Posted by InfoSec News on Apr 02


By Alastair Stevenson
01 Apr 2014

Security firm Symantec has uncovered 487 groups actively using njRAT
malware, claiming the malicious users have managed to infect 24,000
machines worldwide.

Symantec threat lab researchers reported the campaigns in a blog post,
confirming the hackers are using the njRAT malware...

Posted by InfoSec News on Apr 02


By Patrick Ouellette
Health IT Security
April 1, 2014

With 14 years under his belt working with government entities in IT
security, Phil Alexander, Information Security Officer at University
Medical Center (UMC) Health System, certainly has a unique outlook on IT
security in the healthcare sector.

Based on those experiences at the federal...

Posted by InfoSec News on Apr 02


By Capt. Addie Randolph

FORT DIX, N.J. -- Once a year, five battalions belonging to the Army
Reserve Information Operations Command come together from across the U.S.
to participate in their annual training. This year the training took place
March 22-29 at Fort Dix, N.J.

Just over 200 soldiers participated in the...

Posted by InfoSec News on Apr 02


[There was a good tweet about solving this problem now with a simple fix
https://twitter.com/justinlundy_/status/449759008253964288 - WK]

By Lucian Constantin
IDG News Service
April 01, 2014

Tesla Motors accounts are protected only by simple passwords, making it
easy for hackers to potentially track and unlock cars, according to a
Mozilla Firefox and SeaMonkey CVE-2014-1499 Address Bar URI Spoofing Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SnoopWall Unveiling Next Generation Privacy Solution for Android Devices at ...
Consumer Electronics Net
The InfoSec World Expo brings together the latest advances in technology and the most innovative solutions businesses need to secure their information assets. Specialized workshops and discussion platforms are aimed to provide the professionals and ...

Multiple Schneider Electric Products Stack Buffer Overflow Vulnerability
A screenshot of the Boxee.tv forums post leading to an 800 megabyte file of leaked user data, including cryptographically hashed passwords.

Hackers posted names, e-mail addresses, message histories, and partially protected login credentials for more than 158,000 forum users of Boxee.tv, the Web-based television service that was acquired by Samsung last year, researchers said.

The breach occurred no later than last week, when a full copy of the purloined forum data became widely available, Scott A. McIntyre, a security researcher in Australia, told Ars. On Tuesday, officials from password management service LastPass began warning customers with e-mail addresses included in an 800 megabyte file that's still circulating online. The file contains personal data associated with 158,128 user accounts, about 172,000 e-mail addresses, and the cryptographically scrambled passwords that corresponded to those Boxee accounts, LastPass said. The dump also included a wealth of other details, such as user birth dates, IP addresses, site activity, full message histories, and password changes. All user messages sent through the service were included as part of the leak.

As Ars has explained before, even when passwords in hacked databases have been cryptographically hashed, most remain highly susceptible to cracking attacks that can reveal the plain-text characters required to access the account. The damage can be especially severe when people use the same or similar passwords to protect accounts on multiple sites, an extremely common practice.

Read 3 remaining paragraphs | Comments


Over a year ago, security firm Kaspersky published its findings on a new strain of malware it dubbed “MiniDuke." Now, new analysis shows that the malware was distributed via a number of fake PDF attachments relating to Ukraine, among other decoys.

“This is interesting considering the current crisis in the area,” Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday.

As Ars previously reported, MiniDuke combined older and newer styles: it was written in assembly language, which rendered its file size tiny, and it uses hijacked Twitter accounts and automated Google searches to ensure that it can receive continuous instructions.

Read 5 remaining paragraphs | Comments

Samsung should pay more than US$2 billion for repeated infringement of Apple patents in more than 37 million smartphones sold in the U.S., a Silicon Valley jury was told Tuesday as a trial between the two companies got underway after more than two years of preparation.
IBM Content Navigator CVE-2014-0874 Cross Site Scripting Vulnerability
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2014-1508 Information Disclosure Vulnerability
Mozilla Network Security Services CVE-2014-1492 Unspecified Security Vulnerability
A Chinese company has released a computer about the size of an SD card that can run a full version of Android and should make it easier to build wearable devices.
Google recently trumpeted that it now encrypts Gmail messages while shuffling them among its data centers, an extra security layer aimed at thwarting government and criminal snoops, but didn't say if it applies this protection to its other applications.

Women in cybersecurity: The time is now
The demand for qualified, experienced information security practitioners far outpaces the supply: The International Information Systems Security Certification Consortium estimates that last year about 332,000 InfoSec pros joined the global workforce of ...

and more »
With the help of DigiWorksCorp, the Norman Rockwell Museum leveraged its transactional data and big data analytics to increase second-time purchasers by 150 percent and revenue by 49 percent.
The Obama Administration has secured a 90-day extension of the National Security Agency's controversial authority to collect phone metadata records on U.S. customers under the Patriot Act.
Some day, if there's a fire on a U.S. naval ship, a humanoid robot may rush in to put it out.
WDs My Cloud and My Book Live have been experiencing intermittent server issues that have disrupted remote access for customers attempting to connect to the cloud storage products for five days.

