UK InfoSec Review for January 2013
Microsoft release an Emergency “Critical” patch for Internet Explorer V6, 7 & 8
- Patches released this patch out-of-band on 14th January 2013
- Patch remediates a public disclosed remote code execution vulnerability in IE
- Patches released as part of the ‘Patch Tuesday’ cycle on 8th January 2013
- Patches address vulnerabilities in Windows, Office, Developer Tools, .NET Framework and server
- Patches released as part of ‘Patch Tuesday’ cycle on 8th January 2013
- Researchers at Radware who investigated the attacks for several banks found that the traffic was coming from data centres around the world. They discovered that various cloud services and public Web hosting services had been infected with a particularly sophisticated form of malware, called Itsoknoproblembro, that was designed to evade detection by antivirus programs. The malware has existed for years, but the banking attacks were the first time it used data centres to attack external victims
- Two purported members of the Anonymous online collective were sentenced on in London to prison time for launching distributed denial-of-service attacks against PayPal.
- Distributed denial-of-service (DDoS) attacks against several U.S. bank sites was launched after offensive anti-Muslim video appeared on YouTube
- On 29th January Hacktivists suspended their bank DDoS campaign
- Hackitivists continue to organise and launch DDoS and data theft attacks on businesses around the world. Hackitivist attacks against businesses can materialise extremely quickly, DDoS attacks typically prove successful as most business do not have adequately DDoS defences built into their web facing IT infrastructure.
- In this DDoS example the banks have nothing to do with the YouTube posted offensive video, but were targeted to make a political point