Security Updates and Important Information

Mandiant Releases Report On Chinese “APT1” Group

Incident response specialist company Mandiant released on Tuesday a groundbreaking report, citing highly detailed evidence to support a claim that the Chinese government, through Unit 61398 of the People’s Liberation Army, has been engaging in systematic attacks on American interests, as well as those of other English-speaking nations around the globe, over the course of the past 6 years. The report, which included domain names, IP addresses, SSL certificates, and MD5sums of malicious binaries, has already caused a major political stir, with the Obama administration set to impose trade penalties for cybertheft, with the Chinese government denying any involvement.


Schneider Electric IGSS Buffer Overflow

Independent researcher Aaron Portnoy recently discovered a set of vulnerabilities in the widely used Schneider Electric IGSS protocol, which could be remotely exploited for full administrative privileges on target systems. The vendor has since issued a patch, and users of these systems are strongly encouraged to both apply the patch and to ensure that all electrical infrastructure is appropriately firewalled from the Internet.

PDF 0-day Being Exploited In The Wild

Adobe confirmed last week that a pair of new exploits targeting Acrobat Reader were being exploited in the wild; as of the time of writing, no patches had yet been released. The exploits were particularly nefarious, in that they used a brand-new ROP-based technique to escape Reader’s sandboxing technology, which was designed by Adobe to mitigate the impact of vulnerabilities such as these.  Users are urged to be extremely cautious when opening PDF documents from any source.


Detailed analysis for MS12-081:

TeamViewer authentication protocol:

iOS 6.1 hack allows lock screen bypass:

FROST: Forensic Recovery of Scrambled Telephones:

Cyber attacks against Uighur Mac OS X users intensify:

Practical identification of SQL injection vulnerabilities:

Targeted ‘phone ring flooding’ as a service going mainstream:

DDoS attack on bank hid $900,000 cyberheist:


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: