Enclave Security "A Leader in Data Protection Services"

• Home
• Auditing
• Services
• Blogs
• Resources
• About Us

Subscribe to This Feed

Recent Posts

• BadB now charged in RBS WorldPay ATM case: Cyber Security Highlights Sept 2, 2010
• HP holds Navy network Hostage for $3.3 billion: Cyber Security Highlights
• Nuclear plants prepare for cyber attacks: Cyber Security Highlights August 31, 2010
• iPad spam: Cyber Security Highlights August 27th
• Defense official discloses cyber attack: Cyber Security Highlights August 26th

Categories

• 20 Critical Controls
• 44th Presidency Cybersecurity efforts
• Advanced Persistent Threat
• Assurance
• Audit
• Background Checks
• CISA
• Cyber Warfare
• Cybercrime
• Data Leakage Protection (DLP)
• DHS Infrastructure Reports
• Encryption
• Free Audit Checklists
• Health Information Technology
• Information Security Awareness
• Legal & Privacy
• Malware
• Medical Identity Theft
• Microsoft Windows
• Policy
• Progressive Reforms
• SANS Institute
• Secure Development Lifecycle (SDL)
• Sharpen the Saw
• Social Engineering
• Tools
• Training
• Web 2.0
• Writing Secure Code

Attend an Event

Enclave on Twitter

« Feds to spend $144M to train health IT workers: Cyber Security Highlights July 19 2010 | Main | Black Hat talk to reveal analysis of hacker fingerprints: Cyber Highlights July 21, 2010 »

Windows token kidnapping returns to haunt Microsoft: Cyber Highlights July 20, 2010

By Kelli Tarala | July 21, 2010

More than a year after Microsoft issued a patch to cover privilege escalation issues that could lead to complete system takeover, a security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7. The founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008, and after waiting in vain for a patch, he released the details during the Month of Kernel Bugs project. The flaw would eventually be exploited in active attacks, leading to a mad scramble at Redmond to come up with a fix, and to a subsequent disclosure flap that exposed Microsoft as the irresponsible party. This year, the researcher plans a new talk titled “Token Kidnapping’s Revenge” where he will discuss how attackers can even bypass certain Windows services protections.

Full Story:
http://www.zdnet.com/blog/security/windows-token-kidnapping-returns-to-haunt-microsoft/6849

Consumers warned about Amazon.com scam
The millions of consumers who use Amazon.com to purchase everything from books to cookware have to be careful about a new phishing scheme. The Better Business Bureau (BBB) said it has received reports of e-mails, appearing to come from Amazon.com customer service, with the subject line “Thank you for your order.” The message has the Amazon.com logo and looks legitimate in other ways, at least on the surface. The e-mail lists an order number, total price, and a link to view the order. Someone receiving the message who had not ordered anything might click the link to see what he has mistakenly been charged for. Someone who had actually ordered something from Amazon might click the link because the price and item description is wrong. Anyone who clicks on the link would be sent to a fake site where an attempt would be made to steal her personal information.

Full Story:
http://www.consumeraffairs.com/news04/2010/07/bbb_amazoncom_scam.html

Old browsers create problems for some AKO€users
Security changes for Army Knowledge Online (AKO) recently prevented a small percentage of users with older browsers from accessing the web-based portal. AKO, the original Army “cloud” computing environment, serves more than 2.3 million unclassified users and more than 123,000 classified users including active duty, National Guard, Army Reserve, Department of the Army civilians, contractors, family members and retirees. The Department of Defense discovered in an annual audit that AKO was not carrying the most secure algorithms available. After implementing the 6140-2 Compliance Algorithm June 23, about 100 users per day began contacting AKO because they could not access the portal, said the AKO product director.

Full Story:
http://www.ftleavenworthlamp.com/newsnow/x1005402318/Old-browsers-create-problems-for-some-AKO-users

Windows ‘shortcut’ attack code goes public
A security researcher July 18 published a working exploit of a critical Windows vulnerability, making it more likely that attacks will spread. According to a security advisory issued July 16 by Microsoft, hackers can use a malicious shortcut file, identified by the “.lnk” extension, to automatically run their malware simply by getting
a user to view the contents of a folder containing the shortcut. Malware can also automatically execute on some systems when a USB drive is plugged into the PC. All versions of Windows, including the just-released beta of Windows 7 Service Pack 1 (SP1), as well as the recently retired Windows XP SP2 and Windows 2000, contain the bug. 

Full Story:
http://www.computerworld.com/s/article/9179339/

MS confirms Windows shortcut zero-day flaw
Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw. Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems.

Full Story:
http://www.theregister.co.uk/2010/07/19/win_shortcut_vuln/

Single Trojan accounted for more than 10 % of malware infections�
In a study issued last week, BitDefender reported that the top two malware offenders during the first six months of 2010 — Trojan.AutorunINF.Gen and Win32.Worm.Downadup.Gen — both exploit Autorun.INF. Trojan.AutorunINF.Gen alone accounted for 11 percent of all the malware infections detected by BitDefender in the first half, according to the report. Late January saw the emergence of Win32.Worm.Zimuse.A, a deadly combination of virus, rootkit, and worm. Regionally, China and Russia are the world’s top malware distributors, the report said.

Full Story:
http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=225900079

Watch out for phone scam that offers tech support, leaves spam
A tricky phone solicitor posing as Microsoft tech support can turn one’s computer into a spam-sending zombie machine, and the victim might be charged for it. The scam is one of many fishy attempts to obtain personal information or hack computers, according to a spokeswoman for the consumer affairs unit at a San Jose, California-area district attorney’s office. The scam has surfaced across North America, in the United Kingdom and in Australia. The caller pretends to be tech support from a computer company, but the instructions he walks people through actually install new software that gives him remote access to the computer, so he can use it to send spam or access people’s personal information.

Full Story:
http://www.mercurynews.com/breaking-news/ci_15497948?nclick_check=1

Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_072010.pdf

Topics: DHS Infrastructure Reports |

Comments are closed.