About these ads

Archive

Posts Tagged ‘Oracle’

Oops, They Did it Again! New Vulnerability Discovered in Just-Patched Java

September 1, 2012 7 comments

Did you update your Java Plug-in with the Update 7 after the critical vulnerability discovered last week? You’d better wait!

Adam Gowdiak, CEO of Security Exploration, the Polish startup that discovered the Java SE 7 vulnerabilities (immediately exploited by cyber criminals), has discovered a new flaw that affects the patched version of Java released this Thursday. A patch released outside the consolidated Oracle update cycle which foresees three updates per year: an uncommon event for the company which demonstrates the seriousness of the security hole.

Unluckily, history is repeating, Adam Gowdiak has told The Register, that just-released Java SE 7 Update 7, contains a flaw that could allow an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.

Even more unluckily, history is totally repeating: as happened for the previous vulnerability, the bug was reported to Oracle in April 2012 (and unfortunately is not yet patched).

At this point there is no other choice than disabling Java from your favourite browser.

If you want to know if your browser is vulnerable, you can click the following link: http://www.isjavaexploitable.com/.

If you want to know how to disable Java in your environment, you can find detailed instructions at these links by Brian Kerbs or Naked Security.

Disable Java or Die!

About these ads

February 2012 Cyber Attacks Timeline

March 5, 2012 1 comment

Find here February 2012 Cyber Attacks Timelime Part I.

With a small  delay (my apologies but the end of February has been very busy for me and not only for Cybercrooks as you will soon see), here it is the second part of my compilation with the main Cyber Attacks for February 2012.

Easily Predictable, the Hacktivism is still the main concern for System Administrators, in particular for the ones of Stratfor who suffered a huge leak of 5 million of emails.

On the same front, the threats of the Anonymous for the Friday actions have come true and as a matter of fact Law Enforcement Agencies suffered other remarkable breaches in this month: Infragard for the second time and also Interpol (a new entry) that was taken down after the arrest of 25 members of the collective. Anti ACTA protest also continue to shake Europe as also the delicate economical and social situation in Greece.

Last but not least, this month has also seen an unforgettable leak, affecting potentially more than 1.000.000 Youporn users.

As usual, the chart does not include the events related to Middle East Cyber War Timeline, that you may find at this link, as they “deserve” a dedicated timeline.

After the jump you find all the references, follows @paulsparrows for the latest updates on a regular basis and also have a look to the 2012 Cyber Attacks Timeline Master Index.

Read more…

September 2011 Cyber Attacks Timeline (Part II)

October 2, 2011 5 comments

Here it is the second part of my traditional monthly Cyber Attacks Timeline (Part I available here). From an information Security Perspective the main events of this month were the infamous Diginotar breach which led to Bankrupt for the Dutch Company and also the BEAST attack to SSL, two events which, together, thumbed the Infosec Community in its stomach.

Of course these events did not divert the attention of hackers who kept on to carry on attacks against different targets.

The Anonymous continued their campaign: although mainly focused on the #OccupyWallStreet Operation (in which a Senior Officer who used pepper spray against protestors was “doxed”, they targeted several governments including Mexico, Austria, (where they also performed an unconfirmed hack against an health insurance Firm targeting 600,000 dumped users) and Syria. In particular the latter attack triggered a retaliation by Syrian Electronic Soldiers against the prestigious Harvard University.

Chronicles also report a Japan defense contractor hit by hackers, Mitsubishi Heavy Industries, (China denied its involvement on the attack), another Twitter Account hacked by The Script Kiddies (this time against USA Today), an indirect attack perpetrated against (through) Oracle by infecting its MySQL.com domain with downloadable malware and, last but not least a massive defacement of 700,000 sites hosted by Inmotion.

US Navy was also victim of defacement.

As far as the prize for the “Most Expensive Breach of the Month” is concerned, the laurel wreath is undoubtedly for SAIC (Science Applications International Corp.) which lost a tape database backup containing data of 4,900.000 users with an estimated cost of approximately 1 billion of bucks…

As usual, useful Resources for compiling the table include:

My inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Update: On 09/30/2011, Betfair reported a 3.15 million records breach with a total estimated cost of 1.3 billion USD winning the laurel wreath of the most expensive breach of the month.

Date Author Description Organization Attack
Sep 16


Websites of several Mexican government ministries

As part of OpIndipendencia, websites of several Mexican government ministries, including Defense and Public Security, are teared down in the same day of the symbolic beginning of Mexico’s independence from Spain.


DDoS
Sep 16 Mikster
Clubmusic.com

Clubmusic.com, a worldwide dj website. is hacked and the leak dumped on pastebin.


SQLi
Sep 16 Sec Indi Security Team
Official Website of The United States Navy

An hacker crew called Sec Indi Security Team Hacker uploads a custom message on the server to warn a WebDav vulnerability.

WebDav Vulnerabilty
Sep 16 ? California State Assembly

More than 50 employees of the California State Assemby, including some lawmakers, have been warned that their personal information might have been obtained by a computer hacker.


?
Sep 17 ?
Intelligence And National Security Alliance

Names and email addresses of hundreds of U.S. intelligence officials have been posted on an anti-secrecy website. On Monday Sep 10 INSA published a major report warning of an urgent need for cyberdefenses. Within a couple of days, in apparent retaliation, INSA’s “secure” computer system was hacked and the entire 3,000-person membership posted on the Cryptome.org website

  N/A
Sep 17 ?
Fake FBI Anonymous Report

A Fake FBI Psychological profile of the Anonymous group is published. Although not a direct cyber attack, this event can be considered an example of psychological hacking and a “sign of the times” of how information and counter information may play a crucial role in hacking.

  SQLi?
Sep 18
Texas Police

Anonymous/Anti-sec releases a document containing a list of about 3300 members of the Texas Police Association

  N/A
Sep 19

?

Mitsubishi Heavy Industries

Mitsubishi Heavy Industries, Japan’s biggest defense contractor, has revealed that it suffered a hacker attack in August that caused some of its networks to be infected by malware. According to the firm,  45 network servers and 38 PCs became infected with malware at ten facilities across Japan. The infected sites included its submarine manufacturing plant in Kobe and the Nagoya Guidance & Propulsion System Works, which makes engine parts for missiles.


APT
Sep 19
City Of Rennes

TeaMp0isoN takes responsibly to hack the official website of The City Of Rennes (France) via a tweet. They also publish the reason of hack on the defacement page.

Defacement
Sep 19
?

Hana SK

Hana SK Card Co., a South Korean credit card firm, announces that Sep 17, some 200 of its customers’ personal information has been leaked. Total cost of the breach is $42,800.

Hana SK Card
SQLi?
Sep 20
? Former USSR Region

Source report that at least 50 victim organizations ranging from government ministries and agencies, diplomatic missions, research institutions, and commercial entities have been hit in the former Soviet Union region and other countries in an apparent industrial espionage campaign that has been going on at least since August 2010.The advanced persistent threat (APT)-type attacks — dubbed “Lurid” after the Trojan malware family being used in it — has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.


APT
Sep 20
 Shad0w Fox Sports Website

Fox Sports website, on of the most visited Websites in the world (rank 590 in Alexa) gets hacked. An Hacker named “Shad0w” releases SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leaked database info posted on pastebin. Vulnerable link is also posted together admin password hashes.


SQLi?
Sep 22
Core Security Technologies

Another security Firm target of hacking: Core Security Technologies is hacked by an hacker called Snc0pe, who defaces some websites belonging to the firm. Mirror of the hack can be seen here.


N/A
Sep 24 ?
UKChatterbox

Popular IRC service UKChatterbox advises users to change their passwords following a series of hacks which culminated in an attack that may have compromised user details. The password reset follows on from a succession of outages previously attributed to maintenance upgrades, back to the start of the summer. In a notice to users, UKChatterbox advises users to change their passwords and not to re-use them on other sites. The number of hacked account is unknown.


