Core Security Technologies Advisory – The ‘application’ tag in Microsoft Windows Media Center link files (.mcl extension) can include a ‘run’ parameter, which indicates the path of a file to be launched when opening the MCL file, or a ‘url’ parameter, which indicates the URL of a web page to be loaded within the Media Center’s embedded web browser. A specially crafted MCL file having said ‘url’ parameter pointing to the MCL file itself can trick Windows Media Center into rendering the very same MCL file as a local HTML file within the Media Center’s embedded web browser.
Monthly Archives: December 2015
Red Hat Security Advisory 2015-2587-01
Red Hat Security Advisory 2015-2587-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel’s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.
Red Hat Security Advisory 2015-2589-01
Red Hat Security Advisory 2015-2589-01 – The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap. A local attacker could potentially use this flaw to execute arbitrary code on the system. It was discovered that, under certain circumstances, glibc’s getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.
Toys Could Be Used As Spying Devices, MPs Told
Latest Flash Patch Addresses 78 Bugs
Former GCHQ Director Denies Agency Conducts Mass Surveillance
Australian Police Raid Chap's Home In Hunt For Bitcoin Creator
2015, the year of Cryptolocker
At the end of 2013 the first signs of what would eventually become one of the most lucrative attacks for cybercriminals were spotted. Cryptolocker is the name of the most popular family of ransomware, which has ended up being used as the name for all threats of this type.
The threat always works on the same, simple premise: it encodes documents and demands a ransom in order for them to be returned.
They usually geo-locate the IP of the victim to show the message containing instructions on how to pay the ransom, which is always displayed in the language of the corresponding country. The payments have to be done using Bitcoin and all contact with the cybercriminal is carried out via Tor, which helps the attackers to remain at large from the authorities.
These attacks became more and more popular throughout the course of 2014, starting out with isolated attacks on individuals before turning their focus towards corporations, which turned out to be far more rewarding – the stolen information had a higher value and the ransom (usually around €300) was spare change to the majority of businesses.
In 2015 we have seen how they have fine-tuned the attacks to try and overcome any defenses that were put in their way:
- They no longer commit errors when encoding files. These mistakes allowed security companies to create tools to recover documents without paying the ransom.
- New families of threats have appeared – more groups of cybercriminals are using Cryptolocker, which has become the most popular type of threat at the moment.
- All of them use Bitcoin as a payment method, meaning they can’t be traced.
- They have focused on two paths of distribution:
- Via Exploit Kits
- By email with a compressed attachment
- They are creating new forms of attack, and we have seen them start to use PowerShell scrips, which come by default with Windows 10.
- In terms of mobile devices, although we have seen some attacks (such as that which changed the access codes to the device), they are still the exception to the rule.
How to protect against Cryptolocker
As regards protecting ourselves, we must remember that Cryptolocker has different “needs” when compared to a traditional malware – it isn’t persistent (once the documents are encoded, it doesn’t need to remain on the system and, in fact, some variations delete themselves), and it doesn’t care if it is detected by an antivirus (all that matters is that it can launch its attack before being detected, any time after that makes no difference).
Traditional forms of detection are now rather useless, as before launching an attack it will check that these technologies can’t detect the sample, and it will change itself in order to evade them if this isn’t the case. Behavioral analysis isn’t capable of detecting what it does in the majority of cases, as it usually installs itself in the processing systems to encode the files from there, making it look like a normal operation.
Only a system that monitors everything that is running on the computer, such as Adaptive Defense 360, can be an effective method of stopping these attacks on time, before they put our documents at risk.
INTERACTIVE DEMO ADAPTIVE DEFENSE 360
The post 2015, the year of Cryptolocker appeared first on MediaCenter Panda Security.
CESA-2015:2594 Moderate CentOS 6 libpng SecurityUpdate
CentOS Errata and Security Advisory 2015:2594 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2594.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e4b2fabf9c232b1a84e677df640aceab8b089e72781bec4fcca347d984e581d1 libpng-1.2.49-2.el6_7.i686.rpm c3b0f3d20047a8cef357a96171787aaffcf74ae93bb0b0faff1bca3001315586 libpng-devel-1.2.49-2.el6_7.i686.rpm c37977232c45d61ad118af010e21d611c4e98403b87ffd76bc645474c8754a2e libpng-static-1.2.49-2.el6_7.i686.rpm x86_64: e4b2fabf9c232b1a84e677df640aceab8b089e72781bec4fcca347d984e581d1 libpng-1.2.49-2.el6_7.i686.rpm 0f18ee677b60fe81a24f200cc8db1c9bde26a404cc812e77a73b2bcfd4dd40de libpng-1.2.49-2.el6_7.x86_64.rpm c3b0f3d20047a8cef357a96171787aaffcf74ae93bb0b0faff1bca3001315586 libpng-devel-1.2.49-2.el6_7.i686.rpm 6e30263282f29b65af97733f7704647e615ff857902ebf87927ba276a5230e3a libpng-devel-1.2.49-2.el6_7.x86_64.rpm 8d2cc2d3ed0e4c3d794c847f79d98b63caae912e869ff2f6ada349b1c3c2772e libpng-static-1.2.49-2.el6_7.x86_64.rpm Source: e756441baabe4038f09eb9dbe4207e83d347f21cbe805eb4956c2cd961a891db libpng-1.2.49-2.el6_7.src.rpm
Google Updates Chrome, Extends Safe Browsing to Chrome for Android
Google joined the Patch Tuesday parade with a Chrome update that patches seven vulnerabilities in the browser. It also announced it was extending Safe Browsing protection to Chrome for Android.