Cyber criminals are selling made-to-order malware plug-ins to steal personal information from online banking customers, a reflection of a maturing black market in which the best developers can demand the highest prices, security vendor Trusteer says.
Depending on the sophistication, the Web-inject plug-ins cost as much as $2,000 and support several malware platforms, such as SpyEye, Zeus, and Ice IX, Trusteer says. More generic Web injects sell for as little as $50.
via Custom-designed malware a growing market | Security – InfoWorld.
A threat is saving files into the printer spooler directory – certain printer applications are set to print any files appearing in this directory, including the binary in the form of ASCII characters. This situation may be overwhelming printers, rendering them unusable, and impacting business operations. The printing of random binary data is likely a unintended side effect of the threat.
via Enterprise Support – Symantec Corp. – Malware is causing network printers to print random ASCII characters.
Grep is a powerful command-line tool in Unix and Linux used for searching and probing data sets for lines that matches a regular expression. As a short history, this utility was coded by Ken Thompson on March 3, 1973 for Unix.
via Simple Kung Fu Grep for Finding Common Web Vulnerabilities & Backdoor Shells | Pentest Laboratory.
Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsofts Windows Update mechanism.
Their findings answer a key question: How could Flame infect fully patched Windows 7 machines?
via Experts show how Flame malware fakes Windows.
Several readers mentioned that Microsoft today issued a Security advisory regarding Microsoft XML Core Services (MSXML). This is in response to active exploitation.
The issues affects Office 2003 and 2007 on all versions of windows. All a user has to do to fall victim is visit the wrong website using IE.
via ISC Diary | Microsoft Security Advisory 2719615 – MSXML – CVE-2012-1889.
Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attackers website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
via Microsoft Security Advisory 2719615: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution.
The U.S. Computer Emergency Readiness Team CERT has issued an alert for a dangerous guest-to-host virtual machine escape vulnerability affecting virtualization software from multiple vendors.
The vulnerability, which affects 64-bit operating systems and virtualization software running on Intel CPU hardware, exposes users to local privilege escalation attack or a guest-to-host virtual machine escape.
via US-CERT warns of guest-to-host VM escape vulnerability | ZDNet.
Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame.
via The Flame: Questions and Answers – Securelist.
Attention Microsoft Windows administrators: Stop what you’re doing and apply the new — and very critical — MS12-020 update.
Microsoft is warning that there’s a remote, pre-authentication, network-accessible code execution vulnerability in its implementation of the RDP protocol.
via Microsoft warns: Expect exploits for critical Windows worm hole | ZDNet.
While I started working on comparing various OS X hardening guides see the prior diary from a couple of days ago, Apple announced one important new security feature in OS X 10.8 Mountain Lion. The new operating system to be released this summer will include a white listing system based on iOS. iOS has received a lot of criticism for its closed nature, but so far, I have to admit it has worked pretty well. We have heard very little about iOS malware while Android malware appears to start steal the show from Windows malware it got a while to go, but all the news lately appears to be about Android malware.
via ISC Diary | How to test OS X Mountain Lions Gatekeeper in Lion.