Numerous flaws were addressed via patches Tuesday by Microsoft.
The company also addressed at least 15 other flaws in its software, and urged customers to quit using the desktop Sidebar and Gadget capabilities offered in Windows 7 and Windows Vista.
By far the most urgent of the updates is MS12-043, which fixes a critical vulnerability in Microsoft XML Core Services that miscreants and malware alike have been using to break into vulnerable systems. Microsoft had already warned about limited, targeted attacks using this flaw, but late last month an exploit built to attack the XML bug was added to the BlackHole Exploit Kit, an automated browser exploit tool that is very popular in the criminal underground right now.
Other critical patch bundles include a fix for a dangerous flaw in the Microsoft Data Access Components (MDAC) of Windows, and an update to address a pair of vulnerabilities in Internet Explorer.
Microsoft also released a FixIt tool to help network administrators block the use of Gadgets and the Sidebar on Windows 7 and Windows Vista systems. “We’ve discovered that some Vista and Win7 gadgets don’t adhere to secure coding practices and should be regarded as causing risk to the systems on which they’re run,” Microsoft said in a blog posting, without offering much more detail about any specific findings.
- Bad week for Microsoft as security fails and cyber threats increase (seshippingnews.typepad.com)
- Security flaws signal early death of Windows Gadgets (zdnet.com)
- Microsoft patches critical drive-by IE9 bug, Windows zero-day (techworld.com.au)
Wonder what Google will have to say regarding this.
Security researchers have discovered malware hosted on the Google Play marketplace that went weeks undetected masquerading as games.
Android.Dropdialer, a Trojan that sends costly text messages to premium-rate phone numbers in Eastern Europe, had gone undiscovered for two weeks in the form of two game titles, Symantec researcher Irfan Asrar wrote in a blog post yesterday. The two games — “Super Mario Bros.” and “GTA 3 – Moscow city” — were uploaded to Google Play on June 24 and generated 50,000 to 100,000 downloads, Asrar said.
“What is most interesting about this Trojan is the fact that the threat managed to stay on Google Play for such a long time, clocking up some serious download figures before being discovered,” Asrar wrote. “Our suspicion is that this was probably due to the remote payload employed by this Trojan.”
The Trojan’s authors avoided detection during Google Play’s automated screening process by breaking up the malware into separate, staged payloads, Asrar said. Once downloaded and installed from Google Play, the apps would download an additional package for installation that sent the text messages.
- Premium-rate SMS malware survived in Google Play for weeks (androidauthority.com)
- New Android malware runs rings around Google Play security protocols (bgr.com)
- Google Play Fails to Remove All Super Mario Malware (f-secure.com)
Mobile devices allow workers, including government employees, to work in multiple locations and to improve their efficiency. But the same features that make these devices desirable make them a security challenge. Mobile
devices can easily be lost or stolen, and users may be tempted to download nonsecure apps that might conceal “malware” that could be used to steal confidential data. Since security is minimal for mobile devices, a thief can retrieve sensitive data directly from the device, or use the phone or tablet to access an organization’s computer network remotely.
The revised guidelines recommend using a software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices that are used for government business. Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization’s computer network. They are typically used to manage the smart phones that many agencies issue to staff. The new NIST guidelines offer recommendations for selecting, implementing, and using centralized management technologies for securing mobile devices.
“Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats,” explains co-author and NIST guest researcher Karen Scarfone.
An interesting argument on how honeypots are an important key in the security arsenal.
Let’s start at the beginning, what is a honeypot? Put simply, it is a machine that is designed to tempt any unknowing attacker to target it, whilst being configured to trace the origins of the attacker and identify them. However, this can lead to the perception that honeypots can be a quagmire of risk and liability, as well as raising understandable concerns about willingly allowing an attacker to access your system under your control.
However, there are many forms of honeypots, and they can be used in many different ways. The idea of the honeypot as merely a host designed to be breached; sitting on the perimeter of your network is far from the whole picture. Let’s take a look over some different uses of honeypot style systems and consider their place in a well-equipped enterprise security program.
Building a fully-functional and interactive honeypot that resembles a real production system can be a daunting task, replete with risk (you would be, after all, building a machine with the intention of it falling
under the control of an attacker) but there are many other levels of honeypots before this level of complexity, and all of them present value to security monitoring.
Source: Do you need a honeypot?.
Very informative descriptions of some of the honeypot methods that are out there for use by organizations. As Conrad Constantine points out:
The use of honeypots, like everything in information security, is always evolving and the technique has a lot of potential to disrupt attackers by wasting their time and resources, directing them away from their true targets and forcing them to reveal themselves.
In the world of search engine optimization …
Well, that “level playing ground” is here with the April 24th release of the Penguin algorithm update, which has affected an estimated 3% of all search queries. If you saw your blog traffic dip unexpectedly on this date, it’s possible you’ve been “pecked” by the Google Penguin—an indication that your blog is considered to be over-optimized in the eyes of the search giant.
Of course, knowing that you’ve been affected and taking remedial actions to recover from a Penguin penalty are two different things. Because of Google’s natural reticence when it comes to revealing the exact parameters that cause a site to be flagged for over-optimization, it’s impossible to know exactly which factors led to your site’s penalty.
The key to determining how to move forward following a Penguin attack lies in identifying potential over-optimization flags that can be quantified and measured by the search engines. Remember, the Googlebot can’t manually assess the quality of every website online. Instead, it must rely on measurable signals that can be used to infer objective value.
- How the Winners Do Mobile SEO [Guest Post] (distilled.net)
- Present on Some Common Search Engine Optimization Myths……… (kellymcloughlin.com)
- Important On-Page SEO Factors For Better Search Ranking (ppc.org)
- Recovering from Google Penguin (lettersfromdan.com)
Due to the loose restrictions Google places on it’s app-marketplace?
Clickjacking rootkits could pose the next big threat for the Android platform, according to a research team out of North Carolina State University. Led by computer science professor Xuxian Jiang, the team has developed a prototype clickjacking rootkit that’s more sophisticated than the other Android-oriented malware already out there.
This new prototype rootkit — which attacks the Android framework, rather than the kernel — differs from other malware in key ways, according to Jiang. “Unlike other rootkits for the platform, this one can function without a restart and without deep modification of the underlying firmware,” Jiang explained in a video in which he demonstrates the rootkit in action. “But it can still do all the things that a rootkit wants to do, such as hide or redirect apps.”
In other words just as with other computing devices keep anti-virus software up-to-date.
- Researchers create prototype Android clickjacking rootkit (androidauthority.com)
- “Clickjacking” Android could lead to app level phishing (h-online.com)
An exploit for an unpatched vulnerability in the MSXML (Microsoft XML Core Services) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.
The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability — an actively exploited vulnerability for which an official patch doesn’t yet exist.
Be sure to keep that anti-virus up-to-date and also utilize the Fix-It tool Microsoft has made available.
- Hackers exploit Windows XML Core Services flaw (infoworld.com)
- Danger! Unpatched Microsoft security vulnerability being actively exploited (nakedsecurity.sophos.com)
- CVE2012-1889: MSXML use-after-free vulnerability (eset.com)
The third largest e-commerce company in North America is moving much of its operations to the cloud.
Live Nation Entertainment, which operates online ticket sales site Ticketmaster and three other entertainment-related businesses, is clouding up its Ticketmaster and Live Nation Concert and Network operations to achieve the efficiencies of virtualization and speed time-to-market with new offerings. The company is in the very early stages of its private cloud implementation, however, so efficiencies are currently difficult to quantify.
But it’s a sizable undertaking. Live Nation has 7,000 employees in 153 offices spread across 18 countries. Its revenue in 2011 was $5.4 billion, of which Ticketmaster accounted for $1.56 billion and other Live Nation operations $3.8 billion.
It will be interesting to see the efficiencies once the implementation has been completed.
- Ticketmaster books a private cloud with Cisco (pcadvisor.co.uk)
- Cloud Service Usage Now Mainstream in UK and Ireland: Report (cloudcomputing.sys-con.com)