The Zero-Day vulnerability was actively exploited in the wild for at least five months

---

CrowdStrike Discovers Use of 64-bit Zero-Day Privilege Escalation Exploit (CVE-2014-4113) by Hurricane Panda

Initially, a sample of the virus was detected on a machine running 64-bit Windows Server 2008 R2.

A highly organized hacker group Hurricane Panda, located, apparently in China and attacking companies with a large infrastructure, uses in their attacks the exploit to zero-day vulnerabilities in the products of Microsoft. The duration of the attack was more than 5 months. According to researchers at CrowdStrike, the first detected attack, was produced in the spring of this year. (more…)

Microsoft released scheduled security updates for its products

---

Microsoft Security Bulletin

Eight security bulletins contain patches for 24 vulnerabilities, including three critical.

On the Tuesday, October 14, Microsoft has released scheduled security updates, for its products. Unlike the past couple of releases, this release is complete, correcting just three zero-day vulnerabilities.

Eight security bulletins contain patches for 24 flaws in Windows, Internet Explorer, Office and .Net framework. Three of them are critical, so administrators need to test and install the update immediately. Note that one bulletin fixes several vulnerabilities. (more…)

Cyber Security 2014: The latest breaking News – October 8, 2014

A botnet, called Qbot, to have infected over 500,000 systems.

Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe.

According to Proofpoint, attacks by type drive-by-dovnload carried out with the help of compromised sites on the WordPress platform. (more…)

ShellShock vulnerability: latest news – September 30, 2014

ShellShock vulnerability, which was assigned an identifier CVE-2014-6271, was fixed pretty quickly. However, after the elimination of gaps, has been found several vulnerabilities, which get the ID CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187. Currently, there are updates that correct all the above gaps.

#1. Released the third update to fix the ShellShock vulnerability

Hotfix fixes several flaws discovered after removing the vulnerability CVE-2014-6271.

Red Hat engineer Florian Weimer released the third update to the shell Bash, what fixes a critical vulnerability ShellShock. This patch fixes several flaws discovered after the release of the first two updates.

Project Manager Chet Ramey adopted a Weimer’s patch and released it as an official update №27 for Bash 4.3 (bash43-027). The previous fix tried to eliminate the vulnerability ShellShock, but every time experts find more and more flaws. (more…)

Cyber Security 2014 Latest News: Apple fixes more than 40 vulnerabilities in Mac OS X Mavericks

 

Apple issues seven updates, fixes more than 40 vulnerabilities in Mac OS X Mavericks

Operation of these gaps allow execution of arbitrary code on the target system, implement bypassing of address space randomization (ASLR) and so on.

Late last week, Apple released an updates to Mac OS X Mavericks 10.9.5, which consisted of more than 40 fixes vulnerabilities. In particular, the patches were intended for framework CoreGraphics, Bluetooth, PHP, graphics driver, Intel, framework Foundation, IOHIDFamily, IOAcceleratorFamily, kernel, OpenSSL, QT Media Foundation, and Ruby. (more…)

Cyber security 2014: hot weekly news – September 19

Cyber Security: Hot Weekly News – September 19, 2014

#1. Virus Citadel has become an instrument for making targeted attacks

Banking Trojan got a number of new features and is currently used in the attacks on the Middle East petrochemical companies.

Hackers who commit targeted attacks, began to use an improved version of the malware Citadel to conduct cyber attacks on several Middle Eastern petrochemical companies. This is reported by researchers at Trusteer.

According to head of Trusteer Corporate Security Dana Tamir, the affected companies received notice that they being targeted cyber attack. (more…)

Detected Linux-botnet used to commit a large-scale DDoS-attacks

Linux-botnet

The Botnet infected Linux-servers which used a vulnerable version of Apache Tomcat, Apache Struts and Elasticsearch.

Experts of Akamai-Prolexic discovered a botnet known as IptabLes and IptabLex. It was used to carry out DDoS-attacks on the DNS-servers and other objects of the network infrastructure. Victims of botnet became misconfigured Linux-servers.

According to experts, in the second quarter of 2014 Prolexic team discovered botnet conducting DDoS-attacks using DNS-flooding and SYN-flooding. The attacks were carried out through compromised servers running a vulnerable version of Apache Struts, Apache Tomcat and Elasticsearch. (more…)

Cyber Security Weekly News – September 6, 2014

Hot Cyber Security Weekly News

Dear readers, today we offer you a selection of the five  hot news in the field of Cyber Security over the past week:

• Slider Revolution Plugin Critical Vulnerability Being Exploited;
• Microsoft, eBay apps open to man-in-the-middle MITM attacks;
• A previously unknown variant of the APT backdoor XSLCmd – OSX.XSLCmd;
• Hackers break into server for Obamacare website;
• Facebook will teach users to protect private data. (more…)

McAfee Server Security Suites – Comprehensive protection for the hybrid data center

McAfee has announced key enhancements to its Server Security Suites product portfolio, including the optimization of productivity and efficiency in order to improve the security of servers deployed in physical, virtualized and cloud environments.

The Server Security Suites product line updated include reliable systems servers which open up opportunities for business growth, whether it is physical, virtualized or cloud environment. McAfee has released the following list of innovations Server Security Suites:

• Simplified initialization Security Virtual Appliance (SVA) through component NSX Composer for deployments MOVE AV (Agentless).
• Increased visibility and control of network communications between virtual machines with the MOVE Agentless Firewall, implementing VMware vCloud Networking and Security (vCNS) – a solution based on a hypervisor for virtualized data centers.
• Easier management of safety thanks to the new manager for the SVA-MOVE AV for the effective control and load capacity in virtualized environments.
• Improved resource optimization for virtualized environments through the Enhanced Virus diagnosis and reduce the load on system resources.
• Automatic detection and management of virtual machines when they are initialized in private and public clouds, thanks to two new connectors McAfee Data Center Connectors for Microsoft Azure and OpenStack in addition to existing for Amazon AWS and VMware vSphere.

(more…)

Information security: latest news of the week April 14, 2014

A critical vulnerability in Google allows access to the Google’s production servers

A Team of researchers discovered a critical XML External Entity (XXE) vulnerability on Google server that allows users to customize their toolbars with new buttons by uploading XML files containing layout properties. Sounds ridiculous but has been proven by the security researchers from Detectify.

Curious that the researchers used Google dorking to search for vulnerabilities within unpopular applications managed by Google, The Google Toolbar button gallery was the application that most of all attracted their attention.

The vulnerability resides in the Toolbar Button Gallery (as shown). The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. (more…)