Zero Day Patches, Nasty New Malware, and Jailed Hackers
Ready for a dose of InfoSec news? Your weekly security highlights reel is spooled up and ready to go.
This week was all about software updates. Not only did Microsoft and Adobe’s monthly Patch Day bring us patches for critical zero day vulnerabilities, but we saw security updates for Firefox and iTunes as well. In today’s video, I talk about all those updates, as well as two new interesting malware variants, and the sentencing and jailing of a team of well-known hackers. View the video for all the details.
A quick note… Next week I’ll be attending the AusCERT security conference in Australia. Though I still expect to bring you a weekly video, I may post it earlier or later than normal due to travel and the time zone differences. Keep safe out there and see you next week.
Are you an over-worked IT administrator with no time to learn about the latest internet threats? Do you want to keep your network safe, but don’t know what the bad guys are up to? If that’s you, then our weekly information security highlights video is just the thing for you. For just three easy payments of… well, nothing… you can have all that and more!
Today’s episode covers Syrian cyber attackers hijacking The Onion’s twitter feed, a serious zero day vulnerability affecting Internet Explorer 8 (IE8), a major cyber bank heist, and more. For all the details, and some tips to protect yourself, watch the video below or check out the stories in the Reference section.
Welcome to our weekly network and information security (Infosec) news highlights. Typically, I deliver these security highlights as a short video. However, I’m traveling this week for both business and personal reasons, and was unable to produce the video version during my hectic travel schedule. The video will return next week from the Interop IT conference in Vegas. Until then, enjoy this text summary of the biggest Infosec stories from the week.
This week’s stories includes a big credential leak, the hijacking of a government web site, and news of a flaw in Google’s latest wearable computer. Read below for more details, and join us next week when the video version returns:
Living Social breach leaks 50mil user credentials - Attackers breached Living Social’s network and made off with the personal info of 50 million users. The stolen information included things like your email address, date of birth, and your hashed password. Though the passwords were hashed, attackers can still leverage brute force attacks to figure out the weaker ones of the bunch. If you use Living Social, you need to change your password immediately. More importantly, if you use the same password at other sites, stop doing that and change your passwords there too.
Latest on the mysterious Apache web site mass hijackings- Over the past few months, we’ve pointing out multiple incidents where thousands of Apache web servers were hijacked with a very sneaking backdoor. While researchers understood the complex backdoor attackers were injecting, no one really knew how attackers were initially gaining access to vulnerable sites (though many suspected Cpanel or WordPress vulnerabilities). In any case, ESET and Sucuri have released new research on the complex backdoor used in this attack campaign. It’s a very interesting read for the security conscious and a must-read for web administrators. Thanks to our friend and reader, Ryan, for pointing out this new research.
Hackers pwn Google Glass- You’ve probably seen Google Glass; the latest wearable computer. It’s not really out yet, but a group of select developers with cash to spare have gotten their hands on preview copies of this interesting new product. This week, one of those developers have learned how to jailbreak or root the device. Jailbreaking or rooting are terms used to describe when a user gains full administrative control of a device that was somehow locked down by the manufacturer. Usually, the devices owner is the one that wants to root a device, in order to do things that the manufacturer didn’t originally intend. However, the techniques used to root devices often leverage software vulnerabilities, which attackers could also leverage to take full control of your device. Obviously, you don’t want that. In any case, Google Glass is really still in beta, and not available to consumers. I wouldn’t be overly worried about this supposed flaw, as I’m sure Google will correct it before the official release. Still, an interesting read.
Reader vulnerabilities allows attackers to track PDF documents- Mcafee discovered an Adobe Reader flaw that attackers could leverage to find out when users open a particular Reader document, and what IP there are opening it from. This is not a critical issue, in that attackers can’t leverage it to execute code, but it does pose a privacy risk. There is no fix for the flaw yet, but you should expect one in an upcoming release.
Chinese attackers force Department of Labor site to serve malware - According to Alienvault, the Department of Labor web site was hijacked by China-based attackers, and then forced to serve malicious code, which then tries to infect anyone that visits the site. The Department of Labor has since cleaned their site, but if you happen to have visited it lately you should definitely scan your computer for malware.
Serious Flaw in IBM Notes- It’s hard for me to imagine anyone still using the Notes email client, but I have learned there are still some of you out there. This week, researchers reported a serious security flaw in this client, involving how it handles Java applets and javascript. IBM plans to fix the flaw soon, but until then you should disable javascript and Java applets in the Notes client.
This week’s security highlights video comes a bit early due to my travels in London to attend InfoSec UK.
If you’re looking for a quick summary of the week’s top security news, this is the vlog for you. In today’s video, I share a few themes from the biggest security conferences in Europe, news of the AP twitter feed hijack, warnings of a new Java exploit, and information about industry-wide flaws affecting serial port servers. Watch for all the details, and check the Reference section below for other interesting stories from the week.
Router Hacks, WordPress Attack, and Huge Oracle Update
During a week of such tragedy, it’s hard to give much thought to network and information security (InfoSec). Yet, we must stay vigilant, lest abhorrent cyber criminals leverage such tragedies against us in social networking campaigns.
In this week’s InfoSec news summary, I cover Oracle’s quarterly Critical Patch Update (CPU), a research project that uncovered vulnerabilities in consumer routers, a WordPress password cracking botnet, and how scammers are exploiting this week’s tragedies in their spam campaigns. Watch the video below for the highlights and some defensive tips.
As an aside, I will be traveling next week so I may not post the weekly video at its normal time.
