Vulnerabilities


The Security Nightmare of a Flash Monoculture

From ZDNet (Larry Dignan)
Adobe’s announcements that a full version of Flash is coming to every smartphone not named Apple iPhone leave me conflicted. Full-blown Flash can be a boon to the mobile Web, but has the potential to become one huge security headache. Read the full story [zdnet.com]

Skype ‘Online Notification’ Alert Leads to Fake AV

Trend Micro researcher Rik Ferguson has discovered a new twist on the old social engineering attacks on Skype — the use of usernames and monikers that appear very, very convincing.
In the latest attacks, which lure computer users to fake anti-virus sites (rogueware), the attackers are using the username “Online Notification” in the Skype chat window.

SMB2 Exploit Fitted into Metasploit; Attacks Likely

Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.
The exploit, created and released by Harmony Security’s Stephen Fewer, provides a clear roadmap for hackers to plant malware or open backdoors on Windows Vista Service Pack 1 and 2 as well as Windows 2008 SP1 server.


In the wake of Moxie Marlinspike’s SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in fact a fake.

Security researchers have stumbled on a new botnet that uses an interesting technique to mask its nefarious intentions.
The Monkif/DIKhora botnet, which is pushing out Trojan downloaders to infected machines, is encoding the instructions to appear as if the command-and-control server is returning a JPEG image file, according to SecureWorks researcher Jason Milletary.  Read the full story [secureworks.com]

Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.
The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software. 

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.
The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today.

Cisco has released a peck of patches to cover multiple security flaws in its flagship Cisco IOS (originally Internetwork Operating System), warning that the bugs exposes businesses to denial-of-service or policy bypass attacks.
In all, the networking vendor released 10 advisories covering Cisco IOS flaws and a separate alert for a vulnerability in the Cisco Unified Communications Manager. Read the Cisco advisory bundle [cisco.com].

DarkReading’s Kelly Jackson Higgins is reporting on a new study that shows bot infections in the rise in the enterprise, most coming from  tiny, unknown botnets built for targeting victim organizations.

The three-month study of more than 600 different botnets found having infiltrated enterprise networks, researchers from Damballa discovered nearly 60 percent are botnets with only a handful to a few hundred bots built to target a particular organization. Only 5 percent of the bot infections were from big-name botnets, such as Zeus/ZDbot and Koobface. Read the full story [darkreading.com]

GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cybercriminals.
During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.