Banking trojans are ubiquitous and growing in number and sophistication, largely through trojan downloaders and webinjects. Here are four severe cases.
The post Beware banking trojans and their nasty helpers appeared first on We Live Security.
Monthly Archives: October 2015
TA15-286A: Dridex P2P Malware
Original release date: October 13, 2015
Systems Affected
Microsoft Windows
Overview
Dridex, a peer-to-peer (P2P) bank credential-stealing malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2). The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the Dridex botnet.
Description
Dridex is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language (XML) files to infect systems. The primary goal of Dridex is to infect computers, steal credentials, and obtain money from victims’ bank accounts. Operating primarily as a banking Trojan, Dridex is generally distributed through phishing email messages. The emails appear legitimate and are carefully crafted to entice the victim to click on a hyperlink or to open a malicious attached file. Once a computer has been infected, Dridex is capable of stealing user credentials through the use of surreptitious keystroke logging and web injects.
Impact
A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks, and harvest users’ credentials for online services, including banking services.
Solution
Users are recommended to take the following actions to remediate Dridex infections:
- Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. Even though Dridex is designed to evade detection, security companies are continuously updating their software to counter these advanced threats. Therefore, it is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
- Change your passwords – Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
- Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. You should enable automatic updates if this option is available (see Understanding Patches for more information).
- Use anti-malware tools – Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) to help remove Dridex from your system.
F-Secure
https://www.f-secure.com/en/web/home_global/online-scanner
McAfee
http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx
Microsoft
http://www.microsoft.com/security/scanner/en-us/default.aspx
Sophos
https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
Trend Micro
http://housecall.trendmicro.com/
The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.
References
Revision History
- Initial Publication – October 13, 2015
This product is provided subject to this Notification and this Privacy & Use policy.
Release for CentOS Linux 7 Rolling media Sept 2015
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am pleased to announce general availability of the September 2015 snapshot for CentOS Linux. This release includes CentOS Linux 7 iso based install media, Generic Cloud images, Atomic Host, Docker containers, Vagrant images, vendor hosted cloud images and live media. CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time. All rpm/yum repos remain on mirror.centos.org with no changes in either layout or content. - -------- CentOS Linux 7 / x86_64 install media is available at http://buildlogs.centos.org/rolling/7/isos/x86_64/ File: CentOS-7-x86_64-Minimal-1509-01.iso Sha: 4fafcd4abd790b7283d50facd4de41deccb62868e27dad37a54b27129222998c File: CentOS-7-x86_64-DVD-1509-01.iso Sha: 73db42de8a555ddac7deb4574efee04b120ed187c82f9a8dff205de83680516a File: CentOS-7-x86_64-Everything-1509-01.iso Sha: 77347e2961088f623965e73f940f644a1662d59874eb8d4cc90275a6e3f0c35f - -------- CentOS Linux 7 / x86_64 Live Media is also available at : http://buildlogs.centos.org/rolling/7/isos/x86_64 File: CentOS-7-x86_64-GNOME-1509-01.iso Sha: bd00d27950c5447f3df70415b338a4d3b0969e97b5040dea611fbfca8c0a38ad File: CentOS-7-x86_64-LiveKDE-1509-01.iso Sha: 4286416fbe10697bb10694213f1a61281b3055f7cbb94938d132b8b386f04d08 File: CentOS-7-x86_64-LiveCD-1509-01.iso Sha: a5874992f1bb6fcc48702f49611164a4810816e7f8cfdd5ac9cd5fe226ddd815 - -------- CentOS Linux 7 / x86_64 Cloud Images are available at : http://cloud.centos.org/centos/7/images/ File: CentOS-7-x86_64-GenericCloud-1509.qcow2 Sha: 1ed60e89401fcd4fe1b7387452ff41afd617c30e10dd5623438a0231b5694be9 File: CentOS-7-x86_64-GenericCloud-1509.qcow2c Sha: 7747e2e4cbac0259e9c6bf0be749ab43778414010d918f56107776b2c3b2e955 File: CentOS-7-x86_64-GenericCloud-1509.qcow2.xz Sha: fbada05b9d8067f16138a645376e188c19d0c3cbf93401ba1c5a899ac1eaac81 File: CentOS-7-x86_64-GenericCloud-1509.raw Sha: 6167d7a2a40bd78d8ccdf1794fa5e9d44f1df567a3aaa6024022b534e868aa38 - -------- CentOS Atomic Host was released earlier, details for the release are available at : http://seven.centos.org/2015/10/new-centos-atomic-host-release-available - -now/ - -------- CentOS Linux 7 / x86_64 Vagrant images are updated at https://vagrantcloud.com/centos/boxes/7 and the backing files can be downloaded for libvirt and virtualbox providers at : Libvirt: http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-Vagrant- 1509-x86_64-01.LibVirt.box and Virtualbox: http://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-Vagrant- 1509-x86_64-01.box Note that the backing box's are now updated to run with a 40GB disk, sparse allocated so it does not result in a larger download size. - -------- CentOS Linux 7 / x86_64 in vendor environments, including Amazon web services, are being updated and will be released online working through vendor process's. - -------- CentOS Linux 5 / 6 and 7 docker images are updated at http://index.docker.io/_/centos - -------- We welcome all feedback around these rolling builds and media updates at the centos-devel mailing list ( http://lists.centos.org/ ). enjoy! - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJWHOJBAAoJEI3Oi2Mx7xbtb24IAKrj8TSpHZQuAq1RZBODpI66 dI/80RA4N6LyOcCqTyMNpgn8oYpFARydrSCFCi6tWgj+mGHGt+niAuk8DVn8kUek JLqCibS2h4QIUB3w2ngBFwgE1p0/g+pvwLF6doIa/2URn/OxGFeHafSrU4FLklRl PCVjook1wJpxzhxjTX4sFhatw4Z6YUfISXHMDF19esRuNioWLzmEUQWAWp0gvCt/ PzC7WkhHoJs4lo0Z1KrLO0NGIkWRrz1FIpesJBLamnJN9MUI1YO9uqJV8aKhYwYW uEheoQKwnAo2aOKnNttD+s+kBN7qUCnshnht8uGTLqM/p5TZTs3NS6eaW1YZihg= =ogyH -----END PGP SIGNATURE-----
