw with Adobe’s Flash Player that allowed malicious users to activate your webcam and microphone without your knowledge. They could then tap into the video and audio to watch and listen to your every move. OK, that sounded a lot less sensationalist in my head. Unfortunately, up until a few days ago, this exploit very much existed and Adobe was working feverishly on a fix. Feross Aboukhadijeh, the aforementioned Stanford student, wrote about the flaw on October 18.
According to Feross Aboukhadijeh:-

"I discovered a vulnerability in Adobe Flash that allows any website to turn on your webcam and microphone without your knowledge or consent to spy on you. It works in all versions of Adobe Flash that I tested. I’ve confirmed that it works in the Firefox and Safari for Mac browsers. Use one of those if you check out the live demo. There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux)."

Video Demo:-

Later Adobe issued a critical update for its Flash Player software. The patch fixes six security vulnerabilities, at least one of which is a zero-day vulnerability being actively exploited in the wild. The details of the Adobe security bulletin explain, "This update resolves a universal cross-site scripting issue that could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website (CVE-2011-2444)," adding, 

"Note: There are reports that this issue is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message."
The zero-day bug fixed today is similar to a flaw in Flash that was patched in June. Coincidentally, both the June vulnerability, and this one patched today were reported to Adobe by Google.

To download the Patch and more about Adobe Security Bulletin Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Adobe Flash Zero-day Exploit Which Allowing Others To Use Your Webcam Has Been Patched"https://www.voiceofgreyhat.com/2011/10/adobe-flash-zero-day-exploit-which.html</a>

Zero-day Exploit in iOS Games Exposed by a Teenagers (10-Year Old Girl)

A 10-year-old California girl’s presentation at a hacker conference in Las Vegas is getting a lot of attention. The girl, who uses the pseudonym “CyFi,” revealed a zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability Zero-day exploits are used or shared by attackers before the developer of the target software knows about the vulnerability. The girl first discovered the flaw earlier this year because she was bored with the pace of farm-style games.

While CyFi isn’t revealing which games are affected, most of them have time-dependent factors. She opened up the exploit by manually advancing a phone or tablet’s clock to force a game ahead in time. Some games block such a trick but the young hacker says she found ways to avoid those detections such as disconnecting the phone from Wi-Fi and making incremental clock adjustments.

CyFi’s presentation was part of DefCon Kids, a new offshoot of the annual hacker convention that features an area where kids can learn how to do things like open master locks, do certain kinds of hacks, code in scratch and communicate in code.

While her presentation at DefCon was her first public vulnerability disclosure, CyFi said she was only a little nervous. An artist, girl scout and downhill skier, she has spoken publically numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. According to her bio on the DefCon Kids Web site, CyFi has had her identity stolen twice.

Rosenblatt points out that the new DefCon Kids programming reflects that “members of the hacking community are getting older and raising families.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Zero-day Exploit in iOS Games Exposed by a Teenagers (10-Year Old Girl)"https://www.voiceofgreyhat.com/2011/08/zero-day-exploit-in-ios-games-exposed.html</a>

Total 14 Zero-day Vulnerability Found in SCADA By Italian Researcher

An Italian researcher has published details of a new batch of unpatched vulnerabilities found in the SCADA (Supervisory Control and Data Acquisition) products from seven different vendors.

Assessing the significance of the 14 zero-day vulnerabilities explained by Luigi Auriemma in proof-of-concept detail with exploit code is incredibly difficult to do, but they offer an unsettling picture of the flaws that seem to exist in systems normally hidden out of sight. The companies mentioned include Beckhoff, MeasureSoft, Rockwell, Carel, Progea, AzeoTech, and Cogent, products used to control industrial systems across sectors including manufacturing, aerospace, military, and more or less any sector that might use SCADA.

Auriemma has a record of hunting down flaws in SCADA technology, having published 34 zero-day holes in March 2011. He remains unrepentant about his public disclosure of security flaws for which no patches exist.

"I like only to find them [flaws] and releasing the informations (sic) as soon as possible," he explains on his website. "And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever the only responsible."

In the last year SCADA has gone from an obscure albeit important backwater of software security thanks probably to the discovery of a worm called Stuxnet, which was apparently deployed to attack systems used within the nuclear program of Iran over a year period from the summer of 2009 onwards.

Who created it and why has been speculated on ever since, but it was clear that profit-seeking criminals were an unlikely to have been behind it. With many suspecting the involvement of a government, suddenly SCADA seemed like a vulnerable underside for systems across almost every industry in the world.

SCADA exploits, meanwhile, have continued to be made public with disturbing regularity. 

