February 15, 2013 
Reader 0Day, Zombie Broadcast, and Bit9 Breach
Due to a busy work week, I was unable to create a fully produced InfoSec news summary video this week. I did post a very brief video (which you can find below), mostly to warn our YouTube subscribers about the missing episode. It contains very minimal detail about this week’s top security stories.
However, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bullet-list, which quickly summarizes many of this week’s most interesting Infosec news. See you next week.
- Zero day Adobe Reader vulnerability - A security company, FireEye, discovered attackers exploiting a previously unknown vulnerability in Adobe Reader to install malware. Adobe hasn’t had time to fix it yet, but recommends you use “Protected View” mode to mitigate the issue. We’ll post more details when they patch.
- President Obama signs cyber security executive order - As many expected, President Obama signed a cyber security executive order this week that allows government organizations to share security intelligence with some private organizations and asks critical infrastructure providers to up their security.
- Bit9 breached and digital certificates stolen - A security company, Bit9, confirmed they were breached this week, and that attackers had stolen their digital certificates and used them to sign malware. Their excuse for the breach? They didn’t use their own product enough.
- Hacked emergency broadcast system warns of zombie attack - Folks in some Montana counties were surprise when their television emergency broadcast system warned of a zombie attack. Unsurprisingly, it turns out the system was hacked.
- More Ruby on Rail vulnerabilities - Researchers have found more vulnerabilities, like SQL injections, in Ruby on Rails. If you are a web developer who uses this package, go patch.
- Microsoft’s February Patch Day- As always, Microsoft released a bunch of security updates this week. They fixed flaws in Windows, Exchange, Internet Explorer, and a few lesser known products. I released details about the updates here, so hopefully you’ve already patched.
- Adobe Flash and Shockwave updates – Adobe also released important Shockwave and Flash Player updates during Microsoft’s Patch Day. I talked about those earlier, too. Make sure to patch!
- The dangers of losing your master password - A well-known security researcher, Jeremiah Grossman, shares a great anecdote on how very strong security practices can come back and bite you due to user error.
Direct YouTube Link: http://www.youtube.com/watch?v=wQP_5bXgHbg (Runtime: 2:08)
Extra Stories:
- Company offers high-end social network spying solutions - Computer Weekly
- VMWare update fixed elevations of privilege vulnerability - The Register
- Congress re-introducing the CISPA legislation – CNET
- Jawbone MyLife service breached, account data stolen - CNET
- Flash 0day exploited to spread “legitimate” government malware - PC World
- iOS lockscreen vulnerabilities discovered - ZDNet
I’ve tried to research more information regarding mechanisms of these 0-Day attacks to Adobe Reader and Acrobat (CVE-2013-0640, CVE-2013-0641), but faced with three interesting points:
- “If you look at the indicators of compromise of these attacks and the selection of the command and control server, it’s all a bit new and not from the known hacker groups” – announcement from Zheng Bu, senior director of security research at FireEye (vulnerability was detected by FireEye researchers). What is that suppose to mean?
- “The exploit is the first to escape the sandbox included in Reader X and above” – researchers at FireEye told to Threatpost portal, and “the attack – which works across multiple operating systems, bypasses Adobe’s sandbox” told us VRT team from Sourcefire. If you look to the Adobe Security bulletin – you’ll find “Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View”…As far as I know – Protected View is a sandbox…Quite interesting announcement about protection from Adobe
- Specialists from FireEye contacted Adobe after vulnerability was found, and Adobe asked FireEye not to disclose any information about the vulnerability. So, no detailed technical description is available for these attacks yet. Quite reasonable.
Here are my sources of information:
1. https://threatpost.com/en_us/blogs/adobe-investigating-reports-reader-zero-day-exploit-021313#.URvlX8Qr7FM.twitter
2. http://www.adobe.com/support/security/advisories/apsa13-02.html
3. http://vrt-blog.snort.org/2013/02/more-targeted-pdf-0-day.html?goback=.gmr_1199927.gde_1199927_news_5708184722190917715
Hi! I really like this blog. Please tell me – from where do you have information for ths post?