« Flashback botnet not shrinking, huge numbers of Macs still infected: DHS Infrastructure Cyber Highlights April 24th | Main | Gamex trojan threatens Android users: DHS Infrastructure Highlights May 1st »
By Kelli Tarala | April 30, 2012
Hypervisors — such as VMware ESXi and Xen — provide the platform on which virtualized guest operating systems run, and are therefore a core component of any business’s virtual infrastructure. A 2010 study from IBM found that 35 percent of all vulnerabilities in a virtualized environment could be traced to the hypervisor. Those vulnerabilities are cause for concern in the wake of VMware’s April 23 confirmation that source code dating to 2003 and 2004 was publicly released by a hacker billing himself as Hardcore Charlie. Furthermore, he said the release was a “sneak peak” of the 300 MB of VMware source code he said is in his possession, which he said will be publicly released May 5. Charlie said he obtained the VMware kernel source code via March attacks against China Electronics Import & Export Corporation.
NYSE receives credible cyber threat against website
The New York Stock Exchange (NYSE) received a credible threat to disrupt its external Web site as part of an apparent cyber attack attempt against many U.S. exchanges, the Fox Business Network reported April 26. The threat, which is not tied to NYSE’s trading systems, prompted the Big Board to beef up security and monitoring for a potential cyber attack, sources familiar with the matter said. The April 26 threats centered around a potential denial-of-service attack strictly focused on the exchange’s external Web site, and having nothing to with its trading systems, a source said. The cyber threat appears to be tied to an anti-capitalistic online posting by a cyber group called “L0NGwave99” that promised to hit stock exchanges with a denial of service attack April 26 in support of the “great and rooted 99% movement.” In addition to the NYSE, the group claimed it will put “into a profound sleep” the Web sites of the Nasdaq Stock Exchange, BATS, the Chicago Board of Options Exchange, and the Miami Stock Exchange. While the posting said it would start the operation at 9 a.m., none of those exchanges appeared to be suffering any Web site difficulties as of early the afternoon of April 26.
One vulnerable site can serve multiple cybercriminal groups, experts find
PHP 5.4.1 and PHP 5.3.11 released
The PHP developers released the first update for PHP 5.4, the latest version of their popular scripting language, and an update to PHP 5.3, the older stable branch of the language. The developers said “All users of PHP are strongly encouraged to upgrade” to the new releases. PHP 5.4.1 has more than 20 bug fixes, including some related to security. One security bug concerned insufficient validating of the upload name, which then led to corrupted $_FILES indices. Another notable change was open_basedir checks being added to readline_write_history and readline_read_history. The PHP 5.3.11 upate fixes nearly 60 bugs including correcting a regression in a previously applied security fix for the magic_quotes_gpc directive. A new debug info handler was also added to DOM objects, and the developers added support for version 2.4 of the Apache Web server.
Ghost of HTML5 future: Web browser botnets
Critical bug reported in Oracle servers
There is a critical remotely exploitable vulnerability in all of the current versions of the Oracle database server that can enable an attacker to intercept traffic and execute arbitrary commands on the server. The bug, which Oracle reported as fixed in the most recent Critical Patch Update (CPU), is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating. The vulnerability lies in the TNS Listener service, which on Oracle databases functions as the service that routes connection requests from clients to the server itself. A researcher said he discovered the vulnerability several years ago and then sold the details of the bug to a third-party broker, who reported it to Oracle in 2008. Oracle credited the researcher for reporting the bug in its April CPU, but he said in a post on the Full Disclosure mailing list the week of April 23 that the flaw was not actually fixed in the current versions of the Oracle database server.
Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.