@RISK provides a reliable weekly summary of (1) newly discovered attack vectors, (2) vulnerabilities with active new exploits, (3) insightful explanations of how recent attacks worked, and other valuable data
A key purpose of the @RISK is to provide the data that will ensure that the 20 Critical Controls (the US and UK benchmark for effective protection of networked systems) continue to be the most effective defenses for all known attack vectors. But since it is also valuable for security practitioners, SANS is making it available to the 145,000 security practitioners who have completed SANS security training and others at their organizations who hope to stay current with the offensive methods in use.
November 29, 2012=============================================================
@RISK: The Consensus Security Vulnerability Alert
Vol. 12, Num. 48
Providing a reliable, weekly summary of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked.
=============================================================CONTENTS:
NOTABLE RECENT SECURITY ISSUES
USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST POPULAR MALWARE FILES 11/15/2012 - 11/21/2012
============================================================TOP VULNERABILITY THIS WEEK: SCADA security continues to be a hot-button issue, with a pair of vendors claiming a massive cache of 0-day remote code execution bugs in a variety of product suites. Details are sketchy at best for the time being, but users of potentially impacted software are urged to work with ICS-CERT and their vendor(s) to resolve the problems as soon as information about these exploits surfaces.
============================================================TRAINING UPDATE
- --SANS Cyber Defense Initiative ® 2012 Washington, DC December 7-16, 2012
27 courses. Bonus evening presentations include Gamification: Hacking
Your Brain for Better Learning; Building a Portable Private Cloud; and
Tactical SecOps: A Guide to Precision Security Operations.
http://www.sans.org/event/cyber-defense-initiative-2012
- --SANS Security East 2013 New Orleans, LA January 16-23, 2013
11 courses. Bonus evening presentations include The Next Wave - Data
Center Consolidation; Top Threats to Cloud for 2013; and Hacking Your
Friends and Neighbors for Fun. Special Event: NetWars Tournament of
Champions.
http://www.sans.org/event/security-east-2013
- --North American SCADA and Process Control Summit 2013 Lake Buena Vista, FL February 6-13, 2013
The Summit brings together the program managers, control systems
engineers, IT security professionals and critical infrastructure
protection specialists from asset owning and operating organizations
along with control systems and security vendors who have innovative
solutions for improving security. The Security Summit is an action
conference designed so that every attendee leaves with new tools and
techniques they can put to work immediately when they return to their
office. The Summit is the place to come and interact with top SCADA
experts, key government personnel, researchers and asset owners at the
multiple special networking events.
8 courses. Bonus evening presentation: The SANS SCADA Dinner Theater
Players Present: From Exposure to Closure - Act III.
http://www.sans.org/event/north-american-scada-2013
- --Looking for training in your own community?
http://www.sans.org/community/
- --Save on On-Demand training (30 full courses) - See samples at
http://www.sans.org/ondemand/discounts.php#current
Plus Barcelona, Cairo, Anaheim, New Delhi, and Brussels all in the next 90 days.
For a list of all upcoming events, on-line and live: http://www.sans.org
********************* Sponsored Links: *********************1) Take the SANS Survey on the Security Practices of SCADA System
Operators and register to win an iPad! http://www.sans.org/info/118250
2) Why Deception Matters in Today's Web Attacks by John Bumgarner
http://www.sans.org/info/118255
NOTABLE RECENT SECURITY ISSUES
SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM
Title: Multiple SCADA 0-Day Remote Exploits
Description: Responding to claims by Maltese security firm ReVuln that
it had discovered multiple remotely exploitable bugs in different SCADA
systems, but would not be supplying details of the bugs to impacted
vendors, reverse-engineering firm Exodus Intel has provided details of
23 distinct SCADA vulnerabilities - including a number of remote code
execution bugs - to ICS-CERT, the US government organization
specifically in charge of SCADA security. While no details of either set
of vulnerabilities has been released to date, users of potentially
impacted software are urged to contact ICS-CERT for mitigation
information as soon as possible, and to work with their vendors to patch
promptly once updates become available.
Reference:
http://blog.exodusintel.com/2012/11/25/what-does-a-flightless-bird-and-scad[..]
Snort SID: N/A
ClamAV: N/A
Title: Samsung Printer Backdoor Account
Description: Network-aware printers manufactured by Samsung before
October 31, 2012 (including some Dell printers actually built by
Samsung) have a hard-coded SNMP read-write community string, which
enables full administrative access to the device - even when SNMP has
been disabled by the user. A patch is currently being developed by
Samsung; in the interim, users should consider blocking all SNMP traffic
to impacted printers, which likely contain sensitive information that
could be used by an attacker or industrial spy.
Reference: