Threat Category: Vulnerabilities and exploits | Page 26

This report is based on information about vulnerable programs found on the computers of our customers. The purpose of this research is to understand how users react to vulnerable programs and analyze the potential dangers of vulnerable software.

Earlier this week, we published our report on “Red October”, a high-level cyber-espionage campaign that during the past five years has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations. In part one, we covered the most important parts of the campaign: the anatomy of the attack, a timeline of the attacker’s operation,

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html).
In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (35f1572eb7759cb7a66ca459c093e8a1 – NewsFinder.jar), known as the Rhino exploit (CVE-2011-3544).

Just a quick note, it’s only the second week of January, but early 2013 brings with it the first Java 0day mass exploit distribution of the year.

Microsoft starts the new year with a January Security Bulletin Release of seven Security Bulletins. These seven bulletins cover at least 11 CVE. Three of the vulnerabilities need to be addressed immediately with two of the Bulletins. These three vulnerabilities effect XML Core Service components (MS13-001) that can be abused using Internet Explorer as a

Microsoft just publicly announced a release to actively “untrust” three certificates issued by Certificate Authority TURKTRUST, a subsidiary of the Turkish Armed Forces ELELE Foundation Company. According to Microsoft, the company made several mistakes resulting in fraudulent certificates issued that could be used to MiTM encrypted communications with gmail or other google properties.

Before 2012, there were only two instances of cyber weapons being used – Stuxnet and Duqu. However, analysis of these two forced the IT community to dramatically expand the whole concept of what cyber warfare entails

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at least 11 vulnerabilities, accurately described in the Advanced notification for this month. The MSRC recommends that their Internet Explorer (MS12-077) and Microsoft Word (MS12-079) updates are addressed asap.

The folks at the Microsoft Security Response Center are winding down 2012 with another full release of seven Security Bulletins containing fixes for memory corruption on application, server, and system code along with a Certificate Bypass problem and set of fixes for Oracle Outside In software components. Within the seven Bulletins, they are patching at

Why in Dubai? First, I was there recently. Second, Dubai has become one of the most important cities in the world for holding IT conferences. All statistics are based on around 3 thousand found WiFi access points. Let’s begin with the channels Dubai’s WiFi is running on: It’s logical to see that channel 6 and

Earlier today, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).

Last night, reports have appeared on several Russian forums regarding a Skype account hijacking exploit. The information has been made available on several Russian blogs and is now actively exploited in the wild. The exploit, which has been available for two months already, takes advantage of the Skype password reset feature. This allows you to

Microsoft is patching a fair number of vulnerabilities in their software with 19 flaws being fixed.

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Vulnerabilities and exploits

Kaspersky Lab report: Evaluating the threat level of software vulnerabilities

“Red October” – Part Two, the Modules

Red October – Java Exploit Delivery Vector Analysis

Java 0day Mass Exploit Distribution

January 2013 Microsoft Security Bulletins

TURKTRUST CA Problems

Kaspersky Security Bulletin 2012. Cyber Weapons

December 2012 Microsoft Security Bulletins – IE, MSWord, Font Parsing, and More

December 2012 Microsoft Security Bulletins

WiFi study in Dubai

Google.ro and RO domains Victims of Possible DNS Hijacking

Google.ro and other RO domains, victims of a possible DNS hijacking attack

New Skype Vulnerability Allows Hijacking of Accounts

Microsoft Updates November 2012 – IE, Kernel+Shell, and .NET Critical Patches

IT Threat Evolution: Q3 2012

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails