Actus Sécurité Grand public 2012 S03

=> Malvertising clicksor : Pack Ramnit / Multi-Rogue 2012 (FakeRean) et Bredolab. 15/01/2012. «La malvertising sur clicksor est toujours active, cette fois-ci ce n’est plus le ransomware Virus Gendarmerie mais deux packs différents à base de Ramnit (…).»
Source : www.malekal.com/2012/01/15/malvertising-clicksor-pack-ramnit-multi-rogue-2012-fakerean-et-bredolab/

=> Fake Leaked Memos And Closed BackDoors. 15/01/2012. «From an Information Security perspective this 2012 has begun with (too) many meaningful events, among which the most resounding so far, has been the alleged leak of portions of the source code belonging to several consumer and enterprise product by Symantec, a leading security vendor (…).»
Source : paulsparrows.wordpress.com/2012/01/15/fake-leaked-memos-and-closed-backdoors/

=> Automotive Attack Surface. 15/01/2012. «This morning I suggest this interesting paper titled: « Comprehensive Experimental Analyses of Automotive Attack Surfaces » (…).»
Source : marcoramilli.blogspot.com/2012/01/automotive-attack-surface.html
Billets en relation :
15/01/2012. Comprehensive Experimental Analyses of Automotive Attack Surfaces [pdf] : www.autosec.org/pubs/cars-usenixsec2011.pdf

=> January 2012 Cyber Attacks Timeline (Part 1). 15/01/2012. «New year, new Cyber Attacks Timeline. Let us start our Information Security Travel in 2012 with the chart of the attacks occurred in the first fifteen days of January (…).»
Source : paulsparrows.wordpress.com/2012/01/15/january-2012-cyber-attacks-timeline-part-1/

=> Zappos.com victime du vol des données de 24 millions de clients. 16/01/2012. «Zappos.com, boutique en ligne de chaussures et de vêtements, filiale d’Amazon a conseillé à plus de 24 millions de clients de changer leurs mots de passe suite à un piratage de ses données (…).»
Source : www.reseaux-telecoms.net/actualites/lire-zapposcom-victime-du-vol-des-donnees-de-24-millions-de-clients-23667.html
Billets en relation :
17/01/2012. Zappos.com breach – lessons learned : blog.eset.com/2012/01/17/zappos-com-breach-lessons-learned
17/01/2012. The Zappos Breach and Textual Password Based Authentication : www.securelist.com/en/blog/208193346/The_Zappos_Breach_and_Textual_Password_Based_Authentication

=> The Koobface malware gang – exposed!. 17/01/2012. «On 17 January 2012, The New York Times revealed that Facebook plans to name Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeiko as being involved in the Koobface gang. As a result of the announcement, we have decided to publish the following research, which explains how we uncovered the same names (…).»
Source : nakedsecurity.sophos.com/koobface/
Billets en relation :
16/01/2012. Web Gang Operating in the Open : www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html
17/01/2012. How five members of the Koobface malware gang were unmasked : nakedsecurity.sophos.com/2012/01/17/how-koobface-malware-gang-unmasked
17/01/2012. Koobface Gang Apparently Hiding in Plain Sight : threatpost.com/en_us/blogs/koobface-gang-apparently-hiding-plain-sight-011712
18/01/2012. Virus infections stop after suspects named : www.reuters.com/article/2012/01/19/us-facebook-cybersecurity-idUSTRE80I05720120119
18/01/2012. The Koobface Saga : blog.trendmicro.com/the-koobface-saga/
19/01/2012. Koobface gang turns off command servers, as Russian police explain lack of action : nakedsecurity.sophos.com/2012/01/19/koobface-gang-servers-russia-police/
19/01/2012. Was the Koobface Expose the Right Move? : threatpost.com/en_us/blogs/was-koobface-expose-right-move-011912
19/01/2012. Koobface Gang Shuts Down C&C Server, Drops Offline : threatpost.com/en_us/blogs/koobface-gang-shuts-down-cc-server-drops-offline-011912
19/01/2012. Sécurité privée et actions policières : cidris-news.blogspot.com/2012/01/securite-privee-et-actions-policieres.html

=> Stonesoft certifié par l’Anssi. 17/01/2012. «L’agence nationale de sécurité des systèmes d’information (Anssi) a délivré la certification de sécurité de premier niveau (CSPN) à l’éditeur finlandais Stonesoft (…).»
Source : pro.01net.com/editorial/553232/stonesoft-certifie-par-l-anssi/
Billets en relation :
17/01/2012. Stonesoft qualifié par l’ANSSI : www.globalsecuritymag.fr/Stonesoft-qualifie-par-l-ANSSI,20120116,27873.html

=> A School for Cybercrime: How to Become a Black Hat. 17/01/2012. «Life looks good for Brazilian hackers: the absence of a specific law against cybercrime leaves them feeling so invulnerable that the bad guys are shameless about publicizing their thefts and showing off the profits of a life of crime (…).»
Source : www.securelist.com/en/blog/208193337/A_School_for_Cybercrime_How_to_Become_a_Black_Hat

=> Avis d’expert : semaines du du 9 au 15 Janvier 2011. 17/01/2012. «Résumé des évènements majeurs (…).»
Source : cert.xmco.fr/blog/index.php?post/2012/01/17/Avis-d-expert-%3A-semaines-du-du-9-au-15-Janvier-2011
Billets en relation :
16/01/2012. Veille – Flemme de début d’année…. : pseudonyme.over-blog.net/article-veille—flemme-de-debut-d-annee-97263683.html

=> [ActuSécu #30] Cybercriminalité : Scam et kits d’exploitation. 17/01/2012. «Notre cabinet est heureux de vous présenter le nouveau numéro de l’ActuSécu XMCO disponible en téléchargement (…).»
Source : www.xmco.fr/actusecu.html

=> Inside AnonJDB – a Java based malware distribution platforms for drive-by download. 17/01/2012. «With the even decreasing prices of underground tools and services, thanks to the commoditization of these very same market items, the price for renting a botnet, or purchasing access to already infected hosts, is constantly decreasing (…).»
Source : blog.webroot.com/2012/01/17/inside-anonjdb-a-java-based-malware-distribution-platforms-for-drive-by-downloads/

=> JAVA/HCP/ Black Hole Exploit Kit malware analysis . 17/01/2012. «A couple of weeks ago there was a good amount of commotion around the usage of Java and the Black Hole exploit kit to infect users. While I was in Abu Dhabi teaching class I remembered that two weeks ago we had a similar case where Java and URL-structures used by the Black Hole exploit kit were used, so I decided to write up a little post to help explain it (…).»
Source : blog.opensecurityresearch.com/2012/01/javahcp-black-hole-exploit-kit-malware.html

=> Vulnerability Summary for the Week of January 9, 2012. 17/01/2012. «The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week (…).»
Source : www.us-cert.gov/cas/bulletins/SB12-016.html

=> Vulnerabilities Patched in McAfee SaaS for Total Protection. 18/01/2012. «This week, there has been public interest regarding some issues disclosed in McAfee products. McAfee treats security issues in our products very seriously, and so our Product Security team will explain the details around these issues (…).»
Source : blogs.mcafee.com/mcafee-labs/vulnerabilities-patched-in-mcafee-saas-for-total-protection
Billets en relation :
16/01/2012. Faille critique sur les produits de McAfee depuis avril 2011 : www.crazyws.fr/securite/faille-critique-sur-les-produits-de-mcafee-depuis-avril-2011-48OLG.html

=> Alleged Russian Cybercriminal Extradited to U.S.. 18/01/2012. «Vladimir Zdorovenin, an alleged prolific Russian cybercriminal, has arrived in New York City following his arrest and subsequent extradition by Swiss authorities. The FBI had been working to find and extradite Zdorovenin for several years (…).»
Source : threatpost.com/en_us/blogs/alleged-russian-cybercriminal-extradited-us-011812

=> ‘MegaSearch’ Aims to Index Fraud Site Wares. 18/01/2012. «A new service aims to be the Google search of underground Web sites, connecting buyers to a vast sea of shops that offer an array of dodgy goods and services, from stolen credit card numbers to identity information and anonymity tools (…).»
Source : krebsonsecurity.com/2012/01/megasearch-aims-to-index-fraud-site-wares/

=> SE Android, le dilemme d’un Android NSA . 19/01/2012. «La fameuse NSA (National Security Agency) ne participe pas qu’à des opérations clandestines nourrissant nombre de fantasmes, à tort ou à raison. Si son rôle est de garantir une certaine infodominance, elle est chargée avant tout de la sécurité des communications militaires et gouvernementales et, plus largement, de la protection des systèmes et des infrastructures de communication mis en œuvre sur le territoire américain (…).» Retour sur une actu déjà évoquée.
Source : si-vis.blogspot.com/2012/01/se-android-le-dilemme-dun-android-nsa.html
Billets en relation :
19/01/2012. Un Android blindé à la sauce NSA : www.securityvibes.fr/produits-technologies/android-se-nsa/

=> Multirogue 2012 . 19/01/2012. «This malware is looking for the OS version (XP, Vista, Seven) and changes its name and skin: XP Anti-Spyware, XP Home Security 2012, XP Anti-Virus 2012, XP Security 2012 (…).» La veille de S!RI.
Source : siri-urz.blogspot.com/2012/01/multirogue-2012.html
Billets en relation :
16/01/2012. Internet Security Guard : siri-urz.blogspot.com/2012/01/internet-security-guard.html
17/01/2012. Security Defender : siri-urz.blogspot.com/2012/01/security-defender.html

=> Infiltrate 2012…. 19/01/2012. «La seconde édition de Infiltrate, conférence 100% offensif organisée par Immunity, s’est tenue les 12 et 13 janvier à Miami Beach. Une quinzaine de talks au programme sur deux jours devant quelques cent-cinquante personnes venues profiter du soleil de Floride, suivis de quatre jours de trainings (…).»
Source : sid.rstack.org/blog/index.php/527-infiltrate-2012
Billets en relation :
16/01/2012. Infiltrate Wrap Up : blog.opensecurityresearch.com/2012/01/infiltrate-wrap-up.html

=> An Overview of Exploit Packs (Update 14) January 19, 2012. 19/01/2012. «Version 14 Exploit Pack table additions. Credits for the excellent Wild Wild West (October 2011 edition) go to kahusecurity.com with many thanks to XyliBox (Xylitol – Steven), Malware Intelligence blog, and xakepy.cc for the information (…).»
Source : contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html

=> Malware Reverse Engineering part1 of 2. Static analysis by Rick Flores. 19/01/2012. «This malware report is part 1 of 2. Part 2 will focus heavily on dynamic analysis, determining packers/encryption used and finding original entry point (OEP) of the malware sample, and will utilize IDA Pro, and Immunity de-bugger extensively. We will also bypass anti-debugging, and anti-reversing tactics employed by attackers, and malware authors in part 2. Stay tuned!
This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test (…).
»
Source : www.exploit-db.com/download_pdf/18387

=> DreamHost – Changing Shell/FTP Passwords due to Security Issue. 20/01/2012. «Last night we detected some unauthorized activity within one of our databases. While we don’t have evidence that customer passwords were taken at this time, we’re forcing a change out of caution. Please login to our web panel and change any passwords you may have with us. We’ll keep this post updated as we get more information (…).»
Source : www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/
Billets en relation :
20/01/2012. DreamHost Hacked; Change Your Passwords Now : lifehacker.com/5878025/dreamhost-hacked-change-your-passwords-now
21/01/2012. DreamHost Security Issue Prompts FTP Password Resets : blog.sucuri.net/2012/01/dreamhost-security-issue-prompts-ftp-password-resets.html

=> Another Sakura kit . 20/01/2012. «Another Sakura kit (…).» La veille de Xylitol.
Source : xylibox.blogspot.com/2012/01/another-sakura-kit.html
Billets en relation :
18/01/2012. Sakura Exploit Pack 1.0 : xylibox.blogspot.com/2012/01/sakura-exploit-pack-10.html

=> A peek inside the Umbra malware loader. 20/01/2012. «The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back (…).»
Source : blog.webroot.com/2012/01/20/a-peek-inside-the-umbra-malware-loader/

=> Click on an Anonymous link, and you could be DDoS’ing the US government. 20/01/2012. «In the past, Anonymous has encouraged supporters to install a program called LOIC (Low Orbit Ion Cannon) which allows computers to join in an attack on a particular website, blasting it with unwanted traffic. This time, things are slightly different: you only have to click on a web link to launch a DDoS attack (…).»
Source : nakedsecurity.sophos.com/2012/01/20/anonymous-opmegaupload-ddos-attack/
Billets en relation :
21/01/2012. Anonymous Changes DDoS Tactics in Megaupload Retaliation : threatpost.com/en_us/blogs/anonymous-changes-ddos-tactics-megaupload-retaliation-012112

=> François Paget, McAfee Labs : il ne faut pas voir la cyberguerre là où elle n’est pas. 20/01/2012. «Même si des prémices de cyberguerres émergent ici ou là au Moyen-Orient ou en Asie, les attaques concertées de hackers se réclamant du mouvement Anonymous et visant aujourd’hui nombre de sites liés, de près ou de loin, aux lobbyings autour de SOPA (*) aux Etats-Unis ou d’Hadopi en France sont bien éloignées de ce concept (…).»
Source : www.globalsecuritymag.fr/Francois-Paget-McAfee-Labs-il-ne,20120120,27971.html

=> Infections complexes et patch drivers systèmes. 20/01/2012. «Un post concernant le patch de driver système par les infections évoluées comme ZeroAccess ou TDSS TDL3. Le but ici est d’expliquer le mécanisme (…).»
Source : forum.malekal.com/infections-complexes-patch-drivers-systemes-t35704.html

=> Des SCADA ouverts à tout le monde. 21/01/2012. «On parle beaucoup de SCADA, et du fait que certains systèmes de gestion d’équipements industriels mal implémentés peuvent constituer une menace physique en cas d’attaque informatique (…).»
Source : ead-minerve.fr/WordPress3/?p=901
Billets en relation :
19/01/2012. Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software : www.wired.com/threatlevel/2012/01/scada-exploits/

=> Malvertisement on FileServe delivers Password Stealer via Exploits . 21/01/2012. «On the 17th of January The popular online storage website FileServe, ranked 134 on Alexa, was hit by a malvertisement. The payload was a ZeuS bot delivered via the infamous Blackhole Explot Kit. Today another exploit is hitting FileServe via the advertising server (…).» La veille de Kimberly.
Source : stopmalvertising.com/malvertisements/malvertisement-on-fileserve-delivers-password-stealer-via-exploits.html
Billets en relation :
17/01/2012. Malvertisement on FileServe delivers ZeuS Bot via Blackhole Exploit Kit : stopmalvertising.com/malvertisements/malvertisement-on-fileserve-delivers-zeus-bot-via-blackhole-exploit-kit.html

Vous pourriez aussi aimer...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.