Attackers exploited a previously unknown and currently unpatched security bug in Microsoft's Internet Explorer browser to surreptitiously install malware on the computers of federal government workers involved in nuclear weapons research, researchers said Friday.

The attack code appears to have exploited a zero-day vulnerability in IE version 8 when running on Windows XP, researchers from security firm Invincea said in a blog post. The researchers have received reports that IE running on Windows 7 is susceptible to the same exploit but have not been able to independently confirm that. Versions 6 and 7 of the Microsoft browser don't appear to be vulnerable. The blog post didn't mention the status of IE 9 or 10.

The attack was triggered by a US Department of Labor website that was compromised to redirect visitors to a series of intermediary addresses that ultimately exploited the vulnerability, according to Invincea. The exploit caused vulnerable Windows machines to be compromised by "Poison Ivy," a notorious backdoor trojan that had been modified so it was detected by only two of 46 major antivirus programs in the hours immediately following the attack. The specific webpages that were hacked dealt with illnesses suffered by employees and contractors developing atomic weapons for the Department of Energy, the blog post said, citing this report from NextGov. That's consistent with so-called "watering hole" attacks, in which employees of a targeted organization are infected by planting malware on the sites they're known to frequent.

Read 5 remaining paragraphs | Comments

The Pacific Bell tower in San Francisco, the high-rise headquarters of the phone company through eight decades and several name changes, was a monument to copper.
Facebook has reached an agreement with the company Timelines Inc. to settle a trademark infringement lawsuit over the social network's use of the name Timeline.
Acer is waiting for the next version of Windows RT, due in the second half of this year, before deciding whether to release a tablet that runs on that OS.
On the back end of an earnings season that by many accounts could have been worse, tech investors appeared to be in the mood to celebrate on Friday, sending shares of IT companies higher as key stock-market indexes hit milestone highs.
A warning delivered by the Google Safe Browsing service. The link reported as malicious was embedded in a game available in Apple's iOS App Store.

At first blush, it looked serious: a Web link to a known source of malware buried deep inside of a highly rated app that has been available for months in Apple's iOS App Store. For years, antivirus programs have recognized the China-based address—x.asom.cn—as a supplier of malicious code targeting Windows users. Were the people behind the operation expanding their campaign to snare iPhone and iPad users?

Although Macworld writer Lex Friedman said the link was likely harmless, I wasn't so sure. As he pointed out, an iOS app from antivirus provider Bitdefender warned that the Simply Find It app, last updated in October, contained malware classified as Trojan.JS.iframe.BKD. Even more suspicious, Google's safe browsing service was causing the Firefox and Chrome browsers to block attempts to visit the address on the grounds that it had been reported as an attack page. "Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners," Google's advisory warned as recently as Thursday.

So, what was the link, embedded in an HTML tag known as an iframe, doing in an MP3 file included with the game? Who put it there? And, most importantly, was it infecting people who installed Simply Find It on their iOS devices?

Read 7 remaining paragraphs | Comments

IBM Data Studio CVE-2013-0467 Information Disclosure Vulnerability
You wake up in the morning and your robot starts the coffee maker and then sends your daily calendar to your car, which then chooses alternate routes to work so you can avoid major construction on your normal path.
Google's move this week to make it easier for Chrome browser users to find "packaged apps" is part of a strategy to turn any Internet-capable device into a Chromebook wannabe loyal to the company's ecosystem, an analyst said today.
An Algerian man accused of helping to develop and distribute the SpyEye computer virus has been extradited from Thailand to the U.S. to face criminal charges, the U.S. Department of Justice announced.
Office 365 users will increasingly be able to import contacts from external applications after the suite's initial rollout of this capability for Facebook and LinkedIn.
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "CDisplayPointer" Use-after-free (MS13-028)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 "Scroll" Use-after-free (MS13-028)
[ MDVSA-2013:160 ] phpmyadmin
NASA released photos taken by three smartphones as they orbited Earth.
Office 365 users will increasingly be able to import contacts from external applications after the suite's initial rollout of this capability for Facebook and LinkedIn.
Google has started rolling out a new feature in Gmail that lets users create Google Calendar entries from their email messages.
libxml2 Multiple Use After Free Memory Corruption Vulnerabilities
Dell is investigating a report that a Middle East reseller has sold large numbers of computers to a Syrian company with ties to the embattled government there, in violation of U.S. export restrictions.
Now that developers have Google Glass in hand, the first apps are starting to come out.
Samsung said Friday that its smartphones and tablets running its Knox security and management software have been cleared for use on the U.S. Department of Defense network.
A one-of-a-kind aircraft powered solely by solar energy took to the skies above Silicon Valley early Friday morning on the first leg of a planned trip across the U.S.
IBM is 102 years old. At its height, it was almost a cult, with employees dressing alike, speaking a unique language and earning benefits that took care of them for life. Today's tech companies aren't built to last, as Apple's recent earnings report shows all too well.
Retailers share part of the blame for poor Windows 8 sales and the ensuing decline of PC shipments, analysts contended today.
A one-of-a-kind aircraft powered solely by solar energy took to the skies above Silicon Valley early Friday morning on the first leg of a planned trip across the U.S.
Acer has placed its bet in the tablet wars on low pricing, introducing a $169 Android tablet with a 7.9-inch screen.
On The H's radar over the last seven days: non-web Persona use proposed, how to report a DDoS, laptops filled with porn, tracking ships, counting fake callers, PDF receipts, mainframe intrusion, and accessible pentesting


Talking Infosec Awareness and Training with Kaspersky Labs' David Emm
Infosecurity Magazine (blog)
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm. Shortly before the chaos of Infosecurity Europe, I joined David Emm, senior security researcher at Kaspersky Lab, for lunch in a lovely quiet gastro pub in the Oxfordshire countryside.

Linux Kernel 'SCM_CREDENTIALS' Local Security Bypass Vulnerability
Linux Kernel CVE-2013-1959 Local Privilege Escalation Vulnerability

Infosec 2013: Debate on whether external auditors are a threat or help to ...
SC Magazine UK
At Infosecurity Europe 2013, an Oxford Union-style debate was held on the role of external auditors. The topic voted for by Infosecurity attendees was: “The auditor is a bigger challenge to information security than the cyber criminal”. Part of an ...

A special court established to review government requests for warrants to conduct electronic surveillance of suspected foreign spies received close to 1,900 warrant requests last year -- all of which it approved.
Many U.S. tech companies are pushing hard this year for an increase in the number of high-skill immigrants allowed into the country, but many veteran IT workers question their motives for wanting to increase the number of visas under the controversial H-1B program.
LinuxSecurity.com: Updated phpmyadmin package fixes security vulnerabilities: In some PHP versions, the preg_replace\(\) function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a [More...]
Should you trade your clear-cut written outsourcing contract for a simpler agreement and a handshake with your IT services provider? Thomas Young from Information Services Group (ISG) says you should consider what he calls 'evolutionary contracting.'
Many tech companies have called for the U.S. Congress to ease restrictions on high-skill immigration because they can't find qualified tech workers to fill open positions. Yet, many veteran IT tech workers say they can't find jobs.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Stunnel, a program designed to work as an universal SSL tunnel for network daemons, is prone to a buffer overflow vulnerability when using the Microsoft NT LAN Manager (NTLM) authentication ("protocolAuthentication = NTLM") together with the 'connect' protocol [More...]
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
Ever since Google announced that Austin, Texas, would become the second fiber city in the U.S. last month, residents there have been given few details on how the tech company will select the first neighborhood to get the gigabit-speed Internet and TV package.
Barnes & Noble is adding the Google Play store to HD versions of its Nook tablet, in a bid to counter slowing sales of its devices.
U.S. mobile networks carried 69 percent more data traffic in 2012 than in the prior year, but roughly the same number of voice minutes and fewer SMS messages, according to the industry group CTIA.
Researchers tried to sneak known Android malware past ten anti-virus programs – and were successful in all ten cases. Often, only marginal malware modifications were required

A 41-year-old man was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge, the FBI said.
Toshiba plans to expand its tablet offerings in the U.S. later this year as it explores more screen sizes and price points.
The U.S. Department of Defense has cleared BlackBerry 10 smartphones and PlayBook tablets for use on its networks, amid reports that the department may also clear devices from Samsung Electronics and Apple.
The open source IPsec VPN software strongSwan potentially accepts invalid digital signatures and certificates for IPsec connections

A partnership that sought to make it easy for Americans and Canadians to buy the virtual currency bitcoin has dissolved into a US$75 million lawsuit.

Posted by InfoSec News on May 03


By Tom Parker
Dark Reading
April 30, 2013

When news stories broke last month regarding the legitimacy of using lethal
force against civilian hackers, I questioned what the future might hold for
exploit devs and other members of the cybersupply chain who are facilitating
state-funded, offensive cybercapabilities -- particularly when it comes to more...

Posted by InfoSec News on May 03


By Sean Gallagher
Ars Technica
May 2, 2013

On March 16, in what appeared to be another case of Chinese espionage, FBI
agents boarded a plane at Dulles International Airport to arrest Bo Jiang, a
Chinese national with a doctorate in electrical engineering from Old Dominion
University. Jiang, a former contractor at NASA's Langely...

Posted by InfoSec News on May 03


By Jaikumar Vijayan
May 2, 2013

A spokesman for the U.S. Army Corps of Engineers today downplayed the
significance of a recent incident of unauthorized access to a database
containing potentially sensitive information on thousands of high hazard dams
across the country.

The unauthorized access to the National Inventory of Dams...

Posted by InfoSec News on May 03


By Ellen Messmer
Network World
May 02, 2013

The popular Snapchat photo-messaging app used mainly by Android and iOS mobile
device owners to share images that then self-destruct after 10 seconds is the
sort of security idea that businesses say can help them secure online
transactions with business partners.

“It puts controls on what people see, and I can put...

Posted by InfoSec News on May 03

Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>

Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but...
Internet Storm Center Infocon Status