Tuesday, 4 December 2012

UK InfoSec Review for November 2012

Vital Microsoft (4 critical) and Adobe (7 critical flash) Security patches released this month.
  • Adobe have joined Microsoft in with releasing patches on Microsoft’s Patch Tuesdays, such is the regularity of new vulnerabilities that are found in their applications.
Fraudulent Westminster Council parking charge emails sent
  • At least 800 fraudulent emails have been sent telling people they owe Westminster Council money for parking.
  • Westminster's contractor, PayByPhone, said it had been the victim of a phishing scam. 
  • The council said it had received complaints from 800 people saying they had received fraudulent emails. However, it could not provide an estimate for the number of emails that had been sent out. 
  • Spam Emails are becoming more sophisticated and believable to end consumers, with attacks become more targeted against organisations, and personalised using stolen information. It is worth noting consumers and media can place blame at organisations for such attacks, as in this case.
Police arrest man over Home Office Distributed Denial of Service Attacks
  • Police have arrested a 41-year-old man in connection with distributed denial-of-service attacks against the websites of the Home Office and home secretary Theresa May.
  •  The Anonymous hacktivist group claimed to have launched a series of distributed denial-of-service (DDoS) attacks against the Home Office and Theresa May in April this year.
Sophos multiple critical flaws flagged by researcher
  • Google researcher said that security professionals should "exclude Sophos products from consideration for high value networks and assets" and "A sophisticated state-sponsored or highly motivated attacker could devastate the entire Sophos user base with ease."
  • UK police have arrested three men suspected of being involved in thousands of phishing attacks on banking customers.
  • One Nigerian and two Romanian men were arrested at a central London hotel on conspiracy to defraud and money laundering charges.
  • The three men were allegedly involved in an operation that placed over 2,000 phishing pages on the internet
For Sale: Cheap access to corporate computers
  • Cyber-criminals are openly selling illegal access to the computer networks of many of the world's biggest companies.
  • One website called Dedicatexpress offers 17,000 server, with about 300,000 servers listed since the site started in 2010
  • List includes UK company servers for sale
  • Burglars seem to be exploiting a bug in widely used electronic key card door locks to steal from hotels.
  • Insurance firms said they expected to be "hit hard" as knowledge of the hack spread among professional thieves. 
  • UK swipe card systems are said to be also threaten by this and other similar vulnerabilities
Gartner warning on cloud security: Outages are bigger risk than breaches
  • Gartner analyst says the biggest concern should not be that data could be compromised in the cloud, but rather that there may be a cloud outage that could lead to data loss. 
  • Amazon Web Services, the market-leading cloud provider, has experienced three major outages in the past two years. After an April 2011 Elastic Compute Cloud (EC2) outage, some level of data was irrecoverable.
Lockheed Martin admits to growth in number of attacks on its networks
  • Defence contractor Lockheed Martin has reported a ‘dramatic growth' in the number and sophistication of cyber attacks on its networks. 
  • The attacks are ‘international' and attackers were clearly targeting Lockheed suppliers to gain access to information since the company had fortified its own networks. 
  • RSA said 20 per cent of the threats were considered to be advanced persistent threats (APT) and had increased dramatically over the last few years. 
  • Sophisticated cyber attacks are on the rise and present an increasing and persistent risk across UK plc. UK businesses must not be complacent about cyber attacks, as it is often said all FTSE 100 companies are primary targets by nation states and are actively being attacked, whether the companies realise these attacks are occurring, is another issue (monitoring).
  • A zero-day flaw that can be used as a vector to bypass sandboxing in Adobe Reader X and XI has been circulating on cyber crime forums, according to Russian forensics company Group-IB. 
  • Adobe introduced 'Adobe Protected Mode' sandboxing in October as part of an effort to improve Adobe Reader security. 
  • The flaw is advertised for sale for between $30,000 and $50,000, and is being included in versions of the Blackhole exploit kit 
  • The Blackhole exploit kit is often used to distribute banking Trojans such as Zeus, Spy Eye, Carberp and Citadel.
  • This vulnerability is yet to be patched
Kaspersky publish Top Ten Vulnerabilities List
  • The Security Patching of non-Microsoft applications such as Adobe Reader and Oracle Java on all Desktop and Laptops are a key area to validate within business Patch Management processes.
  • UK companies tend to patch Microsoft products pretty well but neglect other common desktop applications by Adobe and Oracle, which are rife with serious vulnerabilities if left unpatched.
1.    Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.
2.    Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
3.    Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Gain access to sensitive data. Highly Critical.
4.    Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Highly Critical.
5.    Adobe Reader/Acrobat Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
6.    Apple QuickTime Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
7.    Apple iTunes Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
8.    Winamp AVI / IT File Processing Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
9.    Adobe Shockwave Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
10.  Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Gain access to sensitive data. Extremely Critical.

XSS remains the most frequently attacked website flaw according to FireHost
  • The third quarter of 2012 showed another increase in attacks against cross-site scripting (XSS) flaws on websites. 
  • Analysis of 15 million cyber attacks by FireHost users found XSS, directory traversals, SQL injections, and cross-site request forgery (CSRF) attacks to be the most serious and frequent and are part of FireHost's 'Superfecta' group. In Q3 of 2012, XSS and CSRF represented 64 per cent of attacks in this group.
  • The report claimed that XSS is now the most common attack type, with more than one million XSS attacks blocked during this period alone, a rise from 603,016 separate attacks in Q2 to 1,018,817 in Q3. There were 843,517 CSRF attacks reported.

No comments:

Post a Comment

Any comments with weblinks, or promoting/advertising company products and services will be rejected