Posted by Avik Sarkar
On 3/11/2013 02:55:00 am
Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived
Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges
. Now the result of this long awaited
security competition
has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only
Apple's Safari has so far survived the onslaught of the browser-breakers where
Chrome,
Internet Explorer 10 and
Firefox all fell to the mercy of the hackers.
Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell
three times, though under the contest rules, only the first attacker was due to win the
$20,000 prize.
Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a
tweet,
“We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning
$100,000 for finding a huge hole. Again in a
tweet, Security firm
Vupen explained
“We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm
MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also
“demonstrated a full sandbox bypass exploit.” The company explained in a
blog post that it found a zero-day in Chrome
“running on a modern Windows-based laptop.” It was able to exploit the
vulnerability by performing a very similar attack to what took down
Facebook,
Microsoft, and a number of other
well-known companies: It had the laptop visit a malicious website.
Now lets take look at the final score board of Pwn2Own 2013:
Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED
Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED
The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-
- James Forshaw: Java = $20K
- Joshua Drake: Java = $20k
- VUPEN Security: IE10 + Firefox + Java + Flash = $250k
- Nils & Jon: Chrome = $100k
- George Hotz: Adobe Reader = $70k
- Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities Here also for
Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization along with that, the expected
patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with
VOGH and be safe on the Internet.
-Source (HP, Naked Security)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 1/24/2013 06:58:00 pm
Pwn2Own 2013 -Hack Major Web-browser, Adobe Reader, Flash or Java & Earn in Million Dollars
Since the last two years the Pwn2Own hacker contest has become an important fixture in the world of testing the security of software applications, operating systems and hardware devices. In last two years we have seen several hackers, security professionals have expressed their enthusiasm and joined Pwn2Own where four major and widely browser's security get compromised, in order to make applications, software more safe and secure. Last year we have reported how different hackers across the globe taken part in Pwn2Own and successfully hacked Google Chrome, IE & Firefox, and earned millions of dollars. But the contest of this year has some more twist than before as, HP TippingPoint and Google, sponsor of Pwn2Own, has made clear that it is expanding the focus of the competition beyond browsers. Also, Pwn2own 2013 will include $560,000 in prize money for demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Oracle Java.
Contest Dates:-
Rules & Prizes:-
HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
- Web Browser
- Google Chrome on Windows 7 ($100,000)
- Microsoft Internet Explorer, either
- IE 10 on Windows 8 ($100,000), or
- IE 9 on Windows 7 ($75,000)
- Mozilla Firefox on Windows 7 ($60,000)
- Apple Safari on OS X Mountain Lion ($65,000)
- Web Browser Plug-ins using Internet Explorer 9 on Windows 7
- Adobe Reader XI ($70,000)
- Adobe Flash ($70,000)
- Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.
Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money. The initial vulnerability utilized in the attack must be in the registered category.
Along with prize money, the contestant will receive the compromised laptop and 20,000 ZDI reward points* which immediately qualifies them for Silver standing.
Registration:-
Contestants are asked to pre-register by contacting ZDI via e-mail at zdi@hp.com. This will allow the organizer to ensure that they have the necessary resources in place to facilitate the attack. If more than one contestant registers for a given category, the order of the contestants will be drawn at random.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 11/09/2012 04:30:00 am
Chrome 23 Closes 15 Security Vulnerabilities, Promises Longer Battery Life & Added Do Not Track (DNT)
The searching giant Google finally included the Do Not Track (DNT) option into its first stable version of the company's browser which is Google Chrome 23. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser. Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. Also the Redmond based software giant drew some criticism recently for its decision to enable Do Not Track by default in IE 10. First it was Mozilla who proposed the Do Not Track mechanism, in Firefox in June 2011 when it released Firefox 5. The DNT option is disabled by default in Chrome and in order to turn it on, users need to go to the customization menu in the top right corner of the browser window. Then click on the Settings option in the left side and scroll down to open the Advanced Settings menu. Under the Privacy menu, check the box next to the "Send a 'Do Not Track' request with your browsing traffic" option. Once that option is enabled, the user will see a message explaining what the DNT system will do for them.
Not only DNT, with the release of Chrome 23, Google closes several security holes and promises to improve battery life for some users. For systems with dedicated graphics chips that support Chrome's GPU-accelerated video decoding, version 23 of the WebKit-based browser is said to significantly reduce power consumption. According to Google, batteries lasted on average 25% longer in its tests when GPU-accelerated video decoding was enabled compared to only using a system's CPU when streaming online videos. Version 23 of Chrome also addresses a total of 15 security vulnerabilities in the browser, 6 of which are rated as "high severity". These include high-risk use-after-free problems in video layout and in SVG filter handling, a integer bounds check issue in GPU command buffers and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers has also been fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, and a low-risk have also been corrected. As part of its Chromium Security Vulnerability Rewards program, Google paid security researchers $9,000 for discovering and reporting these flaws. The update to Chrome also includes a new version of the Adobe Flash Player plugin which eliminates a number of critical vulnerabilities, all of which were discovered by the Google Security Team. Further information about the new features can be found in the release announcement, while a full list of security fixes is provided in a post on the Chrome Releases blog. Chrome 23.0.1271.64 is available to download for Windows, Mac OS X and Linux users.
