(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Enlarge / That bear looks familiar.

On Oct. 31, Google's Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks.

Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign. And while a patch is on the way for the vulnerability, he encouraged customers to upgrade to Windows 10 for protection from further advanced threats.

In an advisory, Myerson wrote:

Read 6 remaining paragraphs | Comments


There's a new, more powerful Internet-of-things botnet in town, and it has managed to infect almost 3,500 devices in just five days, according to a recently published report.

Linux/IRCTelnet, as the underlying malware has been named, borrows code from several existing malicious IoT applications. Most notably, it lifts entire sections of source code from Aidra, one of the earliest known IoT bot packages. Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network. As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices.

Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight. It further lifts a list of some 60 widely used username-password combinations built into Mirai, a different IoT bot app whose source code was recently published on the Internet. It goes on to add code for attacking sites that run the next-generation Internet protocol known as IPv6.

Read 3 remaining paragraphs | Comments

ABB RobotWare Multiple Security Vulnerabilities
NTP CVE-2016-1548 Security Bypass Vulnerability
NTP CVE-2016-1547 Denial of Service Vulnerability
NVIDIA GPU Display Driver CVE-2016-8808 Local Privilege Escalation Vulnerability
NVIDIA GPU Display Driver CVE-2016-8810 Local Privilege Escalation Vulnerability
NVIDIA GPU Driver CVE-2016-8807 Local Stack Buffer Overflow Vulnerability
NVIDIA GPU Display Driver CVE-2016-8805 Local Privilege Escalation Vulnerability

Enlarge (credit: Defence Images)

The UK government has promised to spend nearly £2 billion over the next five years to try to tackle the growing problem of cyber attacks in the country.

Recent research suggested that Britain is particularly susceptible to data breaches involving compromised employee account data. Nonetheless, chancellor of the exchequer Philip Hammond claimed on Tuesday that the country is "an acknowledged global leader in cyber security."

Number 11's occupant crowed that the previous Tory-led coalition government had chucked £860 million at the problem, but Hammond then undermined himself somewhat by adding that "we must now keep up with the scale and pace of the threats we face." Which underlines the fact that the government is playing catch-up in its race against cybercrims.

Read 12 remaining paragraphs | Comments

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
NVIDIA GPU Display Driver CVE-2016-8809 Local Privilege Escalation Vulnerability
[slackware-security] mariadb (SSA:2016-305-03)
[slackware-security] x11 (SSA:2016-305-02)
CfP and Special Session :: CyberSec2017
[slackware-security] php (SSA:2016-305-04)
OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())
[HITB-Announce] HITB2017AMS CFP
Internet Storm Center Infocon Status