• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

APT Exploits IE 0day – WSWiR Episode 85

November 15, 2013 By Corey Nachreiner

Forum Hijacks, Singapore Hacking, and IE 0day

Happy Friday, everyone! The weekend is hours away; but before running off to finish of the last of your work week tasks, why not sit down with a hot cup of joe and catch up on what happened in security news this week?

In this episode, I talk about security patches for Microsoft, Adobe, and OpenSSH, cover some interesting web site hijacks, warn you of a new APT attack that leverages an IE zero day flaw, and mention an interesting hacking arrest in Singapore. Click the big red YouTube play button to learn more, and don’t forget to peek at the Reference section for links to other InfoSec news from the week.

Have fun this weekend!

[youtube http://www.youtube.com/watch?v=VU_7KkQY1m4]

(Episode Runtime: 8:52)

Direct YouTube Link: http://www.youtube.com/watch?v=VU_7KkQY1m4

Episode References:

  • Software Updates
    • Microsoft Patch Day Summary (find more detail in individual posts on the blog) – WGSC
    • Adobe Patch Day Summary – WGSC
    • OpenSSH update correct post authentication vulnerability – OpenSSH
  • State-sponsered attackers leveraging IE 0day in watering hole attack – Fireeye
  • IE zero day delivers memory-only malware – Fireeye
  • Attacker steals 860K credentials from MacRumors site  – Ars Technica
  • MacRumors attacker says he’s not a terrorist – Ars Technica
  • Cracked.com hijacked with Nuclear Pack, and serving up ZeroAccess – Threat Post
  • Facebook leverages Adobe breach leak to warn their users – Marketplace.org
  • “The Messiah” threatens Singapore government sites due to licensing law – ChannelNewsAsia
  • The Messiah’s Anonymous YouTube threat – YouTube
  • Authorities arrest The Messiah and others – ZDNet

Extras:

  • Tips for recognizing phishing emails (featuring me ^_^) – PC World
  • Snowden Leak: GCHQ spoofs Linkedin and Slashdot to infect OPEC Engineers – Computer World
  • More D-Link device security vulnerabilities – Threat Post
  • Kaspersky claims Stuxnet infected a Russian nuclear facility (but NOT ISS) – Mashable
  • Security update for new Blackberry device – Threat Post
  • XSS flaw in RunKeeper app – Softpedia
  • More Bitcoin exchange services claim hack (disappear with your money) – AP & Help Net
  • New HTTP 2.0 standard will require encryption most of the time – PC World
  • Mobile flaws found at Japan’s Pwn2Own contest – eWeek
  • Google fixes Pwn2Own vulnerabilities with Chrome 31 – Android Authority
  • A new variant of OS X spyware discovered – Tech World
  • New exploit kit targets SilverLight users (NetFlix folks beware) –  PC World

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, Apple, Bitcoin, cisco, Cryptolocker, DDoS, Dragos Ruiu, encryption, Extra Life, Hacking, Infosec news, Malware (Software Genre), Microsoft, NSA, PCI DSS, Security breach, Software vulnerabilities, TIFF, Updates and patches, Zero day exploit

Comments

  1. Alexander Kushnarev says

    November 20, 2013 at 4:39 am

    1. Article “IE zero day delivers memory-only malware”. Though such payload will nor survive after reboot – the value of “not to leave any artifact on the disk” is much more valuable for attackers. And also here is no need to redirect to other side for download additional bytes. Another one malware added to APT Pandora’s box…

    2. OpenSSH vulnerability article: not for the first time I’m reading about the vulnerability of GCM (Galois/Counter Mode), which can be called “authenticated encryption” algorithm. It is used in commercial and open-source solutions, and (as a main benefit) provides high speed communication with authentication and encryption altogether. Agree, that this particular vulnerability is hardly exploitable due to incredible amount of work to reproduce the heap with a useful callback address after the rekey operation. And such callback address potentially can be used once again (to provide forgery data), as it considered valid. Don’t think, that we will see any exploitation code for such vulnerability.
    Anyway – this article reminds me previous case with GCM…but in OpenSSL. “The game” played around GHASH computations (GHASH used by GCM for authentication) and the shifting required number of bytes to forge “correct” authentication tag for the auth mesage. Here is the link for a case. You can even not to read all formulas inside the article – just text and examples. It’s interesting, from my point of view. PDF file.

    http://eprint.iacr.org/2013/157.pdf

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use