Category Archives: Security

aka infosec

Malware targeting Windows 8

Microsoft has been putting a lot of effort into making their software more secure, and it’s paying off: Kaspersky’s IT Threat Evolution: Q3 2012 report includes no Microsoft software in its Top Ten Vulnerabilities List.

The anti-malware software bundled with Windows 8 is Microsoft’s strongest offering in any version to date. But as long as Windows is widely deployed, it will remain a popular target for malware developers, as is demonstrated by the recent discovery by Symantec that a new Trojan variant, detected as Backdoor.Makadocs, includes code specific to the new O/S.

Patch Tuesday for November 2012

Another month, another Patch Tuesday. As discussed in the advance warning post, this month’s crop consists of six patches with nineteen fixes for Windows (including Windows 8), Office, Internet Explorer and .NET:

Windows users are encouraged to install the critical updates as soon as possible via Microsoft Update.

More details at the Microsoft Security Response Center.

Advance warning for November 2012 Patch Tuesday

It’s that time of the month again. Microsoft has issued its advance warning for this month’s Patch Tuesday. The patches themselves will become available, as usual, on the second Tuesday of the month. That’s November 13, 2012, at approximately 10 a.m. PST.

The patches this month affect Windows, Internet Explorer, Office and the .NET Framework. There are six planned bulletins, with 19 total issues being addressed. Four of the bulletins are rated Critical. For all the details, see the related Technet security bulletin.

As always, Windows users should install these patches as soon as possible on or after November 13.

‘Ransomware’ prevalence increasing in North America

A new white paper from Symantec discusses the increase of ‘ransomware’ in North America. Ransomware is malware that – once installed on a user’s computer – prevents normal operation and presents the user with warnings that appear to be from regional law enforcement organizations. The warnings threaten further legal action if the user fails to pay a fine. The warnings look sufficiently legitimate to fool many users, who then pay the ‘fine’.

If you start seeing one of these warnings on your computer, do not pay the ‘fine’. Instead, have the malware removed from your computer by a knowledgeable technician.

More details from ARS Technica.

‘Impervious’ Adobe Reader X/XI is actually vulnerable

A working exploit for the latest versions of Adobe’s PDF Reader software (X and XI) is being made available to malicious hackers for $50,000 via underground forums.

Starting with Version X, Adobe’s Reader software has employed a ‘sandbox’ that supposedly insulates the operating system from attacks originating in Reader content. The exploit code reportedly gets around the sandbox.

Adobe is investigating, but no patches are available yet. Since this threat is active, anyone using Adobe Reader X or XI should exercise extreme caution when opening PDF documents or clicking links to PDF documents from unknown sources. Another option is to uninstall the Adobe software and use an alternative like Foxit Reader.

More details from KrebsOnSecurity.

Vulnerabilities in Sophos anti-malware products

Security researcher Tavis Ormandy has discovered several security vulnerabilities in Sophos security products. The holes were patched within a few weeks of the initial reports, but Ormandy maintains that Sophos’ response was too slow. The vulnerabilities, if unpatched, can allow attackers to gain full control of computers running affected Sophos software.

Regardless of whether you agree with Ormandy’s conclusions about Sophos, it’s clear that if you run Sophos security products, you should make sure they are fully patched.

Adobe Flash security updates

Yesterday, Adobe announced a new version of Flash that includes fixes for several security holes in earlier versions. Anyone who uses Flash to view web-based video, which includes anyone who uses YouTube, should install the latest version of Flash as soon as possible.

The latest version of Flash for Windows is 11.5.502.110. Adobe also made available updates for older versions of Flash that address the same security vulnerabilities, but we recommend updating to the latest version.

A new version of Google Chrome, also announced yesterday, includes these security fixes. A similar patch for Internet Explorer 10 in Windows 8 was made available by Microsoft.

These updates resolve buffer overflow vulnerabilities that could lead to code execution, memory corruption vulnerabilities that could lead to code execution, and a security bypass vulnerability that could lead to code execution.

ZeroAccess botnet growing rapidly

Growth of the ZeroAccess botnet is unfortunately showing no signs of slowing down. darkReading reports “2.2 million infected with fraudulent ad-click botnet’s malware“. The perpetrators make money by using infected computers to fraudulently ‘click’ on web-based ads.

Most current anti-malware software can detect and disable ZeroAccess-related malware. Make sure your anti-malware software is up to date, and run regular scans.