A take on the security news, week 48

Wed 26 November 2014

A take on the security news, week 48 / 2014. I summarize some of the news that I considered noteworthy related to information security this week.

Spearfishing works, Kaspersky Q3 report, Adobe Flash update, Sony pictures hacked and Twitter wants to know about all your installed apps.

  • Monday

A patch history of Object Packager

Interesting analysis from HP about the Sandworm exploit in Windows. It seems that similar code has been patched multiple times at earlier stages, but it seems that MS doesnt get it quite right because the same problem exists multiple places in the code.

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/SandWorm-s-target-A-patch-history-of-Object-Packager/ba-p/6675618#.VHY7E1tCbLK

Spearfishing works

Italian researcher finds that 1 of 5 employees in big companies felt for spearfishing attacks. Name and information about colleagues and internals are grabbed from open sources and used in the spearfishing attack.

https://deepsec.net/speaker.html#PSLOT157

Kaspersky Q3 IT threat evolution

Cited from Kapersky's site:

Highlights are: the Shellshock vulnerability, Crouching Yeti/Energetic Bear, Epic Turla APT campaigns, a significant increase in the number of malicious attacks (of various kinds), and a burst of mobile banking Trojans.

https://securelist.com/analysis/quarterly-malware-reports/67637/it-threat-evolution-q3-2014/

  • Tuesday

Vulnerability in less

There is feature in less that let your pipe the output trough external commands. Some of this scripts that are available can be vulnerable thus making the use of less vulnerable too. The quickfix is to disable the lesspipes by unset LESSOPEN and LESSCLOSE if set by your distrobution of choice.

http://seclists.org/fulldisclosure/2014/Nov/74

Regin statesponsored malware dissected

Regin is described as a "cyber-attack platform" which can be deployd inside victims network to gain remote controll on all levels. A detailed analyis of the malware is available through the links below.

http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

  • Wednesday

Out of band update for Flash

Security updates for Flash on Mac, Linux and Windows that provides additional hardening against CVE-2014-8439 which was originally patched 14.oktober 2014. As always with Flash, go fetch update as soon as possible.

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

How secure are security seals

Third-party security seals are often used by sites to convince users that the site is secure. This is specially true for e-commerce sites as we now entering the holiday - shopping season. The third-party services scans the site for known vulnerabilities and the site pass the tests it get rewarded with a "secure" seal they can show their customer. But are this really secure?

The paper is exploring the ecosystem around the third-party security seals and points out vulnerabilities with the process and flaws in the penetration testing that get you qualified for the seals.

http://securitee.org/files/seals_ccs2014.pdf

  • Thursday

Twitter wants to know about the other apps you have installed

To target ads, twitter wants to collect information about the other apps you have installed on your phone. The article below explains how you can disable this spying on Android and iOS.

https://nakedsecurity.sophos.com/2014/11/27/twitter-to-start-snooping-at-which-apps-you-have-installed-heres-how-to-opt-out/

Syrian Elecronic Army deface websites

The attack affected news websites such as Forbes, PC World, Daily Telegraph, The Independent and more. The attack was really not a breach of the websites itself, but a third-party component used on the affected sites. The attackers managed to hijack the DNS of the third-party service and inject messages into the news sites by pointing the DNS to rogue content.

http://www.pcworld.com/article/2853252/syrian-electronic-army-posts-hacking-message-on-several-news-sites.html

  • Friday

Sony harassed again

Hackers has released a list of files they claim to stolen from the internal network at Sony Pictures.

http://arstechnica.com/security/2014/11/sony-pictures-hackers-release-list-of-stolen-corporate-files