Ubuntu Security Notice 2975-2 – USN-2975-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
Monthly Archives: May 2016
Ubuntu Security Notice USN-2975-1
Ubuntu Security Notice 2975-1 – Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
Ubuntu Security Notice USN-2978-3
Ubuntu Security Notice 2978-3 – Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
Ubuntu Security Notice USN-2978-1
Ubuntu Security Notice 2978-1 – David Matlack discovered that the Kernel-based Virtual Machine (KVM) implementation in the Linux kernel did not properly restrict variable Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a guest VM could use this to cause a denial of service (system crash) in the host, expose sensitive information from the host, or possibly gain administrative privileges in the host. Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
Ubuntu Security Notice USN-2979-3
Ubuntu Security Notice 2979-3 – Philip Pettersson discovered that the Linux kernel’s ASN.1 DER decoder did not properly process certificate files with tags of indefinite length. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.
Ransomware criminals should be “shot at sunriseâ€
Should be “Shot at sunrise” is the opinion of U.S. politician Michael C.Burgess, the representative for Texas, when talking about the cybercriminals who distribute ransomware that victimizes consumers and businesses.
Ransomware, malicious software designed to block access to a computer system until a sum of money is paid, and the use of exploit kits to distribute it, are adding new challenges to threat detection and protection. And now Angler, an exploit kit, which has been a known Internet threat since 2013, is being used to distribute ransomware. With the sole intent of installing ransomware on victim’s machines.
Our AVG Web Threats team is tracking these widespread ransomware attacks being delivered by the Angler crimeware exploit kit.
The use of exploit kits to distribute ransomware is a new trend – one that could cause widespread ransomware distribution. Exploit kits are software packages readily available for sale and are used by malicious operators to easily create malware that performs a wide variety of malicious functions. The malware is installed on hacked web servers and attacks the machines of visitors to web sites, in many instances, without their knowledge.
There is a common misperception that web users are only at risk if they browse risky sites, however, hacked sites are often brand names and appear safe. Small business sites in particular can be prime targets because they have less security and their visitors typically know the company and trust their brand.
The malware on these sites seeks out vulnerabilities in commonly used tools that improve website experiences, such as Flash, Silverlight and other software that employs Java and PDF-format files. The malware then runs malicious code on the visitors’ machine to install ransomware, backdoors and Spybot clients.
Our AVG Web Threats team has researched a particular instance of a Java exploit commonly found in association with Angler. This threat is detected by AVG, which we’ve been detecting since January. AVG customers who participate in anonymous threat sharing reported 6,123 hacked domains serving Angler in January, 8,260 in February and 4,412 in March.
Angler ransomware installs
TeslaCrypt is the most common type of ransomware installation currently that’s associated with Angler, according to our AVG Web Threats team analysis of this threat. TeslaCrypt encrypts users’ files, including writeable shares, and messages the user to extort payment for recovering the encrypted data. Paying the ransom to unlock files typically does not result in the recovery of the files.
Below are screen shot examples of ransomware attacks that attempt to extort $1,000 USD, payable through the untraceable currency of bitcoins.
Backdoor installs
Our AVG Web Threats team track the Angler-infected host machines have also tracked incidences of downloading malware known as backdoor malcode (commonly Bedep). Backdoor, or Bedep, can snatch passwords and personal confidential data from visitors’ machines.
Protecting your desktop
AVG recommends that consumers and businesses take the following preventive measures:
- Frequently backup data and important files; do not leave the backup device connected to the machine
- Ensure that security software, such as AVG, is up to date
- Ensure that Windows updates are downloaded and installed; doing this automatically is recommended.
- Update browsers and ensure you are using the latest versions available
Protecting web servers
Malicious code from the Angler exploit kit is initially installed on the web pages of vulnerable servers. For businesses, standard security precautions and monitoring are the basic defense. Researchers find a large number of Angler injections on WordPress and Apache servers – these should be given an extra measure of scrutiny.
- Ensure all Operating System patches and updates are applied quickly
- Regularly review and assess the state of 3rd party software running on the server. For example, vulnerabilities in packages like WordPress are particularly important, as these are common attack vectors
- Consider removing site content and 3rd party software that is out of date or not being used
- Keep backups of websites in a safe place (not on a shared directory); offsite backups are best
- Monitor web pages for unexpected and unauthorized changes
- Keep antivirus and other security software, such as AVG, updated
- Consider using intrusion detection applications, such as AVG
Our AVG Web Threats team continue to monitor and track threats such as Angler, so that we can deliver the security you need to keep your devices and businesses safe.
Apple Releases Multiple Security Updates
Original release date: May 16, 2016
Apple has released security updates for tvOS, iOS, watchOS, OS X El Capitan, Safari, and iTunes. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
- tvOS 9.2.1 for Apple TV (4th generation)
- iOS 9.3.2 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later
- watchOS 2.2.1 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- OS X El Capitan v10.11.5 and Security Update 2016-003 for OS X El Capitan v10.11and later
- Safari 9.1.1 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5
- iTunes 12.4 for Windows 7 and later
Users and administrators are encouraged to review Apple security updates for tvOS, iOS, watchOS, OS X El Capitan, Safari, and iTunes and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Giving Red-Teamers the Blues
Pen-tester Chris Nickerson will, in his Source Boston keynote, explain simple defensive approaches that can thwart the best red-teamers and advanced attackers alike.
Privacy and security fears – predictably – impact US online commerce
US government data say 45% curtail online activity due to privacy and security fears, which is sad but not surprising because we could see this coming.
The post Privacy and security fears – predictably – impact US online commerce appeared first on We Live Security.
Microsoft Quietly Kills Controversial Wi-Fi Sense Feature
Later this summer, when Microsoft rolls out a massive update to Windows 10 called Anniversary Edition, notably missing will be the controversial Wi-Fi Sense feature.