Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Table of Contents 1. Technology news and Security updates

advertisement 
Table of Contents
1.
Technology news and Security updates: .................................................................... 2
1.1
Internet Explorer 10 blocks more malware than Chrome or Firefox, test
finds 2
1.2
Twitter Uses Automation to Improve Security .................................................. 2
1.3
Game-changer: Android malware moves beyond apps ................................. 3
1.4
Google combines cloud storage for Gmail, Drive, Google+ services......... 3
1.5
Thirteen flaws fixed in Firefox ............................................................................... 4
1.6
Send Money Through Gmail................................................................................... 4
Cyber crime and Intelligence in the news:........................................................................... 5
3.
2.1.
EC-Council Hacked................................................................................................... 5
2.2.
Presbyterian Anesthesia Associates Hacked.................................................... 5
2.3.
Hotel Room Hackers Hit Arizona .......................................................................... 6
Technical Security Alerts: ............................................................................................... 7
3.1 Vulnerabilities, Malware and exploits....................................................................... 7
1. Technology news and Security updates:
1.1 Internet Explorer 10 blocks more malware than Chrome or Firefox, test finds
Microsoft’s Internet Explorer 10 is better at blocking malware downloads than rivals
Chrome, Firefox, Safari and Opera thanks to superior URL and application reputation
technology, a new test by NSS Labs has found.
Browser security has been getting more and more layered and complex. How it works
and whether it works is probably a complete mystery to even the most attentive browser
users but the NSS Labs study found marked and surprising differences between the
most popular browsers.
After testing the latest version of each of the five browsers against 754 malware-infected
URLs over 28 days, IE10 (running on Windows 8) achieved a raw block rate of 99.9
percent, ahead of Chrome’s 83.1 percent, Firefox’s 10 percent, Safari’s 9.9 percent and
Opera’s 1.8 percent.
Source:
http://news.techworld.com/security/3447306/internet-explorer-10-blocks-more-malware-
than-chrome-or-firefox-test-finds/?olo=rss
1.2 Twitter Uses Automation to Improve Security
The Twitter product security team are improving the security of their code by adopting
more security automation.
“All of the work we do should require creativity and judgment”, said Alex Smolen,
software engineer at Twitter. “If the work doesn’t require either of these things, we
should write a tool to do it - automate the dumb stuff”, he said of the Twitter philosophy.
At the Security Development Conference in San Francisco, in a presentation titled
‘Putting your robots to work’, Smolen and his colleague Nick Green, also a software
engineer at Twitter, explained to the audience that their team is responsible for “the
security of the code we ship, building libraries and features, and code reviews.”
“The best predictor of the next bug is the last bug”, advised Smolen, who explained that
understanding why an exploit happened and preventing it from happening again is a top
priority. “That’s where automation can be really useful”, he said.
Source:
http://www.infosecurity-magazine.com/view/32445/twitter-uses-automation-to-improve-
security-/
1.3 Game-changer: Android malware moves beyond apps
Android malware authors have officially turned the complexity corner, according to an
analysis of mobile malware for the first quarter of 2013. The size and scope of the
Android threatscape is evolving, adding new tactics and advanced approaches that
extend beyond malicious applications.
According to F-Secure Labs' latest Mobile Threat Report, Q1 saw Android threat
distribution reach outside of apps for the first time, via email spam, the first targeted
Android attacks and the first Android advanced fee-fraud scam. Additionally, examples of
increased commoditization of Android malware surfaced.
The Android Trojan known as Stels has begun distributing via fake US Internal Revenue
Service-themed emails, using an Android crimeware kit to steal sensitive information
from the device, and monetizing itself by making calls to premium numbers. This type of
mobile malware commoditization "could be a game changer," according to Sullivan.
Source: http://www.infosecurity-magazine.com/view/32443/gamechanger-android-malwaremoves-beyond-apps/
1.4 Google combines cloud storage for Gmail, Drive, Google+ services
Cloud storage for three of Google's more popular services - Gmail, Google Drive and
Google+ - are being combined to give users more control over how they want to use the
storage space.
By combining them, users will now have access to 15 gigabytes of storage for free that
they can use for their emails, Google documents and photos on the Google+ social
network. Previously, users had 10 GB that they could use for Gmail and an additional 5
GB for Google Drive and Google+ photos. More storage is available for a monthly fee.
Google also said that users can check the Google Drive storage Web page to see a
visualization of how they are using their storage space. In pie chart form, the page will
show users how their storage breaks down between the three services. Users can also
turn to this page to purchase more storage if necessary.
Source: http://phys.org/news/2013-05-google-combines-cloud-storage-gmail.html
1.5 Thirteen flaws fixed in Firefox
Mozilla has updated its Firefox web browser to repair 13 vulnerabilities.
The update to version 21.0 included eight fixes, three of which were deemed critical
because they could lead to remote code execution if they were exploited. Those
addressed memory corruption, memory safety and use-after-free weaknesses.
The fresh version, released on Tuesday, also includes a Health Report capability that will
provide users with insight into how their browser is performing.
"[It's] a new system we've built to log basic health information about your browser (time
to start up, total running time, number of crashes), and then give you tools to understand
that information and fix any problems you encounter," Firefox engineering vice
president Jonathan Nightingale said.
Source: http://www.scmagazine.com.au/News/343433,thirteen-flaws-fixed-in-firefox.aspx
1.6 Send Money Through Gmail
A new feature Google announced in its I/O Conference keynote on Wednesday that kind
of went under the radar is the fact that it now integrates Google Wallet with Gmail.
This means that you can send money to your friends straight from your email account as
an attachment.
The new feature seems so easy to handle and if you have a Google Wallet account that
you use regularly, it makes sense that you would forgo PayPal for instance for all your
immediate transfers.
As mentioned, the feature is available like any other attachment option on Gmail and the
small dollar sign is placed in the bar, right between “Insert files using Drive” and “Insert
photos.”
Source: http://news.softpedia.com/news/Send-Money-Through-Gmail-353690.shtml
Cyber crime and Intelligence in the news:
2.1. EC-Council Hacked
E Hacking News is reporting that hacker Godzilla claims to have identified several
vulnerabilities in the Web site for the EC-Council, and has accessed the admin desk as
well as the course materials for certifications including CEH v8, CHFI v4, ECSS, and
ECSA/LPT 4.
"This could take a very deadly turn if played by the cyber terrorist," Godzilla told E
Hacking News. "They are the same org who train DOD, CIA, NSA, NASA, etc. If a cyber
terrorist infects this material with Trojans and malware the same content will be
accessed by the defence people. And this is the easy way to enter into the network of
defence. They should concentrate on security and in future should avoid such situation."
"Consider it as a security alarm for USA and Defence network, you will never know in
cyber space who is knocking your door," the hacker said.
Source: http://www.esecurityplanet.com/hackers/ec-council-hacked.html
2.2. Presbyterian Anesthesia Associates Hacked
According to the Charlotte Observer, a breach at Charlotte, N.C.'s Presbyterian
Anesthesia Associates may have exposed 9,988 people's names, contact information,
birthdates and credit card numbers (h/t Becker's Hospital Review).
HealthITSecurity reports that the breach was discovered on April 18, 2013, and was
reported to the North Carolina Attorney General's Office on May 8, 2013.
A hacker apparently leveraged a security flaw in the medical practice's Web site to
access the information. Presbyterian Anesthesia says no medical information was
compromised.
Presbyterian Anesthesia says the FBI has launched an investigation into the breach, and
the medical practice is offering free monitoring and insurance to everyone affected.
Source: http://www.esecurityplanet.com/hackers/presbyterian-anesthesia-associates-hacked.html
2.3. Hotel Room Hackers Hit Arizona
Following last year's disclosure of a flaw in Onity hotel room locks that allows them to be
hacked with relative ease, the Phoenix Police Department is seeking a man and a
woman who have been stealing from hotel and motel rooms in the area.
One suspect is described as a white female in her mid 20s with blonde shoulder-length
hair and eyeglasses. The second is a white mail in his early 20s with short blonde hair.
In one case, pilot Ahmiel Fried told ABC 15's Adam Slinger that his wallet, laptop, iPad,
clothes and suitcase were stolen from his Tempe hotel room, but the hotel refused to
refund him because the theft was perpetrated by a third party and not a member of the
hotel staff.
