Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Measuring Healthcare InfoSec Competency
BankInfoSecurity.com
Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy. "The CIO or CISO or compliance ...

and more »
 

Measuring Healthcare InfoSec Competency
GovInfoSecurity.com
Information security and privacy work in healthcare environments often requires a depth of specialized knowledge and competency that can be validated through the help of professional credentialing, says CISO Sean Murphy. "The CIO or CISO or compliance ...

and more »
 
Potentially helping developers more quickly build cross-platform applications, Microsoft is releasing as open source its WinJS JavaScript library for building Windows-styled controls.
 
Although NASA publicly severed many ties with its Russian counterparts Wednesday, the U.S. space agency is not concerned Russia will leave its astronauts without a lift home.
 
A group of state attorneys general in the U.S. is launching an investigation into a recently disclosed data breach of 200 million personal records at a subsidiary of credit monitoring firm Experian.
 
As it rolled out tools and features for coders at its Build developer conference Thursday, Microsoft showed that it is ready to embrace technologies and platforms not invented within its walls.
 
XYZprinting, which today put its first 3D printer on sale, said it plans to drive prices down further and offer a printer with a built-in scanner.
 
That didn't take long. The jury has only been sitting a day in the latest Apple v. Samsung patent battle and lawyers are already fighting about what's being said in court.
 
WebKit CVE-2014-1297 Unspecified Security Bypass Vulnerability
 
WebKit CVE-2014-1309 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2014-1308 Unspecified Memory Corruption Vulnerability
 
The U.S. Agency for International Development (USAID) on Thursday defended its work in setting up a Twitter-like service in Cuba to promote democracy in the communist country.
 
CEO of Mozilla for less than two weeks, Brendan Eich stepped down today amid controversy over his 2008 contributions to supporters of Proposition 8, the California initiative that banned same-sex marriage.
 
Scientists are working with nanoballoons that are popped by lasers to target chemotherapy treatments directly at cancerous tumors.
 
WebKit CVE-2014-1302 Unspecified Memory Corruption Vulnerability
 
Microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.
 
3D printer makers are working with technology giants such as Google to speed up the printing process for mass production. NASA is using 3D printing for rapid prototyping of spacecraft parts.
 
WebKit CVE-2014-1312 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2014-1310 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2014-1304 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2014-1311 Unspecified Memory Corruption Vulnerability
 
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
 
ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities
 
How can you have a business relationship management program that doesn't include input from the business units?
 
Marketers who ignore Google Plus are missing a worthwhile opportunity, according to a new report from Forrester. Googles social platform delivers nearly double the engagement rate of Twitter, and yet some large brands continue to be lackadaisical with their effort.
 
Kaspersky Labs says that nearly 30 percent of all Phishing attacks last year targeted financial institutions, second only to social networking Phishing attack campaigns, which accounted for nearly 36 percent of all attacks of this type.
 
Home routers and other consumer embedded devices are plagued by basic vulnerabilities and can't be easily secured by non-technical users, which means they'll likely continue to be targeted in what has already become an increasing trend of mass attacks.
 

SnoopWall Unveiling Next Generation Privacy Solution for Android Devices at ...
PR Web (press release)
The InfoSec World Expo brings together the latest advances in technology and the most innovative solutions businesses need to secure their information assets. Specialized workshops and discussion platforms are aimed to provide the professionals and ...

 
Apple today announced that its annual developers conference will run June 2-6, and that it's copying Google's method of assigning tickets through a random drawing.
 
LinuxSecurity.com: LibYAML could be made to crash or run programs if it opened a speciallycrafted YAML document.
 
LinuxSecurity.com: libyaml-libyaml-perl could be made to crash or run programs if it opened aspecially crafted YAML file.
 
LinuxSecurity.com: Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: NSS could be made to expose sensitive information over the network.
 
LinuxSecurity.com: Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
Premier 100 IT Leader Doris Peek also answers questions on the value of education and of learning about the business.
 
[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
 
[softScheck] Denial of Service in Microsoft Office 2007-2013
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft teased a touch-first Office for Windows 8.1, but contrary to many experts' expectations, previewed only one app and declined to define a release window.
 
Splunk Prior to 5.0.8 Unspecified Cross Site Scripting Vulnerability
 
Qualcomm has chipsets on the way that use new antenna technology to boost Wi-Fi download speeds in crowded spaces where lots of people are competing for bandwidth.
 
The options are increasing for people who want an LTE smartphone, but don't want to spend a fortune or sign an expensive contract. Two new alternatives that won't drain wallets are Nokia's Lumia 635 and the Huawei-made Kestrel.
 
XYZprinting's da Vinci 3D printer went on sale today and is among the lower priced printers in an arena mostly made up of $1,000-plus machines.
 
China may be tightening the noose around Bitcoin: two exchanges dealing in the virtual currency have been forced to suspend bank transfers from customers depositing yuan to buy bitcoins.
 
Yahoo said Wednesday it was encrypting traffic flowing between its data centers, several months after leaked documents revealed the government had been sniffing those links.
 
Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability
 
0A29-14-1 : NCCGroup EasyDA privilege escalation & credential disclosure vulnerability [0day]
 
Yahoo said Wednesday it was encrypting traffic flowing between its data centers, several months after leaked documents revealed the government had been sniffing those links.
 
Juniper Networks will lay off about 6% of its workforce and back out of application delivery controllers as part of a restructuring intended to cut costs and focus the company on markets where it can grow fast.
 
Intel is preparing a new 'Braswell' chip to succeed its power-efficient Bay Trail processor found in PCs besides working on bringing over 20 Chromebook designs to the market this year.
 
Today's security suites try to protect all (or most) of your devices, and provide Web-based management. We examine how seven major applications compare in terms of features, ease of use and which devices they actually protect.
 
NASA announced late Wednesday that because of continuing tensions with the Russian government, it is scaling back work with Russia's space agency.
 
Blocking and throttling Internet traffic will become illegal in the European Union following a parliamentary vote on Thursday.
 
A lot of companies today have various IDS and IPS devices implemented in their internal network (especially if you must be compliant with PCI DSS, for example). So these devices get implemented to monitor various traffic at various interfaces/perimeters in a company, but the question I got asked is how can we be sure that the IDS/IPS is doing its job?
 
Obviously, some simple monitoring should be in place – this typically consists of pinging the device or collecting various counters such as memory, CPU usage and similar. This is normally enough to make sure that the device is up and operational. But the question is – how do we make sure that the IDS/IPS is actually detecting malicious traffic or network attacks?
 
An obvious answer to this question is to try to send something malicious and to see if the IDS/IPS correctly identified the attack. So the following options (or all of them) can be implemented:
  • We can automatically download eicar.com and see if the IDS/IPS detected the malicious file.
  • We can perform an automatic scan with nmap or execute any NSE nmap script. Typically, a normal scan (a SYN scan) should trigger the IDS/IPS. This is also a good test to see if the IDS/IPS is detecting network behavior.
  • We can send an exploit over the network. While thinking what to send I browsed through pytbull, which is an IDS/IPS testing framework (more at http://pytbull.sourceforge.net/). Pytbull comes with a bunch of attacks that can be used to test your IDS/IPS installations. At the end I decided that it was too complex, so it was much easier just to take some shellcode, prepend NOP sled to it (yea, so it looks real) and use scapy to send it.
The above "attacks" can now be scheduled – for every schedule, the IDS/IPS device should detect (and/or block) such attacks. To confirm that everything is working ok, it should also generate an appropriate log file which can be then automatically verified with a SIEM; if an attack was executed and there was no detection we know something went wrong with either the IDS/IPS device or the network between the probe and the device – no matter what our standard monitoring is saying.
 
So, what mechanisms do you use to verify your IDS/IPS is working OK? Let us know!

--
Bojan
@bojanz

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

InfoSec Institute Partners with AFCEA International
PR Web (press release)
“The shortage of information security professionals is the biggest crisis facing the United States,” said President Barack Obama in his January 2014 State of the Union Address. InfoSec's mission is to prepare these professionals, and one way they are ...

and more »
 
Linux Kernel 'compat_sys_recvmmsg()' Function Local Memory Corruption Vulnerability
 

Posted by InfoSec News on Apr 03

http://online.wsj.com/article/BT-CO-20140402-708921.html

By Ryan Tracy
The Wall Street Journal
April 2, 2014

WASHINGTON -- U.S. regulators are warning of a pattern in cyberattacks
targeting automated teller machines that could saddle banks with "large
dollar losses" from unauthorized withdrawals.

The attacks are increasing, senior bank supervisors on the Federal
Financial Institutions Examination Council said in a statement...
 

Posted by InfoSec News on Apr 03

http://www.computerworld.com/s/article/9247391/Researchers_publicly_disclose_vulnerabilities_in_Oracle_Java_Cloud_Service

By Lucian Constantin
IDG News Service
April 2, 2014

Security researchers released technical details and proof-of-concept code
for 30 security issues affecting Oracle's Java Cloud Service, some of
which could allow attackers to compromise business-critical Java
applications deployed on it.

Researchers from Polish...
 

Posted by InfoSec News on Apr 03

http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html

By Stuart Corner
IT Pro
smh.com.au
April 3, 2014

The global IT security budget runs into tens of billions of dollars but
much of it is not being used effectively, say security experts.

ABI Research estimated that cyber security spending for critical
infrastructure - the segments of defence, energy, financial, healthcare,
ICT,...
 
Internet Storm Center Infocon Status