Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Inside the command and control channel of a point-of-sale botnet powered by StarDust.
IntelCrawler

Underscoring the growing sophistication of Internet crime, researchers have uncovered one of the first known botnets to target point-of-sale terminals used by stores and restaurants to process customers' credit and debit card payments.

The botnet remained active at the time of writing and had compromised more than 20,000 payment cards since August, researchers from IntelCrawler, a Los Angeles-based security intelligence provider, told Ars. They arrived at the findings after infiltrating one of the control servers used to send commands to infected machines and receive pilfered data from them. A recently captured screenshot (above) showed that it was controlling 31 machines that the researchers said belonged to US-based restaurants and retailers. Some of the infected machines are servers, so the number of affected point-of-sale (PoS) devices could be much higher. The researchers have reported their findings to law enforcement agencies that they declined to identify by name.

PoS-based hacking is nothing new. The best-known incident stole data for more than 146,000 cards after infecting 200 terminals used at Subway Sandwich shops and other small merchants. According to federal prosecutors, the criminals behind that intrusion infected one or more servers with "sniffing" software that logged payment card numbers and sent them to a remote server. Although the now-convicted crooks were able to install a backdoor on the computers they accessed so they could change configuration settings and install new programs, there is no evidence of a botnet that actively controlled the infected machines in lockstep.

Read 7 remaining paragraphs | Comments


    






 

Georgia Tech researcher flags flaw in open-source vets health system
Network World
Network World - An academic exercise by a security researcher blossomed into a live-fire infosec emergency last month, after a major vulnerability was found in a central U.S. government healthcare database system. Georgia Tech graduate student Doug ...

and more »
 
Intel has beefed up its networking silicon in a bid to capture a bigger share of enterprise, carrier and cloud-provider networks for its chip architecture.
 
Once heavily reliant on the Chinese market, Lenovo is now looking to make acquisitions as it tries to expand its growing enterprise business to other countries.
 
The top product results in Google's Shopping service frequently feature products with higher prices than those listed on competing online shopping services, according to a complaint filed by longtime Google critic Consumer Watchdog.
 
Google, the worldwide leader in online search, is also known as the company behind the dominant Android mobile platform, Google Glass and Google Maps. Are Google Robots next?
 
As expected, European Union regulators today approved Microsoft's $7.4 billion acquisition of Nokia's devices and services business.
 
Large smartphones with 5-in. or larger displays -- often called phablets -- are eating into sales of smaller tablets with screens in the 7-in. range.
 
The National Research Council is recommending creation of an early warning system for abrupt climate change.
 
A recent study reports that 50 percent of companies had an IT project fail in the last 12 months. Business leaders who blame IT are missing the real project management issues.
 
A congressional hearing Wednesday on the botched rollout of HealthCare.gov was largely a forum for Republican critics of U.S. government involvement in the health-care industry and other large social programs.
 
Aggressive discounting by Apple and its biggest retail partners last week resulted in a surge of new iPad Air tablets going online.
 

In a simulation of airport luggage scanning, a team of researchers has found that the rarer an item is, the less likely a scanner operator is to spot it—that is, if fewer people come through with bomb materials or guns, it will be harder for the operator to spot them when they do.

The Duke University scientists set up the simulation in an “Airport Scanner” app where participants would check virtual suitcases for a set of 78 verboten items, like a stick of dynamite or a gun. Thirty of the items were “ultra rare,” appearing less than 0.15 percent of the time.

Drawing upon 20 million searches, the team found that these ultra-rare items were more difficult for participants to spot than more common things. The ultra-rare items were spotted only 27 percent of the time, while items that cropped up in one percent of suitcases were correctly spotted 92 percent of the time.

Read 3 remaining paragraphs | Comments


    






 
[PT-2013-63] Hash Length Extension in HTMLPurifier
 

Georgia Tech researcher flags flaw in open-source vets health system
IDG News Service
04.12.2013 kl 17:23 | Network World (US). Tweet. An academic exercise by a security researcher blossomed into a live-fire infosec emergency last month, after a major vulnerability was found in a central U.S. government healthcare database system.

and more »
 

VMware have released security advisory VMSA-2013-0014 "VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation" . It has been assigned CVE-2013-3519.

Let's be careful out there!

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule

VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation - See more at: http://www.vmware.com/security/advisories/VMSA-2013-0014.html#sthash.PhaLXr9y.dpuf
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Georgia Tech researcher flags flaw in open-source vets health system
Network World
Network World - An academic exercise by a security researcher blossomed into a live-fire infosec emergency last month, after a major vulnerability was found in a central U.S. government healthcare database system. Georgia Tech graduate student Doug ...

 
A security researcher has released software and technical instructions for modifying a drone so that it can identify and hijack other drones.
 
LinuxSecurity.com: pixman could be made to crash if it opened a specially crafted file.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
Amazon's ambitious plan to use flying drones to deliver packages is far-fetched, but not just because of technology limitations or air traffic regulations. Amazon's fulfillment center network, as it stands now, is too limited to serve even a tiny fraction of the U.S. in the method described by CEO Jeff Bezos.
 
Apple's iPhone could be getting a step closer to being officially offered on China's largest mobile network, after the nation's government finally issued 4G licenses to operate LTE TDD networks in the country.
 
Touch-ready notebook PCs will account for about 11% of all laptops shipped this year, an improvement over 2012 when customers had few choices if they wanted to smudge screens, a market research analyst said today.
 
The Space X Falcon 9 rocket appears to have passed an important step, with the launch Tuesday afternoon of a telecommunications satellite into geostationary transfer orbit.
 
While China's demand for electronics continues to soar, the tech services market may be shrinking for U.S. enterprise vendors. Security concerns over U.S. secret surveillance are giving the Chinese government and local companies more reason to trust domestic vendors, according to industry experts.
 
The Windows Phone operating system still ranks third behind Android and iOS, but it is slowly seeing growth in the U.S. and Europe, and its eventual convergence with the Windows OS could mean even greater momentum.
 
Faster SANs are on the horizon as the next Fibre Channel specification, calling for 32G bps, nears publication.
 
Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed 'Pony.'
 
Yahoo has acquired Ptch, the startup behind a mobile app that allowed users to combine photos and video on their phones into movies, and the service will shut down by January.
 
China overtook Japan in IT spending this year to become the world's second largest IT market, according to market research firm IDC.
 
OWASP ESAPI CBC Mode HMAC Authentication Bypass Vulnerability
 

Must try HARDER, infosec lads: We're RUBBISH at killing ZOMBIES
Register
Adrian Culley, a technical consultant at infosec firm Damballa* who served with the Met Police for 13 years until 2003, told El Reg that more co-ordination and better strategies are needed in botnet takedowns. As things stand, botnet takedowns are ...

 
OWASP ESAPI CVE-2013-5960 Authentication Bypass Vulnerability
 
Multiple Vivotek IP Cameras CVE-2013-4985 Remote Authentication Bypass Vulnerability
 
Microsoft Windows Kernel 'NDProxy.sys' Local Privilege Escalation Vulnerability
 

Researchers have unearthed a server storing more than two million pilfered login credentials for all kinds of user accounts, including those on Facebook, Yahoo, Google, Twitter, and a handful of other websites.

More than 1.5 million of the user names and passwords are for website accounts, including 318,121 for Facebook, 59,549 for Yahoo, 54,437 for Google, and 21,708 for Twitter, according to a blog post published Tuesday by researchers from security firm Trustwave's Spider Labs. The cache also included credentials for e-mail addresses, FTP accounts, remote desktops, and secure shells.

More than 1.8 million of the passwords, or 97 percent of the total, appeared to come from computers located in the Netherlands, followed by Thailand, Germany, Singapore, and Indonesia. US accounts comprised 0.1 percent, with 1,943 compromised passwords. In all, the data may have come from as many as 102 countries.

Read 6 remaining paragraphs | Comments


    






 
bugs in IJG jpeg6b & libjpeg-turbo
 
NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
 

Information Security Analyst -PERM-WMidlands - Permanent - West Midlands
TechWeekEurope UK
Handle service requests delivered via the Remedy System for security related subjects; Conduct compliance checks to ensure InfoSec policies and procedures are being applied in practice. This could be in any area of the company's operation. Manage the ...

 
Twibright Labs links2 CVE-2013-6050 Integer Overflow Vulnerability
 

Posted by InfoSec News on Dec 04

http://www.infosecnews.org/edward-snowden-sharpened-his-hacking-skills-in-new-delhi

By Shilpa Phadnis
The Times of India
December 4, 2013

BANGALORE -- The hacker who shook the US intelligence machinery and had
world leaders railing against Washington for spying on them picked up
crucial skills in India. Edward Snowden, the National Security Agency
contractor-turned-whistleblower, spent a week in New Delhi training in
core Java programming...
 

Posted by InfoSec News on Dec 04

http://www.politico.com/story/2013/12/inspector-general-department-homeland-security-cybersecurity-100554.html

By TONY ROMM
Politico.com
12/3/13

The Department of Homeland Security is leading the charge to bolster the
country’s porous digital defenses, but it’s also struggled this year to
safeguard its own systems against hackers and spies, according to its top
watchdog.

A report Monday from the DHS inspector general reiterated that the...
 

Posted by InfoSec News on Dec 04

http://www.globaltimes.cn/content/829072.shtml

By Chen Yang
Global Times
2013-12-2

The website of the new China Coal Bank has been hacked by Japanese
financial companies and their Chinese partners, JinBen Investment Group
Co, one of the founders of the bank, claimed in a statement on Sunday.

Meitanbank.com has been hacked since Friday, with the hacker leaving a
number of messages, including, "the China Coal Bank has offended many...
 

Posted by InfoSec News on Dec 04

http://news.techworld.com/security/3492120/logins-stolen-from-facebook-google-adp-payroll-processor/

By Jeremy Kirk
TechWorld.com
04 December 2013

Two million logins and passwords from services such as Facebook, Google
and Twitter have been found on a Netherlands-based server, part of a large
botnet using controller software nicknamed "Pony."

Another company whose users' login credentials showed up on the server was
ADP,...
 

Posted by InfoSec News on Dec 04

http://www.nextgov.com/mobile/2013/12/defense-disconnects-iphone-android-security-service-forcing-return-blackberry-some/74753/

By Aliya Sternstein
Nextgov.com
December 3, 2013

Some military members who were working off Apple and Android-based
smartphones and tablets now must return to using older model BlackBerrys
because of a security service switchover, according to an email obtained
by Nextgov and confirmed by Pentagon officials.

The...
 
Internet Storm Center Infocon Status