Slinger reports that Tempe police describe the method used by the attackers as an
"easy-to-make, cheap device that they plug into the electronic doorknob."
Source: http://www.esecurityplanet.com/hackers/hotel-room-hackers-hit-arizona.html
3. Technical Security Alerts:
Technical security alerts are the current security issues, vulnerabilities, Malware and exploits provided proactively to provide timely
information about their impact, propagation and remediation. This information is sourced to provide to technical teams to protect their
infrastructure environments.
3.1 Vulnerabilities, Malware and exploits
The table below lists all the recent Vulnerabilities, Malware and exploits identified by ICT Security Monitoring Services team for
today.
Technologies and Software’s
affected
Name
Description
Propagation
Cisco TelePresence Supervisor
MSE 8050 Denial of Service
Vulnerability
Cisco TelePresence
Supervisor MSE 8050
contains a vulnerability
that may allow an
unauthenticated,
remote attacker to
cause high CPU
utilization and a reload
of the affected system.
The vulnerability is due
to improper handling
and processing of TCP
connection requests
sent at a high rate. An
attacker could exploit
this vulnerability by
sending a sequence of
TCP segments at a
high rate to the
management IP
address of the affected
Source:
http://tools.cisco.com/security/center/c
ontent/CiscoSecurityAdvisory/ciscosa-20130515-mse
Cisco TelePresence Supervisor
MSE 8050 running software
versions 2.2(1.17) and earlier
are affected by this
vulnerability.
Remedy
Severity
Cisco has released
free software
updates that
address this
vulnerability.
Workarounds that
mitigate this
vulnerability are not
available.
Medium
risk
http://tools.cisco.co
m/security/center/c
system. A full TCP
three-way handshake is
required to exploit this
vulnerability. An exploit
could allow the attacker
to cause high CPU
utilization, which may
trigger a reload of the
affected system and
cause a denial of
service condition.
Cisco WebEx Social "Posts Link"
Script Insertion Vulnerability
Source:
http://www.secunia.com/advisories/53
417/
IBM Java Multiple Vulnerabilities
Source:
http://www.secunia.com/advisories/53
334/
ontent/CiscoSecurit
yAdvisory/cisco-sa20130515-mse
A vulnerability has been
reported in Cisco
WebEx Social, which
can be exploited by
malicious users to
conduct script insertion
attacks.
Input pass via certain
parameters related to
links attached to posts
is not properly sanitised
before being used. This
can be exploited to
insert arbitrary HTML
and script code, which
will be executed in a
user's browser session
in context of an affected
site if malicious data is
viewed.
The vulnerability is reported in
version 3.0(1).
Update to 3.4(0),
3.3(1.10100),
3.3(1.10090), or
3.3(1.10000).
Less
critical
risk
IBM has acknowledged
multiple vulnerabilities
in IBM Java, which can
be exploited by
malicious, local users to
disclose certain
sensitive information
These vulnerabilities
are due to various
errors that can be
exploited for malicious
purposes.
The vulnerabilities are reported
in versions 6 and 7.
Apply fixes.
Highly
critical
risk
For more information:
Original Advisory
Oracle April 16
2013 CPU:
http://www.ibm.com
/developerworks/ja
and gain escalated
privileges and by
malicious people to
disclose certain
sensitive information,
manipulate certain
data, bypass certain
security restrictions,
cause a DoS (Denial of
Service), and
compromise a
vulnerable system.
End:
SA53008
va/jdk/alerts/#Oracl
e_April_16_2013_
CPU
Related documents
GMAIL Account Setup Navigate to: http://mail.google.com/mail/help
GMAIL Account Setup Navigate to: http://mail.google.com/mail/help
Google Android for Good Project
Google Android for Good Project
Attach a Google account to your Lotus notes email or open a gmail
Attach a Google account to your Lotus notes email or open a gmail
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Discussion essay – Google
Discussion essay – Google
0- Checklist for Pre-course preparation for webinars GH and
0- Checklist for Pre-course preparation for webinars GH and
Download
advertisement