October 26th, 2009

UK newspaper Web site hacked; 500,000 job-seekers affected

Posted by Ryan Naraine @ 9:32 am

Categories: Arbitrary Code Execution, Browsers, Data theft, Exploit code, Hackers, Passwords, Responsible disclosure, Zero-day attacks

Tags: Web, Web Site, Deliberate, Web Site Development, Web Technology, Recruitment & Selection, Channel Management, Professional Development, Internet, Human Resources

In what is being described as a “deliberate and sophisticated crime,” the Guardian newspaper in the U.K. says the careers section of its Web site was hacked, exposing sensitive data belonging to about half a million users. Read the rest of this entry »

October 9th, 2009

New Adobe PDF flaw under attack; Patch coming Tuesday

Posted by Ryan Naraine @ 8:03 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Patch Watch, Pen testing, Research, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Flaw, Adobe Acrobat Reader, Attack, Microsoft Windows, Security, Viruses And Worms, Operating Systems

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX.  Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

Read the rest of this entry »

September 23rd, 2009

From Gimmiv to Conficker: The lucrative MS08-067 flaw

Posted by Ryan Naraine @ 6:23 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Flash, Malware, Punditocracy, Responsible disclosure, Rootkits, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Flaw, Malware, Conficker, MS08-067, Malware Family, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Ryan Naraine

GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals.

During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines. Read the rest of this entry »

September 18th, 2009

Microsoft ships one-click 'workaround' for critical SMB2 flaw

Posted by Ryan Naraine @ 1:56 pm

Categories: Arbitrary Code Execution, Botnets, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Malware, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Ryan Naraine

With exploit code in circulation and facing a race against time to fix the SMB v2 vulnerability haunting Windows Vista and Windows Server 2008, Microsoft today shipped a one-click “fix-it” workaround to help users avoid malicious hacker attacks.

The fix-it package, which was added to Redmond’s pre-patch advisory, effectively disables SMBv2 and then stops and starts the Server service. It provides temporary mitigation from remote code execution attacks targeting the known — and still unpatched — vulnerability.

Read the rest of this entry »

September 9th, 2009

Microsoft confirms SMB2 vulnerability, warns of code execution risk

Posted by Ryan Naraine @ 9:10 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Locally Running Web Servers, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Vulnerability, Microsoft Corp., Server Message Block, Microsoft Windows 7, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover.

The vulnerability, which was originally released as a denial-of-service issue, does not affect the RTM version of Windows 7, Microsoft said.    It appears Microsoft fixed the flaw in Windows 7 build ~7130, just after RC1.  Windows Vista and Windows Server 2008 users remain at risk.

Read the rest of this entry »

September 8th, 2009

Windows 7, Vista exposed to 'teardrop attack'

Posted by Ryan Naraine @ 1:26 pm

Categories: Arbitrary Code Execution, Botnets, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Metasploit, Microsoft, Responsible disclosure, Viruses and Worms, Vulnerability research, Web Applications, Windows Vista, Zero-day attacks

Tags: Microsoft Windows Vista, Small And Medium Business, Attack, NEGOTIATE PROTOCOL REQUEST, Metasploit, Microsoft Windows, Smb/Sme, Microsoft Windows 7, Microsoft Windows Vista (Longhorn), Operating Systems

[ UPDATE: Microsoft has now confirmed this vulnerability and warns of code execution risk ]

Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.

The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled.  No user action is required.

Read the rest of this entry »

September 4th, 2009

Microsoft FTP in IIS vulnerability now under attack

Posted by Ryan Naraine @ 9:49 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Denial of Service (DoS), Exploit code, Hackers, Locally Running Web Servers, Microsoft, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Microsoft Windows Server, Vulnerability, Microsoft Corp., FTP, Microsoft IIS Server, Attack, File Transfer Protocol 7.5, Microsoft Windows, Operating Systems, Servers

Less than a week after the publication of exploit code for a critical vulnerability in the FTP Service in Microsoft Internet Information Services (IIS), attackers are now launching in-the-wild attacks against Windows users.

The attacks, described as “limited,” target businesses running IIS 5.0, 5.1, and 6.0.   Microsoft has updated its security advisory to warn of the new attacks and availability of proof-of-concept code targeting Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Read the rest of this entry »

August 5th, 2009

Apple warns of Mac attack risk via image files

Posted by Ryan Naraine @ 2:20 pm

Categories: Apple, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Exploit code, Malware, Passwords, Patch Watch, Responsible disclosure, Vulnerability research, Web Applications, Zero-day attacks

Tags: Apple Macintosh, Apple Inc., Arbitrary Code Execution, Image, PNG, Attack, Application Termination, OpenEXR, Ryan Naraine

Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users.

In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG (Portable Network Graphics) and other images to take complete control of unpatched Mac systems.

Read the rest of this entry »

August 4th, 2009

U.S. Marines ban Facebook, MySpace, Twitter

Posted by Ryan Naraine @ 10:17 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Facebook, Locally Running Web Servers, Malware, Passwords, Responsible disclosure, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms, Zero-day attacks

Tags: Web, Facebook, Network, Twitter, MySpace, U.S. Marine Corps, Social Networking, Channel Management, Networking, Security

The U.S. Marine Corps has slapped an immediate ban on the use of social networking sites on its network, warning that sites like Facebook, MySpace and Twitter are a “proven haven for malicious hackers and content.”

The ban, contained in an order issued Monday, will last for a year.  It specifically mentions Facebook, Twitter and MySpace although it applies to what is described as “Web-based services that allows communities of people to share common interests.”

Read the rest of this entry »

August 3rd, 2009

Mozilla patches 'critical' Firefox flaws

Posted by Ryan Naraine @ 9:12 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Malware, Microsoft, Mozilla, Open source, Patch Watch, Research, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Mozilla Firefox, Flaw, Vulnerability, Patch Management, SSL, Web Browser, Mozilla Corp., Certificate, Ssl/Tls, Web Browsers

Mozilla has released two advisories to patch serious security flaws in its flagship Firefox Web browser.

The vulnerabilities are rated “critical,” meaning they can be exploited by malicious hackers to run harmful code and install software, requiring no user interaction beyond normal browsing.   These issues were separately discussed at last week’s Black Hat conference by researchers Moxie Marlinspike and Dan Kaminsky.

Read the rest of this entry »