Security Update Bulletin – Information on lastest threats

Here’s a quick round-up of information we think you should know about –

  • New Ransomware and Phishing Variants Detected (January 31, 2013) Ransomware known as Police Virus carries more strength that previous versions of the malware as it actually has the capacity to encrypt all data on infected machines. This variant disables regedit, task manager, and msconfig to further confound users. The malware tells users that because of a criminal offense, they must pay money or their computers will be encrypted. It spreads through malicious links, infected files, or drive-by downloads.
  • There has also been a surge in phishing emails that appear to come from FedEx. The messages tell recipients that because FedEx was unable to deliver a package, they must click a provided link to print a receipt to bring to their local FedEx office to retrieve the package. The link instead leads to a malicious site that infects their computers with a Trojan horse program. FedEx has posted a statement online warning of the scam and reminding people that the company “does not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords, or personal information.”
  • A new nasty turn in the psychology the criminals are using in this campaign in Germany is to accuse the victim of having a system containing pictures of child pornography and then subsequently displaying such material on the victim’s computer.
  • Mozilla says it will automatically disable all Firefox plug-ins with the exception of the most current version of Adobe Flash. Mozilla says the decision was prompted by security and stability concerns, particularly the risk of drive-by attacks. Blocked plug-ins will include up-to-date versions of Silverlight and Java. Currently, Firefox turns on click-to-play only for those plug-ins that are deemed unsafe or seriously out-of-date. Chrome and Opera offer click-to-play, but users must enable the feature themselves. [We think this is a gutsy move by Mozilla, hopefully the user base will not rebel. Users need some help with the silliness of allow-everything by default: Average people are their own system administrators and the complexity of updating even legitimate third-party apps (insecure by negligence, not malice) is ridiculous.]
  • PayPal has fixed a SQL injection vulnerability in its e-commerce website application that could have been exploited to compromise company databases and steal sensitive information. PayPal awarded a US $3,000 bounty to the organization that discovered the flaw and alerted the company to its existence in August 2012.(January 30, 2013)
  • Universal Plug-and-Play Security Vulnerabilities Prompt
    Recommendation to Disable the Technology (January 29, 2013) Researchers have found three sets of vulnerabilities in the universal plug-and-play (UPnP) component that allows devices to detect and communicate with each other over networks. The flaws could be exploited to steal passwords and documents and to hijack webcams, printers, and other Internet-connected devices. The US Department of Homeland Security’s (DHS) US-CERT has issued an advisory on the matter. UPnP is most used in SOHO configurations. While it may be used internally by enterprises, it is rarely exposed to the Internet by enterprises.  This feature is a hole in firewalls and has been associated with vulnerabilities for a long time.  While the vulnerability is pervasive, the threat and risk have been low.
  • More Headaches for Java (January 30, 31, & February 1, 2013)
    Apple has blocked Java completely in OS X 10.6 and above. Other companies are taking steps to protect their users from Java as well; virtually all plug-ins will be blocked in Firefox (see above).
    Oracle admits that there are serious problems with Java, but says that those problems lie with the Java browser plug-ins and that server-side, desktop, and embedded Java are not vulnerable to the same attacks.

Finally, some good news:

The FBI has arrested a California man in connection with numerous instances of cyberextortion in which he threatened to post compromising pictures of women whose social networking accounts he had hacked hijacked. Investigators believe that Karen “Gary” Kazaryan had more than 350 victims between 2009 and 2011. A recently unsealed indictment charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: