(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Softpedia News

Joomla Zero-Day Accounted for the Majority of Web Attacks in Q4 2015
Softpedia News
Ransomware was also slightly up, but this was to be expected by any IT employee following the infosec community. Solutionary reports that most ransomware infections originated from Russia. The top 10 sources of malware during the past three months were ...

and more »

Websites that rely on the Tor anonymity service to cloak their server address may be leaking their geographic location and other sensitive information thanks to a setting that's turned on by default in many releases of Apache, the world's most widely used Web server.

The information leak has long been known to careful administrators who take the time to read Tor documentation, but that hasn't prevented some Tor hidden services from falling victim to it. To plug the hole, darkweb sites that run Apache must disable the mod_status module that by default sets up a server status page displaying a variety of potentially sensitive information about the servers. Details include the number of requests per second sent to the server, the most recent HTTP requests received, CPU usage, and in some cases the approximate longitude of the server.

It would appear some hidden services still haven't figured out that many Apache installations display the data by default. In a blog post published over the weekend, an anonymous poster wrote:

Read 1 remaining paragraphs | Comments


The Endpoint Security Continuum
Network World
Now, all of the organizations we interviewed are already running antivirus tools, but day-to-day responsibilities are often delegated to an IT operations team rather than the infosec staff. So organizations are at somewhat of a disadvantage because ...

and more »

Enlarge (credit: shodan.io)

One of the benefits of the next-generation Internet protocol known as IPv6 is the enhanced privacy it offers over its IPv4 predecessor. With a staggering 2128 (or about 3.4×1038) theoretical addresses available, its IP pool is immune to the types of systematic scans that criminal hackers and researchers routinely perform to locate vulnerable devices and networks with IPv4 addresses. What's more, IPv6 addresses can contain regularly changing, partially randomized extensions. Together, the IPv6 features cloak devices in a quasi anonymity that's not possible with IPv4.

Now, network administrators have discovered a clever way that scanners are piercing the IPv6 cloak of obscurity. By setting up an IPv6-based network time protocol service most Internet-connected devices rely on to keep their internal clocks accurate, the operators can harvest huge numbers of IPv6 addresses that would otherwise remain unknown. The server operators can then scan hundreds or thousands of ports attached to each address to identify publicly available surveillance cameras, unpatched servers, and similar vulnerabilities.

Shodan—the vulnerability search engine that indexes Internet-connected devices—has been quietly contributing NTP services for months to the cluster of volunteer time servers known as the NTP Pool Project. To increase the number of connections to three recently identified Shodan-run servers, each one had 15 virtual IP addresses. The added addresses effectively multiplied the volume of traffic they received by 15-fold, increasing the odds that Shodan would see new devices. Within seconds of one of the Shodan's NTP servers receiving a query from an IPv6 device, Shodan's main scanning engine would scan more than 100 ports belonging to the device. The Shodan scanner would then revisit the device roughly once a day.

Read 15 remaining paragraphs | Comments


Security Intelligence (blog)

The InfoSecond, Week of Feb. 1: Global Cyber Risks, NYC Wi-Fi and More!
Security Intelligence (blog)
Now that we've gotten that out of the way, let's buckle down for an all-new entry into the InfoSecond series to help keep you primed on the latest goings-on in the cybersecurity realm. This week, we're tracing the evolution of malware in 2015 ...


Centrify Receives Multiple Application Certifications from ServiceNow
Business Wire (press release)
“Our new certified integrations with ServiceNow tighten automation, increase workflow efficiency, simplify service delivery and improve visibility for InfoSec across both service management and identity domains. Enterprise identities will be secure ...

and more »
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities


Stop using Microsoft Edge's InPrivate mode if you value your privacy
It's possible that you reached this article purely by chance, or you may have Googled 'how to change the default search engine in Microsoft Edge'. However you got here, the fact that you're reading this indicates that you're either interested in ...

and more »
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
[SECURITY] [DSA 3463-1] prosody security update
[SECURITY] [DSA 3461-1] freetype security update
[SECURITY] [DSA 3464-1] rails security update
eClinicalWorks (CCMR) - Multiple Vulnerabilities
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
[SECURITY] [DSA 3460-1] privoxy security update
OpenXchange | Information Disclosure
WP-Comment-Rating XSS Vulnerability
Internet Storm Center Infocon Status