Vulnerabilities and exploits

Today’s Microsoft updates include a few fixes for remote code execution, and several fixes for escalation of privilege and denial of service flaws.

Introduction This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. We will show how cybercriminals exploited

Earlier this year, about 6.5 million LinkedIn account password hashes were published on a hackers’ forum. The hashes were simple SHA1 digests computed from the user’s passwords, as stored into the LinkedIn backend infrastructure. It didn’t take long for hackers to start cracking them, with over half of them cracked in almost no time. There

Hotmail / Microsoft accounts limit maximum password size to 16.

The Internet knows no borders, but according to our data, cybercrime has specific ‘geographical features’.

The Java 0day activity that we have been monitoring and preventing for almost the past week has been irresponsibly reported on other blogs, with early posts publicly linking to known sites serving the 0day.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.

I’m pretty sure that most of you guys know about the recent phone scam which is circulating right now. They have been calling a lot of people in countries such as Germany, Sweden, the UK and probably more. The scam is pretty simple; they pretend to be from a department within Microsoft which has received indications that your computer is infected with some malware. Finally i just got fed up with them calling all the time so to thought id do something about it.

Nowadays we see many successful attacks that lead to personal data leaks. How do we deal with cases when our passwords can be leaked?

This month’s patch Tuesday brings a set of three “critical” bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated “important”.

Browsing is a risky activity from a security point of view. The good old times when we could identify a bunch of suspicious sites and avoid them are gone forever. Massive infections of websites are common nowadays, blindly infecting as many sites as possible. Once these sites are compromised, the access is usually sold to cybercriminals. At this point the site hosts malware or redirects victims to some exploit kit.

Deep inside one of Stuxnet’s configuration blocks, a certain 8 bytes variable holds a number which, if read as a date, points to June 24th, 2012. This is actually the date when Stuxnet’s LNK replication sub-routines (https://securelist.com/myrtus-and-guava-episode-1/29614/) stop working and the worm stops infecting USB memory sticks.

Recently, we came by an interesting targeted attack which was evading most antivirus products. This is a recent spearphish targeting various Tibetan and human rights activists. It demonstrates the level of effort put into infiltrating their groups with some unique characteristics, relative to the many other exploits targeting CVE-2012-0158.
Here’s how such e-mails appear:

Microsoft released a set of five bulletins, patching 29 total software vulnerabilities.

Two weeks ago, when we announced the discovery of the Flame malware we said that we saw no strong similarity between its code and programming style with that of the Tilded platform (https://securelist.com/stuxnetduqu-the-evolution-of-drivers/36462/) which Stuxnet and Duqu are based on.