Hackin9
Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability
 
Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
 
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

This carp was not paranoid enough. (The person pictured has nothing to do with the case reported in this post.) (credit: Wikipedia)

A former Department of Energy employee has pleaded guilty to federal charges that he attempted to infect 80 current DOE employees with malware so foreign hackers could take control of computer systems that held sensitive information related to nuclear weapons, officials said Wednesday.

Charles Harvey Eccleston, 62, pleaded guilty to one count of attempted unauthorized access and intentional damage to a protected computer, according to a statement issued by officials with the US Department of Justice. The statement said the man, who previously worked for both the DOE and the US Nuclear Regulatory Commission, plotted to compromise federal computer networks by sending current employees highly targeted e-mails that he believed contained links to malware that would give hackers remote access. Such campaigns are often referred to as spear phishing because they target a specific individual, often referring to them by name and referencing specific interests of job duties.

Prosecutors said the plot came to their attention in 2013 after Eccleston entered an unnamed foreign embassy in Manila, Philippines and offered to sell a list of more than 5,000 e-mail addresses of officials, engineers, and employees of a US government agency. Undercover FBI agents posing as embassy employees then worked to build a criminal case against the former employee, who prosecutors said was terminated from his employment at the Nuclear Regulatory Commission in 2010. To make the e-mail more convincing, it posed as an advertisement for a conference related to nuclear energy. According to the press release:

Read 1 remaining paragraphs | Comments

 

(credit: Check Point Software)

eBay has no plans to fix a "severe" vulnerability that allows attackers to use the company's trusted website to distribute malicious code and phishing pages, researchers from security firm Check Point Software said.

The vulnerability allows attackers to bypass a key restriction that prevents user posts from hosting JavaScript code that gets executed on end-user devices. eBay has long enforced the limitation to prevent scammers from creating auction pages that execute dangerous code or content when they're viewed by unsuspecting users. Using a highly specialized coding technique known as JSFUCK, hackers can work around this safeguard. The technique allows eBay users to insert JavaScript into their posts that will call a variety of different payloads that can be tailored to the specific browser and device of the visitor.

"An attacker could target eBay users by sending them a legitimate page that contains malicious code," Check Point researcher Oded Vanunu wrote in a blog post published Tuesday. "Customers can be tricked into opening the page, and the code will then be executed by the user's browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download."

Read 6 remaining paragraphs | Comments

 

Dark Reading

7 Signs of Infosec's Groundhog Day Syndrome
Dark Reading
Sometimes working in information security can make people feel a little bit like Sisyphus. Or, at least like Bill Murray in the movie "Groundhog Day." You wake up and the same types of weaknesses in your people and technology are being attacked by the ...

 
Security Advisories
 

2016 Information Security Predictions
Finextra (blog)
No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off… Wearable Devices. Cyber crooks don't care ...

and more »
 
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
 
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability
 
SimpleView CRM - Client Side Open Redirect Vulnerability
 
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability
 

Microsoft announced on the TechNet blog the availability of a new version of its EMET tool (EMET stands for Enhanced Mitigation Experience Toolkit). The purpose of this tool is to implement extrat securitycontrols to prevent common vulnerabilities in software like: DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization">

  • Compatibility with Windows 10
  • Improved deployment and configuration via GPO
  • Improved writing of the mitigations to the registry
  • EAF/EAF+ pseudo-mitigation performance improvements
  • Support for untrusted fonts mitigation in Windows 10
  • More info about configuration guidelines is available here.

    Xavier Mertens
    ISC Handler - Freelance Security Consultant
    PGP Key

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

     

    2016 Information Security Predictions
    Finextra (blog)
    No bones about it, 2016 is sure to see some spectacular, news-chomping data breaches, predicts many in infosec. If you thought 2015 was interesting, get your seatbelt and helmet on and prepare for lift off… Wearable Devices. Cyber crooks don't care ...

     
    ASUS RT-N56U Persistent XSS
     
    TimeClock - Multiple SQL Injections
     
    Mezzanine CMS 4.1.0 XSS
     
    Mezzanine CMS 4.1.0 Arbitrary File Upload
     

    Ill explainyou how to automate vulnerability scans. There are plenty of vulnerability scanners on the market (commercial or free solutions). Usually, Im using OpenVASmainly because it is free. A lot has been said about this solution, it makes also me sometimes frustrated but, at the end, it is doing a good job. The OpenVAS architecture is based on different components: a manager, one (or more) scanner,command line tools and a web frontend called Greenbone Security Assistant. Lets focus on the command line tool called omp which uses the OpenVAS">The number of action is quite limited and allow only basic tasks. But itprovides the -X or --xml argument which allows us to send raw XML data to the server! This is much more powerful! (a complete reference is available here).To use omp, the very first step is to create a configuration file to automate the connection. Create a"> [Connection]host=127.0.0.1port=9390username=xavier">(Don">">We are now ready to talk to the OpenVAS manager and to retrievesome data (--pretty-print"> $ omp --pretty-print --xml get_targets/get_targets_response status_text=OK status=200 target id=dcc82d64-1c87-44d8-aef5-24c1f552ddcd owner namexavier/name /owner nameLocal Hosts/name comment/comment creation_time2016-02-02T22:12:08+01:00/creation_time modification_time2016-02-02T22:12:08+01:00/modification_time writable1/writable in_use1/in_use permissionspermission nameEverything/name /permission/permissions user_tags count0/count /user_tags hosts192.168.254.0/24/hosts exclude_hosts/exclude_hosts max_hosts254/max_hosts port_list id=c7e03b6c-3bbe-11e1-a057-406186ea4fc5 nameOpenVAS Default/name trash0/trash /port_list ssh_lsc_credential id= name/name">Lets create a new scan from the command line. Considering that OpenVAS has alreadybeen configured for your environment, the different steps are:">First,tocreate our target,"> $ omp --xml create_target nameMy New Scan/name hosts192.168.254.0/24/hosts/create_targetcreate_target_response id=dcc82d64-1c87-44d8-aef5-24c1f552ddcd status_text=OK, resource created status=201/create_target_response"> $ omp --xml ... | xmlstarlet sel -t -v /create_target_response/@iddcc82d64-1c87-44d8-aef5-24c1f552ddcd"> $ omp --xml create_task nameMy New Scan/name preferences preference scanner_namesource_iface/scanner_name valueeth0/value /preference /preferences config id=74db13d6-7489-11df-91b9-002264764cea/ target id=dcc82d64-1c87-44d8-aef5-24c1f552ddcd//create_taskcreate_task_response id=8fc4cccd-243f-4edb-a390-5f83d04f90b6 status_text=OK, resource created status=201/create_task_response">We are now ready to launch the vulnerability scan. Let"> $ omp --xml get_tasks/"> $ omp xml ">start_task task_id=">/">start_task_response status=200 status_text=OK/"> $ omp --xml ">get_reports report_id=cc995c30-0a5d-486d-a02f-a03eba63172a">format_id=c402cc3e-b531-11e1-9163-406186ea4fc5/">Lets think further...If we can talk to an OpenVAS manager via XML, it could be easy to integrate OpenVAS with other tools?">">Xavier Mertens
    ISC Handler - Freelance Security Consultant
    PGP Key
    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
     
    Internet Storm Center Infocon Status