Computer Security Updates Week 4 of Feb 2013

Refer to 'Computer Security Updates Week 3 of Feb 2013'; in which the biggest news was about claims of the security of Facebook and Twitter having been compromised. Apart of that, there was no report on potential APT or high-profile threats yet.
  • Symantec and G&D partner to develop protected security applications for smartphones and tablets
  • Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours.
  • Facebook blocks access to after reports site is infected.
  • Google says it is winning the war against Gmail account hijackers.
  • Kaspersky advises on how to avoid 'Honey Traps' when seeking your soul mate online.
  • Malaysia's Information Department website was hacked and a false resignation of Prime Minister message was posted. The incident didn't cause much excitement though comparing to the 'Sungai Puchong' incident.
  • Adobe releases another patch to fix zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.
  • Oracle releases updated Feb 2013 critical patch update for Java SE which fixes the the “Lucky Thirteen” vulnerability in SSL/TLS (CVE-2013-0169).
  • McAfee releases the McAfee Threats Report: Fourth Quarter 2012. It is agreeable to what we have observed so far. 
  • Britain and India expected to setup cybercrime joint taskforce.

Check out more on security and weekly updates.

MOUNTAIN VIEW, Calif. and MUNICH, Germany - February 21, 2013 - Symantec and G&D to Partner on Protected Security Applications for Smartphones and Tablets

Symantec, a global leader in security, backup and availability solutions, and Giesecke & Devrient (G&D), a global leader in mobile security, today announced that they have signed an agreement to collaborate on the development of protected security applications on smartphones and tablets.

The cooperation leverages the highly secure Trusted Execution Environment (TEE) on smart mobile devices. The innovative concept sees applications' sensitive components and data securely transmitted, stored and executed in a hardware protected area on the main processor of mobile devices. It helps application developers deliver products and services that meet increased security requirements without impacting flexibility and productivity.

More details.

Sophos - Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Earlier this week it was being widely reported that Oxford University had taken the drastic step of completely blocking Google Docs, after it had seen a dramatic increase in the number of phishing attacks exploiting the service, targeting staff and students.

These attacks uses Google Doc URLs to redirect users to illegitimate website for phishing attempts.

More details.

Reuters, February 21, 2013 - Facebook blocks access to after reports site is infected

Reuters reported that Facebook Inc has blocked users from accessing the website following reports that the site is infected with a computer virus.

ESET team ran a file on it and found that these attacks are employing iframes like the one seen here on, to redirect legitimate visitors from to an infected site that serves up an exploit kit.

The dangerous content referred to in the ESET warning is the RedKit exploit kit, one of a rapidly growing number of software packages used by criminal hackers to exploit common software vulnerabilities such at the Java vulnerability (CVE-2012-0507) that led to last year’s Flashback Trojan outbreak on Macs.

More details and here.

Sophos - Google says it is winning the war against Gmail account hijackers

Google Security Engineer Mike Hearn reports in a Google Online Security Blog posting that the company has managed to shrink the number of compromised accounts to practically nil - a 99.7 percent reduction, to be exact - since the peak of hijacking attempts in 2011.

Part of the defense is that Google is now performing complex risk analysis to determine whether an account sign-in might be suspicious or risky - say, if it's coming from a country far away from your last sign-in.

More details.

PETALING JAYA, FEBRUARY 21, 2013 - How to Avoid “Honey Traps” When Seeking Your Soul Mate Online

The experts at Kaspersky Lab highlight some of the dangers of looking for romance on the Internet. It’s a fact that numerous scammers, marriage fraudsters and other shadowy characters are out to manipulate the natural human desire to find a partner. Various virtual "honey traps" are not uncommon on the World Wide Web – and once dazzled by a momentary passion, a user can easily find himself left without money or with a nasty infection on his machine.

The most creative type of junk mail which has not lost its popularity throughout the years is so-called Nigerian spam. The more romantic authors of these letters target potential victims registered on dating sites.

The “girl” who allegedly writes these sorts of emails usually lives in a distant, war-torn African country. Very soon the potential groom finds out his would-be fiancée is an heiress to a million-dollar inheritance and is willing to share her wealth with her betrothed. However, to get his bride and her money out of the country her future husband is asked to pay for some legal services. These tactics need long-term correspondence because very few people would agree to pay considerable sums guided by their heart rather than their head. The first emails from the potential patsy are answered by a robot but once the fraudsters understand they have got a chance, they immediately enter into the correspondence. Processing a potential victim can last a long time and here an individual approach and an understanding of psychology are especially important.

