Last week McAfee Labs reported a series of “one-click fraud” malware on Google Play in Japan. We have been monitoring this fraudulent activity and have found more than 120 additional variants on Google Play since the previous report. The malicious developers upload five or six applications per account using three to five accounts every night, Read more…
Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month’s issues are rated ’Critical’.
As always, customers are advised to follow these security best practices:
Microsoft’s summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr
The following is a breakdown of the issues being addressed this month:
MS13-028 Cumulative Security Update for Internet Explorer (2817183)
Internet Explorer Use After Free Vulnerability (CVE-2013-1303) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Use After Free Vulnerability (CVE-2013-1304) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
RDP ActiveX Control Remote Code Execution Vulnerability (CVE-2013-1296) MS Rating: Critical
A remote code execution vulnerability exists when the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
Win32k Font Parsing Vulnerability (CVE-2013-1291) MS Rating: Moderate
A denial of service vulnerability exists when Windows fails to handle a specially crafted font file. The vulnerability could cause the computer to stop responding and restart.
Win32k Race Condition Vulnerability (CVE-2013-1283) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerability (CVE-2013-1292) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.
NTFS NULL Pointer Dereference Vulnerability (CVE-2013-1293) MS Rating: Moderate
An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.
MS13-031 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
Kernel Race Condition Vulnerability (CVE-2013-1294) MS Rating: Critical
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.
Kernel Race Condition Vulnerability (CVE-2013-1284) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.
MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
Memory Consumption Vulnerability (CVE-2013-1282) MS Rating: Important
A denial of service vulnerability exists in implementations of Active Directory that could cause the service to stop responding. The vulnerability is caused when the LDAP service fails to handle a specially crafted query.
MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
CSRSS Memory Corruption Vulnerability (CVE-2013-1295) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
Microsoft Antimalware Improper Pathname Vulnerability (CVE-2013-0078) MS Rating: Important
This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
HTML Sanitization Vulnerability (CVE-2013-1289) MS Rating: Important
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.
MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
Incorrect Access Rights Information Disclosure Vulnerability (CVE-2013-1290) MS Rating: Important
An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.
We hear an awful lot about hackers breaking into systems and taking down networks or stealing millions of data records. The general understanding we have for hacking is bad guys want to disrupt things to make a point or to make money. But how do they really use our personal information against us? Whether you Read more…
Don’t miss the final week to enter the 4th annual Trend Micro What’s Your Story? Internet safety video contest, ending April 16.
Facebook continues to be a favorite target for attackers to spread fake wall-post messages or fake scams. Most of the time these fake messages are involved in fake scams that ask users to respond to surveys. Recently, I discovered a Facebook wall post with a malicious website address that was unknowingly shared by a friend. Read more…
Following the recent discovery of Android/Chuli.A, yet another Android malware has now been found using the same method as Chuli.A: via forged email messages with the Android malware (APK file) as an attachment. However, instead of creating a standalone malicious application that shows a fake invitation about an upcoming congress, this time the attackers compromised Read more…
The begining of spring seems to be an unsuccessful period of the year for cybercriminals in Eastern Europe. There is recent news referring to a neutralization of a group of hackers by joint cooperation between the Security Service of Ukraine with the Federal Security Service of the Russian Federation (FSB) on the web. These hackers […]
De plus en plus d’affaires sont menées sur internet aujourd’hui. Même les plus petites entreprises avec une présence web s’y trouvent.
L’internet est un endroit fantastique pour des entreprises, particulièrement pour celles de petite taille. Les coûts impliqués sont assez bas et il est relativement facile de se construire une forte présence en ligne.
Mais mener des affaires en ligne n’est pas sans danger, surtout au vu des menaces nombreuses que posent les cybercriminels aujourd’hui.
Cet aspect est important par rapport au transferten ligne des données sensibles. Quece soit des contrats ou des reçusque vous envoyiez par mail ou même des informations financières sensibles, la protection des données envoyées en ligne est indispensable. Que pouvez-vous faire pour les protéger ?
L’email a presque le même âge que l’internet mais pendant longtemps le système desécurité des services de courrier électronique était plutôt démodé et facile à infiltrer.
Depuis, il y avait des améliorations dans ce domaine mais il existe toujours des mesures pour augmenter la protection de vos emails si vous envoyez des informations sensibles sur le web.
En vous connectant sur votre compte mail, rassurez-vous que l’adresse commence par HTTPS. Cela vous indique non seulement que votre compte mailest chiffrémais aussi qu’il est sûr.
Pour se rassurer même plus, il est également une bonne idée dechiffrer un mail avant de l’envoyer. Dans ce cas des méthodes comme PGP encryption ou Symantec Digital ID for Secure Email vous fournissent une clé de chiffrement pour vos emails.
Transfert de fichiers
L’émail peut être un moyen sûr pour transférer vos données sensibles mais la plupart des services de courrier électronique limite la taille des fichiers que vous pouvez envoyer.
Pour un document ou un fichier plus large beaucoup de gens utilisent File Transfer Protocol ou FTP (en français « protocole de transfert de fichiers »). Il s’agit d’un système qui permet d’envoyer rapidement et facilement des larges fichiers. Pourtant, il ne vous protège pas si bien.
Il est très facile d’intercepter et de lire des FTP. Des mesures de sécurité supplémentaires sont nécessairessi vous voulez envoyer des informations sensibles avec cette méthode.
En utilisant un FTP en même temps qu’un certificat SSL, vous pouvez améliorer votre niveau de protection et transférer vos fichiers larges sans risque.
Ceci est parfois appelé FTPS. Ce système crée une connexion sûre depuis un serveur ou un ordinateur pour que vous puissiez transférer rapidement et facilement des données sensibles.
Les réseaux de partage de fichiers (file sharing services) représentent une alternative au FTP – beaucoup d’eux sont gratuits au début mais si vous avez besoin de plus d’espace et de plus de bande passante il faut investir quelques euros.
Certificats SSL
Si vous transférezrégulièrementdes larges quantités d’informations sensibles dans le cadre de votre business, un certificat SSL pour sécuriser un portail de transfert de fichier pourrait être un bon investissement
En mettant le transfert des informations sensibles sous un certificat SSL sur votre serveur, vous améliorez votre niveau de sécurité et de simplicité.
Il existe de nombreuses solutions pour le transfert de fichiers en ligne…mais peut-être que la chose la plus importante c’est le choix d’un service sûr et chiffré.
Immer mehr Geschäfte werden heutzutage über das Internet abgewickelt, denn auch die kleinsten Betriebe verfügen oft über eine Form von Webpräsenz.
Das Internet ist ein großartiger Ort für Betriebe, insbesondere f&uum…
More and more business is being conducted on the internet these days, with even the smallest of businesses likely to have some kind of web presence.
The web is a great arena for businesses, especially smaller outfits, to operate in. The costs are low a…