Password bug let me see shoppers' credit cards in eBay ProStores, claims ...
A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed – according to the security researcher who says he found the hole. Mark Litchfield, an infosec pro at Securatary ...


One of our readers have reported that he has seen a broadcast traffic to udp/137 . He suspected that the traffic cause a denial of service to some of his systems.

If you have seen such traffic and you would like to share some packets we would appreciate that.


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Samsung should pay more than US$2 billion for repeated infringement of Apple patents in more than 37 million smartphones sold in the U.S., a Silicon Valley jury was told Tuesday as a trial between the two companies got underway after more than two years of preparation.
Former Microsoft employee Alex Kibkalo, who two weeks ago was charged with stealing -- then leaking -- company secrets, pleaded guilty on Monday in a Seattle federal court.
Civil liberties and privacy groups have long criticized the U.S. National Security Agency, but those critics became louder last summer after details of the agency's data collection activities were disclosed in classified documents leaked by Edward Snowden.
Microsoft on Wednesday is expected to launch Version 8.1 of its Windows Phone platform at its annual Build developers conference, and that move will be followed later in the day by a separate Nokia event where two new phones running the new OS are expected to be announced.
This fall, the BMW i8 plug-in hybrid will become the first production vehicle to incorporate a new laser light technology into headlights. Audi is also experimenting with the technology.

Weaknesses in the way the Tesla's high-end Model S electric sedan communicates with drivers could leave it open to hacks that allow a remote hacker to unlock its doors and continuously track its location, a security researcher said.

The most serious vulnerability stems from Tesla's minimum password requirement, which is just six characters with at least one number and one letter, according to a recently published evaluation from independent security researcher Nitesh Dhanjani. Combined with no clear account lockout policy limiting incorrect login attempts, the requirement makes passwords susceptible to brute-force attacks, which cycle through all possible combinations until the proper one is guessed. Armed with a valid password, an attacker could use an iOS app to check the car's location and charge status and unlock its doors. Update: On Tuesday, four days after the evaluation was published, Tesla changed the password requirements to 8 characters with at least one number and one letter. The manufacturer also added a lockout following five unsuccessful login attempts, after which users must reset the password.

Dhanjani has previously uncovered weaknesses in Internet-connected LED lights, networked baby monitors, and other "Internet-of-things" devices, and he pointed out that a large percentage of people use identical or very similar passwords for multiple services. That means that even if Tesla improves its password policy, Model S passwords could still be vulnerable if they're included in a hacked database retrieved from an unrelated website. Password reuse is by no means a threat that's unique to Model S owners, but given the ability of a single password to track and unlock cars, the threat could be particularly more severe.

Read 6 remaining paragraphs | Comments

Moodle Wiki Recent Activity Block Security Bypass Vulnerability
Moodle Alias Links CVE-2014-0125 Spoofing Vulnerability
Moodle 'enrol/imsenterprise/importnow.php' Cross Site Request Forgery Vulnerability
Moodle Feedback Activity Security Bypass Vulnerability


security malpractice
ITWeb Security Summit 2014. A showcase for infosec thought leaders, featuring interactive workshops that provide intensive information for company executives, ITWeb Security Summit 2014 takes place from 27 to 29 May at the Sandton Convention Centre.

Windows XP and Windows 8 returned to their traditional pattern in March, with the soon-to-be-retired XP losing the most user share since December while Windows 8 gained ground.
Amazon Web Services hopes to entice more Hadoop users to its Elastic MapReduce service with new virtual servers, one of which has 262GB of memory and 6.4TB of storage for big-data analytics.
Tesla Motors accounts are protected only by simple passwords, making it easy for hackers to potentially track and unlock cars, according to a security researcher.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1496 Security Bypass Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1497 Out of Bounds Memory Corruption Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1509 Remote Memory Corruption Vulnerability
ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities

Info sec industry still struggles to attract women
According to latest research, such as the 2013 (ISC)2 Global Information Security Workforce Study, only 11 percent of infosec professionals are female. There are a number of barriers preventing women from entering or staying in the field, but both ...

The end of Microsoft support is fast approaching, and the company still has a lot of machines running the old Windows operating system.

A new study[1][2] by Indiana University Bloomington show that updating any Android device can allow an attacker to escalate apps privileges.

The researchers have discovered a new type of vulnerability called Pileup flaws, the vulnerability exist in the Package Management Service.

When a new app installed on old version of Android request a permission for features that don’t exist on that version of Android, however when the user upgrade to the new version, Android keeps all the permissions which mean that they will work in the new version of Android.


The researchers have developed a detection service, called SecUp, which deploys a scanner on the user’s device to capture the malicious apps designed to exploit Pileup vulnerability.

Like many other threats, the best mitigation is installing trusted software only.




[1] http://www.informatics.indiana.edu/xw7/papers/privilegescalationthroughandroidupdating.pdf


[2] http://www.scmagazine.com/pileup-flaws-enable-privilege-escalation-during-android-updates-researchers-find/article/339854/

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft Windows Media Player '.wav' File Memory Corruption Vulnerability


The First Mass-Market Spy Phone Is About to Hit Stores
The First Mass-Market Spy Phone Is About to Hit Stores. Just buy an mSpy for a girlfriend or boyfriend, or one of your employees, and it can track their every move—without them knowing it. Is this even legal? Share (131); Tweet. AUTHOR: Eric Markowitz.

and more »

Cyber emergency: Teach, train and employ half a million ethical hackers
Business Standard
Indian Infosec Consortium, an association of professionals working in the field of cyber security on its own initiative, alerts the government against potential or existing cyber threats. Also, the National Security Database, a community of white hat ...

and more »
Open source collaboration software vendor Open-Xchange has added a spreadsheet function to its open-source, web-based productivity suite, allowing the online editing and sharing of Microsoft Excel documents.
Mozilla Firefox and SeaMonkey CVE-2014-1498 Denial of Service Vulnerability
Mozilla Firefox and SeaMonkey CVE-2014-1500 Denial of Service Vulnerability
Re: [SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service (details)
Regarding attacks and exploits of the physical body
[SECURITY] [DSA 2893-1] openswan security update

Yesterday, we talked about a scanner looking for Synology devices that was running on a ARM CPU equipped DVR. Looking at a few other sources of these scans, we did see a couple that didn't originate from similar DVRs. The first guess was that the scan originated from a device that was sitting behind a NAT gateway and wasn't exposed. At this point, it could have been "anything", even a good old infected Windows PC. 

To our surprise, at least in one case it turned out that a binary by the same name, "cmd.so", was running on the NAT router itself. In addition, a second process was running that looked just like the bitcoin miner we saw running in the infected DVRs. Sadly, we were not able to retrieve the binaries, but the processlist looks similar enough to make us believe that this is the same basic binary just compiled for MIPS in this case (the router in question uses a MIPS CPU).

The first image shows the processlist with "cmd.so". In this case, the binary was dropped in /var/run, not /dev, likely due to the different architecture of the router allowing write access to /var/run. The screen show shows a partial output of the "ps" command executed using the routers web based admin interface.

cmd.so in processlist.

Figure 1: Partial Process List with "cmd.so". Click on image for larger version.


Figure 2: Partial "ps" output showing the suspected bitcoin miner. In this case, it is called TgW66Q.

The process we think is a copy on minerd uses the same command line parameters as the process we identified as minerd on the DVR.

If you got a router like this, take a look what you find. We do still need a copy of the respective executables to confirm our suspicion. 

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Moodle Badges Access Bypass Vulnerability
K4DirStat CVE-2014-2527 Remote Command Injection Vulnerability
Access anyone's Facebook "profile picture" in full resolution regardless of the ACL restriction
The alternatives to an independent list like Full Disclosure can't match it for stopping new cyberattack tactics.

Posted by InfoSec News on Apr 01


By John E Dunn
31 March 2014

What is an Advanced Evasion Technique (AET)? According to a McAfee
survey, an awful lot of CIOs have absolutely no idea, confusing them with
the more famous Advanced Persistent Threats (APTs) that have become an
established term on many large organisations' worry list.

The survey of...

Posted by InfoSec News on Apr 01


By Jeremy Kirk
IDG News Service
March 31, 2014

One of the two banks suing Target and security vendor Trustwave over
responsibility for one the largest data breaches in history has pulled out
of the lawsuit.

Trustmark National Bank, of New York, filed a notice of dismissal of its
claims on Friday in U.S. District Court for the...

Posted by InfoSec News on Apr 01


By Tim Greene
Network World
March 31, 2014

Unsupported Windows XP machines in China could pose a threat to the
Internet in general if bot-herders round up significant numbers of them to
use as launch pads for malicious exploits, according to a top white-hat

James Forshaw, a vulnerability researcher for Context Information
Security, says the vast number of XP...
Cisco IOS Software CVE-2014-2131 Remote Denial of Service Vulnerability
A malicious software program that encrypts a person's files until a ransom is paid has a crucial error: it leaves the decryption key on the victim's computer.
Mozilla, the maker of Firefox, went into damage control mode over the weekend in response to criticism that its new CEO had donated to a California anti-gay marriage ballot proposition in 2008.
Microsoft said Monday it was cutting prices of its Azure cloud services to match the prices of competitor Amazon Web Services in the latest in a price war in cloud services.
Data from the U.S. Citizenship and Immigration Services shows clearly that the largest users of H-1B visas are offshore outsourcing firms.
Two banks that took legal action against Target over its recent data breach have withdrawn their claims, apparently due to an erroneous allegation against a security vendor also named in the suit.
Lawyers for Apple and Samsung spent most of Monday selecting a 10-person jury for their latest patent infringement trial, and they're now set to make their opening arguments Tuesday morning.

First Info Sec highlights cutting edge next-gen secure mobility solutions at ...
Zawya (registration)
First Information Security (First Info Sec), a company dedicated to offering a comprehensive range of security products and services that are in compliance with the latest international industry standard requirements, is highlighting its latest range ...

and more »
Internet Storm Center Infocon Status