A Nevada-based company has regained control of the majority of domains seized by Microsoft in a legal action aimed at shutting down botnets.

Microsoft has surrendered the 23 domain names it confiscated from dynamic domain hosting service No-IP.com, a move that begins the process of restoring millions of connections that went dark as a result of the highly controversial legal action.

At the time this post was being prepared, No-IP had recovered 18 of the domains and was in the process of reacquiring the remaining five from Public Interest Registry, the registry for Internet addresses ending in .org, No-IP spokeswoman Natalie Goguen told Ars. People who rely on No-IP subdomains that don't end in .org should already have service restored, as long as the domain name service (DNS) server they use has been updated to reflect Wednesday's transfer. Users who are still experiencing connectivity problems should try using DNS services from Google or OpenDNS, which have both updated their lookups to incorporate the transfers.

Microsoft confiscated the No-IP domains in late June through a secretive legal maneuver that didn't give the dynamic DNS provider an opportunity to oppose the motion in court. Microsoft's ex parte request was part of a legal action designed to dismantle two sprawling networks of infected Windows computers that were abusing No-IP in an attempt to evade takedown. As partial justification for the request, Microsoft lawyers argued No-IP didn't follow security best practices.

Read 3 remaining paragraphs | Comments

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Add Tinder to the list of hot social media startups that booted one of its co-founders on the road to riches. However, this dismissal reeks of sexism, misogyny and racism, according to a lawsuit filed by Whitney Wolfe, the company's former vice president of marketing.
A new report shows venture capital funding and clinical mobile health applications will push the mobile device market to extraordinary highs by 2023.
In a great IT industry irony, enterprise social networking software, designed to boost interaction and collaboration, is often ignored by users and ends up forgotten like the proverbial ghost town with rolling tumbleweeds.
Yahoo is shutting down a range of products, including apps from its acquisition of email management service Xobni, and its Shine women's lifestyle site.
Restaurant chain P.F. Chang's China Bistro says the theft of credit and debit card information from some of its restaurants earlier this year was "part of a highly sophisticated criminal operation."
A relaunched version of "Reading Rainbow," the popular educational TV show that first aired in the 1980s, is on its way to a number of modern platforms including Android, Apple TV and Xbox.

Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks.

The default secure shell (SSH) key made it possible for hackers to gain highly privileged administrative access to the Cisco Unified Communications Domain Manager, the networking company warned in an advisory published Wednesday. From there, intruders could execute arbitrary commands or gain persistent access to the systems. The advisory didn't explicitly say that attackers could monitor discussions or track the times that calls or messages were made and who sent and received them, but it wouldn't be surprising if those capabilities were also possible. In addition to VoiP management, the Cisco Unified Communications Domain Manager also allows users to manage Cisco Jabber, a cloud-based service for instant messaging, voice and video communications, desktop sharing, and conferencing.

"The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system," Wednesday's advisory stated. "An attacker could exploit this vulnerability by obtaining the SSH private key. For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication. An exploit could allow the attacker to gain access to the system with the privileges of the root user."

Read 1 remaining paragraphs | Comments

Data breaches at retailers and financial services companies exposed 14 percent of all U.S. debit cards in 2013, according to a nationwide survey by a major ATM network operator.
D-Bus CVE-2014-3533 Denial of Service Vulnerability
D-Bus CVE-2014-3532 Denial of Service Vulnerability

Thanks to our reader Dan for spotting this one.

As of today, a search for "Katie Matusik" on Bing will include the following result. The rank has been slowly rising during the day, and as of right now, it is the first link after the link to "Videos" 

Once a user clicks on the link, the user is redirected to http://system-check-yueedfms.in/js which loads a page claiming that the user's browser is locked, and the user is asked to pay a fine via "Moneypak", a Western-Union like payment system. Overall, the page is done pretty bad and I find it actually a bit difficult to figure out how much money they are asking to ($300??).

extortion web page
(click on image for full size)

The user is no not able to close the browser or change to a different site. However, just rebooting the system will clear things up again, or you have to be persistent enough in clicking "Leave this Page" as there are a large number of iframes that each insert a message if closed.

The link was reported to Bing this morning but the result has been rising in Bing's search since then. Respective hosting providers for the likely compromised WordPress blog have been notified. 

Quick update: For "katie matysik" (replace 'u' with 'y', the correct spelling of the ), Bing now returns the malicious site as #1 link. Both spellings are valid last names, so either may be the original target of the SEO operation.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft today put out a call for commercial and consumer beta testers to put upcoming versions of Office through the wringer.
H-1B whistleblower Jay Palmer has filed a new complaint with the U.S. Department of Labor, alleging that senior executives at Infosys 'retaliated against him by denying him work, bonuses and promotions and terminating him.'
While not the first to use additive manufacturing to create buildings, a Chinese company is using 3D printing technology to build cheap housing out of recycled material at a rate of up to 10 structures in 24 hours.
Microsoft has joined what began as a Linux Foundation effort to create an open platform for the Internet of Things. It's a move that may be a telling sign regarding Microsoft's plans for home automation, and even for the Xbox.
The latest release of Oracle's software for managing virtual machines offers the same set of features to Sparc users as to those who manage virtual machines on x86 servers.
Speaking about her company's controversial psychological experiment for the first time, Facebook COO Sheryl Sandberg apologized for upsetting users.
Google will acquire music streaming service Songza, which offers customized playlists on its free mobile app.
Aurich Lawson / Thinkstock

The makers of OpenSSL unveiled a new development roadmap this week, saying the open source project needs to change because it "is increasingly perceived as slow-moving and insular."

The inner workings of the poorly funded OpenSSL project came under scrutiny after the discovery of Heartbleed, a security flaw in the cryptography library that put much of the Web's encrypted communications at risk. Tech giants eventually agreed to give the project money, enough to hire two full-time developers and perform a third-party security audit.

The new OpenSSL Project Roadmap, unveiled Monday and updated yesterday, sets out a list of goals for its new staff.

Read 8 remaining paragraphs | Comments

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
Cross-Site Request Forgery (CSRF) in Kanboard

Yet another round of patches, this time for Cisco's Unified Communications Domain Manager [1].

The vulnerability that is probably going to be exploited first is the backdoor Cisco left behind for support access. In order to provide Cisco support with access to customer equipment, the company felt it was a great idea to equip all instances with the same SSH key. 

Having the same key on all systems is mistake number one, but wouldn't be fatal if the secret key would have been tugged away in Cisco's special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them.

Filtering SSH access to the device at your border is a good first step to protect yourself if you can't patch right away.

[1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"
A critical vulnerability found in a WordPress plug-in that has been downloaded over 1.7 million times allows potential attackers to take complete control of blogs that use it.
VMware is for the first time inviting anyone to beta test the next version of vSphere, the company's virtualization platform.
Docker makes virtualization light, easy, and portable; follow this step-by-step guide from installing Docker to building a Docker container for the Apache Web server
A new ARM mini-computer that could speed up the development of applications for 64-bit Android L smartphones and tablets will ship late next month.
Microsoft has joined the AllSeen Alliance, which is building an open source framework for connecting homes, cars and mobile devices.
IBM Sametime Meeting Server Arbitrary File Upload Vulnerability
Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Hackers recently broke into payment systems at several northwestern U.S. restaurants and food service companies via a remote access account belonging to one of their vendors, another example of the need for companies to monitor third-party access to their networks.
Microsoft's tactics in using a court order to seize nearly two-dozen No-IP.com domains it said were used to distribute Windows malware tools were called ham-handed by several critics.
A coalition of ISPs and communication providers from around the world filed a legal complaint against the U.K. Government Communications Headquarters (GCHQ), calling for an end to its alleged attacking and exploitation of network infrastructure to gain access to potentially millions of people's private communications.
Thanks to a computer chip, algorithms and nearly 10 years of research, a 23-year-old quadriplegic moved his fingers and hand with the power of his own thoughts.
A U.S. government privacy oversight board has found that the National Security Agency and other agencies have not misused the provisions of the country's overseas surveillance program, but cautioned that certain aspects of the program, such as the incidental collection of communications of U.S. persons, raises privacy concerns.
Windows 8's uptake stumbled last month, and the perception-plagued operating system flirted with falling behind the tempo of the Windows Vista flop of seven years ago.
China continues to hold the top spot in the Top 500 supercomputer list, but the U.S. still dominates, with 90% of the systems on the list made by U.S. vendors.
Microsoft's seizure of domains from a DNS service provider has also disrupted some state-sponsored cyberespionage campaigns, according to security vendor Kaspersky Lab.

Posted by InfoSec News on Jul 02


By Jeremy Kirk
IDG News Service
July 1, 2014

Microsoft admitted Tuesday it made a technical error after it commandeered
part of an Internet service's network in order to shut down a botnet, but
the Nevada-based company says its services are still down.

A federal court in Reno granted Microsoft an ex-parte restraining order...

Posted by InfoSec News on Jul 02


By Kate Vinton
Forbes Staff
July 1. 2014

"It's not a question of if you will be hacked, but when," says
cybersecurity expert Joe Adams. This is bad news for companies, not only
because of security risks, but also because data breaches have a
significant and measurable impact on customers’ trust and spending habits,...

Posted by InfoSec News on Jul 02


By Jillian Kay Melchior
National Review
July 1, 2014

A Romanian attacker hacked the Vermont health exchange's development
server last December, gaining access at least 15 times and going
undetected for a month, according to records obtained by National Review

CGI Group, the tech firm hired to build Vermont Health Connect,...

Posted by InfoSec News on Jul 02


By Shane Harris
Foreign Policy
July 1, 2014

A U.S. solar panel manufacturer whose business secrets were allegedly
stolen by Chinese computer hackers has asked the U.S. government to
investigate the matter, setting in motion a process that could see the
United States impose trade penalties for the first time in response to...

Posted by InfoSec News on Jul 02


By William Knowles @c4i
Senior Editor
InfoSec News
July 1, 2014

XSSposed (XSS exposed) is reporting that the Web sites of both the InfoSec
Institute and the EC-Council are vulnerable to a Cross-site scripting
(XSS) attack.

Cross-Site Scripting (XSS) inserts specially crafted data into existing
applications through Web sites. XSS attacks occur...
The OpenSSL Project is planning a number of changes to ensure its security component, used across millions of computers across the Internet, is in tip-top shape.
Internet Storm Center Infocon Status