Category: Warnings

Exchange 2007 and 2010 users should still apply the fix since the security patch causes no difficulties if installed on older versions of Microsoft’s email server software.

“If you already installed MS13-061 on Exchange 2007 and or 2010 it looks like you should be good to go as the issue does not seem to occur with those versions,” explained Ziv Mador, Director of Security Research at Trustwave.

MS13-061 addresses three vulnerabilities in Microsoft Exchange that can stem from bugs in the third-party library Outside In, which is licensed from Oracle.

Sysadmins would be well advised to apply a stop-gap workarounds which includes turning off document processing involving Outside In – at least, pending the availability of a functional security patch.

Link: http://www.theregister.co.uk/2013/08/15/faulty_exchange_2013_update_pulled/

Other credit union sites listed on the OpUSA post on Pastebin include the $54 billion Navy FCU of Vienna, Va., the $27 billion State Employees’ Credit Union of Raleigh, N.C., the $12 billion Boeing Employees Credit Union of Tukwila, Wash., the $9.8 billion SchoolsFirst FCU of Santa Ana, Calif., the $8.2 billion The Golden 1 Credit Union of Sacramento, Calif., the $5.4 billion Suncoast Schools FCU of Tampa, Fla., the $5.6 billion American Airlines FCU of Fort Worth, Texas, the $8.3 billion Alliant Credit Union of Chicago, the $7.2 billion Security Service FCU of San Antonio, Texas, the $6.2 billion San Diego County Credit Union of San Diego and the $5.8 billion America First FCU of Riverdale, Utah. John Magill, CUNA executive vice president of governmental affairs, said during a Monday morning press call he has spoken to NCUA staff members about the attack, and they said the regulator is aware of the target list and has contacted the 12 credit unions.

Kevin Prince, chief technology officer at the Santa Ana, Calif.-based technology management firm Compushare, said the attack could be impactful, but added nobody knows how it could play out. Compushare has worked on an FBI task force for a long time combating Anonymous cyberattacks, and Prince said the bureau “is having a hard time doing anything about it.”

Prince, who was a guest on CUNA’s call, recently released a white paper that reassures small financial institutions they’re not likely targets, but nonetheless provides ways to prepare in case they are, or simply worry they may be.

Instead, Prince advised, credit unions should work with their internet service provider to stop the attack “upstream” before it gets to the credit union’s website or online banking service.

Because most credit unions don’t host their own online banking site, working instead with a third party provider or core processor, their prep time would be better spent reviewing third party due diligence than attempting to shore up their own connections, he said.

The white paper, titled “DDoS Attacks: How Real Are the Risks for Community Financial Institutions”, is available to be downloaded on Compushare’s website.

Link: http://www.cutimes.com/2013/05/06/anonymous-may-7-target-list-includes-12-large-cred?ref=hp

The DHS alert is in response to chest-thumping declarations from anonymous hackers who have promised to team up and launch a volley of online attacks against a range of U.S. targets beginning May 7.

But Rodney Joffe, senior vice president at Sterling, Va. based security and intelligence firm Neustar, said all bets are off if the campaign is joined by the likes of the Izz ad-Din al-Qassam Cyber Fighters, a hacker group that has been disrupting consumer-facing Web sites for U.S. financial institutions since last fall.  Joffe said it’s easy to dismiss a hacker manifesto full of swear words and leetspeak as the ramblings of script kiddies and impressionable, wannabe hackers who are just begging for attention.  “The damage they’re capable of doing may be out of proportion with their skills, but that’s been going on for seven months and it’s been brutally damaging.”

What’s more, the DHS warning comes just days after the FBI issued a flash alert on Brobot (PDF) warning that hackers have been modifying the attack scripts to ensure they can evade their targets’ mitigation efforts. “Because the attacks have been ongoing for seven months, the actors are changing their attack methodology to circumvent mitigation efforts of the financial institutions,” reads an FBI alert obtained by BankInfoSecurity.com. “The latest version of the ‘Brobot’ attack scripts that have been utilized to attack the login capabilities of a financial institution’s website spoofs a fraudulent access cookie, user-agent string and referrer. The FBI alert notes that the hard-coded string does not affect the new attack script, but can be used as signatures for intrusion detection and intrusion prevention devices to detect and block attacks from the Brobot botnet.

Link: http://m.krebsonsecurity.com/2013/05/dhs-opusa-may-be-more-bark-than-bite/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29

Cyber espionage designed to steal intellectual property is also on the rise, with the small to medium sized enterprises (SME) the most vulnerable because of smaller amounts spent on internet security, according to the report. Their motivations are financial and political in some aspects,” said Johnny Karam, the managing director of Symantec for the Middle East and North Africa.

Last year Symantec discovered 1.6 new malicious software (malware) variants every day, one in 532 websites were infected with malware and the company blocked 250,000 web attacks each day, of which about 65 per cent were handled automatically.

The “watering hole” strategy, by which hackers wait for their targets to come to a website they have infected, is becoming more sophisticated.

Most recently, the Associated Press Twitter account was hacked into, with a false tweet posted stating that the US president Barack Obama had been injured in explosions at the White House.

“Mobile is an area where attacks are growing, spam remains as one of the key methods of attacks, as well as web pages and financial sector phishing”.

Link: http://www.cyberwarzone.com/saudi-arabia-top-target-cyber-attacks

That backdoor communicates with a malicious server and the attackers can actually send orders to the system such as uploading and downloading files, executing commands, installing new malware,” he explained. The attack sends the hackers useful information like what security programmes the infected system has, what Java and Flash version is being used.

This reached new heights earlier this year when security firm Mandiant reported linking an advanced cyber campaign targeting the US government to a Chinese military unit.

More recently, Verizon claimed Chinese hackers are responsible for 96 percent of the world’s active cyber espionage campaigns in its Data Breach Investigations Report 2013.

Link: http://www.v3.co.uk/v3-uk/news/2265506/chinese-hackers-hijack-us-government-website-to-spread-malware