N/A
Sep 25

Seven Major Syrian Cities and Government Web Sites

The Anonymous unleash a chain of defacement actions against the Syrian Government, hacking and defacing the official sites of seven major Syrian cities, which stayed up in their defaced version for more than 16 hours. The defacement actions kept on the following day in which 11 Syrian Government Sites were defaced as part of the same operation.


Defacement
Sep 25 ?
Indira Gandhi International Airport

Although happened three months ago, it turns out that a ‘technical snag’ hittinh operations at the Indira Gandhi International Airport (IGIA) T3 Terminal was caused by a “malicious code” sent from a remote location to breach the security at the airport.


APT
Sep 26
Inmotion Hosting Server

700,000 websites hosted on InMotion Hosting network are hacked by TiGER-M@TE. The hackers copied over the index.php in many directories (public_html, wp-admin), deleted images directory and added index.php files where not needed. List of all hacked 700,000 sites here.

Defacement
 Sep 26
Austrian Police

The Austrian Anonymous branch publishes the names and addresses of nearly 25,000 police officials, raising fears for officers’ personal security. An Austrian Interior ministry spokesman said the information came from an “association closely related with the police”. Estimated cost of the breach is around $ 5,400,000.


SQLi?
Sep 26
USA Today Twitter Account

The USA Today Twitter account is hacked and starts to tweet false messages mentioning the other accounts hacked by the authors of the action: the Script Kiddies (already in the spotlight for hacking the FoxNews Twitter Account at the Eve of 9/11 anniversary)


Account Hacking
Sep 26
?
MySQL.com

MySQL.com website is struck by cybercriminals, who hacked their way in to serve up malicious code to visiting computers with a Java exploit that downloaded and executed malicious code on visiting Windows computers. Brian Krebs reports that just few days before, he noticed on a Russian underground website that a hacker was offering to sell admin rights to MySQL.com for $3000. MySQL.com receives almost 12 million visitors a month (nearly 400,000 a day).


Java Exploit to install malware
Sep 26
Harvard University

In retaliation for the defacements performed by the Anonymous targeting Syria, Syrian Electronic Soldiers deface the website of the prestigious Harvard University. The same group came in the spotlight during July and August for defacing Anonoplus engaging a “de facto” cyberwar against The Anonymous.


Defacement
Sep 26 ?
#Occupywallstreet

The month of September is characterized by the OccupyWallStreet Operation, started on September, the 17th and still ongoing. Although not directly configurable as an hacking action, it may rely on the support of the Anonymous who “doxed” a senior police who controversially usec pepper spray against a group of female protesters.


N/A
Sep 27
COGEL, Council On Governmental Ethical Law

Once again in this month,Snc0pe claims another resounding action. This time the alleged target is the official website of The Council on Governmental Ethics Laws (COGEL). He posts a message on pastebin, along with the database download link.


SQLi?
Sep 28
Tiroler Gebietskrankenkasse (TGKK)

AnonAustria in the spotlight again after the resounding hack against Austrian Police. This time the victim is an health insurance firm Tiroler Gebietskrankenkasse (TGKK) whose database of some 600,475 medical records AnonAustria claims to have hacked. The databse includes some celebrities. The total cost of the breach is around $128,500,000.00.


SQLi?
Sep 29 ?
SAIC (Science Applications International Corp.)

SAIC, one of the Pentagon‘s largest contractors reveals to have discovered a data breach occurred a couple of weeks before, affecting as many as 4.9 million patients who have received care from military facilities in San Antonio since 1992. The breach involved backup computer tapes from an electronic health care record. Some of the information included Social Security numbers, addresses, phone numbers and private health information for patients in 10 states. Statement of the data breach here Estimated cost of the breach is around $ 1 billion.


Car Burglary
Sep 30 ?
Laptop Virus Repair

Although not resounding as the one which targeted MySQL.com, here it is another example of a website infected with malicious code targeting a free antivirus cloud based service.

Laptop Virus Repair
Malicious Code
Sep 30 ?
Betfair

Betfair reports a leak including not only the payment card details of most of its customers but also “3.15m account usernames with encrypted security questions”, “2.9m usernames with one or more addresses” and “89,744 account usernames with bank account details”. The incident occurred on 14 March 2011 but was announced only 18 months later. Estimated cost of the breach is around $1.3 billion.


