Security Updates and Important Information
February 21, 2013 Leave a comment
Mandiant Releases Report On Chinese “APT1” Group
Incident response specialist company Mandiant released on Tuesday a groundbreaking report, citing highly detailed evidence to support a claim that the Chinese government, through Unit 61398 of the People’s Liberation Army, has been engaging in systematic attacks on American interests, as well as those of other English-speaking nations around the globe, over the course of the past 6 years. The report, which included domain names, IP addresses, SSL certificates, and MD5sums of malicious binaries, has already caused a major political stir, with the Obama administration set to impose trade penalties for cybertheft, with the Chinese government denying any involvement.
Schneider Electric IGSS Buffer Overflow
Independent researcher Aaron Portnoy recently discovered a set of vulnerabilities in the widely used Schneider Electric IGSS protocol, which could be remotely exploited for full administrative privileges on target systems. The vendor has since issued a patch, and users of these systems are strongly encouraged to both apply the patch and to ensure that all electrical infrastructure is appropriately firewalled from the Internet.
PDF 0-day Being Exploited In The Wild
Adobe confirmed last week that a pair of new exploits targeting Acrobat Reader were being exploited in the wild; as of the time of writing, no patches had yet been released. The exploits were particularly nefarious, in that they used a brand-new ROP-based technique to escape Reader’s sandboxing technology, which was designed by Adobe to mitigate the impact of vulnerabilities such as these. Users are urged to be extremely cautious when opening PDF documents from any source.
USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK
Detailed analysis for MS12-081:
TeamViewer authentication protocol:
iOS 6.1 hack allows lock screen bypass:
FROST: Forensic Recovery of Scrambled Telephones:
Cyber attacks against Uighur Mac OS X users intensify:
Practical identification of SQL injection vulnerabilities:
Targeted ‘phone ring flooding’ as a service going mainstream:
DDoS attack on bank hid $900,000 cyberheist: