Information security digest, 18.09-18.10

Internet Explorer vulnerabilities In the second half of September Microsoft announced the discovery of a more serious vulnerability (CVE-2013-3893 ) and a zero day exploit for it. The vulnerability is

Internet Explorer vulnerabilities

In the second half of September Microsoft announced the discovery of a more serious vulnerability (CVE-2013-3893 ) and a zero day exploit for it. The vulnerability is present in all versions of Internet Explorer browser since IE 6, valid for all versions of Windows.

Since then at least three detected hacking attacks have targeted this vulnerability.

Right after publishing the information on the vulnerability, Microsoft released the Fix It utility and a cumulative update on October 8th to patch several vulnerabilities including CVE-2013-3893 and CVE-2013-3897 for which there was also a zero day exploit found.

According to some reports the attacks have been carried out since the late August.

Details: 1, 2.


The “shy” banking Trojan

The end of September saw an increase in the number of infections by an updated version of the banking Trojan Shylock (aka Caphaw), which now attacks customers of 24 major U.S. banks. A distinctive feature of Shylock/Caphaw is its ability to automatically steal money from the accounts accessed by the user from the infected machine. There are a few more unpleasant characteristics: firstly, this Trojan changes the system registry entries providing the ability to restore itself even after an antiviral sanitation. Secondly, it can detect an Internet connection, and thirdly, it can tell virtual machines from physical ones. If a computer is not connected to the Internet or it suddenly turns out that a virtual machine is infected, then Caphaw does not launch at all.

Details are available here: 1, 2.


Attention, Beta Bot!

The FBI issued a warning about another “payment” Trojan Beta Bot which can block user’s access to websites dedicated to information security and disable antivirus software – in addition to stealing payment data and details from the user’s computer. When trying to access the machine, the Trojan acts as a Windows Messenger message.

More information is available here.


How safe are fingerprints?

Chaos Computer Club members announced that they managed to find a way to bypass Apple Touch ID, the new biometric authentication tool, or rather a fingerprinting verification tool. This feature was introduced simultaneously with the new smartphone Apple iPhone 5s. As it turned out, Touch ID is relatively easy to fool by owner’s fingerprint image treated with graphite (for conductivity).

The spokesman for the CCC Frank Rieger said: “We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token.”

More information is available here.


Silky riddance!

The FBI shut down an online black market Silk Road and arrested its founder Ross William Ulbricht aka Dread Pirate Roberts.

Ulbricht was not just charged of drug trafficking, but of money laundering and committing a number of computer crimes. In addition to offering drugs on Silk Road, there were a large number of hacker services like selling databases with personal and payment data of many people.

Moreover, the FBI now has millions of bitcoins that were the only currency used on the site.

Read more


Niagara Leak from Adobe

Adobe Systems experienced a tremendous security breach. 2.9 million customers’ sensitive and personal data was stolen as well as the source code of many company’s software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, and others. Security experts from Hold Security Company announced the discovery of more than 40 GB of encrypted files with the source codes of Adobe products on servers owned by hackers who had cracked LexisNexis, Kroll, NW3C and other resources.

Apparently, the attack at Adobe was accomplished in August but just became news in early October.

Read more


Blackhole’s author arrested

An infamous virus writer Paunch was arrested in Russia for developing the wicked kit of exploits named Blackhole.

Blackhole is the most famous set of malware available on the darknet. This is a set rented by criminals and it allows them to infect users’ computers via browsers’ vulnerabilities. Cyber​​criminals use fraudulent links to lure visitors to their site and the exploit kit determines which exploits would work on a victim’s computer and uses them to infect.

Details: 1, 2


Unplugging half the country

Two researchers – Adam Crane and Chris Sistrank – discovered more than two dozen vulnerabilities in products used in critical urban infrastructure systems that would allow attackers to crash or hijack the servers controlling electric substations and water systems.

The vulnerabilities are found in devices that are used for serial and network communications between servers and substations. These products have been largely overlooked as hacking risks because the security of power systems has focused only on IP communication, and hasn’t considered serial communication an important or viable attack vector. But the researchers say that breaching a power system through serial communication devices can actually be easy. An intruder could exploit the vulnerabilities by gaining physical access to a substation – which generally are secured only with a fence and a webcam or motion detection sensors – or by breaching the wireless radio network over which the communication passes to the server.

As a result, attackers can simultaneously bring down many substations which may lead to a major disaster.

Read more