A take on the security news, week 46 2015

Fri 13 November 2015

A take on the security news, week 46 / 2015. I summarize some of the news that I considered noteworthy related to information security this week.
Putty vulnerability, java deserialization, ransomware on Linux, patch tuesday

Monday

Putty vulnerability

http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html

The economist hit by PageFair

Quoting from economist.com:

If you visited economist.com at any time between Oct. 31, 23:52 GMT and Nov. 1, 01:15 GMT, using Windows OS and you do not have trusted anti-virus software installed, it is possible that malware, disguised as an Adobe update, was downloaded onto your PC.

http://www.economist.com/help/pagefair

An end to end measurement of certificate revocation

In this paper researchers are looking into how different webbrowsers handles the check for expired certificates. Amongst the findings are that a lot of browsers does not (mobile browsers almost never) check the revocation status.

https://web.stanford.edu/~aschulm/docs/imc15-revocation.pdf

Tuesday

Java deserialization vulnerability in the common-collections framework

Thus vulnerability is almost a year old, but have not got any attention before now. The vulnerability is in the common- collections framework which is used in many popular products including websphere, jboss, jenkins, and weblogic.

The article contains backgroundinformation about serialization, how to exploit the vulnerability, and how to patch your affected system.

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thevulnerability

Encryption ransomware target the Linux platform

This ransomware is discuised as a trojan, and judging by the file that is encrypted the target is website administrators.

Compromised files are given the extension .encrypted, and a ransom note is placed in every folder with encrypted files. The ransom has to be paid with bitcoins.

https://news.drweb.com/show/?i=9686&lng=en&c=14

Wednesday

Microsoft patches

MS products have got their monthly security patches, I list the ones that is rated critical:

  • Internet Explorer
  • Edge
  • Microsoft Office
  • Microsoft Journal
  • OpenType fonts
  • Lync and Skype

One of the patches for Office was reported to crash Outlook 2010, the patch got re-released after a couple of days.

https://isc.sans.edu/forums/diary/November+2015+Microsoft+Patch+Tuesday/20359/

https://social.technet.microsoft.com/Forums/windows/en-US/336eae75-b5f4-41ea-bd2b-5f0248585a66/blank-screen-after-pressing-ctrlaltdel-for-login-after-windows-updates-no-way-of-logging-in-on?forum=w7itpronetworking

Adobe patches

Adobe Flash player and Adobe Air have got their monthly security patches.

https://helpx.adobe.com/security/products/flash-player/apsb15-28.html

Thursday

Oracle Releases Security Alert For Java Deserialization Vulnerabiliy in WebLogic Server

Quoting from oracle:

This is a remote code execution vulnerability and is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html

iOS and Android malware steals Instagram passwords

Maybe the first malware that hits both appstores at the same time, Instaagent will send your Instagram username and password to the Instaagent server.

The malware is now pulled from both stores, but if you have used it you should probably change your Instagram password.

https://twitter.com/PeppersoftDev/status/664066647360151552

Linux ransomware fails due to predictable encryption key

The Linux ransomware mentioned earlier this week seems to use the built-in prng to generate the encryption key. The not- so-random randomgenerator is given a timestamp and the result is being used to create the key. Both the timestamp and the “randomness” are predictable so if you have been hit by this ransomware there is a fair chance that you can get your files decrypted without paying the ransom.

http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/

Friday

Comments