Week in review: Remote Linksys 0-day root exploit discovered, the Pobelka botnet, and a year of Microsoft patches

Here’s an overview of some of last week’s most interesting news, videos, reviews and articles:

Looking back at a year of Microsoft patches
Last year Microsoft’s Patch Tuesdays featured a total of 83 bulletins, which is a decline from previous years. Since their security efforts impact countless security professionals, we wanted to see what IT security leaders, and Microsoft, think about the patches released in 2012. Here are some of the comments received by Help Net Security.

Oracle patches critical 0-day with new Java update
Oracle has released Java 7 Update 11, the computing platform’s newest version that patches the recently discovered and currently widely misused zero-day vulnerability, an exploit for which has been added to a number of popular exploit kits.

Automating security for developers with Minion
Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.

Aaron Swartz’s death triggers MIT investigation, website hack
The news that well-known Web activist and developer Aaron Swartz took his own life resounded across the Internet at an amazing speed. Many who knew him privately, worked with him on the various projects, and received his help with theirs wrote moving and insightful tributes to this genius of a man that accomplished many important things that greatly indebted us all. Among these things were also some that attracted negative attention from U.S. authorities.

Dangerous remote Linksys 0-day root exploit discovered
DefenseCode researchers have uncovered a remote root access vulnerability in the default installation of Linksys routers. They contacted Cisco and shared a detailed vulnerability description along with the PoC exploit for the vulnerability. Cisco claimed that the vulnerability was already fixed in the latest firmware release, which turned out the be incorrect.

Microsoft patches critical IE 0-day used in watering hole attacks
The critical “CDwnBindInfo” use-after-free remote code execution vulnerability is present in Internet Explorer versions 6,7, and 8, and users of these are advised to update them as quickly as possible if they haven’t got automatic updates enabled. Users of Windows Vista can also upgrade to IE 9 or 10, which are not impacted by the issue.

Cyber-espionage campaign targeting diplomatic and government institutions
Kaspersky Lab identified an elusive cyber-espionage campaign targeting diplomatic, governmental and scientific research organizations in several countries for at least five years. The primary focus of this campaign targets countries in Eastern Europe, former USSR Republics, and countries in Central Asia, although victims can be found everywhere, including Western Europe and North America.

Waledac botmasters use Virut malware to build a new botnet
Despite having been swooped down on by security companies and law enforcement a couple of times, the botmasters of the Waledac (Kelihos) botnet refuse to give up and are using new variants to set up new versions of the original botnet.

Vulnerability of oil and gas infrastructure drives security investments
There is a growing preference for total solutions with flexible integration of individual security systems like access control, video surveillance and intrusion-detection on one platform.

How the security threat landscape will evolve this year
Where 2012 was a period of great innovation amongst cybercriminals and hackers – many of whom keenly develop new and hybridized attack vectors that build on a constantly expanding range of extensible code environments seen running on Windows and Apple Mac platforms – 2013 is likely to go down in the darkware IT history books as a period of consolidation.

Bouncer kit perfect for laser-focused phishing campaigns
Researchers have unearthed a new type of phishing kit that allows crooks to target specific users and keep away others in order to keep the scheme hidden from knowing eyes and security firms for as long as it’s possible.

Company bosses slacking on hacking
Company bosses across the UK have a complacent attitude toward cybercrime and are inviting criminal attacks due to their sloppy approach to internet security, reveals new research from Swivel Secure.

Log audit reveals developer outsourced his job to China
Log analysis can reveal a lot of security mistakes and fails, but a lot of security sins, too.

Microsoft AVs not good enough, says AV-Test
AV-Test, the well-known independent organization that tests security software for home and corporate users, has released the results of the latest testing – and it’s bad news for Microsoft.

Many Fed smartphones have zero password protection
Sponsored by EMC, VMware, Cisco, and Carahsoft, the report reveals that more than half of smartphone users in the Federal government use their personal smartphone for job-related tasks. Out of this group, one in three workers do not have password protection.

Facebook scams and why users fall for them
Here is a list of the most popular scams lurking on Facebook, often repeated with small modifications, and obviously still successful. What are the scammers after, and why do they succeed over and over again?

Book review: WordPress 3 Ultimate Security
Back in 2004, the company behind the then-popular blogging platform Movable Type shot themselves in the foot by changing the license, prompting the majority of top users to select an alternative platform. Ever since then, WordPress has been thriving and has ultimately become one of the leading online publishing platforms. This book has over 350 pages and, as the title says, aims to be the ultimate WordPress 3 security guide.

Cybercriminals exploit Java 0-day fears to serve malware
With all the recent Java zero-day vulnerabilities being exploited in the wild and Internet news outlets heavily covering the development of the situation, many users will look for updates for the popular computing platform. As expected, malware peddlers were quick to exploit this development and have already set up compromised websites that supposedly offer the latest update (7u11) for download.

Large-scale DDoS attacks grow bigger and more diversified
In addition to increasing attack sizes, attack volume grew in Q4 2012 and reached the highest number of attacks Prolexic has logged for one quarter.

Fox IT analysts demystify the Pobelka botnet
Fox IT, a firm that rose to international prominence following the DigiNotar breach, has detailed in a report the identity of the people running the Pobelka botnet, and has described how it was started and how its still working.

Why Facebook Graph Search will help cybercriminals
While Facebook’s newly announced graph search capability is awesome for people who like social networking, it also provides criminals with another source of information about potential targets. The ability to query like this really opens a can of worms.

New RAT family makes its traffic look legitimate
RATs – Remote Access Trojans – are often used by cyber attackers to maintain a foothold in the infected computers and make them do things unbeknownst to their owners. But, in order to do that and not be spotted, RATs must employ a series of obfuscation techniques.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss