Отправляет email-рассылки с помощью сервиса Sendsay
  Все выпуски  

Для тех, кто в танке: <<Лаборатория Касперского>> начинает совместную с Wargaming акцию


Антивирусный "хостинг"

Клуб пользователей антивирусных услуг (Saas, Cloud)

добавить на Яндекс
Антивирусы и безопасность (SaaS, Cloud ...)
av-host.net

Для тех, кто в танке: «Лаборатория Касперского» начинает совместную с Wargaming акцию
2014-04-02 14:44

KMM поделился ссылкой

Для тех, кто в танке: «Лаборатория Касперского» начинает совместную с Wargaming акцию

«Лаборатория Касперского» совместно с одним из крупнейших мировых издателей и разработчиков на рынке массовых многопользовательских игр Wargaming представляют акцию «Танковый прорыв» для всех любителей военной техники и игр World Of Tanks и World Of Warplanes.


The MiniDuke of Ukraine
2014-04-03 12:14

KMM поделился ссылкой

The MiniDuke of Ukraine

miniduke

Roughly one year ago, the MiniDuke malware was discovered in a targeted campaign against European governments. This week, reports have emerged that the malware is being distributed yet again under the guise of PDF documents related to Ukraine – one of which was never released to the public.

MiniDuke Background

When it first emerged, MiniDuke was noted for what many called a bizarre and advanced approach to malware. MiniDuke was written in machine assembly language, allowing for an extremely small – and unsuspicious file size. At the same time, it connected to both Twitter and Google to receive instructions on where to download updated backdoors. Once connected to malicious CnCs, updates would then come in the form of steganographically encrypted image files, allowing for essentially surreptitious infection. Back when MiniDuke was discovered, it was thought to be the work of a seasoned professional; and, the fact that it specifically targeted governmental computers was alarming.

MiniDuke Infection

While MiniDuke’s technical details may indeed be quite advanced, initial infection hinges on a simple act of social engineering: getting the victim to open a spoofed PDF. The PDF may come in the form of an official looking governmental document sent via email, or in even more targeted scenarios it could be placed on a USB drive that somehow makes its way into the port of the target’s computer. In both cases, an attacker’s success depends on covert infiltration. MiniDuke must be installed without arousing any suspicion.

The MiniDuke of Ukraine is a Social Engineer

For malware authors, infecting a governmental employee’s PC is high risk-high reward behavior, and in most cases it is extremely targeted. Most governments practice extremely stringent security policies, and most governmental employees are trained to be suspicious of unsolicited emails or requests to “print” a document on their computer. But attackers do get through, and this of course brings us to MiniDuke’s latest incarnation.

The malware has caused concern because the spoofed PDFs find origin in Ukraine. Most of the documents were gleaned from publicly accessible sources, and made to look relevant to whomever they were sent; but one document in particular contains the signature of Ruslan Demchenko, First Deputy Minister for Foreign Affairs of Ukraine. This document was never made publicly accessible.

The implications of this latest MiniDuke campaign are thus twofold:

  1. Whoever receives the spoofed PDFs is much more likely to open to them, regardless of training, simply because the current crisis in Ukraine is on everyone’s mind.
  2. Whoever has created the spoofed PDFs may already have insider access to the Ukrainian government’s computer network.

Both of these implications speak to the nature of malware propagation in general, and both can provide insight to any computer user regardless of occupational status. Social engineering usually works best when it leverages current events or a subject the target is known to be involved in. And, when the stakes are high, insider connections are common. For personal users, this isn’t to say that friends betray friends with targeted malware; but, it does relate to the increasingly social nature of the web and does suggest that everyone should be wary of who they “let in” to their Internet social circle. Targeted attacks work because attackers with targets do their research, and minimizing the amount of personal information one puts on the web is therefore an essential step to identity theft prevention. For governmental employees bound by duty to be transparent, this may indeed be difficult; but for the rest of us, it can be as simple as anonymizing a Twitter account.

MiniDuke and Emsisoft

Fortunately, most Emsisoft users are not at risk of being infected by MiniDuke, simply because the malware is most often deployed in targeted attacks against governmental employees. Nevertheless, Emsisoft Anti-Malware does detect MiniDuke’s dropper and MiniDuke’s payload, simply because malware is malware — no matter who it targets or where it comes from.

So whether you’re governmental, civilian, or purely virtual, Have a Great (Malware-Free) Day!

 



Vulnerabilities in Oracle Java Cloud Publicly Disclosed
2014-04-03 12:36

KMM поделился ссылкой

Vulnerabilities in Oracle Java Cloud Publicly Disclosed

oracle-blog

Polish computer security research firm Security Explorations has just disclosed 30 unpatched vulnerabilities affecting the popular PaaS Oracle Java Cloud. Disclosure comes in the form of two detailed reports, which contain proof of concept demonstrations and reveal: 1) weaknesses with the PaaS’s implementation and configuration, 2) opportunities for users to access other users’ applications, and, most importantly, 3) issues that could expose the service platform to attacks from remotely executed code.

The public disclosure comes roughly two months after Security Explorations had initially reported the vulnerabilities to Oracle. Reports indicate that the corporation did acknowledge the research firm’s findings as early as February 12th. Reports also indicate that at the time of that acknowledgement, Oracle also promised a March 24th status report detailing what was being done to resolve the vulnerabilities. As of April 2nd, Security Explorations had yet to see said report. In response, the research firm has issued public disclosure and encouraged Oracle Java Cloud users to demand a refund due to “unsatisfactory security levels.”

Such a disclosure is indeed controversial, as it reveals a number of vulnerabilities to the public at large – a public that includes malicious actors. Issues addressed in the report include:

  • Bypasses of the Java security sandbox
  • Bypasses of whitelisting rules on the Java API
  • Shared server administrator passwords
  • Plain text user password accessibility
  • The use of outdated Java SE software that lacks approximately 150 security fixes
  • The potential for attacks via remote execution of code

For those who use the PaaS, these are all issues that cannot be ignored. But even for the rest of us, the general issue of public disclosure of ANY software vulnerability is still quite relevant, and begs the question:

Is it the right way to do business?

Some would say that public disclosure is in the interest of public (computer) health, and in all cases acceptable. Others would say that it treads too closely to ransom, and that programs like Microsoft’s Bug Bounty, for example, work only to reward malicious behavior. In any event, there is indeed a fine line separating security research firms from malware operations proper, and in most cases it is a line drawn by personal ethics. What is perhaps most interesting about this latest issue with Oracle – a company long known for its less than impenetrable software – is that it highlights the ethical underpinnings of what is viewed by most as a purely technical pursuit. The world of software has its good guys and its bad guys, just as does the non-virtual world.

Exactly who is who in this David v. Goliath instance of Oracle and Security Explorations is perhaps a non-binary issue that can’t quite so easily be resolved; but, it should be interesting to see just how many of the vulnerabilities exposed by Security Explorations are addressed in Oracle’s upcoming update on April 15th.

In the meantime, Emsisoft welcomes all opinions on the matter of software ethics in the comments section below.

Have a Great (Malware (and Vulnerability))-Free Day!



Большая рыбалка: треть фишинговых атак направлены на кражу денег
2014-04-03 13:03

KMM поделился ссылкой

Большая рыбалка: треть фишинговых атак направлены на кражу денег

Согласно проведенному «Лабораторией Касперского» исследованию, злоумышленники стали чаще стали создавать онлайн-ресурсы, копирующие внешний вид сайтов финансовых компаний, для получения конфиденциальной информации и кражи денег со счетов интернет-пользователей.


В избранное