RHSA-2015:1526-1: Important: java-1.6.0-openjdk security update

Red Hat Enterprise Linux: Updated java-1.6.0-openjdk packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760

A problem for Human Resources – some CVs can hold your computer at ransom

mouse

Just like sending greeting cards by post, physically presenting your CV for a prospective job offer is becoming extinct. The digital world in which we live has rendered the act of traditional post as unnecessary – now it is easy, not just for the candidates but also the HR department, to receive CVs by electronic or digital means.

However, this also presents its own risks for your IT security. Cybercriminals are prepared to take advantage of the fact that companies receive hundreds of CVs and like to attach a small extra to theirs in the form of malware.

A group of security experts uncovered a network of cybercriminals that sent malicious programs disguised as curriculums which installed itself on the victim’s computer upon clicking to open the document.

This type of attack is known as ransomware, which is a type of malware which can behave in two ways: it can completely block the computer or impede access to files by encoding them and making them inaccessible. Usually, the attackers demand the victim to pay a certain amount of money to receive a code to unblock the system, which is why they normally target companies as the chances of getting a big payment are higher.

 

In the chain of emails identified by the experts, the address corresponds to a Yahoo account and the attached document is compressed like a ZIP file. The emails also contain a short text with a greeting from the fake candidate in which they give their name (but never their surname) and notification of its delivery. Another characteristic of the email is the misspelling of words and grammatical errors.

CV

The experts therefore advise that once the compressed file is opened, the malicious file will be seen in .html format, which should serve as a warning as these type of texts are usually sent in PDF or Word documents (although it is also advised against opening them in this format if you aren’t sure of their origin).

Once the receiver clicks to open the document, their search engine will open the address that appears in the code (just like clicking on a link). The fake link redirects the program to a page on the infected server where a sequence of links is played out until an .scr file is downloaded, an executable file of Windows that contains the ransomware.

The reason why these criminals have created these cyber-labyrinths lies in the security systems themselves. The antivirus solutions and anti-spam filters have made them design a method of attack that takes place over a series of stages so as to evade the system’s defenses. This should also serve as a warning – if your computer goes through different steps to open a simple CV, be suspicious.

In the event of this or any other type of ransomware infecting your computer, the first thing you should do is turn it off and disconnect it from the internet so that it can’t spread to the rest of your devices that share that connection. The malicious program might be eliminated but it’s likely that you won’t be able to get your information back, which is why it is highly recommended that you make copies of all of your confidential and important information. It’s best to save it onto a different device and, obviously, do it before suffering an attack.

As regards the ransom that the cybercriminals ask for, don’t think that this will be solved just by handing over the cash – these criminals aren’t known for sticking to their word and nothing can guarantee that they’ll give you the correct code. Anyway, even if they do, what’s to say they won’t try and infect your computer again in the future.

The post A problem for Human Resources – some CVs can hold your computer at ransom appeared first on MediaCenter Panda Security.

USN-2696-1: OpenJDK 7 vulnerabilities

Ubuntu Security Notice USN-2696-1

30th July, 2015

openjdk-7 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in OpenJDK 7.

Software description

  • openjdk-7
    – Open Source Java implementation

Details

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity, and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2015-2590, CVE-2015-2628, CVE-2015-4731,
CVE-2015-4732, CVE-2015-4733, CVE-2015-4760, CVE-2015-4748)

Several vulnerabilities were discovered in the cryptographic components
of the OpenJDK JRE. An attacker could exploit these to expose sensitive
data over the network. (CVE-2015-2601, CVE-2015-2808, CVE-2015-4000,
CVE-2015-2625, CVE-2015-2613)

As a security improvement, this update modifies OpenJDK behavior to
disable RC4 TLS/SSL cipher suites by default.

As a security improvement, this update modifies OpenJDK behavior to
reject DH key sizes below 768 bits by default, preventing a possible
downgrade attack.

Several vulnerabilities were discovered in the OpenJDK JRE related
to information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2015-2621, CVE-2015-2632)

A vulnerability was discovered with how the JNDI component of the
OpenJDK JRE handles DNS resolutions. A remote attacker could exploit
this to cause a denial of service. (CVE-2015-4749)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
openjdk-7-jre-zero

7u79-2.5.6-0ubuntu1.15.04.1
icedtea-7-jre-jamvm

7u79-2.5.6-0ubuntu1.15.04.1
openjdk-7-jre-lib

7u79-2.5.6-0ubuntu1.15.04.1
openjdk-7-jdk

7u79-2.5.6-0ubuntu1.15.04.1
openjdk-7-jre-headless

7u79-2.5.6-0ubuntu1.15.04.1
openjdk-7-jre

7u79-2.5.6-0ubuntu1.15.04.1
Ubuntu 14.04 LTS:
openjdk-7-jre-zero

7u79-2.5.6-0ubuntu1.14.04.1
icedtea-7-jre-jamvm

7u79-2.5.6-0ubuntu1.14.04.1
openjdk-7-jre-lib

7u79-2.5.6-0ubuntu1.14.04.1
openjdk-7-jdk

7u79-2.5.6-0ubuntu1.14.04.1
openjdk-7-jre-headless

7u79-2.5.6-0ubuntu1.14.04.1
openjdk-7-jre

7u79-2.5.6-0ubuntu1.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to restart any
Java applications or applets to make all the necessary changes.

References

CVE-2015-2590,

CVE-2015-2601,

CVE-2015-2613,

CVE-2015-2621,

CVE-2015-2625,

CVE-2015-2628,

CVE-2015-2632,

CVE-2015-2808,

CVE-2015-4000,

CVE-2015-4731,

CVE-2015-4732,

CVE-2015-4733,

CVE-2015-4748,

CVE-2015-4749,

CVE-2015-4760,

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/LogJam