By: Aditya Balapure (Infosec Institute)

 The recent major vulnerability CVE-2013-0027 flooded almost all versions of Microsoft Internet Explorer and affected operating systems like Windows XP, Vista, 7, and 8, including all the major server versions too. Some thirteen privately reported vulnerabilities were recently resolved in a security bulletin by Microsoft.


From the Mozilla blog:


Issue:
Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.


Firefox 3.6.11 and Thunderbird 3.15 have been released which include security updates for several critical vulnerabilities that can be exploited to run malicious code. Users are advised to update these applications.

Full details about the updates here:

Firefox
Thunderbird

Its a good idea to set these applications to check for updates automatically.


In a recent article by CBC News more security and privacy concerns for companies, and possibly individuals, have been highlighted.

The problem centers around your disused photocopier. Since modern photocopiers contain hard drives for storing the information they scan this information is available long after you have forgotten all about it.


Here’s one to watch out for: The U.S. FTC is warning consumers and businesses to be aware of scams stemming from the BP oil spill in the Gulf of Mexico. The scams are likely to come in the form of real world (including phone calls, door-to-door collections, and flyers) as well as online dangers (including e-mail, websites, and social networking sites).


We’ve warned you before about the rise of rogue security software, as cyber scammers continue to push their fake products. A simple, yet effective, way for these criminals to increase rogue sales is to hitch a ride on the back of a well-known security product, and distribute it through a rogue website.


In its second out-of-band update (meaning delivered outside of the regular Patch Tuesday schedule) in the past three months, Microsoft said today that it’s planning to issue an emergency security update tomorrow. The update will patch a zero-day vulnerability in Internet Explorer 6 and 7 that has been used to launch drive-by attacks.

Check Microsoft’s ‘Security Bulletin Advance Notification’ for full details.


Today at Lavasoft, we discovered a number of new clones from the XpAntispyware2010 family of rogue security software. The unique aspect of this family is the ability to randomly change its name. Lavasoft Malware Labs found 36 different names on three operating systems (Windows XP, Windows Vista and Windows 7).

The links below lead to snapshots in the Lavasoft Rogue Gallery:


Windows XP

antispywarexp
antivirusxp
totalxpsecurity
xpdefender
xpdefenderpro
xpsecuritytool2010
xpsmartsecurity
xpsmartsecurity2010
xpantimalware
xpantimalware2010
xpsecurity
xpsecuritytool


A new clone from the MalwareCatcher rogue security software family has now been released. 

The fraud tool is called SecurityAntivirus and will add hundreds of registry keys within:


In light of recent rise in use of Adobe Reader exploits, we ask each of you to update to the latest version of the software. This popular software is on so many of your machines and it is imperative that you get the patches for recent Internet security vulnerabilities.


We’ve already seen a high amount of bad online behavior taking advantage of the H1N1, or swine flu, outbreak in the past few months. Early this spring, cyber scammers were quick to capitalize on swine flu fears to infect computers, steal personal information, and make profits. After all, from the cyber criminals' perspective, the topic has all the right characteristics needed to pull off an online scam: a global nature, a hot media-hyped issue, and high levels of curiosity and concern by the general public.


The U.S. Federal Bureau of Investigation has issued a new advisory for law firms and PR companies to take heed of:

By way of an ongoing FBI investigation, it’s been found that hackers are increasingly targeting U.S. law firms and public relations groups with spear phishing e-mails containing malicious payloads, in an attempt to break into their computer networks to steal sensitive information.

According to the FBI’s e-scam advisory: