Security Alerts & News
by Tymoteusz A. Góral

History
#1141 Intel patches local EoP vulnerability impacting Windows 7
Intel issued an important security patch Monday for a vulnerability that could allow hackers to execute arbitrary code on targeted systems running Windows 7. The bug, located in Intel’s HD graphics Windows kernel driver, leaves affected systems open to a local privilege escalation attacks that could give criminals the ability take control of targeted systems.

Specifically impacted, according to Intel, are users of Intel Graphics Driver for Microsoft Windows prior to March 28, 2016. Intel describes the flaw as one which, if exploited, “would directly impact the confidentiality, integrity or availability of user’s data or processing resources.”
#1140 Microsoft Patch Tuesday – July 2016
This month the vendor is releasing 11 bulletins, five of which are rated Critical.
#1139 Nation-backed malware that infected energy firm is 1 of 2016’s sneakiest
A campaign that targeted a European energy company wielded malware that's so sneaky and advanced it almost certainly is the work of a wealthy nation, researchers said Tuesday.

The malware contains about 280 kilobytes of densely packed code that, like a ninja warrior, cleverly and stealthily evades a large number of security defenses. It looks for and avoids a long list of computer names belonging to sandboxes and honeypots. It painstakingly dismantles antiviruses one process at a time until it's finally safe to uninstall them. It takes special care when running inside organizations that use facial recognition, fingerprint scanners, and other advanced access control systems. And it locks away key parts of its code in encrypted vaults to prevent it from being discovered and analyzed.

Once the malware has gained administrative control of a computer, it uses its lofty perch to survey the connected network, report its findings to its operators, and await further instructions. From then on, attackers have a network backdoor that allows them to install other types of malware, either for more detailed espionage or potentially sabotage. Researchers from security firm SentinelOne found the malware circulating in an underground forum and say it has already infected an unnamed energy company in Europe.
#1138 Cisco boasts 100 percent security coverage
Cisco has said it will do whatever it takes, including working alongside competitors, in order to ensure that it has the best security offering that covers customers 100 percent of the time.

Admitting that the 100 percent statement is a "bold claim", Scott Harrell, VP of Product Management in Cisco's Security Business Group, explained that it means Cisco will provide protection for customers whether they are on business premises or working remotely.

"What we're talking about is the fact that you as customers, you as network administrators, as partners, who are trying to find and deploy these complex networks, your problem's not just a firewall at the edge ... your problem's more than that," Harrell, speaking at the second day of Cisco Live Las Vegas, said.

"You have diverse infrastructures, you have campuses, you have datacentres, you have branches, you have users that are sales personnel that never come back on-prem, they spend their whole life off-prem and seldom connect back into the VPN, you have applications that you're being pushed to move to the cloud by your line of business.
#1137 Vulnerability exploitable via printer protocols affects all Windows versions
Microsoft patched today a critical security vulnerability in the Print Spooler service that allows attackers to take over devices via a simple mechanism. The vulnerability affects all Windows versions ever released.

Security firm Vectra discovered the vulnerability (CVE-2016-3238), which Microsoft fixed in MS16-087. At its core, the issue resides in how Windows handles printer driver installations and how end users connect to printers.

By default, in corporate networks, network admins allow printers to deliver the necessary drivers to workstations connected to the network. These drivers are silently installed without any user interaction and run under the SYSTEM user, with all the available privileges.

Vectra researchers discovered that an attacker can replace these drivers on the printer with malicious files that allow him to execute any code he'd like on the infected machine.

The attack can be launched from the local network or via the Internet, thanks to the Internet Printing Protocol or the webPointNPrint protocol. This type of attack can be delivered via innocuous methods such as ads (malvertising) or JavaScript code hidden in compromised websites.
#1136 Leaky database leaves Oklahoma police, bank vulnerable to intruders
A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.

The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.

The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.

“They said that they were going to let their clients know,” Vickery said.
#1135 VPN provider removes Russian presence after servers seized
VPN provider Private Internet Access has pulled out of Russia in the wake of new internet surveillance legislation in the country.

The company claims that some of its Russian servers were seized by the national government as punishment for not complying with the rules, which ask providers to log and hold all Russian internet traffic and session data for up to a year.

‘We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process,’ wrote Private Internet Access in a blog post.

The provider assured users that as it does not log any traffic or session data, no information was compromised – ‘Our users are, and will always be, private and secure.’
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12