Patch Tuesday August 2014 saw Adobe releasing fixes addressing seven vulnerabilities in Reader (including Acrobat) but just one in Flash. The Flash update , while extremely  long , consists mostly of  tabl e of versions and version No. changes. It is vague about the vulnerabilities only saying that "they could potentially allow an attacker to take control of the affected system." One is an RCE (Remote Code Execution) vulnerability where an attacker could run malware on your computer by sending you a dodgy flash file or directing you to a website containing such a file. It is however,  not easy now to exploit this type of hole because attackers rely on misdirecting the flow of code execution in the Flash software, which means they need a predictable destination for the hijacked execution path.

Adobe released fixes for Flash and Shockwave Player on Patch Tuesday July 2014.However only the Flash updates were mentioned in a security bulletin. The bugs fixed in the flash update include three CVEs ( officially numbered vulnerabilities).Two of them, CVE -2014-0537 and CVE-2014-0539 have been known from December 2013.Adobe did not hurry to patch them since they were neither publicly disclosed holes nor Remote Code Execution (RCE) vulnerabilities.

The CVE, 2014-4671, has been given the popular name ‘Rosetta’ by the Google researcher who discovered how to exploit it. The Rosetta Stone was an ancient artifact that had the same text in three languages and so helped to decipher ancient Egyptian script. Likewise the Flash exploit, translates Flash files into 100% printable alphanumeric characters. This

The online trading giant eBay has owned up to a password breach on its site being committed by cyber attackers. As a result people who have been using eBay to buy and sell goods have been warned to change their passwords. Apparently the security breach occurred about three months ago.

eBay Inc. said beginning later today it will be asking eBay users to change their passwords because of a cyber attack that compromised a database containing encrypted passwords and other non-financial data. [...] The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.

Organizations that store and process sensitive and valuable trade and market information, client information and transaction history data, continues to be at the top of potential targets for cyber criminals who probe, scan and penetrate the IT infrastructure of these organizations to carry out massive cyber attacks. These attacks may come in many forms including web site defacements, coordinated break-ins and denial of service attacks aimed at crippling the customers business processes.

Based on the information gathered from various reliable sources on 11th of April 2014, the TechCERT team identified that a group of hackers were planning to launch a series of cyber attacks targeting at Sri Lankan websites on 15th and 16th April 2014. By that time, attackers had already created an event on Facebook.

What is HeartBleed?
HeartBleed is a bug in Heart Beat extension in OpenSSL which widely used SSL connection establishments in servers which may leads to disclose 64kB chunk of memory in server. Since this is the same memory space where OpenSSL also stores the server's private key material, an attacker can potentially obtain

  • long-term server private keys
  • TLS session keys
  • confidential data like passwords
  • session ticket keys.

Who is Affected?
Web servers (TLS) using following OpenSSL versions.

We have long been familiar with DDoS attacks by which attackers seek to cripple a machine or network and make it unavailable to its intended users. DDoS attacks are frequently mounted on high profile sites such as banks and credit card payment gateways. Such attacks have usually taken the form of DNS based reflection and amplification attacks. The perpetrator’s strategy is to send a packet with a forged source IP address. The packet will purport to be from the victim to a server on the internet. The server will be one which will send an immediate reply to such a request and since the IP address is forged the reply goes to the intended victim. The actual source is very hard to trace and by using a large number of servers the victim can be swamped with a huge amount of data packets. What makes the problem worse is that the forged request packets are designed to extract large replies

footerimage

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact