Category Archives: Security & Privacy

Check out the latest security and privacy news on right here. Get the latest updates on software vulnerabilities, data leaks, and more.

red-october-malware

Rocra or Red October malware stealing classified data since 2007

red-october-malwareWhen normal consumers are becoming the victims of data theft each day, it is no surprise that the same is happening within government sector too. According to a report in WSJ, Moscow-based anti-virus maker Kaspersky Lab has discovered a series of cyberattacks targeting diplomatic, governmental and scientific-research organizations in former Soviet-bloc countries, India, US, Iran and Belgium. What is surprising is that this has been going on for at least last five years.

The operation, which was being conducted by unidentified individuals/organisations/government, was gathering classified data and intelligence documents by using a malware called “Red October” or “Rocra.”

“There are about 300 computers infected that we know about,” Vitaly Kamluk, chief malware expert for Kaspersky told WSJ. Targets include embassies, government research centers, and aerospace facilities.

Here is a country-wise distribution of Red October affected computers:red-october-affected-countries

According to Kaspersky, this malware was controlled using 60 odd servers based in Germany and Russia, which was further controlled by a main server based at an unknown location.

How Red October worked, WSJ explains:rad-october-attack

Malware was attached to Microsoft Word or Excel documents and sent to a targeted user via email. When opened, the malware infected the host computer. That opened a communication channel with a command-and-control server, which sent the necessary additional modules to infect the computer.

Different modules targeted things such as USB drives, or different kinds of data. Others were used to extract the stolen data. There were modules designed to infect smartphones, and others that targeted enterprise network equipment or removable disk drives, including some designed to recover deleted files.

We were unable to authenticate the details of these claims from Kaspersky, but given the credibility of this anti-virus maker, they are assumed to be authentic.

More details on Red October can be read on Kaspersky Website.

oracle-Java

Oracle releases Java 7 Update 11 with vulnerability fixes

oracle-JavaAs promised, Oracle has released a fix for recently revealed Java security vulnerability in the form of Java 7 Update 11.  You can grab the download from Oracle website.

“This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A – Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers,” Oracle noted in a security alert.

This update also includes a change to the default Java Security Level setting from Medium to High, meaning the user is now always prompted before any unsigned Java applet or Java Web Start application is run.

With this, the current nightmare for Oracle might be over, but experts claim that there are still several vulnerabilities in Java, which need to be fixed.

Adam Gowdiak, a researcher with Poland’s Security Explorations, told Reuters that the update from Oracle leaves unfixed several critical security flaws. “We don’t dare to tell users that it’s safe to enable Java again,” said Gowdiak.

Earlier, critical security vulnerability was found on Java 7 Update 10, which allowed hackers to install malicious software on computer systems. The US Department of Homeland Security later issued a vulnerability note detailing the bug and urged users to disable Java on their computers.

oracle-Java

Oracle to fix Java security flaw soon

oracle-JavaOracle has announced it is preparing an update for the Java software to address a security vulnerability that was identified recently. “A fix will be available shortly,” the company said in a statement following U.S. Department of Homeland Security’s urge to computer users to disable Java from their web browsers.

Company also added that the recently discovered flaw only affects Java 7, the program’s most-recent version, and Java software designed to run on browsers, reports Reuters.

There is still no word on how soon we will be able to see this update, but considering Oracle has acknowledged the problem, it should be coming real soon.

Earlier on Thursday, the exploit was first discovered by a French Researcher, which was followed by an advisory by the US Computer Emergency Readiness Team (US-CERT).

It noted:

Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.

Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

This advisory was followed by Mozilla’s announcement to add Java 7 Update 9, Java 7 Update 10, Java 6 Update 37, and Java 6 Update 38 to its Firefox add-on block list. Apple also did not take long to disable Java 7 on Macs that already have the plug-in installed.

Java has increasingly become a prime target for hackers. It even surpassed Adobe Reader as the most frequently attacked piece of software. To give you a perspective, Java was responsible for 50pc of all cyber-attacks in 2012 in which hackers exploited software bugs to hack computers.