Though I’m traveling in Singapore for a security conference, I still found a few spare minutes for my weekly InfoSec news summary. This week I cover some Bitcoin mining malware, CISPA returning from the ashes, some game related network attacks, and most interestingly, an Android smartphone hacking an airplane. For the details, watch the video below.
By the way, I apologize for the shaky camera. I forgot my tripod on this trip and shooting video with a busy schedule has its challenges. Don’t forget to check out the Reference section if you want to learn more.
What do zombie video games, North Korea, and emergency telephone systems have in common? They’ve all been compromised by cyber attackers this week.
If you’re too busy dousing IT fires to keep up with InfoSec news on your own, give our weekly security news summary a try. In this short video, I quickly highlight the biggest security stories from the week, and give some practical defense tips along the way.
This week’s episode covers a new telephony denial of service (TDos) extortion scheme , a serious flaw in a common database system, the latest Anonymous operation, and a mysterious Apache hijacking campaign that has affected over 20,000 web servers. Watch the video below for the full scoop, and check out the Reference section for additional stories.
WatchGuard’s LiveSecurity team has discovered an alarming new strain of computer virus that is plaguing devices of all types, and even spreading to household electronics such as microwaves, electric toothbrushes and coffee makers. The new threat, known colloquially as ByteMarx (based on its file attachment ByteMarx.exe), is spreading rapidly throughout North America and Europe, and several recent cases have been reported in Australia and Southeast Asia. WatchGuard security experts have reported that this new malware could signal the initial stages of a cyber zombie network apocalypse. For breaking details, watch the short video below or continue reading.
ByteMarx is a fast spreading computer and electronic device virus that seems to spread via email, instant messager (IM), and social network messages that contain links to a malicious file. Our security experts have discovered that once a device is infected with ByteMarx, response time slows significantly and the device hunts for other victim devices anywhere within range. Electronics afflicted with ByteMarx devour the information stored on hard drives, motherboards and circuitry of nearby devices. Rather than shutting down or malfunctioning, the victim device starts to display the traits of the malicious device and begins an insatiable, relentless hunt for other devices to attack. This process is known as “zombification.”
Additional symptoms of device zombification include:
Spontaneous start-up after shut down of the device, even when unplugged (known as “living dead” capabilities)
Inability of the device to enter “Sleep” or “Hibernate” power-saving modes
Desktop icons and Emoticons turn green, disheveled and appear bloodthirsty
Document names have all been changed to “Brainzzz.doc” and the content is no longer decipherable
Audio files have been replaced with clips of moaning, shrieking, growling or screams of terror
Default photos on social networking sites are changed to photos of zombies
So far, our experts haven’t discovered a way to clean or remove the virulent ByteMarx infection. Your only option is destroying the infected device before it spreads to other electronics. Unfortunately, the tainted devices seem to develop quite a resilience to normal damage. The only way we’ve discovered to stop an infected device is by taking out it’s CPU—also known as the brain of a computing device. We highly recommend you remain very wary of multi-processor devices, as they’re quite difficult to decommission once infected.
Experts are unsure of the origins of the ByteMarx malware, but early research shows evidence of the digitization of a mutated rabies virus, combined in an unholy union with a powerful form of malware. While investigations are still being conducted, early estimates show that nearly 38 percent of devices in the U.S. have already been infected with the virus, however it appears that organizations and individuals using red unified threat management (UTM) appliances to watch and guard networks have been able to successfully ward off attacks.
This attack has illustrated that there is an urgent need for companies around the globe to review their security infrastructure and ensure they are taking the proper precautions to prevent zombification of their network. If you don’t already have a UTM appliance, or can’t obtain one immediately, well… it may already be too late.
Although computer inoculation attempts have failed so far, WatchGuard LiveSecurity analysts will continue to try and develop anti-malware signatures for computers and other consumer electronics that might work as an antidote to the ByteMarx malware. In the meantime, we recommend you keep your favorite computers and consumer devices behind red UTM appliances, or try to find one to hunker behind immediately.
We’ll update you as this breaking situation develops. Until then, WatchGuard security experts would like to wish a sincere “Happy April Fool’s Day” to our customers and partners worldwide. — Corey Nachreiner, CISSP (@SecAdept)
POS Trojans, Android Spear Phishing, and Record DDoS
Extra, Extra, the Internet almost broke (no it didn’t). Read…View all about it!
Too much security news, and too little time? Let me summarize the highlights for you in my weekly InfoSec recap video. This week I cover two trojans targeting point-of-sale (POS) computers, a few software updates, a targeted spear phishing campaign spreading Android malware, and the record-breaking SpamHaus DDoS attack, which didn’t really break the Internet despite some reports. Click play for the details
There were also a ton of other interesting Infosec tidbits this week, beyond what’s in the video. If you’re interested, check out the Reference section below. Stay frosty out there, and have a Happy Easter weekend.
Currently, I’m attending a security expo in Helsinki, Finland, so I had to produce this week’s episode quickly, while on the road. Nonetheless, it’s still been a busy security week so far, and there’s a lot of InfoSec news to cover
Today’s episode includes two unrelated stories that share a cyber-law theme, some interesting research about an ICS/SCADAhoneypot that attracted a lot of attention from nation-state cyber attackers, and a story about a popular security journalist being targeted by a SWAT attack. Watch the video below for the full scoop, and check out the Reference section below if you’d like more details (and links to some extra InfoSec stories I didn’t have time to cover).
May 17, 2013 
