A take on the security news, week 46 2015
Monday
Putty vulnerability
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
The economist hit by PageFair
Quoting from economist.com:
If you visited economist.com at any time between Oct. 31, 23:52 GMT and Nov. 1, 01:15 GMT, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC.
http://www.economist.com/help/pagefair
An end to end measurement of certificate revocation
In this paper researchers are looking into how different webbrowsers handles the check for expired certificates. Amongst the findings are that a lot of browsers does not (mobile browsers almost never) check the revocation status.
https://web.stanford.edu/~aschulm/docs/imc15-revocation.pdf
Tuesday
Java deserialization vulnerability in the common-collections framework
Thus vulnerability is almost a year old, but have not got any attention before now. The vulnerability is in the common- collections framework which is used in many popular products including websphere, jboss, jenkins, and weblogic.
The article contains backgroundinformation about serialization, how to exploit the vulnerability, and how to patch your affected system.
Encryption ransomware target the Linux platform
This ransomware is discuised as a trojan, and judging by the file that is encrypted the target is website administrators.
Compromised files are given the extension .encrypted, and a ransom note is placed in every folder with encrypted files. The ransom has to be paid with bitcoins.
https://news.drweb.com/show/?i=9686&lng=en&c=14
Wednesday
Microsoft patches
MS products have got their monthly security patches, I list the ones that is rated critical:
- Internet Explorer
- Edge
- Microsoft Office
- Microsoft Journal
- OpenType fonts
- Lync and Skype
One of the patches for Office was reported to crash Outlook 2010, the patch got re-released after a couple of days.
https://isc.sans.edu/forums/diary/November+2015+Microsoft+Patch+Tuesday/20359/
Adobe patches
Adobe Flash player and Adobe Air have got their monthly security patches.
https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
Thursday
Oracle Releases Security Alert For Java Deserialization Vulnerabiliy in WebLogic Server
Quoting from oracle:
This is a remote code execution vulnerability and is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
iOS and Android malware steals Instagram passwords
Maybe the first malware that hits both appstores at the same time, Instaagent will send your Instagram username and password to the Instaagent server.
The malware is now pulled from both stores, but if you have used it you should probably change your Instagram password.
https://twitter.com/PeppersoftDev/status/664066647360151552
Linux ransomware fails due to predictable encryption key
The Linux ransomware mentioned earlier this week seems to use the built-in prng to generate the encryption key. The not- so-random randomgenerator is given a timestamp and the result is being used to create the key. Both the timestamp and the "randomness" are predictable so if you have been hit by this ransomware there is a fair chance that you can get your files decrypted without paying the ransom.
http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/