-News Source (PC World & Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Total 14 Zero-day Vulnerability Found in SCADA By Italian Researcher"https://www.voiceofgreyhat.com/2011/09/total-14-zero-day-vulnerability-found.html</a>

Full Disclosure Of Pentagon Data-breach

We're all human, you know? That's roughly the trick that the hackers most likely relied on when, earlier this year, they managed to steal over 24,000 files from a defense contractor.

The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret—secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground.

What went down? Fast Company spoke to Nick Percoco, digital security expert and SVP at Trustwave's SpiderLabs, and familiar with exactly this sort of cyberattack, to get some insight.

How The Hack May Have Begun: Email Scams

The fact that the 24,000 stolen files came from a defense contractor is significant, Percoco notes. It's likely easier to get this sort of data from a contractor than launching an all-out attack on Pentagon servers themselves, because companies are full of people—people who are used to doing business in our digitally connected world. And even though an employee of a defense contractor is probably way more switched on to digital security than you or I, it's still not impossible to cheat someone with access to secret files into placing malware on their work laptop.

All it would take for a dedicated hacker is some basic research. If you wanted to steal data like this, you could start by targeting a particular employee via email—"We've seen this happen to defense contractors," Percoco notes. "Using technology like Google, and LinkedIn and other social networks" hackers could find out who best to target. Say they pick a particular EVP, and work out their email address is "JohnSmith@defencecontractorX.com." Then they work out who their colleagues or bosses may be all the way up to CEO level.

Then it's as simple as going to a source of hacking code using your underworld contacts (or using some of your own) and getting access to a "zero day exploit"—a new loophole in a computer or software system's security that hasn't been publicly discovered yet, and hence is still open for hacking use.

This is where the hack escalates. "In this case, they'd been looking for a zero-day exploit in, say, the Adobe PDF reader. And then they'd take a nice creative pen out and draft up a document that looks like it should be something important," Percoco said. After this, the hacker would set up something like a disposable Gmail account and make the screen name the same as one of the target's peers or the CEO of the company. Then they'd "craft up an email that says 'Here's an important document, some new announcement we're working on. Please review it and be ready for a call at 10 a.m. today.'" The trick is to send this to the target at around 7:30 a.m. local time, because the "best time to send those types of things is right before someone's had their coffee."

Typically the sleep-addled victim would trust the email as it's supposedly from a colleague, then launch the embedded PDF (or other faked document). Usually it causes the newly launched program—Adobe Reader in this example—to crash. But as it crashed, it would actually be installing malicious code on the machine. The virus is injected.

How The Attack Began: Website Sting

A similar attack is possible using a faked-up website that looks like it's actually related to the target company—one of those odd-looking, badly maintained websites that kinda looks official that we've all surfed to at some point and been confused by.

Some of these are actually storage pens for targeted malicious code, carefully honed to appear high on Google searches with SEO tricks. And when, say, a marketing official from the target company Googles to find out how their brand is being referenced around the web, they may stumble across one of these fake sites and trigger the release of malware onto their machine.

What Happened Next: Access Is King

Once the malicious code has been installed on the machine, the "sky's the limit," particularly via the email exploit. A well-coded virus code can evade detection and hide on the computer, doing various wicked things.

Often the "sole purpose of the executable is to go and find files on the person's computer and archive those in a zip file or RAR file, and then attempt to extract them from the system," Percoco said, based on his experience. The code could try lots of different routes, using FTP or HTTP or other protocols to get those files off the system. It's something he's seen in "many environments" and, worryingly, they're often "highly successful in getting those files." The code is typically designed to work on Windows machines, with almost no such exploits targeted at Macs—but Percoco agrees that this is at least partly due to the assumption by a hacker that a business user will be using a PC, not a Mac.

The success would be based on the fact no one's seen this particular kind of attack before (a zero-day exploit payoff) and it would easily circumvent any protective anti-virus software installed on the machine—because the protection doesn't know to look out for this type of virus. The only real way to avoid this sort of attack for the target to "avoid clicking on documents," which is clearly unlikely in the case of a business computer user. 

A smarter hacker would select a network administrator at the target company, because they're human, too. Their machine likely has even more interesting files that have data on network security, what kind of code is let in and let out of company firewalls, and so on.

Getting access to this sort of data (via the same email hack as described above) could let a persistent hacker penetrate a company's network and install a backdoor onto it—totally circumventing security because then "the attacker doesn't have to come in from the outside, they have code running on that system that will basically open up a connection back to the attacker"—not something network security is expecting. Then you can gain access to passwords and credentials to worm your way in further, eventually finding whatever sensitive data you're looking for.

The result could be a grim violation of company security. "We've seen those for a number of years, in all sorts of companies including government-type companies as well," Percoco says. 

Who Did This?

It's easy to see how a hacker could gain access to a machine and even a company network, and how easy it can be to transfer stolen files from infected computers to the hacker. But whois the hacker? The Deputy Secretary of Defense was careful to link it to "foreign" attackers—and considering this year's hacking news, we're instantly imagining China is to blame.

Percoco says his company does hundreds of investigations every year on attacks like these, and it's "very, very difficult to trace an attack to a specific person and specific political motivation." That's unless it's a hacktivist attack, when a group like Anonymous posts the data online and admits it was to blame—and even then "you don't know where these people are actually located."

A hacker could take his laptop down to a coffee shop, buy a cup of joe and "get on their free Wi-Fi system. And now they go and start looking around the world to find a computer that has a security weakness." Once they find it, they can use the hacked computer for a targeting scenario like the one described above, where they send a tainted email. Anyone tracing the code back after the attack was detected may find it sourced on a corporate computer in, say, China. And then they're stuck—because no one's "going to let the U.S. government come in and do a forensic investigation on some business located in China." 

Furthermore, it's rare that even this first Net address is where the attack is coming from—"they're always jumping through one or many systems" Percoco says, which could be in numerous nations and thus completely confound any attempts to track them. Which means the attacker actually could be located anywhere.

The Cold Cyberwar?

Suddenly, there's a much more sinister angle to the Pentagon hack. Forget "The Chinese Way of Hacking." More like "Even More Malicious Hackers Looking Like They're Using The Chinese Way Of Hacking."

-News Source (Gizmodo)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Full Disclosure Of Pentagon Data-breach"https://www.voiceofgreyhat.com/2011/07/full-disclosure-of-pentagon-data-breach.html</a>

Security firm exploits Chrome zero-day to hack browser, escape sandbox

 French security company Vupen said today that it's figured out how to hack Google's Chrome by sidestepping not only the browser's built-in "sandbox" but also by evading Windows 7's integrated anti-exploit technologies.

Google said it was unable to confirm Vupen's claims.

"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," said Vupen in a blog post Monday. "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

Vupen posted a video demonstration of its exploit on YouTube.

According to Vupen, its exploit can be served from a malicious Web site. If a Chrome user surfed to such a site, the exploit executes "various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level."

Vupen used the Windows Calculator only as an example: In an actual attack, the "calc.exe" file would be replaced by a hacker-made payload.

Historically, Chrome has been the most difficult browser to hack, primarily because of its sandbox technology, which is designed to isolate Chrome from the rest of the machine to make it very difficult for a hacker to execute attack code on the PC.

For example, Chrome has escaped unscathed in the last three Pwn2Own hacking contests, an annual challenge hosted by the CanSecWest conference in Vancouver, British Columbia, and sponsored by HP TippingPoint's bug bounty program.

Last March, a team from Vupen walked away with a $15,000 cash prize afterhacking Safari, the Apple browser that, like Chrome, is built on the open-source WebKit browser engine.

But no one took on Chrome at 2011's Pwn2Own, even though Google had offered a $20,000 prize to the first researcher who hacked the browser and its sandbox.

The Vupen attack code also bypassed Windows 7's ASLR (address space layout randomization) and DEP (data execution prevention), two other security technologies meant to make hackers' jobs tougher.

Vupen said it would not publicly release details of the exploit, or the unpatched bug(s) in Chrome. "This code and the technical details of the underlying vulnerabilities will not be publicly disclosed," said Vupen. "They are shared exclusively with our Government customers as part of our vulnerability research services."

Last year, Vupen changed its vulnerability disclosure policies when it announced it would no longer report bugs to vendors, but instead would reveal its research only to paying customers.

Other security experts reacted today to the news of one or more Chrome zero-days, and to Vupen's practice of providing details only to its clients.

"I suppose that means we have a known Chrome 0-day floating around. That's fun," said Jeremiah Grossman, CTO of WhiteHat Security, in a Twitter message today.

"That also means for that the [government] is outbidding Google for bug bounties," Grossman added in a follow-up tweet.

"For now, the [government] still has more money than Google," chimed in Charlie Miller, the only researcher who has won cash prizes at four straight Pwn2Own contests.

Google, like rival browser maker Mozilla, runs a bounty program that pays independent researchers for reporting flaws in Chrome. Last month, Google paid out a record $16,500 in bounties for bugs it patched in a single update. In the first four months of 2011, Google spent more than $77,000 on bug bounties.

Google cited Vupen's policy of not reporting flaws as the reason it could not verify the French firm's assertions.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security firm exploits Chrome zero-day to hack browser, escape sandbox"https://www.voiceofgreyhat.com/2011/05/security-firm-exploits-chrome-zero-day.html</a>