Hackin9

Turns out, not even the head of the Senate Judiciary Committee can figure out what’s happened to the National Security Agency (NSA) staffers who were involved in the LOVEINT spying scandal.

Back in August 2013, the Wall Street Journal introduced the world to an internal term that NSA analysts have come up with to describe the act of spying on one’s ex-partner: LOVEINT. The word is reminiscent of existing spycraft parlance like HUMINT (human intelligence) or SIGINT (signals intelligence). (LOVEINT also spawned endless Twitter jokes.)

In a letter sent Monday to the attorney general, Sen. Chuck Grassley (R-Iowa) described how he initially asked the Department of Justice (DOJ) to explain what it was doing to address the 12 publicly-known instances of this inappropriate use of NSA surveillance capability. However, the DOJ has stayed mum.

Read 4 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
VLC Media Player Multiple Security Vulnerabilities
 
ClamAV CVE-2014-9328 Multiple Heap Buffer Overflow Vulnerabilities
 
Condor CVE-2014-8126 Arbitrary Code Execution Vulnerability
 
 

Hacking for "signals intelligence" doesn't take NSA-level resources; it doesn't even require very sophisticated exploit tools. Using a combination of Windows and Android malware and some very simple social engineering, a group aligned with the regime of Syrian President Bashar Al-Assad have raked in a wealth of intelligence on Syrian opposition groups. And they did it by pretending to be women and flirting with their victims.

Over the past two years, using a combination of fake social media and Skype accounts associated with fictional female supporters of Syrian rebel groups, the group—apparently operating from Lebanon—fooled rebel soldiers and others providing aid to them into downloading malware to their computers and Android smartphones. As revealed in a report published today by FireEye (PDF), the group (which may have been associated with Hezbollah) was able to harvest not just personal information on their targets, but also battle plans and other intelligence information that could have been used by Hezbollah and the Syrian government's troops to counter the opposition.

FireEye discovered the operation during a malware investigation, uncovering a cache of 7.7 gigabytes of stolen data on a German server. The data contains Skype databases including chat logs and contacts, as well as documents and images.

Read 7 remaining paragraphs | Comments

 
[SECURITY] [DSA 3149-1] condor security update
 
IBM Tririga Application Platform CVE-2014-8894 Multiple Open Redirection Vulnerabilities
 
Mozilla Firefox/SeaMonkey Bitmap Rendering Information Disclosure Vulnerability
 
[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information
 
[SECURITY] [DSA 3150-1] vlc security update
 
[security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution
 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

For those of you who are loosing track, yet another Adobe Flash vulnerability has been unleashedon their unsuspecting users. I am sure we all know the wording off by heart now, but incase:

Vulnerability identifier: APSA15-02

CVE number : CVE-2015-0313

Platform: All Platforms

Quote: A critical vulnerability (CVE-2015-0313) exists inAdobe Flash Player 16.0.0.296and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. ">1.">2." target="_blank">http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/

net

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Multiple VMware Products CVE-2014-8370 Remote Privilege Escalation Vulnerability
 

What infosec can learn from the Greek elections
Help Net Security
From an infosec perspective, the importance of disruption must not be forgotten. As technology is created, new markets open, old markets close, new opportunities arise and threats emerge. If we as security professionals lose sight of that fact, we ...

 
Microweber 0.95 - SQL Injection Vulnerability
 
Fork CMS 3.8.3 - XSS Vulnerability
 

Top 10 Influencers in Government InfoSec
GovInfoSecurity.com
For our sixth annual list of top Influencers - the lawmakers, top government officials, practitioners and thought-leaders whose actions have a consequential impact on government IT security policy - GovInfoSecurity is taking a different tack ...

 
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities
 
[SECURITY] [DSA 3148-1] chromium-browser end of life
 
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384
 
Major Internet Explorer Vulnerability - NOT Patched
 

Posted by InfoSec News on Feb 02

http://www.zdnet.com/article/capture-the-flag-meet-the-team-bossing-one-of-the-toughest-hacking-competitions-around/

By Michiel van Blommestein
February 2, 2015

Nobody doubts that the amount of tech talent that Poland has at its
disposal is substantial and a team of security specialists' triumph in the
recent Capture the Flag series of hacking contests seems to confirm it's
not short of ability, even when some parts of the...
 

Posted by InfoSec News on Feb 02

http://www.computerworld.com/article/2877923/the-zeroaccess-botnet-is-back-in-business.html

By Lucian Constantin
IDG News Service
Jan 30, 2015

A peer-to-peer botnet called ZeroAccess came out of a six-month
hibernation this month after having survived two takedown attempts by law
enforcement and security researchers.

At its peak in 2013, ZeroAccess, also known as Sirefef, consisted of more
than 1.9 million infected computers that were...
 

Posted by InfoSec News on Feb 02

http://www.nytimes.com/2015/02/02/world/middleeast/hackers-use-old-web-lure-to-aid-assad.html

By DAVID E. SANGER and ERIC SCHMITT
The New York Times
FEB. 1, 2015

WASHINGTON -- To the young Syrian rebel fighter, the Skype message in
early December 2013 appeared to come from a woman in Lebanon, named Iman
Almasri, interested in his cause. Her picture, in a small icon alongside
her name, showed a fair-skinned 20-something in a black head...
 

Posted by InfoSec News on Feb 02

http://arstechnica.com/security/2015/01/critical-ghost-bug-could-haunt-wordpress-and-php-apps-too/

By Dan Goodin
Ars Technica
Jan 30, 2015

Add PHP applications and the WordPress Web platform to the list of wares
that may be susceptible to the critical Linux vulnerability known as
Ghost.

As Ars reported Wednesday, the flaw resided in a variety of Linux
distributions, including Centos/RHEL/Fedora 5, 6, and 7 Ubuntu 12.04, and
possibly other...
 

Posted by InfoSec News on Feb 02

http://www.scmp.com/news/china/article/1697491/tough-security-tests-banks-foreign-suppliers

Reuters in Beijing and San Francisco
01 February, 2015

Draft Chinese government regulations would force overseas technology
vendors to meet stringent security tests before they can sell to China's
banks, an acceleration of efforts to curb the country's reliance on
foreign technology that has drawn a sharp response from US business
groups....
 
Cisco Unified Communications Domain Manager CVE-2015-0591 Remote Denial of Service Vulnerability
 
Cisco Unified Communications Domain Manager CVE-2015-0588 Cross Site Request Forgery Vulnerability
 
Cisco WebEx Meetings Server CVE-2015-0597 User Enumeration Vulnerability
 
Internet Storm Center Infocon Status