Hackin9

BGR

Google discloses unpatched Windows vulnerability
CIO
“Security researchers have been using roughly the same disclosure principles for the past 13 years ... and we think that our disclosure principles need to evolve with the changing infosec ecosystem. In other words, as threats change, so should our ...
Google posts Windows 8.1 vulnerability before Microsoft can patch itEngadget

all 71 news articles »
 

BGR

Google discloses unpatched Windows vulnerability
Network World
“Security researchers have been using roughly the same disclosure principles for the past 13 years ... and we think that our disclosure principles need to evolve with the changing infosec ecosystem. In other words, as threats change, so should our ...
Google posts Windows 8.1 vulnerability before Microsoft can patch itEngadget

all 69 news articles »
 

Maximum PC

Google discloses unpatched Windows vulnerability
PCWorld
“Security researchers have been using roughly the same disclosure principles for the past 13 years ... and we think that our disclosure principles need to evolve with the changing infosec ecosystem. In other words, as threats change, so should our ...
Google posts Windows 8.1 vulnerability before Microsoft can patch itEngadget

all 47 news articles »
 

Boing Boing

Obama administration: North Koreans probably not responsible for Sony Hack ...
Boing Boing
Earlier allegations by the U.S. that the North Korean government was behind the hacking of Sony Pictures have been met with increasing skepticism by infosec specialists around the world. The FBI hasn't released anything of substance publicly that ...

and more »
 

In his Rocket Kitten diary entry, Johannes introduces research byGadiEvronandTillmannWerner. They analyzed a PE-file embedded in the VBA macro code of anXLSMspreadsheet.

I want to show you how you can quickly analyze MS Offices documents and extract files. Just using my Pythonoledumptool, nothing else. You dont need MS Office for this analysis.

First we runoledump" />

The first line (A: ) indicates that oledump found an OLE file named xl/vbaProject.bin inside the XLSM file. Remember that the new MS Office file format (.docx, .xlsm, ) is a set of XML files stored inside a ZIP file. But VBA macros are not stored in XML files, they still use the older MS Office file format: OLE files.

oledump reports the streams it finds inside the OLE file: from index A1 through A10. A letter M next to the index is an indicator for the presence of VBA code. A lowercase letter m indicates VBA code with only Attribute statements, an uppercase letter M indicates more sophisticated VBA code, i.e. code with other statement types than Attribute statements.

If oledump finds streams with VBA macros, I always look first at the streams marked with an uppercase letter M, as these contain the most promising code.

After the column with the macro indicator M, comes a column with the size (in bytes) of the stream and another column with the full name of the stream.

Lets take a look at the VBA code in stream A3 like this:

oledump.py s A3 v 266CFE755A0A66776DF9FD8CD2FEE1F1.xlsm

Option s A3 selects stream A3 for analysis, and option " />

Here is a part of the VBA source code. Remark function A0: it concatenates characters generated with function Chr into a long string. If you" />

By default, you get a hex-ascii dump of the embedded file. Now you can see that the embedded file is a PE file.

Last, we dump (option " />

The MD5 of the PE file is c222199c9a7eb0d162d5e96955739447. That is one of the IOCs Johannes included in his diary entry.

Oledump can be found on my blog.

-- Didier Stevens

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Circa 2010 and 2011, a year or so before I joined the staff of Ars Technica, I had followed the online antics of Anonymous from a distance. I knew the rough outline of Anonymous, its initial motives (“for the lulz”) and its consequences, such as the legendary (and hilarious) hack of security firm HBGary Federal, as reported in these hallowed pages.

But what I didn’t fully grasp until now was the full, complex and rich play-by-play story provided by somebody who knows the group as well as any bona fide Anon: Biella Coleman, an anthropology professor at McGill University. Her new book, Hacker, Hoaxer, Whistleblower, Spy deftly chronicles the rise of Anonymous, and the fall of many of its most prominent members.

The tome details her time embedding with Anonymous in its IRC lairs, and even meets a few of them in person, including the recently released government informant Hector Xavier Monsegur, better known by his online handle, Sabu. (Who knew he was gluten-free?)

Read 18 remaining paragraphs | Comments

 
Serendipity HTML Injection Vulnerability
 

Posted by InfoSec News on Jan 02

http://www.thedenverchannel.com/news/u-s-world/guardians-of-the-peace-themed-prank-against-cnn-leads-tennessee-man-to-spend-holiday-with-the-fbi

By Jamie Satterfield
7News Denver
Jan 2, 2015

Knoxville, Tenn. - A Tennessee man’s Internet jab at what he says is an
unquestioning media put him in the national spotlight and, on Thursday,
the cross hairs of the FBI.

Freelance writer and Web designer David Garrett Jr. began his New Year’s
Day...
 

Posted by InfoSec News on Jan 02

http://www.independent.co.uk/life-style/gadgets-and-tech/news/gchqs-spook-first-programme-to-train-britains-most-talented-tech-entrepreneurs-9953516.html

By OLIVER WRIGHT
WHITEHALL EDITOR
01 January 2015

Britain’s surveillance agency GCHQ could become an incubator lab for the
country’s most talented tech entrepreneurs under a government plan for a
new “spook first” training programme for graduates.

The idea is not just for those who...
 

Posted by InfoSec News on Jan 02

http://www.theatlantic.com/technology/archive/2015/01/a-hackers-hit-list-of-american-infrastructure/384166/

By Patrick Tucker
The Atlantic
Jan 2, 2015

On Friday, December 19, the FBI officially named North Korea as the party
responsible for a cyber attack and email theft against Sony Pictures. The
Sony hack saw many studio executives’s sensitive and embarrassing emails
leaked online. The hackers threatened to attack theaters on the opening...
 

Google posts Windows 8.1 vulnerability before Microsoft can patch it
Engadget
Security researchers have been using roughly the same disclosure principles for the past 13 years (since the introduction of "Responsible Disclosure" in 2001), and we think that our disclosure principles need to evolve with the changing infosec ecosystem.

and more »
 
binutils 'ihex.c' Stack Based Buffer Overflow Vulnerability
 
libjpeg-turbo CVE-2014-9092 Stack Based Buffer Overflow Vulnerability
 

UK.gov: Sod SIGINT, let's turn GCHQ into a TECH CRECHE
The Register
Ministers are said to be looking at Israel for inspiration, particularly how the Middle Eastern nation's Unit 8200 (its equivalent of GCHQ) has been a starting point for tech entrepreneurs who have gone on to build bigger things, including infosec ...

and more »
 
Git CVE-2014-9390 Arbitrary File Overwrite Vulnerability
 
Internet Storm Center Infocon Status