Actus Sécurité Grand public 2012 S31

Une recherche Google, un ‘ping’, un ‘trackback’ vous ont amené jusqu’ici ? Qu’est-ce que c’est que cette liste de liens fourre-tout ? Gnan ! Je ne suis pas un spam, je ne suis pas un ‘planet’ ! :D Je vous invite à consulter le post d’introduction de cette ‘brève’ -veille perso- pour voir de quoi il s’agit.

 

=> Beyond good ol’ Run key. 24/07/2012. «Malware authors are really lucky. There are so many autorun possibilities in Windows that it is really hard to count. One of the best known tools that try to enumerate most of the entries are Start Runners and Sysinternals’ autoruns. They both do a a great job by highlighting many of the suspicious files, but… deep inside the registry and file system exist a HUGE number of completely new, unexplored (or possibly less or under- explored) paths that can be (maybe already are) misused. (…).»
Source : www.hexacorn.com/blog/2012/07/23/beyond-good-ol-run-key/

=> Backdoor Tool Kit – Today’s Scary Web Malware Reality. 25/07/2012. «We often talk about the importance of keeping your server clean. You can see it in a number of our articles and presentations, this post will likely drive that point home. This past week we came across a nice little package that we felt compelled to share with you. In it, the attacker makes use of a number of tools designed to help them infiltrate your environment. What’s likely most annoying about this kit is that it’s loaded into your environment, and uses your own resources to help hack you. That’s like being punched in the gut and slapped at the same time, not cool. (…).»
Source : blog.sucuri.net/2012/07/backdoor-tool-kit-todays-scary-web-malware-reality.html

=> New malware for Mac: Backdoor.OSX.Morcut. 26/07/2012. «Yesterday lots of antivirus labs got a sample of the new antivirus program targeting MAC OS X users. This sample named Backdoor.OSX.Morcut was distributed using social engineering techniques via a JAR file with the name AdobeFlashPlayer.jar and allegedly signed by VeriSign Inc (…).»
Source : www.securelist.com/en/blog/719/New_malware_for_Mac_Backdoor_OSX_Morcut
Billets en relation :
25/07/2012. New Apple Mac Trojan Called OSX/Crisis Discovered : www.intego.com/mac-security-blog/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team/
25/07/2012. Mac malware Crisis on Mountain Lion eve? : nakedsecurity.sophos.com/2012/07/25/mac-malware-crisis-on-mountain-lion-eve/
25/07/2012. New Mac Trojan Dropper Creates Backdoor, Survives Reboots : threatpost.com/en_us/blogs/new-mac-trojan-dropper-creates-backdoor-survives-reboots-072512
26/07/2012. OSX/Crisis Has Been Used as Part of a Targeted Attack : www.intego.com/mac-security-blog/osxcrisis-has-been-used-as-part-of-a-targeted-attack/
31/07/2012. Economies of scale: A perspective on cross-platform vulnerabilities : blogs.technet.com/b/mmpc/archive/2012/07/31/economies-of-scale-a-perspective-on-cross-platform-vulnerabilities.aspx
01/08/2012. Nouvel espion pour Mac : datasecuritybreach.fr/actu/nouvel-espion-pour-mac/

=> Cyberspace – What is it? . 26/07/2012. «Today, the word “cyberspace” is used in many contexts, but it is not always clear what exactly that term describes and what it means. In this post we will compare the definitions of cyberspace from several sources with the purpose of establishing a range of notions as to what cyberspace is and to derive its ontology. Sources are relevant entities like national or regional government, standardization bodies, and dictionary (…).»
Source : blogs.cisco.com/security/cyberspace-what-is-it/
Billets en relation :
28/07/2012. Cyber et arctique : www.egeablog.net/dotclear/index.php?post/2012/07/27/Cyber-et-arctique
29/07/2012. De la dialectique à une polylectique stratégique : www.egeablog.net/dotclear/index.php?post/2012/07/28/De-la-dialectique-%C3%A0-une-polylectique-strat%C3%A9gique
30/07/2012. Frontières dans la couche physique du cyberespace : www.egeablog.net/dotclear/index.php?post/2012/07/30/Fronti%C3%A8res-dans-la-couche-physique-du-cyberespace
31/07/2012. Cyberattaques : contraindre, dérober, dénoncer : www.huyghe.fr/actu_1066.htm
04/08/2012. Temps de la stratégie et cyberespace : www.egeablog.net/dotclear/index.php?post/2012/08/04/Temps-de-la-strat%C3%A9gie-et-cyberespace

=> Outbreak: Blackhole malware attack spreading on Twitter using « It’s you on photo? » disguise. 27/07/2012. «If you are a Twitter user please be very cautious of clicking on links that claim you are pictured in an online photo. Thousands of malicious links are being spammed out, targeting innocent users of the micro-blogging network (…).»
Source : nakedsecurity.sophos.com/2012/07/27/outbreak-blackhole-malware-attack-spreading-on-twitter-using-its-you-on-photo-disguise/
Billets en relation :
30/09/2010. Malware with Your Mocha? Obfuscation and Antiemulation Tricks in Malicious JavaScript [pdf] : www.sophos.com/en-us/why-sophos/our-people/technical-papers/malware-with-your-mocha.aspx
19/07/2012. The Rise of the “Blackhole” Exploit Kit: The Importance of Keeping All Software Up To Date : blogs.technet.com/b/security/archive/2012/07/19/the-rise-of-the-black-hole-exploit-kit-the-importance-of-keeping-all-software-up-to-date.aspx
27/07/2012. Cybercriminals Spreading BlackHole Malware via Twitter : www.ibtimes.co.uk/articles/367540/20120727/twitter-blackhole-malware-exploit-link-russia.htm
27/07/2012. Update to Blackhole Exploit Kits: v1.2.5 : malware.dontneedcoffee.com/2012/07/update-to-blackhole-exploit-kits-v125.html
27/07/2012. Cybercriminals target Twitter, spread thousands of exploits and malware serving tweets : blog.webroot.com/2012/07/27/cybercriminals-target-twitter-spread-thousands-of-exploits-and-malware-serving-tweets/

=> Windows Ultra-Antivirus . 27/07/2012. «Windows Ultra-Antivirus is a fake Antivirus. This rogue displays fake alerts to scare users (…).» La veille de S!Ri sur les ‘FakeAV’.
Source : siri-urz.blogspot.fr/2012/07/windows-ultra-antivirus.html
Billets en relation :
01/08/2012. Windows Antivirus Machine : siri-urz.blogspot.fr/2012/08/windows-antivirus-machine.html
04/08/2012. Windows Ultimate Safeguard : siri-urz.blogspot.fr/2012/08/windows-ultimate-safeguard.html

=> Quelques campagnes de Malvertising. 28/07/2012. «Je récapitule quelques URLs utilisées dans des campagnes de malvertising ici car les détections antivirus sont vraiment moisies (…).»
Source : www.malekal.com/2012/07/28/quelques-campagnes-de-malvertising/
Billets en relation :
26/07/2012. Reveton like via Malvertising trafficshop : www.malekal.com/2012/07/26/reveton-via-malvertising-trafficshop-com/

=> Inside Citadel 1.3.4.5 C&C & Builder. 29/07/2012. «Citadel Panel v1.3.4.5 (…).»
Source : malware.dontneedcoffee.com/2012/07/inside-citadel-1.3.4.5-cncNbuilder.html

=> The Wonderful World of Sponsored Extensions . 29/07/2012. «The time has come again to educate Advertising Networks and Internet users about the dangers of installing sponsor supported extensions. It’s the perfect time for Mozilla, Google and Microsoft to review and update existing Add-on Policies (…).»
Source : stopmalvertising.com/malvertisements/the-wonderful-world-of-sponsored-extensions.html
Billets en relation :
20/07/2012. IntelliDownload Hijacks Ads and Spies on your Internet Browsing : stopmalvertising.com/malvertisements/intellidownload-hijacks-ads-and-spies-on-your-internet-browsing.html

=> Russian spammers release Skype spamming tool. 30/07/2012. «In this post, I’ll profile a newly released DIY Skype spamming tool, discuss its main features, and whether or not it can lead to an increase in the overall spam levels affecting Microsoft’s Skype (…).»
Source : blog.webroot.com/2012/07/30/russian-spammers-release-skype-spamming-tool/
Billets en relation :
01/08/2012. Skype spamming tool costs $10 : www.zdnet.com/skype-spamming-tool-costs-10-7000001975/

=> NetWire first Multi-platform RAT . 30/07/2012. «NetWire claim to be the first Multi-platform RAT, it can generate output for Windows, Linux, Solaris and Mac OS X. But the client work only in Windows (…).»
Source : www.xylibox.com/2012/07/netwire-first-multi-platform-rat.html

=> Microsoft offre 260 000 dollars dans un concours pour sécuriser Windows. 30/07/2012. «Cible privilégiée des logiciels malveillants, Microsoft organise chaque année un concours pour récompenser les meilleures techniques renforçant la sécurité de Windows. Et le géant de Redmond ne lésine pas sur les moyens pour inciter les hackers à s’intéresser à l’O.S. (…).»
Source : www.numerama.com/magazine/23290-microsoft-offre-260-000-dollars-dans-un-concours-pour-securiser-windows.html
Billets en relation :
24/07/2012. EMET 3.5 Tech Preview leverages security mitigations from the BlueHat Prize : blogs.technet.com/b/srd/archive/2012/07/24/emet-3-5-tech-preview-leverages-security-mitigations-from-the-bluehat-prize.aspx
27/07/2012. My BlueHat Prize Entry: CounterHeapSpray : blog.didierstevens.com/2012/07/27/my-bluehat-prize-entry-counterheapspray/
30/07/2012. Microsoft BlueHat Prize : www.microsoft.com/security/bluehatprize/contest.aspx

=> Uplay : le DRM d’Ubisoft permettait de prendre le contrôle d’un PC. 31/07/2012. «Plate-forme de jeu conçue par Ubisoft, Uplay dispose aussi d’une mesure technique de protection pour contrer le piratage. Ce week-end, il a toutefois été découvert que le plug-in comportait une vulnérabilité critique permettant potentiellement à un pirate de prendre le contrôle d’un PC équipé d’Uplay. Un correctif a été finalement déployé lundi par le développeur (…).»
Source : www.numerama.com/magazine/23303-uplay-le-drm-d-ubisoft-permettait-de-prendre-le-controle-d-un-pc.html
Billets en relation :
30/07/2012. Les DRM des derniers jeux PC d’Ubisoft ouvrent l’accès à votre ordinateur : www.nikopik.com/2012/07/le-drm-des-derniers-jeux-pc-dubisoft-ouvrent-lacces-a-votre-ordinateur.html

=> Dropbox Security update & new features. 31/07/2012. «A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox. We’ve been working hard to get to the bottom of this, and want to give you an update (…).»
Source : blog.dropbox.com/index.php/security-update-new-features/
Billets en relation :
01/08/2012. Dropbox Breach leaves unanswered questions : countermeasures.trendmicro.eu/dropbox-breach-leaves-unanswered-questions/

=> Ghostery: A Web tracking blocker that actually helps the ad industry. 31/07/2012. «The world of web behavioral tracking is a mess. Advertisers are eager to make it more effective, governments want to regulate it, and web users are generally horrified of its potential. But out of chaos comes opportunity, and advertising technology company Evidon has risen to take advantage of the turmoil (…).»
Source : venturebeat.com/2012/07/31/ghostery-a-web-tracking-blocker-that-actually-helps-the-ad-industry/
Billets en relation :
31/07/2012. Ghostery™ FAQs : www.ghostery.com/faq

=> Da fuq safe browsing ? !. 31/07/2012. «Hier, debug bien hard d’une page en AJAX avec Wireshark. Je vois des requêtes imprévues partir sur la carte réseau … vers Google (…).» Ce n’est pas neuf, mais ça ne coute rien de le rappeler.
Source : hardkor.info/da-fuq-safe-browsing/

=> Retour des pirates Chinois dans nos pc. 01/08/2012. «Le gouvernement chinois aurait un accès à 8 ordinateurs sur 10 dans le monde. Un chercheur Français démontre qu’il n’est pas obligatoire de vivre derriére la grande muraille (…).»
Source : www.zataz.com/news/22306/spy–espionnage–Huawei–ZTE-Corporation–Byzantine-Candor–CEIEC–Rakshasa.html
Billets en relation :
26/07/2012. Meet ‘Rakshasa,’ The Malware Infection Designed To Be Undetectable And Incurable : www.forbes.com/sites/andygreenberg/2012/07/26/meet-rakshasa-the-malware-infection-designed-to-be-undetectable-and-incurable/
30/07/2012. Rakshasa hardware backdooring: the demon that can’t be exorcized? : blog.eset.com/2012/07/30/rakshasa-the-demon-that-cant-be-exorcized

=> The rise of a new Java vulnerability – CVE-2012-1723. 01/08/2012. «Last month, we saw a new Java vulnerability (CVE-2012-1723) being used by malware. This new Java vulnerability is a type-confusion, same as the notorious CVE-2012-0507 AtomicReferenceArray vulnerability. The vulnerability was resolved on June 12th by Oracle and a discussion on the vulnerability was made public on June 13th (though some security updates had appeared in a Java related OpenSource project in early April). Even so, it took some time for the malware writers to adopt this new vulnerability for their arsenal after the update was released (…).»
Source : blogs.technet.com/b/mmpc/archive/2012/08/01/the-rise-of-a-new-java-vulnerability-cve-2012-1723.aspx
Billets en relation :
03/08/2012. Volume of Malware Targeting Java CVE-2012-1723 Flaw Spikes : threatpost.com/en_us/blogs/volume-malware-targeting-java-cve-2012-1723-flaw-spikes-080312

=> Gangstaservice Winlock Affiliate . 01/08/2012. «Continuing winlock aff investigation (…).»
Source : www.xylibox.com/2012/08/gangstaservice-winlock-affiliate.html
Billets en relation :
01/08/2012. EURO Winlocker : www.xylibox.com/2012/08/euro-winlocker.html
01/08/2012. Winlock affiliate : www.xylibox.com/2012/08/winlock-affiliate.htm

=> ADMM-Plus Related Attack. 02/08/2012. «The ASEAN Defense Ministers’ Meeting – Plus (ADMM-Plus) has recently been held with the 18 member countries of ASEAN, Australia, China, India, Japan, Republic of Korea, New Zealand, Russia, and the United States. (…).»
Source : www.symantec.com/connect/blogs/admm-plus-related-attack

=> BlackBerry maker Research in Motion agrees to hand over its encryption keys to India. 02/08/2012. «BlackBerry maker Research in Motion’s (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. (…).»
Source : m.economictimes.com/news/news-by-industry/telecom/blackberry-maker-research-in-motion-agrees-to-hand-over-its-encryption-keys-to-india/articleshow/15319701.cms
Billets en relation :
02/08/2012. India: We DO have the BlackBerry encryption keys : www.theregister.co.uk/2012/08/02/rim_keys_india/

=> Vulnérabilité dans les pilotes NVIDIA sur Linux donnant les accès root. 02/08/2012. «Un développeur du kernel Linux et X.org a publié un programme qui exploite une vulnérabilité dans le pilote graphique de NVIDIA sur Linux pouvant donner les accès root à un pirate sur le système (…).»
Source : www.crazyws.fr/securite/vulnerabilite-dans-les-pilotes-nvidia-sur-linux-donnant-les-acces-root-9TH64.html
Billets en relation :
01/08/2012. Nvidia linux binary driver priv escalation exploit : thread.gmane.org/gmane.comp.security.full-disclosure/86747
02/08/2012. Une faille dans les pilotes nVidia 295.59 expose les droits Root : neosting.net/actualite/faille-root-nvidia-pilote.html

=> Windows Anytime Upgrade : Ransomware (Lock Files). 02/08/2012. «Un nouvelle version d’un ransomware qui n’est pas de type Fake Police mais affiche un message se faisant passer pour Windows disant que vous avez une licence de Windows expirée : Your computer is blocked (…).»
Source : www.malekal.com/2012/08/02/windows-anytime-upgrade-ransomware-lock-files/
Billets en relation :
01/08/2012. 1,100 computers affected and 36 people in UK scammed by ‘Police ransomware’ : content.met.police.uk/News/1100-computers-affected-and-36-people-in-UK-scammed-by-Police-ransomware/1400010456322/1257246745756

=> July 2012 Cyber Attacks Timeline (Part II). 03/08/2012. «The Dog Days are nearly here. Weather forecast are announcing for Italy one of the hottest summers since 2003, and the same can be said for the Infosec temperature, although, July 2012 has been very different from the same month of 2011, which was deeply characterized by hacktvism (…).» Toujours l’impressionnant suivi de Paolo Passeri.
Source : hackmageddon.com/2012/08/03/july-2012-cyber-attacks-timeline-part-ii/
Billets en relation :
01/08/2012. Dropbox : des adresses mails dérobées, de nouvelles règles de sécurité : www.pcinpact.com/news/72818-dropbox-adresses-mails-derobees-nouvelles-regles-securite.htm
02/08/2012. Un pirate monnaye et diffuse une partie de la base clients de Pearl.fr : www.pcinpact.com/news/72867-un-pirate-monnaye-et-diffuse-partie-base-clients-pearl-fr.htm
03/08/2012. Reuters hacked, fake news posted : www.zdnet.com/reuters-hacked-fake-news-posted-7000002122/

Vous pourriez aussi aimer...

2 réponses

  1. Nono dit :

    => Windows Ultra-Antivirus . 27/07/2012. «Windows Ultra-Antivirus is a fake Antivirus. This rogue displays fake alerts to scare users (…).» La veille de S!Ri sur les ‘FakeAV’.
    Source : siri-urz.blogspot.fr/2012/07/windows-ultra-antivirus.htm

    La source semble avoir changé (ou n’existe plus ?!)

    PS: Excellent taff, comme d’hab :)

  2. Gof dit :

    Bonsoir nono, merci :)

    le ‘L’ à la fin de l’adresse a sauté, merci du coup d’oeil.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notifiez-moi les commentaires à venir via email. Vous pouvez aussi vous abonner sans commenter.