Sunday, 3 February 2013

UK InfoSec Review for January 2013

Microsoft release an Emergency “Critical” patch for Internet Explorer V6, 7 & 8 
  • Patches released this patch out-of-band on 14th January 2013 
  • Patch remediates a public disclosed remote code execution vulnerability in IE 
Microsoft release 2 ‘Critical’ and 5 ‘Important’ Security Patches
  • Patches released as part of the ‘Patch Tuesday’ cycle on 8th January 2013 
  • Patches address vulnerabilities in Windows, Office, Developer Tools, .NET Framework and server 
Abode release patches for fix 27 vulnerabilities in Adobe Reader, Acrobat & Flash
  • Patches released as part of ‘Patch Tuesday’ cycle on 8th January 2013 
Hackers Used Data Centres to Supercharge Attacks
  • Researchers at Radware who investigated the attacks for several banks found that the traffic was coming from data centres around the world. They discovered that various cloud services and public Web hosting services had been infected with a particularly sophisticated form of malware, called Itsoknoproblembro, that was designed to evade detection by antivirus programs. The malware has existed for years, but the banking attacks were the first time it used data centres to attack external victims 
Anonymous PayPal attackers jailed in the UK
  • Two purported members of the Anonymous online collective were sentenced on in London to prison time for launching distributed denial-of-service attacks against PayPal. 
Hacktivists forecast continued DDoS campaign against banks
  • Distributed denial-of-service (DDoS) attacks against several U.S. bank sites was launched after offensive anti-Muslim video appeared on YouTube 
  • On 29th January Hacktivists suspended their bank DDoS campaign 
  • Hackitivists continue to organise and launch DDoS and data theft attacks on businesses around the world. Hackitivist attacks against businesses can materialise extremely quickly, DDoS attacks typically prove successful as most business do not have adequately DDoS defences built into their web facing IT infrastructure. 
  • In this DDoS example the banks have nothing to do with the YouTube posted offensive video, but were targeted to make a political point 

2 comments: said...

Thankf for sahring!!!


Thank you for the beautiful information