Hackin9
Activists involved in Hong Kong's "Umbrella Revolution" have been targeted by remote access malware for Android and iOS that can eavesdrop on their communications—and do a whole lot more.

Malware-based espionage targeting political activists and other opposition is nothing new, especially when it comes to opponents of the Chinese government. But there have been few attempts at hacking activists more widespread and sophisticated than the current wave of spyware targeting the mobile devices of members of Hong Kong’s “Umbrella Revolution.”

Over the past few days, activists and protestors in Hong Kong have been targeted by mobile device malware that gives an attacker the ability to monitor their communications. What’s unusual about the malware, which has been spread through mobile message “phishing “ attacks, is that the attacks have targeted and successfully infected both Android and iOS devices.

The sophistication of the malware has led experts to believe that it was developed and deployed by the Chinese government. But Chinese-speaking hackers have a long history of using this sort of malware, referred to as remote access Trojans (RATs) as have other hackers around the world, for a variety of criminal activities aside from espionage. It’s not clear whether this is an actual state-funded attack on Chinese citizens in Hong Kong or merely hackers taking advantage of a huge social engineering opportunity to spread their malware. But whoever is behind it is well-funded and sophisticated.

Read 17 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Even as a Mac user, you may have heard about Bing, at least you may have seen it demonstrated in commercials [1]. But if your default search engine on your Mac is all for sudden switched to Bing, this may be due to another piece of legacy software that some Mac users may have a hard time living without : Microsoft's Internet Explorer. So why not just search ("google") if there is a version for OSX:

Google Search for mac internet explorer

In short: I don't think this software does anything illegal. It clearly advertises what it does. If you feel otherwise, you can file a complaint with courts in Cyprus where the company is located.

[1] https://www.youtube.com/user/bing
​[2] http://info.trovi.com/Privacy

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Kuddos to Matthew for paying attention to egress traffic. We keep emphasizing how important it is to make sure no systems talk "outbound" without permission. Just this last week, various Shellshock exploits did just that: Turn devices into IRC clients or downloading additional tools via HTTP, or just reporting success via a simple ping.

So no surprise that Matthew wrote us: "... the first time I saw the storage array SSH to the internet I about fainted. ..."

I would be surprised too! And turns out that isn't the only person that experienced this. Mark noted:

"Had the seem freak moment when I saw it happen.  The SAN happily communicating to an outside entity.  Though the company had been well and truly hosed."

Luckily, before going too far down the incident handling road, Matthew realized that this was a false positive. The storage array in question called "back home" to the vendor to report on its status. The purpose of this communication is to report failed disks or other critical events that may trigger a service call. Vendors will agree to turn off this feature, but then of course it is up to you to recognize faulty disks.

Got anything like that? Let us know. (if possible with log snippet / packet capture or other show-and-tells)

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LinuxSecurity.com: Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU (CVE-2013-4002). [More...]
 
LinuxSecurity.com: Updated perl-Email-Address package fixes security vulnerability: The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
 
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. [More...]
 
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]
 
LinuxSecurity.com: Several security issues were fixed in libvirt.
 
GNU Bash CVE-2014-6278 Incomplete Fix Remote Code Execution Vulnerability
 

To "celebrate" cyber security awareness month, we decided to focus on "scary false positives" during October. If you have any to share, please let us know. What we are looking for is preferably a lot entry, or another "indicator" that led you to believe that your system was compromised, but in the end turned out to be a false positive.

Please e-mail your stories to handlers-at-isc.sans.edu or use out Contact form.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Posted by InfoSec News on Oct 02

http://www.cnet.com/news/jimmy-kimmel-tops-macaffees-list-of-most-dangerous-cybercelebrities/

By Chris Matyszczyk
@ChrisMatyszczyk
CNet News
October 1, 2014

You might think that, with his little quips and pokes after many have gone
to bed, Jimmy Kimmel is a sweet, mischievous kitten.

Beneath that furry exterior, though, lies a criminal mind.

No, I'm not suggesting Kimmel is an embezzler -- even of jokes. Rather
he's found himself...
 

Posted by InfoSec News on Oct 02

http://www.thesecuritysetup.com/home/2014/10/1/hd-moore

[Interesting website I found while following someone else who was profiled
earlier, Uri with @redteamsblog, the idea here is 'what setup do folks in
security use to attack, defend, build, break, hack, crack, secure, etc.'
which should make for some interesting reading. - WK]

H D Moore
OCTOBER 1, 2014

Who are you, and what do you do?

My name is H D Moore (since the day I was...
 

Posted by InfoSec News on Oct 02

http://www.scmp.com/news/hong-kong/article/1607579/anonymous-hacker-group-declares-cyber-war-hong-kong

By Jeremy Blum
scmp.com
02 October, 2014

Hacker group Anonymous has declared war on the Hong Kong government and
hacked into a number of Hong Kong websites, citing the treatment of
protesters during Occupy Central as the main impetus for the attack.

In a video sent to American news portal News2share on Wednesday, Anonymous
compares the...
 

Posted by InfoSec News on Oct 02

http://www.wired.com/2014/10/open-windows/

BY ANGELA WATERCUTTER
Wired.com
10.02.14

Open Windows is kind of a weird movie; it’s viewed almost entirely through
a series of computer windows on a laptop screen. It’s also kind of a
prophetic movie; it’s about a young actress named Jill Goddard, the target
of a hacker who infiltrates her smartphone and laptop—and her life.

But instead of stealing the contents of the starlet’s private...
 

Posted by InfoSec News on Oct 02

http://www.nbcnews.com/tech/security/cyber-spy-high-meet-nsas-hacker-recruiter-n216056

BY EAMON JAVERS
NBC News
Oct 1, 2014

The National Security Agency has a recruiting problem.

Rocked by the Edward Snowden disclosures and facing stiff competition for
top talent from high-paying Silicon Valley firms, the nation's cyber spy
agency is looking to recruit a new generation of college hackers and tech
experts. And through one new program,...
 
libvirtd 'qemuDomainGetBlockIoTune()' Function Out-of-Bounds Read Vulnerability
 
Internet Storm Center Infocon Status