INFO SEC_Releases Security Update 04/15/2015

Google Releases Security Update for Chrome

04/15/2015 08:10 PM EDT

Original release date: April 15, 2015

Google has released Chrome 42.0.2311.90 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

Google Releases Security Update for Chrome

04/15/2015 08:10 PM EDT

Original release date: April 15, 2015

Google has released Chrome 42.0.2311.90 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

Adobe Releases Security Updates for Flash Player, ColdFusion and Flex

04/15/2015 05:24 AM EDT

Original release date: April 15, 2015

Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack.

Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06, APSB15-07, and APSB15-08 and apply the necessary updates.

Microsoft Releases April 2015 Security Bulletin

04/14/2015 01:32 PM EDT

Original release date: April 14, 2015

Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-032 - MS15-042 and apply the necessary updates.

TA15-105A: Simda Botnet

04/15/2015 08:51 AM EDT

Original release date: April 15, 2015

Systems Affected

Microsoft Windows

Overview

The Simda botnet – a network of computers infected with self-propagating malware – has compromised more than 770,000 computers worldwide [1].

The United States Department of Homeland Security (DHS), in collaboration with Interpol and the Federal Bureau of Investigation (FBI), has released this Technical Alert to provide further information about the Simda botnet, along with prevention and mitigation recommendations.

Description

Since 2009, cyber criminals have been targeting computers with unpatched software and compromising them with Simda malware [2]. This malware may re-route a user’s Internet traffic to websites under criminal control or can be used to install additional malware. 

The malicious actors control the network of compromised systems (botnet) through backdoors, giving them remote access to carry out additional attacks or to “sell” control of the botnet to other criminals [1]. The backdoors also morph their presence every few hours, allowing low anti-virus detection rates and the means for stealthy operation [3].    

Impact

A system infected with Simda may allow cyber criminals to harvest user credentials, including banking information; install additional malware; or cause other malicious attacks. The breadth of infected systems allows Simda operators flexibility to load custom features tailored to individual targets.

Solution

Users are recommended to take the following actions to remediate Simda infections:

• Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
• Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
• Keep your operating system and application software up-to-date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
• Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of Simda from your system.

          Kaspersky Lab : http://www.kaspersky.com/security-scan

          Microsoft: http://www.microsoft.com/security/scanner/en-us/default.aspx

          Trend Micro: http://housecall.trendmicro.com/

• Check to see if your system is infected – The link below offers a simplified check for beginners and a manual check for experts.

          Cyber Defense Institute:  http://www.cyberdefense.jp/simda/

The above are examples only and do not constitute an exhaustive list. The U.S. government does not endorse or support any particular product or vendor.

References

• [1] INTERPOL Coordinates Global Operation to Take Down Simda Botnet
• [2] Microsoft partners with Interpol, industry to disrupt global malware attack affecting more than 770,000 PCs in past six mo
• [3] Botnet that Enslaved 770,000 PCs Worldwide Comes Crashing Down

Revision History

• April 15, 2015: Initial Release