?

The Dangerous Liaisons (Updated)

August 22, 2011 1 comment

Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.

Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.

While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.

Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents  which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.

As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!

Company Filed Suit Against Has technological alliance with Filed Suite From:
  No one (at least so far!)

Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.

In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents.

Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520.

The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561.

The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google.

On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted.

Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case.

The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US  ITC to block the import of twelve phones designed and manufactured by HTC.

On Jul 15 2011 Apple won a preliminary patent ruling in an early judgment before the US ITC, in which HTC was found to have breached two of 10 patents held by Apple.

On Aug 8 2011 ITC  announced to have dediced to review Apple’s patent infringement complaint against HTC.

Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits.

On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.

Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets.

Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court.

In the last days Apple has been accused of presenting inaccurate evidence against Samsung.

Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard.

On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.

On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.

Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset.

Oct 22 2009: Nokia sued Apple in Delaware court for infringing on  ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years.

On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.

On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC.

On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents

On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.

Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers.

The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.

Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008.

Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.

On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple.

HTC expects final ruling on Apple-S3 graphics case in November.

On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers.

Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory.

Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.

Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system.

Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.

Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.”

Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products.

Motorola Mobility asked for the infringing devices to be barred from importation into the United States.

On Dec 21 2010, ITC has agreed to hear the complaint.


Android Virtual Machine on RIM Tablet, A Security Concern?

The rumors were confirmed and at the end it looks like that the forthcoming RIM Tablet, named Playbook, will be able to run Android Applications. This will be possible thanks to an optional “app player” that will provide an application run-time environment for Android v2.3 code (no mention so far for Honeycomb), allowing users to download Android applications directly from BlackBerry App World and run them on their (future) BlackBerry PlayBook.

This does not sound new to me (at this link an article in Italian in which I discussed about the rumors of an Android Virtual Machine for the Playbook), but in my opinion the point of interest does not rely on the fact that the announced “app player” builds a bridge between the Android and RIM worlds (as a matter of fact the RIM Tablet will offer also a second “app player” for the Blackberry Java applications), but it is really interesting to point out the information security perspective since it looks like that the paradigm Write (Malware Once), Use Many, will undoubtedly come true.

We know that, from the beginning of the 2011, the poor Android is suffering of multiple infections, and this peak of malware is not only due to the fact that the Google platform captured #1 ranking in the mobile platforms but, most of all, to the fact that the number of users which leverage the Android capabilities for professional use is growing day by day. Of course, the effort for developing malware is commensurate  with the value of the target, hence this evidence (together with the fact that Android is an Open Platform and the android market policies are not as strict as the ones from Cupertino) explains why the Android is a little too much sick in this period (and also because, in my opinion, security issues are the main reasons at the base of Mountain View’s decision to hold Honeycomb tight, not making its source code publicly available (at least so far).

Now, the perspective to use the Android as a “malware bridge” to other platforms might sound very appealing to cyber crooks, so this improbable openness from the RIM side could become a little bit embarrassing for Google from an Infosec perspective, further encouraging other malware writers to address their efforts towards the Android. Android Virtual Machine spreading for sure makes life easier for developers but, undoubtedly ends up making it harder (from a security perspective) for users and IT Manager.

And what about the future? It looks like the scenario could become even more complicated since the Android Virtual Machine (the notorious Dalvik, in the middle of a lawsuit against Larry Ellison’s Oracle) could soon land on other devices. As a matter of fact, Myriad, a member of the Open Handset Alliance, which collaborates with Google to develop Android is working for an Alien Android (that is a Dalvik compatible Virtual Machine, called Alien Dalvik) capable to run Native Android application on alien platform, furthermore at the same speed of the Original Android (so, not bad, the malware infections will propagate at the same speed then the original platform). Of course this could sound even more appealing for malware writers.

Definitively the Android is no longer satisfied to be reference platform for the market, rather seems to be pointing to became the reference platform also for malware. Who knows if one day we will ever see an Apple infected by an Android?

Follow

Get every new post delivered to your Inbox.

Join 2,944 other followers