Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Most of you will remember the pennie stock SPAM messages from a fair few years ago. The main aim of the game is to buy a bunch of pennie stock and then do a SPAM campaign to drive buying interest, artifically inflating the price of the stock. They sell and make their money. It may be a few cents per share, but if you own enough of it can be quite profitable. Most SPAM filters are more than capable of identifying and dumping this kind of SPAM.

It looks however like it is becoming popular again. My little SPAM traps have been receiving a few of these messages over the last few days.






It is making noise again!!! It Started Moving After this


News!!!


Date: Thursday, Apr 4th, 2013


Name: Pac West Equities, Inc.


To buy: P_WEI


Current price: $.19


Long Term Target: $.55





OTC News Subscriber Reminder!!! Releases Breaking News This


Morning!








What is old is new again. It might be agood idea to check that your filters are taking care of these for you.


Mark
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
It's been a turbulent decade at Hewlett-Packard, with board members and CEOs resigning or being ousted for all manner of colorful reasons, including strategic missteps, accusations of spying on journalists and alleged sexual harassment.
 
The HTC First smartphone will have native support for Facebook Home when it ships on AT&T April 12. Some analysts wonder how soon -- or whether -- native support for the app will be added to more smartphones.
 
Puppet CVE-2013-1640 Remote Code Execution Vulnerability
 

Microsoft is expecting to release a total of 9 bulletins, 2 of which are critical, and the rest important. One of the critical bulletins affects Windows and Internet Explorer, so we expect the usual Internet Explorer cumulative patch, maybe fixing some of the pwn2own vulnerabilities discovered during CanSecWest.

Otherwise it is a lot of the usual with Windows, Office and Server Software (Sharepoint and Groove) patches. The one that sticks out a bit is the bulletin fixing Security Software. It will patch a vulnerability in Windows Defender on Windows 8 and RT.

So overall an average patch Tuesday.

http://technet.microsoft.com/en-us/security/bulletin/ms13-apr

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook's Home mobile software for Android-equipped smartphones might only appeal to the most active Facebook users at first, but the company's plan to integrate third-party social services into it could broaden its appeal.
 
LinuxSecurity.com: Updated puppet packages that fix several security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated openstack-nova packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated openstack-keystone packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names ('test' command) and evaluating /dev/fd file [More...]
 
LinuxSecurity.com: This update provides a compatible version of Unity Firefox Extension forFirefox 20.
 
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
 
LinuxSecurity.com: Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
 

Over a year after the arrest of eight of its members in Russia, the alleged leader of the original Carberp botnet ring that stole millions from bank accounts worldwide has been arrested, along with about 20 other members of the ring who served as its malware development team. The arrests, reported by the news site Kommersant Ukraine, were a collaboration between Russian and Ukrainian security forces. The alleged ringleader, an unnamed 28-year-old Russian citizen, and the others were living throughout Ukraine.

Initially launched in 2010, Carberp primarily targeted the customers of Russian and Ukrainian banks and was novel in the way it doctored Java code used in banking apps to commit its fraud. Spread by the ring through malware planted on popular Russian websites, the Carberp trojan was used to distribute targeted malware that modifies the bytecode in BIFIT's iBank 2 e-banking application, a popular online banking tool used by over 800 Russian banks, according to Aleksandr Matrosov, senior malware researcher at ESET. The botnet that spread the malware, which was a variant of the Zeus botnet framework, also was used to launch distributed denial of service attacks.

In February of 2011 the group put its malware on the market, selling it to would-be cybercriminals for $10,000 per kit—but it pulled the kit a few months later.

Read 1 remaining paragraphs | Comments

 

The Postgresql team announced earlier today the release of patches for its popular open source database. The description of the vulnerability sounds quite scary. An attacker may cause corruption to the database, or if the attacker is able to log in, the attacker may then escalate privileges and in some cases execute arbitrary code.

The vulnerability is triggered by connecting to the database and specifying a database name that starts with a -. This database does not have to exist for the vulnerability to be triggered. The database name starting with a - is then parsed as a command line argument and can be used to corrupt the database.

There was some controversy about how the bug was handled by the postgresql team. But overall, they appear to have done a good job in patching this quickly. For the last few days, the postgresql source code repository was not viewable to prevent an early release of the vulnerability.

Of course, nobody should allow direct connections to the firewall from the outside, but this bug may be exploitable after for example compromising a web server with a postgresql backend (a simple SQL injection is probably not enough, but other exploits that modify the database connect string could be used).

So in short: patch

References:

http://seclists.org/bugtraq/2013/Apr/26

http://www.postgresql.org/support/security/faq/2013-04-04/



------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hewlett-Packard's Ray Lane is giving up his role as chairman amid ongoing shareholder disapproval of HP's troubled Autonomy acquisition.
 
Oracle's sprawling annual OpenWorld conference doesn't kick off until September, but next week the Oracle user group-backed Collaborate event will be held in Denver.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0800 Out of Bounds Denial of Service Vulnerability
 
Novell Groupwise Client CVE-2013-0804 Multiple Remote Code Execution Vulnerabilities
 
Mozilla Firefox/Thunderbird/Seamonkey CVE-2013-0796 Memory Corruption Vulnerability
 
The Carbon Audio's $100 Zooka is a Bluetooth speaker available in black, green, gray, blue, pink, purple, red, or teal. My review unit is a color the company calls black, but it's a decidedly non-black dark gray.
 
Business travel is, under the best of circumstances, a royal pain in the butt, and when you're roaming internationally with a smartphone and need to make some calls and keep up with email, you face a zonking great bill when you get home.
 
A federal court in Chicago this week granted class action status to a lawsuit accusing comScore, one of the Internet's largest user tracking firms, of secretly collecting and selling Social Security numbers, credit card numbers, passwords and other personal data collected from consumer systems.
 
Mozilla Firefox and Seamonkey CVE-2013-0792 Memory Corruption Vulnerability
 
Drupal Chaos Tool Suite Module Access Bypass Vulnerability
 
Drupal Commerce Skrill Module 'Moneybookers enterprise' Payment Method Access Bypass Vulnerability
 
Microsoft will ship nine security updates next week, two rated "critical," to patch Internet Explorer, Windows, SharePoint Server, Office Web Apps and the company's anti-malware software in Windows 8 and RT.
 
The average person in the U.S. spends 2 hours and 38 minutes a day on smartphones and tablets.
 
Facebook is not building its own smartphone. Instead, it today unveiled Home, a Facebook-focused home screen designed to give Android users quick access to their Facebook friends.
 

Posted by InfoSec News on Apr 04

http://www.bloomberg.com/news/2013-04-04/cyberattacks-abound-yet-companies-tell-sec-losses-are-few.html

By Chris Strohm, Eric Engleman & Dave Michaels
Bloomberg.com
Apr 3, 2013

The 27 largest U.S. companies reporting cyber attacks say they sustained no
major financial losses, exposing a disconnect with federal officials who say
billions of dollars in corporate secrets are being stolen.

MetLife Inc., Coca-Cola Co. (KO), and Honeywell...
 

Posted by InfoSec News on Apr 04

http://www.guardian.co.uk/uk/2013/apr/03/offshore-secrets-offshore-tax-haven

By David Leigh
The Guardian
3 April 2013

Millions of internal records have leaked from Britain's offshore financial
industry, exposing for the first time the identities of thousands of holders of
anonymous wealth from around the world, from presidents to plutocrats, the
daughter of a notorious dictator and a British millionaire accused of
concealing assets...
 

Posted by InfoSec News on Apr 04

http://www.jewishpress.com/news/breaking-news/international-hackers-to-target-israel-on-april-7/2013/04/03/

By Dr. Andre Oboler
The Jewish Press
April 3rd, 2013

The first news of a planned new cyber attack against Israel , scheduled for
April 7, 2013, was announced back on March the 11th, almost a full month
earlier. The attack is a face saving effort to renew a campaign from last
November, which was nothing less than a miserable failure....
 

Posted by InfoSec News on Apr 04

http://thehill.com/blogs/hillicon-valley/technology/291743-house-intel-panel-plans-closed-door-mark-up-of-cybersecurity-bill

By Brendan Sasso
Hillicon Valley
04/03/13

Members of the media and the public will not be able to watch the House
Intelligence Committee's markup next week of a controversial cybersecurity
bill, the Cyber Intelligence Sharing and Protection Act (CISPA).

Lawmakers will be allowed to discuss what happened in the...
 

Posted by InfoSec News on Apr 04

http://www.nationaljournal.com/tech/this-defense-contractor-is-repeatedly-spear-phishing-68-000-innocent-people-20130403

By Brian Fung
National Journal
April 3, 2013

One company with deep Washington connections is running a huge online scam. It
involves tens of thousands of victims. And it's completely legal.

The business in question is Northrop Grumman, one of the country's biggest
defense firms. But before crying foul, know this:...
 
Rack Timing Attack Remote Code Execution Vulnerability
 
Katello CVE-2012-6116 Local Security Bypass Vulnerability
 
German court invalidates an Apple patent for the slide-to-unlock feature on mobile phones, report says.
 
Internet companies and privacy advocates appear headed for a fight over a proposal to broaden California's so-called Shine the Light Law, which requires online companies to disclose to consumers how their personal information is used.
 
Facebook is not building its own smartphone. Instead, it today unveiled Home, a Facebook-focused home screen designed to give Android users quick access to their Facebook friends.
 
A sweeping overhaul of systems used by Portland, Ore.'s fire and police departments is three years behind schedule and about $10 million over budget, in part because city officials failed to "effectively use lessons learned" from past technology projects, including a troubled SAP software implementation, according to a new audit report.
 
[ MDVSA-2013:016 ] apache-mod_security
 
NRPE 'nrpc.c' Arbitrary Command Execution Vulnerability
 
[ MDVSA-2013:018 ] automake
 
[ MDVSA-2013:017 ] arpwatch
 
Microsoft's update Wednesday to its SkyDrive iOS app shows that the software giant has no intention of sharing revenue with rival Apple, and is further evidence it will tie Office on the iPad to its subscription plans, an analyst said today.
 
Shaw reviews Toshiba's Excite 10 SE tablet and HP's EliteBook Folio 9470m Ultrabook.
 
[ MDVSA-2013:015-1 ] apache
 
[ MDVSA-2013:015-1 ] apache
 
Sierra Wireless has launched the AirLink LS300 gateway, which can be used to connect things as varied as trucks or soda machines to a wireless network.
 
The U.S. Citizenship and Immigration Services received roughly 50,000 'packages' with H-1B petitions on Monday, the first day of filing for the next fiscal year.
 
LinuxSecurity.com: Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted xsl stylesheets. [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in automake: A race condition in automake (lib/am/distdir.am) could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck (CVE-2012-3386). [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in arpwatch: arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in apache-mod_security: ModSecurity <= 2.6.8 is vulnerable to multipart/invalid part ruleset bypass, this was fixed in 2.7.0 (released on2012-10-16) [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD): Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, [More...]
 
LinuxSecurity.com: Several vulnerabilities were discovered in PostgreSQL database server. CVE-2013-1899 [More...]
 
LinuxSecurity.com: Several security issues were fixed in PostgreSQL.
 
LinuxSecurity.com: A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. [More...]
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
One of the images posted to North Korea's Flickr account.

A Twitter and Flickr account associated with a North Korean news agency has been taken over by hackers claiming to be from the hacktivist collective Anonymous. Instead of pro-North Korea propaganda, the accounts are now criticizing North Korea and its leader Kim Jong-un for building nuclear weapons. The hackers controlling the Twitter account also claimed to have hacked the news agency's website and other North Korean websites, which appear to be offline.

The Twitter and Flickr accounts represent Uriminzokkiri (meaning "Our Nation"), a North Korean news and propaganda site. When Uriminzokkiri established a Twitter account in 2010, the IDG News Service described the news site as "the closest thing North Korea has to an official home page" and "one of the few Web sites believed to be run from the secretive nation."

The Twitter page, with 14,000 followers, switched from posting in Korean to English this morning. The profile picture was changed to an illustration of two dancers wearing Guy Fawkes masks. The hackers of the Flickr account are posting various pro-Anonymous and anti-North Korea pictures. One depicts Kim Jong-un with pig ears and a Mickey Mouse picture on his chest and says he is "threatening world peace with ICBMs and Nuclear weapons."

Read 3 remaining paragraphs | Comments

 
Updates for PostgreSQL are now available after the developers closed access to the source code repositories while preparing a fix for a critical problem. The flaw affects all 9.x versions, but there are other fixes included for 8.4.x
    


 
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
 
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
 
[SECURITY] [DSA 2654-1] libxslt security update
 
Are you leaving money on the table by not optimizing your virtual or cloud environment to cut software licensing costs? Don't fall prey to these five common software licensing misconceptions.
 

Plans to populate the Internet with dozens of new top-level domains in the next year could give criminals an easy way to bypass encryption protections safeguarding corporate e-mail servers and company intranets, officials from PayPal and a group of certificate authorities are warning.

The introduction of Internet addresses with suffixes such as ".corp", ".bank", and ".ads" are particularly alarming to these officials because many large and medium-sized businesses use those strings to name machines inside their networks. If the names become available as top-level domains to route traffic over the Internet, private digital certificates that previously worked only over internal networks could potentially be used as a sort of skeleton key that would unlock communications for huge numbers of public addresses.

A secure sockets layer certificate used by employees to access a company intranet designated as ".corp", for instance, might be able to spoof a public credential for the website McDonands.corp or Ford.corp. Employee laptops that are used at an Internet cafe or other location outside of a corporate network might also be tricked into divulging private information.

Read 12 remaining paragraphs | Comments

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Security vendor Sophos has released an update for the software used on its Web gateway security appliance in order to address three serious vulnerabilities in the product's Web-based user interface.
 
Operators and telecom equipment vendors are showing a growing interest in small cells, which aim to give users improved coverage and speeds.
 
Two of Japan's major Internet portals were hacked earlier this week, with one warning that as many as 100,000 user accounts were compromised, including financial details.
 
Device security and management company Absolute Software has announced that it is partnering with Samsung to bring tracking, remote wipe and management capabilities to Samsung's KNOX security framework


 
libxslt 'xsltDocumentFunction()' And 'xsltAddKey()' Multiple Denial of Service Vulnerabilities
 
Almost 2.4 billion computers, tablets and cell phones will ship this year, according to estimates from Gartner.
 
BlackBerry is to discontinue its BBM Music service on June 2, and is referring current customers to the Rdio music service for 30 days of free music.
 
Theoretical physicist Michio Kaku believes Moore's Law has about 10 years of life left before ever-shrinking transistor sizes smack up against limitations imposed by the laws of thermodynamics and quantum physics.
 
NetGear DGN1000B Wireless Router Multiple Security Vulnerabilities
 
WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass Vulnerability
 
nfs-utils 'rpc.gssd' DNS Spoofing Vulnerability
 
The largest bitcoin exchange said Thursday it is fighting an intense distributed denial-of-service attack it believes is intended at manipulating the price of virtual currency, which has seen volatile price swings in the past few days.
 
Internet Storm Center Infocon Status