Sophos 2012 Security Threat Report
Last week Sophos released it 2012 Security Threat Report which highlighted some key finding from 2011:
- Smartphones and tablets causing significant security challenges
- Major data breaches and targeted attacks on high-profile companies and agencies
- Hacktivism -> A shift from hacking for money to hacking as a form of protest or to prove a point
- Conficker worm is still the most commonly encountered pieces of malicious software seen is Sophos customers
- Fake antivirus software is still the most common type of malware but in second half of the year appears to be on the decline
- Spearphishing attacks on the rise
Despite all this, some successes "On March 16, 2011 a coordinated effort known as Operation b107 between Microsoft, FireEye, U.S. federal law enforcement agents and the University of Washington knocked Rustock offline." [1] The entire report available here.
Handler Mark published a diary on some of the things to take in consideration "When your service provider has a breach". [3]
[1] http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-07.aspx
[2] http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report/html-01.aspx
[3] https://isc.sans.edu/diary.html?storyid=10651
[4] http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf
Data breach diaries reported by ISC in 2011:
[1] Wordpress.com https://isc.sans.edu/diary.html?storyid=10729
[2] RSA Breach https://isc.sans.edu/diary.html?storyid=10609
[3] Lockheed Marting https://isc.sans.edu/diary.html?storyid=10939
[4] Sega Pass https://isc.sans.edu/diary.html?storyid=11065
[5] SonyPictures https://isc.sans.edu/diary.html?storyid=10996
[6] DigiNotar SSL Breach (result = bankruptcy) https://isc.sans.edu/diary.html?storyid=11479
[7] GlobalSign https://isc.sans.edu/diary.html?storyid=12205
[8] Stratfor Global Intelligence https://isc.sans.edu/diary.html?storyid=12271
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Critical PHP bug patched
Just about a month ago, PHP 5.3.9 was released, which included a patch for the "hash collision" problem. The basic hash collision problem affected various languages, including php and .Net (Microsoft fixed the issue in an out of band patch 2011-100 in late December).
PHP fixed the issue not by introducing a new hash function, but instead it limited the number of input parameters. Just like the php hardening patch suhosin did all along, PHP now supported a "max_input_var" parameter to limit the number of input parameters a request may send. The default limit was set to 1,000, plenty for most web applications.
Sadly, the fix was implemented incorrectly, and introduced a more severe vulnerability, a remote code execution vulnerability. Thats right: An attacker could craft a request, that will execute code on a web server running PHP 5.3.9.
Today, the PHP team released PHP 5.3.10 to address the issue.
If you are running PHP 5.3.9: PATCH NOW! This is a very critical bug
If you are running PHP 5.3.8: DO NOT UPGRADE TO 5.3.9. I would actually recommend that you wait.
Additionally, try to enable Suhosin if at all possible. There is a slight performance hit, but it is unlikely to break your web application unless you are already tight in resources. Many Linux distributions include Suhosin, so it may be pretty easy to set up.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago