• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Episode 51 – Flash 0day

February 8, 2013 By Corey Nachreiner

Flash Exploit, ICS Hacks, and Federal Reserve Bank Breach

We’ve had another busy week of security news, with more stories than I can cover in a short video. So I’ll stick to the highlights. Today’s episode talks about a couple Adobe Flash zero day vulnerabilities, the latest Anonymous hijinks, some cross-platform mobile malware, and more. If you missed this week’s InfoSec news, and want to learn about the biggest stories (including how to defend against the latest attacks), click the play button below. Also, check out the Reference section for links to some other interesting security stories I skipped.

Enjoy your weekend, and stay frosty out there.

(Episode Runtime: 8:03)

Direct YouTube Link: http://www.youtube.com/watch?v=B6YdI3NGwlg

Episode References:

  • February Microsoft Patch Day brings a dozen bulletins – WGSC
  • Zero day Adobe Flash vulnerabilities in the wild – WGSC
  • Anonymous breaches Federal Reserve site and leaks Banker PII – ZDNet
  • Radio Free Security episode including Aaron Swartz/Anonymous story – WGSC
  • Lucky 13 SSL and TLS crypto weakness – Ars Technica
  • DroidCleaner cross-platform android malware – Gizmodo
  • Building ICS software vulnerabilities can affect elevators, boilers, and more – Wired
  • EXTRAS
    • US Department of Energy breached – Help Net Security
    • Beebus: New advanced malware (APT?) – Computer Weekly
    • Citadel authors re-focusing on cyber espionage – McAfee
    • EU releases Cyber Security Strategy – Tech World
    • US President can order pre-emptive cyber attacks – Computer World
    • Microsoft legal team takes down another botnet – Naked Security
    • Iran releases hacked US drone footage – Rinf.com
    • List of vulnerable routers from last week’s UPnP vulnerabilities – DefenseCode Blog
    • BREAKING: Bit9 breached, and Certs stolen for malware – The Register

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, Android malware, Anonymous, DroidCleaner, Federal Reserve Bank, Hacked, Hacking, Honeywell, ICS, Infosec news, Malware, Microsoft, oday, OpLastResort, SCADA, Security breach, Software vulnerabilities, Updates and patches, Zero day exploit

Comments

  1. [email protected] says

    February 9, 2013 at 2:12 am

    W
    Fabio Bini
    Eco Elettronica S.I. srl

    Reply
  2. [email protected] says

    February 9, 2013 at 2:12 am

    W
    Fabio Bini
    Eco Elettronica S.I. srl

    Reply
  3. Alexander Kushnarev (Rainbow Security) says

    February 10, 2013 at 8:35 am

    Two news was most interesting for me: “Lucky 13” attack to SSL/TLS encryption and malware, which combines spyware for Android and spyware for Windows.
    1. As for “Lucky 13” should notice, that in spite of high complexity and many “if” conditions should be met for attack to be successful – products from Opera Software and Offspark B.V. (PolarSSL) already have been patched. Besides, OpenSSL is expected to issue patches soon. So, it was taken seriously, in spite of high complexity. Open SSL engine serves as a OEM-technology for a huge number of commercial products.
    To dig more deeper in it – I’ve downloaded “TLStiming.pdf” (PoC for this method). Will study it more closely from theoretical point of view.
    2. About new Android-Windows spyware – it’s W-O-W! Very sad, that malware like this can be placed and distributed through Google Play…Abilities of this particular malware I can classify us innovative, and this is the first known “Mobile Phone–>PC bridge spyware soft”.

    Reply
    • Corey Nachreiner says

      February 11, 2013 at 10:01 am

      Hey Alexander,

      I think you are right about Lucky 13. While I still suspect that few attackers will leverage it in the real-world, venders, like OpenSSL and other, MUST take SSL/TLS vulns very seriously, since our entire eCommerce paradigm relies on them. Without SSL, we’d have many issues… Meanwhile, it seems researchers are finding chinks in SSL’s armor every month… and that doesn’t even take into account all the cert issues various CAs have been having (somewhat related to SSL, since we rely on the certs for authentication). So I definitely expect all the SSL providers to patch, and take this seriously.

      Yeah… I like that Google is more open about development, and don’t restrict their SDK and APIs as much as Apple. However, their open marketplace means more trojaned malware. They have implemented “Bouncer,” which is supposed to help discover malicious apps, but researchers have already found ways around it. The good news about the Droidcleaner malware’s PC portion is if you disable “Auto-Play” on your Windows computer, it shouldn’t be able to spread. In anycase, more and more malware is becoming cross-platform (PC + OS X, or Mobile + normal OS), so I suspect we’ll see more of this in the future.

      Thanks for you comments, Alexander, they are always insightful.

      Cheers,
      Corey

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use