Unlike these “Nigerian” brides, "Russian" brides only need money to buy an air ticket and finally meet the man of their dreams – and of course this money becomes easy prey for the fraudsters.

More details.

SANTA CLARA, Calif. / SINGAPORE – Feb. 21 2013 – McAfee Report Sees Malware Repurposed to Strike Various Economic Sectors in 2012

McAfee released the McAfee Threats Report: Fourth Quarter 2012, (report) in which McAfee Labs revealed that sophisticated attacks originally targeting the financial services industry are now increasingly directed at other critical sectors of the economy, while an emerging set of new tactics and technologies are being implemented to evade industry-standard security measures. The report showed the continued proliferation of password-stealing trojans and advanced persistent threats (APTs) such as Operation High Roller and Project Bliztkrieg, and the expansion of their attacks to government, manufacturing and commercial transaction infrastructure targets.

More details.

Sophos - Adobe releases another zero-day vulnerability fixes

The fixes are available for all affected platforms, so Windows, Mac and Linux users should all upgrade.

Get more details.

Redwood City, February 19, 2013 - Updated February 2013 Critical Patch Update for Java SE Released

Oracle released the updated February 2013 Critical Patch Update for Java SE. The purpose of this update is to deliver 5 additional fixes which could not be included when Oracle accelerated the release of the Critical Patch Update by publishing it on February 1st instead of February 19th. Note that since Critical Patch Updates for Java SE are cumulative, this Critical Patch Update release also includes all previously-released Java SE security fixes.

All but one of the vulnerabilities fixed today apply to client deployment of Java. This means that these 4 vulnerabilities can be exploited through Java Web Start applications on desktops and Java applets in Internet browsers. Three of these vulnerabilities received a CVSS Base Score of 10.0. As I stated before, Oracle reports the most severe CVSS Base Score, and these CVSS 10.0s assume that the user running the malicious Java Applet or Java Web Start application has administrator privileges (as is typical on Windows XP). However, when the user does not run with administrator privileges (as is typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are "Partial" instead of "Complete", typically lowering the CVSS Base Score to 7.5 denoting that the compromise does not extend to the underlying Operating System.

The last security fix added by this updated Critical Patch Update release applies to server deployments of the Java Secure Socket Extension (JSSE). This fix is for a vulnerability commonly referred as the “Lucky Thirteen” vulnerability in SSL/TLS (CVE-2013-0169). This vulnerability has received a CVSS Base Score of 4.3.

Finally, note that Oracle’s intent is to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment (JRE) in desktop browsers. As a result, Oracle will be issuing a Critical Patch Update for Java SE on April 16, 2013 at the same time as the normally scheduled Critical Patch Update for all non-Java products. The next scheduled release dates for the Critical Patch Update for Java SE are therefore: April 16, 2013; June 18, 2013; October 15, 2013; and January 14, 2014.

More details.

Putrajaya, Feb 19, 2013 - Cyber Disinformation

Reported by theSun daily, it emerged that the Information Department's official website had been compromised with a hoax of false announcement of the resignation of PM Datuk Seri Najib.

Director-general Datuk Ibrahim Abdul Rahman claimed that it was the work of hackers.

Along with the assistance of MCMC, the Commercial Crimes Investigations Department (CCID) is currently investigating the case. Earlier findings have led them to conclude that had gained access to the server via a foreign IP address which may potentially be a proxy IP or a ghost IP.

Mumbai, Feb 19, 2013 - Britain and India to agree cybercrime joint taskforce

Britain and India are expected to agree to set up a joint task force to fight cybercrime on Tuesday, a move London hopes will help it safeguard the personal banking and mobile phone data of millions of Britons, much of which is stored on Indian servers.

The agreement is expected to be sealed at a meeting between British Prime Minister David Cameron and Indian Prime Minister Manmohan Singh in New Delhi, one of the highlights of Cameron's three-day trade and investment trip to India.

More details.


Anonymous said…
My partnеr and I stumbled ovеr here coming fгom a diffеrent webѕite and thought І might
as well chеck things out. I like whаt I see so i am just following you.
Look forward to going ovеr youг ωeb page again.

Alsо visit my webpagе ... tens unit