Microsoft Fixes Scary USB Flaw, 20 Bugs, in March Patch Tuesday
Microsoft released seven security bulletins fixing more than 20 vulnerabilities for March Patch Tuesday. Affected applications and components include Internet Explorer, Silverlight, Visio Viewer, Sharepoint, OneNote, Office for Mac and a kernel driver in all versions of Windows.
Of the bulletins, four were rated critical and three as important, according to Microsoft's security advisory released Tuesday. The cumulative Internet Explorer patch, which has the highest priority, applies to all supported version of Internet Explorer, from versions 6 to 10.
"Pretty much everyone running Windows, and lots of Microsoft shops, should be diligently patching systems today," Kurt Baumgartner, a senior security researcher with Kaspersky Lab, wrote on SecureList.
The IE advisory does not apply to users who downloaded and installed IE 10 for Windows 7 released just a few weeks ago, as Microsoft had already included those fixes. While none of them are currently being targeted in the wild, IE is a frequent target and should be patched immediately.
Apple Blocks Access to Older Versions of Flash Player on Safari
Apple has blocked access to older versions of Flash Player in order to avoid exposing Mac users to a recently patched vulnerability found within Adobe's video player.
"Adobe Flash Player updates are available that address a recently identified Adobe Flash Player web plug-in vulnerability," Apple said in a note posted to its support website this weekend.
To protect those who have not yet installed the update, however, Apple has blocked older versions of Flash Player on Mac OS X 10.6, OS X Lion, and OS X Mountain Lion. Those who try to view Flash content on those operating systems might encounter a "Blocked Plug-in" alert. If you click on the alert, Safari will tell you that your Flash Player is out of date, and provide the opportunity to update.
Evernote Forces Password Resets Following Hack
If you're a big fan of Evernote, we hope you have a few new password ideas in mind. According to a blog post by the company, the service has suffered a "coordinated attempt to access secure areas of the Evernote Service," and all of Evernote's 50+ million users are being forced to reset their passwords prior before they'll be allowed access to the service once again.
On the plus side, the data that you store on Evernote – as well as your (likely more) important payment information if you're ponying up a fee to unlock more capabilities within the service – remain free from access by third-party attackers, Evernote says.
"In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed," reads the company's blog post.
However, attackers were seemingly able to access a treasure trove of information related to users' actual accounts, including user names, passwords, and email addresses. The passwords themselves "are protected by one-way encryption," Evernote notes, which should allay a few fears for those users who end up using the same (or similar) passwords for a number of different online accounts — a practice Evernote itself calls out as one that users might want to resist doing going forward.
The attack itself was first picked up by the company's operations and security team on February 28, when team members first noticed "unusual" and "potentially malicious activity" on Evernote.
"They are continuing to investigate the details. We believe this activity follows a similar pattern of the many high profile attacks on other Internet-based companies that have taken place over the last several weeks," a Evernote spokesperson wrote in an email to CNET.
China Accuses U.S. of Hacking Government Sites
China is hitting back at the U.S. over accusations of hacking, arguing that American officials have orchestrated their own attacks on China.
A recent report from Mandiant, which accused the Chinese military of carrying out cyber attacks on U.S. and other targets, is factually inaccurate and unprofessional, China's Ministry of Defense said during a recent press briefing.
The agency pointed to the growing number of cyber attacks on the Chinese Defense Ministry and Chinese military websites. Examining the IP addresses of the attackers in 2012, the Chinese determined that 62.9 percent came from the U.S., the ministry said in a translated statement.
Last week, the state-controlled Xinhua news agency quoted Foreign Ministry spokesman Hong Lei as saying that in 2012, "about 73,000 overseas IP addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites."
The Defense ministry also criticized a recent report that said U.S. intelligence officials determined that the president of the United States has the power to launch a pre-emptive strike if a major cyber attack is imminent, as well as a planned expansion of "network warfare units."
NBC.com Hacked, Infected With Citadel Trojan
NBC said Thursday that it was working to resolve a problem on its website after security researchers began issuing warnings that NBC.com and related sites had been hacked and infected with malware that was redirecting visitors to malicious websites.
"We've identified the problem and are working to resolve it. No user information has been compromised," NBC said in a statement.
Malware on NBC.com and other sites associated with the TV network's entertainment portal was also detected and blocked by Internet browsers like Google's Chrome, NBC News reported. The network's NBC News Digital sites, including NBCNews.com and TODAY.com, were unaffected, according to NBC News.
Facebook also blocked NBC.com for a period of time after reports of the malware infection emerged, according to Reuters.
