Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

UK Bank Fraud Victims Could Be Held Liable Under New Proposals
SYS-CON Media (press release)
... build their professional reputations. With an audience of more than half a million and more than 10,000 posts by security experts, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering ...

and more »
 

SEC Names Christopher Hetner as Senior Advisor to the Chair for Cybersecurity Policy
Newsroom America
“Having dedicated my career to information security, I am honored to have the opportunity to advise Chair White on cyber policy issues,” said Mr. Hetner. “I look forward to working with staff across the agency to enhance our risk-based approach to ...

 

Techworm

Anonymous announce OpSilence against MSM, bring down CNN and FOX News servers
Techworm
Early Tuesday morning, a group of hacktivists from Ghost Squad Hackers claimed to have taken down the email servers of CNN and FOX News. It's the first attack for #OpSilence, hacking group Anonymous' impending month-long assault on the media for ...

 

Enlarge

A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin called WP Mobile Detector, security researchers warned.

The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP Mobile Detector came to light on Tuesday in this post. The plugin has since been removed from the official WordPress plugin directory. As of Wednesday, the plugin reportedly had more than 10,000 active installations, and it appears many remained active at the time this post was being prepared.

The security flaw stems from the plugin's failure to remove malicious input submitted by website visitors. Because the WP Mobile Detector performs no security checks, an attacker can feed malicious PHP code into requests received by websites that use the plugin.

Read 4 remaining paragraphs | Comments

 

SEC Names Christopher Hetner As Senior Advisor To The Chair For Cybersecurity Policy
Exchange News Direct
Mr. Hetner has more than 20 years in information security and technology. He joined the SEC from Ernst and Young (EY) where, from November 2012 to January 2015, he led the Wealth and Asset Management Sector Cybersecurity practice. At EY, his team ...

and more »
 

SYS-CON Media (press release)

Ransomware and the Cloud | @CloudExpo #InfoSec #DataCenter #Security
SYS-CON Media (press release)
It's been years since it became obvious that crypto isn't necessarily usable for benign purposes only. Back in the day, a variety of data encryption techniques were contrived to protect sensitive communication against MITM (man-in-the-middle) attacks ...

 
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
 
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
 

UK Bank Fraud Victims Could Be Held Liable Under New Proposals
SYS-CON Media (press release)
... build their professional reputations. With an audience of more than half a million and more than 10,000 posts by security experts, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering ...

and more »
 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
XML External Entity XXE vulnerability in OpenID component of Liferay
 

evious diary, Jim talked about forensic operations against Docker containers. To be able to perform investigations after an incident, we must have some fresh meat to search for artefacts. As Jim explained, memory is always a nice place to search (volatility is your best friend) but memory is... volatile! Docker is also very volatile by design. You dont know exactly where the containers are deployed and a system access to collect a memory image is not always easy.To increase our chances to find artefacts, its always better to collect data before">">Docker comes with multiple ways to logs containers events. More and more focus has been put on logging and today, many ways are available:">The default driver is json-file"> /var/lib/docker/containers/(CONTAINER_ID)/(CONTAINER_ID)-json.log">To review the logs, the command docker logs "> # docker logs dshieldValidating provided credentials...API key verification succeeded!Starting cowrie...Removing stale pidfile /srv/cowrie/cowrie.pid ">Easy but not very convenient and data remains stored on the box. By design, some containers may have a very limited lifetime and once deleted, logs are gone too.It">Each driver comes with its own set of options that can be fine-tuned with --log-opt =. Example for the Syslog driver, we can configure the remote Syslog server andfacility. More information about the different ways to configure logging is available on the Docker website.On Ubuntu, the best way to change the default configurationis to change the DOCKER_OPTS environment variable in /etc/default/docker/."> DOCKER_OPTS=--log-driver=splunk \--log-opt splunk-token=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx \--log-opt splunk-url=https://splunk.fqdn.tld:8088 \--log-opt splunk-insecureskipverify=true \--log-opt tag={{.ImageName}}/{{.Name}}/{{.ID}} \--log-opt labels=type,location">">">">Two important notesabout containers logging: The first one isabout timestamps: By default a container is started with a clock set to UTC. Keep this in mind while performing investigations. To fix the correct time"> # Set the timezoneRUN echo Europe/Brussels /etc/timezoneRUN dpkg-reconfigure -f noninteractive tzdata">The second point is about logging network traffic. When the Docker daemon is started, a network dedicated to containers is deployed. An extra interface docker0"> Jun 1 20:15:36 inception kernel: [8415191.429757] IN=docker0 OUT=eth0 PHYSIN=veth2ad35f6 \MAC=02:42:c6:a7:b3:f2:02:42:ac:11:00:04:08:00 SRC=172.17.0.4 DST=172.16.0.10 LEN=52 TOS=0x00 \PREC=0x00 TTL=63 ID=15759 DF PROTO=TCP SPT=41017 DPT=25 WINDOW=229 RES=0x00 ACK URGP=0 Jun 1 20:59:10 inception kernel: [8417805.742798] IN=eth0 OUT=docker0 \MAC=c2:41:32:db:26:fc:00:00:24:d0:69:51:08:00 SRC=5.45.72.51 DST=172.17.0.6 LEN=140 TOS=0x18 \PREC=0x20 TTL=117 ID=7085 DF PROTO=TCP SPT=50424 DPT=2222 WINDOW=512 RES=0x00 ACK PSH URGP=0">In many applicationsand products, the default settings lack of properlogging. Be sure sure to review the settings to generate enough events to investigate later!Happy">Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
 

How not to panic in a crisis
IT World Canada
When that happens, he told infosec pros Wednesday in Toronto at the SC Congress conference, they'd better be prepared – and prepared to keep calm. “Until we embrace the new paradigms of cybersecurity, this (a crisis) is probably going to be a future ...

 
Internet Storm Center Infocon Status