Title: Microsoft Tuesday Updates

Description:  24 CVEs have been fixed in the latest rounds of Microsoft Tuesday Updates. 7 CVEs in Internet Explorer alone. For a full breakdown of the CVEs and the vulnerabilities see below:

Reference:

http://vrt-blog.snort.org/2013/12/microsoft-update-tuesday-december-2013.html

https://isc.sans.edu/diary/Microsoft+December+Patch+Tuesday/17198

Snort SID:  27823, 28464-28473, 28487-28488, 28525-28526, 28862-28863, 28865-28878, 28880-28882 (más…)

Title: Magnitude Exploit Kit on the rise

Description:  The Sourcefire VRT monitors the activity of Exploit Kits throughout the day, and the activity of which exploit kit would be clamoring for the “top title” since the arrest of Blackhole/Cool Exploit Kits author ‘paunch’ has been interesting to watch.  Sweet Orange Exploit Kit had a sharp rise right after the arrest, but as of the writing of this, Magnitude/PopAds seems to be the most active. (más…)

Title: Secclean fake antivirus

Description:  FakeAV continues to be a prevalent threat in the wild surrounding the Microsoft Windows Operating system, typically loaded in the Trojan method.

Ref: http://blog.0x3a.com/post/63080734846/analysis-of-the-security-cleaner-pro-fake-antivirus

Snort SID: 28248-28250

ClamAV:Win.Downloader.Seclean, Win.Trojan.Seclean (más…)

Title: Tenda W302R wireless router w302r_mfg remote code execution

Description:  By sending a UDP packet with a certain string in the content, the user is able to make the router execute commands remotely.

This backdoor only works on the local lan. This backdoor was likely first implemented in Tendas W302R router, although it also exists in the Tenda W330R, as well as re-branded models, such as the Medialink MWN-WAPR150N. (más…)

Title: Microsoft Office Patch Tuesday Release

Description: This month’s Microsoft Tuesday Update brings us 8 bulletins for a total of 26 CVEs. Four of these bulletins are marked as critical, while the rest are marked as important. (más…)

SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM

Title: Identity theft service discovered breaking into several data brokers

Description: Independent security reporter Brian Krebs last week broke the news last week that the notorious underground identity theft service SSNDOB had gained access to several major personal and business data aggregation services, including Lexis/Nexis and Dun & Bradstreet. The intrusions, which were ongoing for at least several months, used malware that exfiltrated data via an encrypted channel to attacker-controlled systems. Investigations by the impacted firms are ongoing, but the scope of the damage is expected to be extremely widespread. (más…)

Title: Attacks against Internet Explorer 0-day continuing in the wild

Description: Despite a major wave of publicity following the discovery last week of a 0-day remote code execution flaw in Internet Explorer, and the release of a workaround by Microsoft, in-the-wild exploitation of the flaw (CVE-2013-3893) is continuing to take place, with security vendor FireEye releasing an in-depth report about attacks occurring specifically in Japan. Live exploit code began appearing on public security research sites by Tuesday of this week, and worldwide exploitation by exploit kits and other large-scale vectors is likely to begin occurring well before the October 8 release of Microsoft’s standard patch cycle. System administrators are urged to ensure that Microsoft’s temporary fix has been applied immediately. (más…)

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. (más…)