TechBlog

The Hacker News reported: For all the talk about China and the Syrian Electronic Army, it seems there’s another threat to U.S. cyber interests i.e. Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. ...

Apple has released a security update for its QuickTime media framework for Windows. Version 7.7.4 of the software closes 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats. The vulnerabilities affect Windows 7, Vista and XP SP2 or later and could be exploited to cause arbitrary code execution and application crashes. The vulnerabilities affected the playback of MP3, H.263, H.264, TeXML, JPEG, QTIF, Sorenson Video and FPX files as well as the handling of dref, enof and mvhd atoms within the program. All of the problems were reported by researchers working with HP’s Zero Day Initiative, five of them by Tom Gallagher and Paul Bates from Microsoft. ...

Symantec has stopped selling the security-related products in its PC Tools portfolio, according to an announcement on the company’s web site. Customers using the affected programs – Spyware Doctor, Spyware Doctor with AntiVirus, and Internet Security – can continue to use them until their subscription runs out. Symantec says that the decision is related to consolidating its product range in order to offer customers fewer but higher quality products. To that end, the company suggests that customers looking to replace the discontinued products consider Norton Internet Security. ...

The Chrome developers at Google have released version 27 of their browser to the Stable release channel for Windows, Mac OS X, Linux, and Chrome Frame for Internet Explorer. The new version, Chrome 27.0.1453.93, includes performance improvements with a new scheduler and fixes a number of security vulnerabilities – most of them rated as High – that Google’s bug bounty program rewarded with almost $15,000 in total. Chrome 27 also introduces a filesystem API that allows the browser to synchronise application data through the Google Drive service. Among the bug fixes, a dependency problem which stopped Chrome being easily installed on Ubuntu 13.04 has also been fixed, one release earlier than Canonical was expecting. ...

Malicious browser extensions are trying to hijack Facebook profiles, according to a warning from Microsoft’s Malware Protection Center. The extensions, first discovered in Brazil and dubbed JS/Febipos.A by Microsoft, are targeted at Chrome and Mozilla Firefox and appear to be installed by a custom trojan dropper. Microsoft first reported on the trojans in April, but it seems that a recent update to the trojans warrants bringing further attention to them. The trojan extensions themselves monitor users’ browser activity to see if they are logged into Facebook and then retrieve a configuration file from a site, disguised as a .php file, which contains commands for the extension. The extension is able to like pages, share pages, post, join groups, invite friends to groups, chat to friends or comment on posts. The Microsoft researchers have witnessed the extension posting messages (in Portuguese) about teen suicides with a video link that sends users to a malicious site, liking and commenting on a Facebook page apparently belonging to a car company, and sending out a variety of messages via chat, posts or comments. Links to other Facebook profiles are also posted by the extension in messages. ...

US domain registrar and web hosting service Name.com has fallen victim to a hacker attack. In a recent email, the company informed its customers of an incident that potentially enabled unknown attackers to gain access to “email addresses, encrypted passwords and encrypted credit card details”. The registrar says that the private crypto keys that are required to decrypt the stolen credit card details are stored on a separate system that wasn’t compromised. ...

Microsoft has confirmed a bug in Internet Explorer 8, CVE-2013-1347, which exposes user machines to remote code execution. In an advisory, Microsoft says the vulnerability “exists in the way that Internet Explorer [accesses] an object in memory that has been deleted or has not been properly allocated.” That, in turn, opens the door to memory corruption and remote code execution in the current user context. According to this blog post by Eric Roman: “A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the document and used again during rendering, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user.” ...

Canonical has released Ubuntu 13.04 Raring Ringtail, most likely the last release of Ubuntu that will primarily cater for laptop and desktop users. For Ubuntu 13.04, Canonical focused on tightening up the core of the OS and polishing the Unity interface in preparation for Ubuntu’s smartphone and tablet debut, which is slated to occur in October with the release of version 13.10. There’s also the usual slew of package updates, a new Linux kernel, and a couple of new features, too. ...

Cross-posted from PCMag SecurityWatch: Last week independent antivirus lab AV-Comparatives released the results of an on-demand antivirus detection test. The fact that Microsoft came in near the bottom wasn’t big news; the fact that Symantec scored even lower was surprising indeed. In a blog post released today, Symantec decried the entire practice of performing on-demand malware scanning tests, calling it “misleading.” In the early years of antivirus testing, every test was an on-demand scanning test. Researchers would assemble a collection of known malware, run a full scan, and record the percentage of samples detected. Modern labs work hard to devise tests that more closely reflect a user’s real-world experience, taking into account the fact that the vast majority of infections enter the computer from the Internet. Symantec contends that only the real-world sort of test is valid; I don’t entirely agree. ...

Microsoft is making another attempt to close the privilege elevation hole in the NTFS filesystem’s kernel driver for Windows 7 and Server 2008, including R2. The new patch, 2840149, supersedes security update 2823324, which Microsoft released on its April Patch Tuesday. However, shortly after releasing it, the software giant had to recall the first update because it caused problems with various third-party programs; it crippled computers and triggered error messages. Kaspersky’s anti-virus programs also started acting up once the update was installed, erroneously assuming that they no longer had a valid licence and discontinuing operation. When re-releasing the update, Microsoft didn’t clarify whether this was the reason for the system malfunctioning. ...