• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Security Week in Review: Reader 0day

February 15, 2013 By Corey Nachreiner

Reader 0Day, Zombie Broadcast, and Bit9 Breach

Due to a busy work week, I was unable to create a fully produced InfoSec news summary video this week. I did post a very brief video (which you can find below), mostly to warn our YouTube subscribers about the missing episode. It contains very minimal detail about this week’s top security stories.

However, I won’t leave you hanging for your weekly security news fix. Below, you’ll find a bullet-list, which quickly summarizes many of this week’s most interesting Infosec news. See you next week.

  • Zero day Adobe Reader vulnerability – A security company, FireEye, discovered attackers exploiting a previously unknown vulnerability in Adobe Reader to install malware. Adobe hasn’t had time to fix it yet, but recommends you use “Protected View” mode to mitigate the issue. We’ll post more details when they patch.
  • President Obama signs cyber security executive order  – As many expected, President Obama signed a cyber security executive order this week that allows government organizations to share security intelligence with some private organizations  and asks critical infrastructure providers to up their security.
  • Bit9 breached and digital certificates stolen – A security company, Bit9, confirmed they were breached this week, and that attackers had stolen their digital certificates and used them to sign malware. Their excuse for the breach? They didn’t use their own product enough.
  • Hacked emergency broadcast system warns of zombie attack  – Folks in some Montana counties were surprise when their television emergency broadcast system warned of a zombie attack. Unsurprisingly, it turns out the system was hacked.
  • More Ruby on Rail vulnerabilities – Researchers have found more vulnerabilities, like SQL injections, in Ruby on Rails. If you are a web developer who uses this package, go patch.
  • Microsoft’s February Patch Day– As always, Microsoft released a bunch of security updates this week. They fixed flaws in Windows, Exchange, Internet Explorer, and a few lesser known products. I released details about the updates here, so hopefully you’ve already patched.
  • Adobe Flash and Shockwave updates – Adobe also released important Shockwave and Flash Player updates during Microsoft’s Patch Day. I talked about those earlier, too. Make sure to patch!
  • The dangers of losing your master password – A well-known security researcher, Jeremiah Grossman, shares a great anecdote on how very strong security practices can come back and bite you due to user error.

Direct YouTube Link: http://www.youtube.com/watch?v=wQP_5bXgHbg (Runtime: 2:08)

Extra Stories:

  • Company offers high-end social network spying solutions – Computer Weekly
  • VMWare update fixed elevations of privilege vulnerability – The Register
  • Congress re-introducing the CISPA legislation – CNET
  • Jawbone MyLife service breached, account data stolen – CNET
  • Flash 0day exploited to spread “legitimate” government malware – PC World
  • iOS lockscreen vulnerabilities discovered – ZDNet

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Android 4.1, Anonymous, Dropbox, Facebook, Google, Grum, Hacking, ICS, Jellybean, Malware, Oracle, SCADA, Updates and patches, yahoo

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    February 17, 2013 at 10:32 am

    I’ve tried to research more information regarding mechanisms of these 0-Day attacks to Adobe Reader and Acrobat (CVE-2013-0640, CVE-2013-0641), but faced with three interesting points:
    – “If you look at the indicators of compromise of these attacks and the selection of the command and control server, it’s all a bit new and not from the known hacker groups” – announcement from Zheng Bu, senior director of security research at FireEye (vulnerability was detected by FireEye researchers). What is that suppose to mean? 🙂
    – “The exploit is the first to escape the sandbox included in Reader X and above” – researchers at FireEye told to Threatpost portal, and “the attack – which works across multiple operating systems, bypasses Adobe’s sandbox” told us VRT team from Sourcefire. If you look to the Adobe Security bulletin – you’ll find “Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View”…As far as I know – Protected View is a sandbox…Quite interesting announcement about protection from Adobe 🙂
    – Specialists from FireEye contacted Adobe after vulnerability was found, and Adobe asked FireEye not to disclose any information about the vulnerability. So, no detailed technical description is available for these attacks yet. Quite reasonable.

    Reply
  2. Alexander Kushnarev (Rainbow Security) says

    February 17, 2013 at 10:39 am

    Here are my sources of information:
    1. https://threatpost.com/en_us/blogs/adobe-investigating-reports-reader-zero-day-exploit-021313#.URvlX8Qr7FM.twitter
    2. http://www.adobe.com/support/security/advisories/apsa13-02.html
    3. http://vrt-blog.snort.org/2013/02/more-targeted-pdf-0-day.html?goback=.gmr_1199927.gde_1199927_news_5708184722190917715

    Reply
  3. Alexander Kushnarev (Rainbow Security) says

    February 17, 2013 at 10:39 am

    Here are my sources of information:
    1. https://threatpost.com/en_us/blogs/adobe-investigating-reports-reader-zero-day-exploit-021313#.URvlX8Qr7FM.twitter
    2. http://www.adobe.com/support/security/advisories/apsa13-02.html
    3. http://vrt-blog.snort.org/2013/02/more-targeted-pdf-0-day.html?goback=.gmr_1199927.gde_1199927_news_5708184722190917715

    Reply
  4. vps says

    March 14, 2013 at 8:10 am

    Hi! I really like this blog. Please tell me – from where do you have information for ths post?

    Reply
  5. vps says

    March 14, 2013 at 8:10 am

    Hi! I really like this blog. Please tell me – from where do you have information for ths post?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use