Security NewsGtron Solutions specializes in Vulnerability Management and Online Vulnerability Scanning. On our site you will find a centralized location to remain updated on vulnerabilities, viruses, threats, the use of Gtron Live Tool™, and much more!http://www.gtron.com/threat-center/security-news2012-05-13T17:46:32ZGtron Solutions, LLC - Online ScanningApple releases patch for iPhone flaw2009-08-09T15:42:37Z2009-08-09T15:42:37Zhttp://www.gtron.com/threat-center/security-news/221-apple-releases-patch-for-iphone-flawRebecca Mints[email protected]<p><span>
<p>A vulnerability in iPhone software that was revealed in last week's Black Hat Security Conference has now been patched, according to consumer giant Apple.</p>
<p>An update is now available on the Apple website which aims to fix a critical iPhone flaw that attackers could exploit to crash the iPhone software.</p>
<p>In Apple's latest advisory, users are warned of "receiving a maliciously crafted SMS message [that] may lead to an expected service interruption or arbitrary code execution.</p>
<p>This means that a text message crafted by an attacker and sent to the iPhone can allow the attacker to execute code remotely.</p>
<p>While asking users to be wary of suspicious text messages, Apple assures them that "the update addresses the issue through improved error handling."</p>
</span>
<p>Two security experts, Charlie Miller and Colin Mulliner, presented the details of the iPhone flaw last week in Las Vegas during the Black Hat Security Conference.</p>
</p>
<p><span>
<p>A vulnerability in iPhone software that was revealed in last week's Black Hat Security Conference has now been patched, according to consumer giant Apple.</p>
<p>An update is now available on the Apple website which aims to fix a critical iPhone flaw that attackers could exploit to crash the iPhone software.</p>
<p>In Apple's latest advisory, users are warned of "receiving a maliciously crafted SMS message [that] may lead to an expected service interruption or arbitrary code execution.</p>
<p>This means that a text message crafted by an attacker and sent to the iPhone can allow the attacker to execute code remotely.</p>
<p>While asking users to be wary of suspicious text messages, Apple assures them that "the update addresses the issue through improved error handling."</p>
</span>
<p>Two security experts, Charlie Miller and Colin Mulliner, presented the details of the iPhone flaw last week in Las Vegas during the Black Hat Security Conference.</p>
</p>
Chinese hackers tamper on Windows 7 code2009-08-02T12:58:01Z2009-08-02T12:58:01Zhttp://www.gtron.com/threat-center/security-news/220-chinese-hackers-tamper-on-windows-7-codeRebecca Mints[email protected]<p><span>
<p>Chinese hackers have reportedly tinkered with the final code for Windows 7 even as Microsoft and manufacturers are still just getting familiar with the newly released application.</p>
<p>Security experts have called it ironic that the Windows 7 code that was made purposely to counter piracy is now circling the hacking community in China. Various Chinese online forums have reported that several Chinese hackers have taken advantage of a hole in Windows Genuine Advantage anti-piracy system in Windows Ultimate release. What the hackers did was to fully activate the software offline, thus depriving Microsoft of the exclusivity as activation server.</p>
</span></p>
<p>Chinese hackers have allegedly used an ISO file that was leaked on the network to be able to hack the activation certificate digitally signed by Microsoft for the OEM version of Windows 7.</p>
<p />In response, Microsoft has quickly released a statement urging customers not to avail of the pirated copy. <br />
<p><span>
<p>Chinese hackers have reportedly tinkered with the final code for Windows 7 even as Microsoft and manufacturers are still just getting familiar with the newly released application.</p>
<p>Security experts have called it ironic that the Windows 7 code that was made purposely to counter piracy is now circling the hacking community in China. Various Chinese online forums have reported that several Chinese hackers have taken advantage of a hole in Windows Genuine Advantage anti-piracy system in Windows Ultimate release. What the hackers did was to fully activate the software offline, thus depriving Microsoft of the exclusivity as activation server.</p>
</span></p>
<p>Chinese hackers have allegedly used an ISO file that was leaked on the network to be able to hack the activation certificate digitally signed by Microsoft for the OEM version of Windows 7.</p>
<p />In response, Microsoft has quickly released a statement urging customers not to avail of the pirated copy. <br />
Malicious code embedded on BlackBerry update2009-07-20T07:24:15Z2009-07-20T07:24:15Zhttp://www.gtron.com/threat-center/security-news/218-malicious-code-embedded-on-blackberry-updateRebecca Mints[email protected]<p>Users of BlackBerry who are based in the United Arab Emirates have been warned that the latest software update distributed through the Etisalat network are brimming with malicious code that can remotely-trigger spyware.</p>
<p>The BlackBerry update had been distributed as a WAP Push message which turned out to contain an application that, if triggered, can intercept email and even shorten battery life. The attack was accidently discovered by a user who clicked on a Java file contained in the update labeled as "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality."</p>
<p>Users had been tricked to click on the update and eventually found their batteries drained while competing through network traffic to download the said update. The update is housed in a directory labeled as /com/ss8/interceptor/app, which points to UAE networking company SS8.</p>
<p>SS8 however denied sending the update but admitted that it has authored a similar application. Etisalat and RIM, another networking company, have not released a statement regarding the matter. The competing operators though have not come up with a solution and instead chose to keep the issue under their sleeves.</p>
<p>Users of BlackBerry who are based in the United Arab Emirates have been warned that the latest software update distributed through the Etisalat network are brimming with malicious code that can remotely-trigger spyware.</p>
<p>The BlackBerry update had been distributed as a WAP Push message which turned out to contain an application that, if triggered, can intercept email and even shorten battery life. The attack was accidently discovered by a user who clicked on a Java file contained in the update labeled as "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality."</p>
<p>Users had been tricked to click on the update and eventually found their batteries drained while competing through network traffic to download the said update. The update is housed in a directory labeled as /com/ss8/interceptor/app, which points to UAE networking company SS8.</p>
<p>SS8 however denied sending the update but admitted that it has authored a similar application. Etisalat and RIM, another networking company, have not released a statement regarding the matter. The competing operators though have not come up with a solution and instead chose to keep the issue under their sleeves.</p>
Korean tension spills over the Net2009-07-20T01:14:05Z2009-07-20T01:14:05Zhttp://www.gtron.com/threat-center/security-news/217-korean-tension-spills-over-the-netRebecca Mints[email protected]<p class="contentpane">In what is believed to be part of the tension involving North Korea and its aggressive war stance, a malicious software is now creating a widespread explosion over the Internet, seriously threatening websites of South Korean and United States government.<br /><br />Robert Lemos of SecurityFocus has reported that a denial-of-service attack has created network traffic that has so far affected website belonging to the two governments.<br /><br />The attack was carefully planned to start on the 4th of July and for two weeks have been shooting down around 26 Web sites, including some U.S. Commercial sites, according to Joe Stewart of SecureWorks. "In the latest file distributed on Tuesday, some of the U.S. Sites were taken out and the South Korean sites were added in," said Stewart.</p>
<p class="contentpane" /><span class="contentpane" />
<p class="contentpane">In what is believed to be part of the tension involving North Korea and its aggressive war stance, a malicious software is now creating a widespread explosion over the Internet, seriously threatening websites of South Korean and United States government.<br /><br />Robert Lemos of SecurityFocus has reported that a denial-of-service attack has created network traffic that has so far affected website belonging to the two governments.<br /><br />The attack was carefully planned to start on the 4th of July and for two weeks have been shooting down around 26 Web sites, including some U.S. Commercial sites, according to Joe Stewart of SecureWorks. "In the latest file distributed on Tuesday, some of the U.S. Sites were taken out and the South Korean sites were added in," said Stewart.</p>
<p class="contentpane" /><span class="contentpane" />
Juniper keeps mum on ATM flaws2009-07-11T15:08:22Z2009-07-11T15:08:22Zhttp://www.gtron.com/threat-center/security-news/216-juniper-keeps-mum-on-atm-flawsRebecca Mints[email protected]<p>Several vulnerabilities in Automated Teller Machines were found by security researchers of networking giant Juniper. A presentation had been prepared by the researchers to discuss these vulnerabilities at the Black Hat Security Conference scheduled end of July and many are looking forward to this big revelation. <br /><br />But Juniper has opted to be extra-careful with the issue and cancelled the presentation this early. <br /><br />"The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public," said a statement signed by Juniper's social media relations officer Brendan P. Lewis.<br /><br />Lewis said they made a decision to cancel the presentation after weighing its potential impact on the involved vendor as well as their clients.<br /><br />"To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."</p>
<p>Several vulnerabilities in Automated Teller Machines were found by security researchers of networking giant Juniper. A presentation had been prepared by the researchers to discuss these vulnerabilities at the Black Hat Security Conference scheduled end of July and many are looking forward to this big revelation. <br /><br />But Juniper has opted to be extra-careful with the issue and cancelled the presentation this early. <br /><br />"The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and - ultimately - the public," said a statement signed by Juniper's social media relations officer Brendan P. Lewis.<br /><br />Lewis said they made a decision to cancel the presentation after weighing its potential impact on the involved vendor as well as their clients.<br /><br />"To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don't want to see happen."</p>
Alert raised over threats spread thru social networking sites2009-06-28T02:59:00Z2009-06-28T02:59:00Zhttp://www.gtron.com/threat-center/security-news/214-alert-raised-over-threats-spread-thru-social-networking-sitesRebecca Mints[email protected]<p style="margin-bottom: 0cm">Twitter, Facebook, MySpace and other social networking sites may contain links that, when clicked, could trigger a security nightmare for unwitting users. </p><p style="margin-bottom: 0cm">This was the stern warning issued by security companies on Monday as they raise the alarm over the rapid spread of security threats using these social networking sites. </p><p style="margin-bottom: 0cm">Security experts from Symantec and Japanese firm Finjan said malicious links found in Twitter and similar sites have affected its user's PC. </p><p style="margin-bottom: 0cm">“Spammers were using a Twitter-branded e-mail message in an attempt to convince the recipient to open up a .zip file to infect the victim's computer,” said Symantec in its security blog. </p><p style="margin-bottom: 0.5cm">In a blog post about cybercrime, Gary Warner said that shortened URLs are particularly attractive to users but will eventually lead them to a chain of redirects that will compromise their system. </p><p style="margin-bottom: 0cm">Twitter, Facebook, MySpace and other social networking sites may contain links that, when clicked, could trigger a security nightmare for unwitting users. </p><p style="margin-bottom: 0cm">This was the stern warning issued by security companies on Monday as they raise the alarm over the rapid spread of security threats using these social networking sites. </p><p style="margin-bottom: 0cm">Security experts from Symantec and Japanese firm Finjan said malicious links found in Twitter and similar sites have affected its user's PC. </p><p style="margin-bottom: 0cm">“Spammers were using a Twitter-branded e-mail message in an attempt to convince the recipient to open up a .zip file to infect the victim's computer,” said Symantec in its security blog. </p><p style="margin-bottom: 0.5cm">In a blog post about cybercrime, Gary Warner said that shortened URLs are particularly attractive to users but will eventually lead them to a chain of redirects that will compromise their system. </p>Criticisms stir Apple to finally fix Java flaw2009-06-21T04:20:59Z2009-06-21T04:20:59Zhttp://www.gtron.com/threat-center/security-news/213-criticisms-stir-apple-to-finally-fix-java-flawRebecca Mints[email protected]<p><font face="arial,helvetica,sans-serif"></font></p><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">Amid growing criticisms from security researchers on the months-long existence of a bug found on Mac OS X’s Java, Apple has finally issued a security patch on Tuesday.</span></font> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">A serious security flaw on Java was discovered by Sun six months ago. The vulnerability has affected several platforms that run on Java although most operating-system vendors, except Apple, have immediately issued patches. </span></font></p> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">Last month, security expert Julien Tinnes and Security firm Intego together published criticisms on Apple for neglecting to patch the bug and only issuing a security update months after its discovery. </span></font></p> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">“Apple has been aware of this vulnerability for at least five months since it was made public, but has neglected to issue a security update to protect against this issue,” said Intego in its security advisory. </span></font></p><p><font face="arial,helvetica,sans-serif"></font></p><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">Amid growing criticisms from security researchers on the months-long existence of a bug found on Mac OS X’s Java, Apple has finally issued a security patch on Tuesday.</span></font> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">A serious security flaw on Java was discovered by Sun six months ago. The vulnerability has affected several platforms that run on Java although most operating-system vendors, except Apple, have immediately issued patches. </span></font></p> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">Last month, security expert Julien Tinnes and Security firm Intego together published criticisms on Apple for neglecting to patch the bug and only issuing a security update months after its discovery. </span></font></p> <p class="MsoNormal"><font face="arial,helvetica,sans-serif"><span style="font-weight: normal">“Apple has been aware of this vulnerability for at least five months since it was made public, but has neglected to issue a security update to protect against this issue,” said Intego in its security advisory. </span></font></p>Grumblar still a threat, says security experts2009-06-13T14:06:40Z2009-06-13T14:06:40Zhttp://www.gtron.com/threat-center/security-news/212-grumblar-still-a-threat-says-security-expertsRebecca Mints[email protected]<p>The vicious virus that spreads malicious code over the Internet remains a pervasive threat, according to security firm Websense in its latest blog. </p><p>While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem. </p><p>Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined. </p><p>“...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week. </p><p>The vicious virus that spreads malicious code over the Internet remains a pervasive threat, according to security firm Websense in its latest blog. </p><p>While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem. </p><p>Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined. </p><p>“...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week. </p>Attackers use QuickTime to steal user rights2009-06-04T05:50:58Z2009-06-04T05:50:58Zhttp://www.gtron.com/threat-center/security-news/211-attackers-use-quicktime-to-steal-user-rightsRebecca Mints[email protected]<p style="margin: 0in 0in 12pt" class="MsoNormal">A vulnerability in DirectX that runs QuickTime files has been recently discovered by Microsoft who immediately warned users not to click on suspicious links. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">In its advisory posted last Thursday, Microsoft said attackers use malicious QuickTime files to allow them to compromise the system by stealing user rights. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">Microsoft said the attacks are “limited” but still asked users to employ measures to protect their system, including constantly updating their software. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">“The vulnerability could allow remote code execution if a user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code,” said the advisory. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">A vulnerability in DirectX that runs QuickTime files has been recently discovered by Microsoft who immediately warned users not to click on suspicious links. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">In its advisory posted last Thursday, Microsoft said attackers use malicious QuickTime files to allow them to compromise the system by stealing user rights. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">Microsoft said the attacks are “limited” but still asked users to employ measures to protect their system, including constantly updating their software. </p><p style="margin: 0in 0in 12pt" class="MsoNormal">“The vulnerability could allow remote code execution if a user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code,” said the advisory. </p>Lower version of OpenSSH vulnerable to attack2009-05-29T06:11:04Z2009-05-29T06:11:04Zhttp://www.gtron.com/threat-center/security-news/210-lower-version-of-openssh-vulnerable-to-attackRebecca Mints[email protected]<span class="headline"></span><span class="headline">Users of the network protocol OpenSSH have been warned by security experts to upgrade their software to the latest version so as to protect encrypted data.</span> <p class="MsoNormal"><span class="headline">Developers of OpenSSH or SecureShell has come up with version 5.2 which implements countermeasures against probable attacks. The lower versions contain a flaw that attackers can exploit to read encrypted data. </span></p> <p class="MsoNormal"><span class="headline">Other SSH software may also have the same vulnerability, said security experts belonging to the Information Security Group at the University of London’s Royal Holloway. </span></p> <p class="MsoNormal"><span class="headline">The attack can be done during cryptographic processing, when an attacker could have a one in more than 200,000 chance to invade the system and read data from ciphertext.</span></p><span class="headline"></span><span class="headline">Users of the network protocol OpenSSH have been warned by security experts to upgrade their software to the latest version so as to protect encrypted data.</span> <p class="MsoNormal"><span class="headline">Developers of OpenSSH or SecureShell has come up with version 5.2 which implements countermeasures against probable attacks. The lower versions contain a flaw that attackers can exploit to read encrypted data. </span></p> <p class="MsoNormal"><span class="headline">Other SSH software may also have the same vulnerability, said security experts belonging to the Information Security Group at the University of London’s Royal Holloway. </span></p> <p class="MsoNormal"><span class="headline">The attack can be done during cryptographic processing, when an attacker could have a one in more than 200,000 chance to invade the system and read data from ciphertext.</span></p>