-Source (Google Chrome Blog, The-H & threatpost)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 11/09/2012 04:30:00 am
Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched
Adobe- American multinational computer software company has released new versions of its
Flash Player to eliminate a number of critical
vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers;
CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are
buffer overflows,
CVE-2012-5279 is a
memory corruption issue and
CVE-2012-5278 is a
security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the
security bulletin Adobe said that it has released security updates for
Adobe Flash Player 11.4.402.287 and earlier versions for
Windows and
Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for
Linux, Adobe Flash Player 11.1.115.20 and earlier versions for
Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:-
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.
AFFECTED SOFTWARE VERSIONS:-
- Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.243 and earlier versions for Linux
- Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
- Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
- Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android
To verify the version of Adobe Flash Player installed on your system, access the
About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x. To verify the version of
Adobe AIR installed on your system, follow the instructions in the
Adobe AIR TechNote. Adobe also recommended its
Adobe AIR users to update to 3.5.0.600.
While talking about security patches in Adobe product, we
want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 10/16/2012 07:34:00 pm
Whonix -Anonymous Operating System Based on Debian/GNU Linux & Tor
Whonix, which is earlier called TorBOX or aos; now been reintroduced with a new style. This time we got a complete anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor. According to the project wiki page - in Whonix IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two virtual machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.
We request our reader to See Security for a more comprehensive description, security features and threat model. You can even go through with full change log and also download the source code from github.
Key Features:-
- Adobe Flash anonymously
- browse the web anonymously
- Anonymous IRC
- Anonymous Publishing
- Anonymous E-Mail with Mozilla Thunderbird and TorBirdy
- Add a proxy behind Tor (Tor -> proxy)
- Based on Debian GNU/Linux.
- Based on the Tor anonymity network.
- Based on Virtual Box.
- Can torify almost any application.
- Can torify any operating system
- Can torify Windows.
- Chat anonymously.
- Circumvent Censorship.
- DNSSEC over Tor
- Encrypted DNS
- Full IP/DNS protocol leak protection.
- Hide the fact that you are using Tor/Whonix
- Isolating Proxy
- Java anonymously
- Javascript anonymously
- Location/IP hidden servers
- Prevents anyone from learning your IP.
- Prevents anyone from learning your physical location.
- Private obfuscated bridges supported.
- Protects your privacy.
- Protocol-Leak-Protection and Fingerprinting-Protection
- Secure And Distributed Time Synchronization Mechanism
- Security by Isolation
- Stream isolation to prevent identity correlation through circuit sharing
- Virtual Machine Images
- VPN/Tunnel Support
- Whonix is produced independently from the Tor (r) anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
- Transparent Proxy
- Tunnel Freenet through Tor
- Tunnel i2p through Tor
- Tunnel JonDonym through Tor
- Tunnel Proxy through Tor
- Tunnel Retroshare through Tor
- Tunnel SSH through Tor
- Tunnel UDP over Tor
- Tunnel VPN through Tor
To Download Whonix-0.4.5 Click Here. Before download please note that Whonix is produced independently from the Tor anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/29/2012 02:33:00 am
Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware
Few advanced hackers have managed to break into an internal server at
Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain
malware. This
security breach took place on Thursday and the software giant Adobe confirmed that the
attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system.
As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files. According to Brad Arkin, senior director of product security and privacy for Adobe “This only affects the Adobe software signed with the impacted
certificate that runs on the Windows platform and three Adobe AIR
applications that run on both Windows and Macintosh,”
Arkin wrote. “The
revocation does not impact any other Adobe software for Macintosh or
other platforms.” The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote
In another blog
posted by Arkin, he said that, generally speaking,
most Adobe users won't be affected.
"Is your Adobe software vulnerable because of this issue?" he wrote.
"No". This issue has no impact on the security of your genuine Adobe
software. Are there other security risks to you? We have strong reason
to believe that this issue does not present a general security risk. The
evidence we have seen has been limited to a single isolated discovery
of two malicious utilities signed using the certificate and indicates
that the certificate was not used to sign widespread malware."
The "build" server that was compromised was not configured according
to Adobe's corporate standards, but that shortfall wasn't caught during
the provisioning process, Arkin said. He added that the affected server
did not provide the adversaries with access to any source code for other
products, such as the popular Flash Player and Adobe Reader and Acrobat
software.
Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2, Gamigo, Blizzard, Yahoo, LinkedIn, eHarmony, Formspring, Android Forums, Gamigo, Nvidia,Blizzard and Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH.
UPDATE: Recently we got an update, where Adobe denies the breach. In their later press release an Adobe spokeswoman said the certificate was not actually stolen:
"Adobe has stringent security measures in place to protect its code
signing infrastructure. The private keys associated with the Adobe code
signing certificates were stored in Hardware Security Modules (HSMs)
kept in physically secure facilities. We confirmed that the private key
associated with the Adobe code signing certificate was not extracted
from the HSM."
-Source (Adobe, SC Magazine, WIRED)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/11/2012 12:06:00 am
Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)
Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer preview, developer preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale.
"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.
Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum,
a company representative announced on Aug. 23 that there would be no
Flash update for Windows 8 and IE10 until late October. "Since Windows 8
has not yet been released for general availability, the update channel
is not active," said Chris Campbell, identified as an Adobe employee.
"Once this goes live, you'll start getting updates to Flash Player."
-Source (Computer World)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/09/2012 04:05:00 pm
Google Hackers Who Unleashed Hydraq/Aurora Trojan Strikes Again
Computer security firm Symantec has unveiled, that a hacker group which unleashed the Hydraq or Aurora Trojan horse against Google and 34 other companies in 2009 has also been linked to attacks that have compromised systems at defense contractors, human rights organizations, and other large groups. According to the official blog of Symantec- they have been monitoring the activities of that hacker group since last three years and figure out that these attackers have used a large number of zero-day exploits against not just the intended target organization, but also on the supply chain manufacturers that service the company in their cross hairs. These attackers are systematic and re-use components of an infrastructure we have termed the "Elderwood Platform". The term "Elderwood" comes from the exploit communication used in some of the attacks. This attack platform enables them to quickly deploy zero-day exploits. The attacking methodology has always used spear phishing emails but we are now seeing an increased adoption of "watering hole" attacks (compromising certain websites likely to be visited by the target organization). The overall campaign by this group has been dubbed by the name "Elderwood Project".
Serious zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero-day vulnerabilities used by the Elderwood attackers. Although there are other attackers utilizing zero-day exploits (for example, the Sykipot, Nitro, or even Stuxnet attacks), we have seen no other group use so many. The number of zero-day exploits used indicates access to a high level of technical capability. Here are just some of the most recent exploits that they have used:
- Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
- Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
- Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
- Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)
Symantec have published a research paper that details the links between various exploits used by this attacking group, their method of targeting organizations, and the Elderwood Platform. It puts into perspective the continuing evolution and sheer resilience of entities behind targeted attacks.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 9/06/2012 04:31:00 pm
Hackers Sending Rogue 'Microsoft Services Agreement' Emails Exploiting Java Vulnerability
Cyber criminals are distributing mass on the internet while sending rogue email notifications about changes in
Microsoft's Services Agreement to trick people into visiting
malicious pages that use a recently circulated
Java exploit to infect their computers with
malware.
Oracle left a
security flaw in one of the world’s most widely used programs unpatched for four months and then
issues a half-baked fix, the company is practically inviting cyber criminals to exploit its users en mass. And as expected the invitation has been accepted.
The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce
changes to the company's Services Agreement that will take effect Oct. 19.
"This email is a legitimate announcement regarding updates to the
Microsoft Services Agreement and Communication Preferences," a Microsoft
program manager for supporting mail technologies who identifies herself
as Karla L, said on the Microsoft Answers website in response to a user inquiring about the authenticity of the email message.
However,
she later acknowledged the existence of reports about malicious emails
that use the same template. "If you received an email regarding the
Microsoft Services Agreement update and you're reading your email
through Hotmail or Outlook.com, the legitimate email should have a Green
shield that indicates the message is from a Trusted Sender," she said.
"If the email does not have a Green shield, you can mark the email as a
Phishing scam."
However,
in the malicious versions of the emails, the correct links have been
replaced with links to compromised websites that host attack pages from
the
Blackhole exploit toolkit. Blackhole is a tool used by
cybercriminals to launch Web-based attacks that exploit vulnerabilities
in browser plug-ins like
Java,
Adobe Reader or
Flash Player, in order to
install malware on the computers of users who visit compromised or
malicious websites.
This type of attack is known as a drive-by
download and is very effective because it requires no user interaction
to achieve its goal. The malicious Java applet used in
this attack is detected by only eight
of the 42 anitivirus engines available on the VirusTotal file scanning
service. The
Zeus variant has a similarly low detection rate.
"We're receiving multiple reports of a phishing campaign using the
template from a legitimate Microsoft email regarding Important Changes
to Microsoft Services Agreement and Communication Preferences," Russ
McRee, security incident handler at the SANS Internet Storm Center, said
Saturday in a
blog post.
-Source (Info World)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 6/02/2012 02:03:00 am
Microsoft Launched Windows 8 Release Preview (Final Pre-Release Version of Windows 8)
After Consumer Preview Windows 8 & Windows 8 Developer Preview now Microsoft just announced final pre-release version of Windows 8 named Windows 8 Release Preview. Windows 8 is considered to be the biggest change in decades to Microsoft's widely used operating system. In a blog post, Steven Sinofsky, Microsoft's top Windows executive, touted the Release Preview as the "final pre-release" build, and talked about the next milestone, RTM, for "release to manufacturing," the label that describes the completed version used by computer makers to pre-install the operating system on new PCs. The software displays applications in a mosaic of tiles and has been designed so it can run desktop, laptop and tablet computers. In this final pre-release, and includes Windows 8, Internet Explorer 10, new Windows 8 apps for connecting to Hotmail, SkyDrive, and Messenger (and many more), and hundreds of new and updated apps in the Windows Store. Other new apps in this release include a Bing Travel app, as well as Gaming and Music Xbox apps that integrate with Microsoft’s Zune music service. Microsoft says that it will focus its resources before launching the final version of Windows 8 on improving the installation process, security and privacy, as well as device and software compatibility. As Microsoft’s president of its Windows Division Steven Sinofsky noted, his team “will still be changing Windows 8, as we have done in past releases of Windows.”
Microsoft also says that it has increased personalization options for the Start screen and refined the way “the way people find and download apps through the Windows Store.” The touch-friendly Metro version of Internet Explorer now also supports Adobe’s Flash player and features a Do Not Track feature that is turned on by default.
To Download Windows 8 Release Preview Click Here
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/14/2012 03:48:00 pm
Security Bulletin for Photoshop, Adobe Recommended to Buy CS6 To Addresses Those Vulnerabilities
It seems
Adobe remained very busy while issuing security updates in their products. Few days ago Adobe closed a newly found Zero-day hole in its popular Flash Player program. Now it comes the time for Photoshop, Adobe released a
security upgrade for Adobe
Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. In the case of the Windows and Mac versions of Adobe Photoshop, a
vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.
Adobe has released
Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. This upgrade resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references:
www.securityfocus.com/bid/52634/).
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 5/08/2012 12:36:00 am
Adobe Plugged Newly Found Zero-day Hole In Flash Player
Adobe warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug. The vulnerability allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file. Adobe released security updates for
Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability
(CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Affected Software Version :-
- Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
- Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x
Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9. For detailed information and to see the security bulletin of Adobe click
here.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 3/07/2012 03:11:00 pm
Adobe SWF Investigator: A Tool To Analyze Flash Files For Security Researcher, Engineers & Developers
Adobe Labs officially announced Adobe SWF Investigator for analyzing Flash files in details. Whether a security expert wants to look into a Flash exploit or a developer wants to debug their own project, the tool collection can be used, among other things, to decompile SWF files in order to then examine the ActionScript source code.
Brief About Adobe SWF Investigator:-
Adobe® SWF Investigator is the only comprehensive, cross-platform, GUI-based set of tools, which enables quality engineers, developers and security researchers to quickly analyze SWF files to improve the quality and security of their applications. With SWF Investigator, you can perform both static and dynamic analysis of SWF applications with just one toolset. SWF Investigator lets you quickly inspect every aspect of a SWF file from viewing the individual bits all the way through to dynamically interacting with a running SWF.
SWF Investigator Features:-
- From a static perspective, you can disassemble ActionScript 2 (AS2) and ActionScript 3 (AS3) SWFs, view SWF tags and make binary changes to SWF files. SWF Investigator also lets you view associated information, including local shared objects (LSOs) and per site settings.
- From a dynamic perspective, you can call functions within the SWF, load the SWF in various contexts, communicate via local connections and send messages to Action Message Format (AMF) endpoints in order to test more effectively.
- SWF Investigator contains an extensible fuzzer for SWF applications and AMF services, so you can search for common Web application attacks. This toolset also provides a variety of utilities including encoders and decoders for SWF data, as well as a basic compiler for testing small pieces of ActionScript code.
Additional Benefits:-
- SWF Investigator is the only application of its kind that's built on Adobe AIR – a versatile runtime that supports ActionScript, the language used to create SWF applications. This allows for native interaction between the SWF Investigator and the SWF application. Using ActionScript also makes the source code of the tool more intuitive for SWF developers.
- SWF Investigator has the ability to auto-update, so you don't need to worry about whether or not you have the most current version.
- Since it's an open source AIR application, SWF Investigator can be modified to fit your environment, and it is cross-platform.
To Download Adobe SWF Investigator Preview Version Click Here
-Source (Adobe)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 2/24/2012 10:32:00 pm
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