CDex Genre 1.79 Stack Buffer Overflow
CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.
Millennials ‘need assurance with online data security’
Businesses “need to persuade millennials” that their online data is safe, as this demographic remains sceptical about security, a new survey has found.
The post Millennials ‘need assurance with online data security’ appeared first on We Live Security.
The advantages of having a managed security service
In the corporate environment, cyber-threats are becoming more and more sophisticated, security standards more complex, and budgets tighter and tighter.
The world of technology in the workplace is no longer just restricted to servers, workstations, or email accounts, but rather we need to consider mobile devices and the culture of BYOD (Bring Your Own Device).We also need to be aware of problems that may arise from new trends such as social media and the impact that all of this can have on the security of our corporate networks.
This all places a great stress on businesses when it comes to the monitoring and management of information security.
What are managed security services?
There are currently a new series of products emerging on the market that are placed under the name Managed Security Services. This includes typical services such as antiviruses, firewalls, intrusion detection, updates, content filters, and security audits, while also embracing the new needs that businesses have, based on these services being managed by a third-party who assumes responsibility for the function and monitoring of them at all times.
A study carried out last year in the USA, UK, Canada, and Germany showed that 74% of organizations were still managing their own security systems, but that 82% of IT professionals were working, or had thought about working, for a company that provided security management services.
Advantages of managed security systems
- Providers of these systems help to mitigate the risks that come with the managing of security in a business and by opting for their services you can avail of lots of advantages. The first, and most obvious, is the relative cost – contracting a managed security service usually costs less than investing in personnel, software, and hardware.
- The second advantage is related to the capturing of talented staff. Currently there is a shortage of personnel that are specialized in cybersecurity and this puts a stress on IT departments to keep a quota of trained and competent staff members. Being equipped with a dedicated team to take on these tasks can be a strain for some businesses, but is rather feasible for managed security providers. By externalizing these tasks, a company con focus its attention on more critical aspects of the business.
- These services also allow for a round-the-clock monitoring, which is something that most businesses can’t provide, being restricted to the typical working hours that are in place.
- We can also observe advantages in terms of the efficiency in which the security providers work – it’s hard for an organization to follow up on all new threats and potential vulnerabilities as they arise, just as it is to up to date with norms and security tools. All of this is while security providers are in contact with international experts which strengthens their know-how and their ability to react. What’s more, because many of them have had the chance to work side-by-side with law enforcement agencies means that they have an advantage when it comes to completing forensic analysis in court cases.
Adaptive Defense as a managed security service
With all that has been mentioned in mind, Panda Security has decided to offer its very own self-managed security solution, Adaptive Defense. Thanks to the latest cloud computing technologies (based on Machine Learning techniques and Big Data) developed by Panda, Adaptive Defense is capable of automatically classifying all running applications on the system without the need for any user intervention.
Adaptive Defense is also a solution that has zero impact on the customer’s infrastructure. This is due to it being a service that is operated from a centralized web console that allows for the securing of Windows workstations, servers, cell phones, and remote offices.
The post The advantages of having a managed security service appeared first on MediaCenter Panda Security.
MS15-OCT – Microsoft Security Bulletin Summary for October 2015 – Version: 1.0
Revision Note: V1.0 (October 13, 2015): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for October 2015.
MS15-106 – Critical: Cumulative Security Update for Internet Explorer (3096441) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-110 – Important: Security Updates for Microsoft Office to Address Remote Code Execution (3096440) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS15-111 – Important: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (October 13, 2015): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.