Showing posts with label APT. Show all posts
Showing posts with label APT. Show all posts

Friday, 18 December 2015

FireEye critical vulnerability

Google's team in Project Zero discovered a critical vulnerability in FireEye NX, EX, AX and FX network security devices that run on security content version 427.334 or prior versions.
An attacker could exploit this vulnerability to gain persistent access and remotely exploit code. It is good to see that FireEye focused this time towards patching the security flaw and did not try to take legal action, like previously, for the vulnerabilities discovered by the German security firm ERNW). 

FireEye responded with a support alert stating that a patch was released through automated security content updates for all of the affected devices. FireEye is making the patch available for “out-of-contract customers” and the firm warned customers who perform manual security content updates, to “update immediately”.

The flaw discovered by Project Zero follows an earlier series of vulnerabilities discovered by the German security firm ERNW. FireEye filed an injunction against ERNW in September after learning that the firm was planning to release findings on vulnerabilities that it discovered in FireEye's operating system

It was proven that it was possible for an attacker to root the FireEye's network security device by simply tricking a victim into clicking on a link contained in an email. 

Tuesday, 10 November 2015

Adobe Flash patches 17 remote code execution vulnerabilities

Adobe Flash version 19.0.0.245 was released today. This version patches 17 remote code execution vulnerabilities if exploited [see here]. Adobe said that there are no reports of public exploits for any of the patched flaws.

In addition to the desktop version of Flash for Windows and Mac OS X, Adobe also updated Flash for Internet Explorer 11 and Microsoft Edge, both of which are expected to be included in today’s Microsoft Patch Tuesday security bulletins. Adobe also updated Flash Player for Linux and various Adobe Air products for Windows, iOS and Android mobile devices. 

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote

For those of us using multiple browsers, perform the check for each browser you have installed on your system. The Flash updated packages can be found here.

CVE numbers: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046

During last month’s scheduled update, Adobe patched Flash and Acrobat Reader addressing 69 critical vulnerabilities that could lead to code execution and information disclosure. Just three days later, Adobe updated Flash once again with an emergency patch that addressed a zero-day type confusion* vulnerability. The zero-day was being exploited by a Russian-speaking APT group during Operation Pawn Storm.

*Type confusion vulnerabilities occur when the code doesn't verify the type of object that is passed to it, and uses it without type-checking. 

Thursday, 25 September 2014

Bash-ing (Bash Bug, Shell Shock) - All the information you need

The Bash Bug is a severe vulnerability discovered by by Stephane Chazelas of Akamai, who most probably deserves a pwnie award [1]. 
The discovery of this particular vulnerability is a serious risk, similar (maybe proven to be a lot bigger) to the Heartbleed bug [2]. Mostly because Linux not only runs the majority of the servers but also in a large number of embedded devices. Keep in mind that there are approximately about 25 years’ worth of Bash versions! Effectively, Mac OS X [11] and Android devices may also be running the vulnerable version of bash. 
Also, for Windows systems, msysgit contains a vulnerable version of bash (by Joshua McKinney) [12]. Which means, we are going to have more of these popping up very soon under the Windows platform as well.
Just to give you a hint about the severity of this vulnerability, NIST Vulnerability DataBase rated this with "10 out of 10". [3]

Wednesday, 21 May 2014

The Subterfuge Project called Artemis

Artemis [1] is an advanced malware simulation suite capable of emulating the Advanced Persistent Threat (APT). Artemis raises the bar allowing ethical hackers and penetration testers the luxury of an advanced set of features equivalent to many of the tools employed by criminal gangs today. By abstracting polymorphism to a server based platform at cevincere.com Artemis is able to stay one step ahead of anti-virus vendors, and ensure that penetration testers can give their clients the value that they deserve.

[1] https://code.google.com/p/subterfuge/

Wednesday, 30 October 2013

 Journal of Information Warfare

After the 12th annual European Conference of Cyber Warfare and Security (ECCWS), used to be known as European Conference on Information Warfare and Security (ECIW) [1] held in July 2013 at the University of Jyvaskyla in Finland, the Journal of Information Warfare (JIW) [2] decided to select a few papers that stand out during the conference and invited the authors to submit an updated version of the submitted paper for the JIW (Volume 12, Issue 3). The title of the updated paper was Antivirus False-Positive Alerts, Evading Malware Detection, and Cyber-security Issues [3].