Security software developer Malwarebytes identified the malware infecting NBC.com and properties like the network's website for "Late Night with Jimmy Fallon" as the Citadel Trojan.
Conflicting Reports About Origin of Apple, Facebook Hacks
High-profile tech companies have been falling like dominoes to a series of company hacks that in recent days victimized Apple and Facebook, but investigators seeking to discover the origins of the attacks have served up conflicting reports.
Just days after Facebook revealed that its systems were "targeted in a sophisticated attack," Apple on Tuesday said that it too had been the victim of hackers. The Cupertino tech giant said its computers were attacked by the same online miscreants who targeted Facebook and as with the earlier attack, no data appears to have been stolen in the Apple hack.
Earlier this month, Twitter also said that it detected "unusual access patterns" on its network, which indicated that attackers might have accessed the user data of approximately 250,000 users.
But who is attacking these companies and where are the attacks coming from?
Some investigators have pointed the finger at China—specifically to a a prolific group of computer hackers security researchers have traced to a government-backed, military building in Shanghai. According to a new report from Mandiant, the People's Liberation Army Unit 61398 is located "in precisely the same area" as a section of APT1, an advanced persistent threat group that has stolen hundreds of terabytes of data from at least 141 organizations worldwide.
Apple Also Targeted by Hackers, Company Reveals
The list of high-profile tech companies victimized by hackers is growing.
Just days after Facebook revealed that its systems were "targeted in a sophisticated attack," Apple has now made the rare admission that it too was the victim of hackers. The Cupertino tech giant's computers were attacked by the same online miscreants who targeted Facebook. No data appears to have been stolen in the Apple hack.
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers," Apple said in a statement to PCMag.com. "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers."
A "small number" of Apple employees' Mac computers were breached, though "there was no evidence that any data left Apple," the company said. Upon discovering the intrusion, Apple isolated the infected computers from its network and began working with law enforcement to find the source of the malware.
Apple said it will release a software tool on Tuesday to protect Mac users against the malware leveraged by attackers.
Chinese Military Linked to Extensive Cyber Espionage Campaign
Security researchers have traced a prolific group of computer hackers to a government-backed, military building in Shanghai, China.
According to a new report from Mandiant, the People's Liberation Army Unit 61398 is located "in precisely the same area" as a section of APT1, an advanced persistent threat (APT) group that has stolen hundreds of terabytes of data from at least 141 organizations worldwide. "Mandiant has traced APT1's activity to four large networks in Shanghai, two of which serve the Pudong New Area where Unit 61398 is based," the company said.
PLA Unit 61398 has hundreds of staffers, Mandiant said, all of whom are trained in computer security and computer network operations and are required to know English.
"Our analysis has led us to conclude that APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors," Mandiant concluded. "We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support."
APT1 is linked to at least 141 company hacks since 2006, Mandiant said. The group uses "a well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property." The attacks are not a one-shot deal; APT1 often returns over months or years to "steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations' leadership."
Facebook Hacked, User Data Not Compromised
Facebook is the latest company to reveal that it was the victim of hackers, but the company said users' personal information was not compromised by the breach.
In a Friday blog post, the social network said its security team last month discovered that Facebook's systems were "targeted in a sophisticated attack."
"This attack occurred when a handful of employees visited a mobile developer website that was compromised," Facebook said.
The website in question was hosting an exploit that installed malware on the computer of anyone who visited it. Facebook said the infected laptops were running updated versions of anti-virus software, and "as soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."
Ultimately, Facebook has found no evidence that any Facebook user data was compromised by the malware.
The bug was uncovered when the Facebook Security team flagged a suspicious domain in its corporate DNS logs and tracked it back to an employee computer. An examination of the laptop revealed the malicious file, prompting a wider search - and the discovery of more malware.
The file in question used a zero-day exploit that bypassed the Java sandbox to install the malware. "We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability," Facebook said.
iOS 6.1 Bug Allows Anyone to Bypass Lockscreen to Access Contacts, Voicemail, Photos
It's been a turbulent couple of months for Apple, Inc. While Apple fans still abound and sales remains strong, the iPhone 5 launch was marred with shocking bugs which included camera, connectivity, and battery life issues. And then there was the Maps debacle, which was so bad that Apple CEO Tim Cook personally apologized to fans, telling them to use Google Inc.'s (GOOG) superior (or functional) products. There've been shareholder lawsuits over Apple's profit hording and a dramatic plunge in stock prices after margins slid in Q4 2012.
Now there is a security flaw in iOS 6.1 that allows users to simply punch in a serious of virtual and hard button presses to unlock an iPhone, bypassing the security passcode. The instructions are seen below in the YouTube video by VideosDeBarraquito: