Security Protection – Harry Waldron MVP Rotating Header Image

August 31st, 2011:

Sarbanes-Oxley Standards – COBIT 5 IT standards emerge

Numerous links and information are available at ISACA’s home page for Corporate users

Sarbanes-Oxley – COBIT version 5 standards emerge for IT controls
http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-5-Initiative-Status-Update.aspx

Mozilla Firefox 6 – Security release for hacked Certificate Authority

Mozilla Firefox and other products have been revised to remove the hacked DigiNotar Certificate Authority,

Mozilla Firefox 6 – Security release for hacked Certificate Authority http://securitywatch.pcmag.com/apple/287116-firefox-and-other-mozilla-apps-rev-to-blacklist-hacked-ca

QUOTE: Mozilla has released several new versions of programs in order to remove support for a root certificate from a hacked certificate authority.   We reported yesterday about how this root certificate had been used to create a fake google.com certificate, but it turns out that the hack occurred weeks ago and had been used many times. DigiNotar, the hacked certificate authority, is in a desperate struggle to retain their credibility.  The newly-updated programs are:
  • Firefox 6.0.1
  • Firefox Mobile 6.0.1
  • Firefox 3.6.21
  • Thunderbird 6.0.1
  • Thunderbird 3.1.13
  • SeaMonkey 2.3.2

Social Networking Threats – Trend Labs report

Trend Labs shares good awareness for a variety of threats affecting Facebook and other social networking environments.

Social Networking Threats – Trend Labs report http://blog.trendmicro.com/the-geography-of-social-media-threats-infographic/

QUOTE: KOOBFACE is not the only threat that hounds social media. These social networking sites also have features that can become threat vectors. A seemingly harmless wall post from a friend, a video shared by an online contact, or an instant message from a colleague can potentially lead to an attack.  These features are meant to make socializing effective and meaningful. However, they have also been used by cybercriminals in their attacks. In Facebook, the wall is the riskiest region of the user interface. Cybercriminals have concocted several threats leveraging popular news items

For tips on how to arm yourself against social media threats, check out our e-book, “.

e-Book – A Guide to Threats on Social Media http://about-threats.trendmicro.com/ebooks/socialmedia-101

Xpaj Botnet – Complex new file infector

Symantec documents an advanced and highly stealth File Infector that can setup a botnet client on an infected PC

Xpaj Botnet Intercepts up to 87 Million Searches per Year http://www.symantec.com/connect/blogs/xpaj-botnet-intercepts-87-million-searches-year
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_xpaj_b.pdf
http://www.symantec.com/security_response/writeup.jsp?docid=2009-091613-1844-99

QUOTE: W32.Xpaj.B is one of the most complex and sophisticated file infectors Symantec has encountered. In an older blog post, Piotr Krysiuk calls it an “upper crust file infector.” He describes several different approaches that the infector uses to increase the difficulty in detecting infected samples. The techniques W32.Xpaj.B uses to conceal itself within an executable are far beyond the norm.

The analysis revealed IP addresses for the command & control (C&C) servers. Infected W32.Xpaj.B executables send a download request to these C&C servers. Analysis of the threat’s backend control infrastructure revealed more than just the data sent from the server to infected clients. The servers contained encrypted binary data, encryption keys, databases, and Web applications. These were all elements of what transpired to be a fraud operation spread over multiple computers hosted in several countries.

Adobe – Flash and other products patched during August 2011

As Adobe has improved their automated security updates, please promptly apply changes when prompted to ensure the best levels of protection.

Adobe – Flash and other products patched during August 2011 http://www.adobe.com/support/security/bulletins/apsb11-21.html
http://securitywatch.pcmag.com/apple/286074-massive-adobe-patch-release-fixes-flash-player-media-server-shockwave-photoshop-and-robohelp

QUOTE: Adobe released updates to 5 products today fixing a total of 23 vulnerabilities, mostly in Flash Player.  At least some of the 13 vulnerabilities fixed in Flash Player affect all versions of it: Windows, Mac, Linux, Solaris and Android. All are critical vulnerabilities which can result in remote code execution. None of the vulnerabilities are being exploited in the wild, according to Adobe. These changes also affect Adobe AIR for Windows, Mac and Android.

As always, you can get the most current version of Flash Player (10.3.181.36) at http://get.adobe.com/flashplayer. Don’t go anywhere else for it, as fake Flash installers are a common method of malware distribution

Apache Web Server – New DoS Attack Vulnerability

Webmasters should ensure they apply the forthcoming security patch to protect their web server environments:

Apache Web Server – New DoS Attack Vulnerability http://blog.eset.com/2011/08/26/dos-apache-killer
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/thread

QUOTE: Amidst a lack of fanfare this past weekend on a mailing list, a memory exhaustion hack popped up for the Apache webserver that may result in a Denial-of-Service (DoS) style attack. Since the Apache application serves up north of 65% of the websites on the internet, a plausible attack becomes quite an issue, especially if it gets much traction before a patch can be released.

Still, some Apache web servers have been humming along untouched for years without much oversight, and may not receive patches as quickly as the hack spreads, representing a potentially widespread attack surface in the meantime. The posting says “An attack tool is circulating in the wild. Active use of this tools has been observed.” The nice thing is how proactive the Apache Foundation has been since it was brought to their attention.

FBI – Electronic Scam warnings updated for Hurricane Irene

The FBI warns users to be careful with charitable donations, news reports, and web searches

FBI – Electronic Scam warnings updated for Hurricane Irene http://www.fbi.gov/scams-safety/e-scams

QUOTE: 08/26/11—In light of Hurricane Irene, the public is reminded to beware of fraudulent e-mails and websites claiming to conduct charitable relief efforts.

Tips on Avoiding Fraudulent Charitable Contribution Schemes http://www.ic3.gov/media/2011/110311.aspx.

Reports can be made to: http://www.ic3.gov/complaint/default.aspx

Network-wide options by YD - Freelance Wordpress Developer