Hackin9

InfoSec News

Have you ever wondered why we are on this security chaos these days?
Well, I have one simple explanation, besides Stuxnets and DuQus oneof's , most of the current malware is simple, easy to understand and analyze. And Why? Because they dont need to be really advanced...:) And the malware writers know about it.
Take the BlackHole exploit kit gang for example, they are out there for some time, renting and selling the kit, and at least one gang is responsible for the majority of the spams that are floating around, like Your Flight Order NXXX, ACH and wire transfer disabled. , Scan from a Hewlett-Packard Officejet #XXX... ALL of them contain a link to a hacked website that redirects to a redret...:)
But what is a redret ?
This is a redret :

czredret.ru
curedret.ru
ctredret.ru
crredret.ru
bzredret.ru
byredret.ru
bxredret.ru
bwredret.ru
bvredret.ru
bsredret.ru
bpredret.ru
boredret.ru
blredret.ru
bkredret.ru
biredret.ru
bhredret.ru
bgredret.ru
bfredret.ru,
beredret.ru
bdredret.ru
bcredret.ru
bbredret.ru
aredret.ru
apredret.ru
amredret.ru
alredret.ru
akredret.ru
ajredret.ru
airedret.ru
ahredret.ru
agredret.ru
afredret.ru
aeredret.ru
adredret.ru
acredret.ru
abredret.ru
aaredret.ru

These are all domains still active/resolving that host BlackHole exploit kit, the actual one and not the links on the spams...
At this moment they are resolving to:

95.163.89.193
89.208.34.116
94.199.51.108
91.220.35.38
77.79.7.136
95.163.89.200
91.228.133.120

In a recent past, the following IPs were also observed hosting them:

188.190.99.26
87.120.41.191
94.199.53.14
89.208.34.116


I would recommend, to first check your logs for those, and second make good use of a regex, if you know what I mean...:)
-------------------------------------------------------------
Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
PhoneFactor, an authentication system that uses mobile phones as a second factor for improved security, is now available as an app for Apple's iPhone and iPad.
 
hardlink Multiple Remote Integer Overflow Vulnerabilities
 
hardlink Symlink Attack Local Privilege Escalation Vulnerability
 
You may recall in mid November that it was reported that DNS resolvers across the Internet were crashing. This was classified as CVE-2011-4313.
Well, the developers of BIND at the Internet Systems Consortiumhave announced their findings into the issue.
They say that:
We have confirmed that it was triggered by an accidental operational error that exposed a previously unknown bug in BIND, causing an internal inconsistency which is effectively prevented by the mitigation patches we have produced and distributed.
They also highlight that this could have been exploited maliciously, so if you are running a version of BIND which is vulnerable to CVE-2011-4313 then they advise you to upgrade.
Steve Hall
ISC Handler. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
SepCity Classified Ads 'classdis.asp' SQL Injection Vulnerability
 
Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has updated its Microsoft Exchange Server 2010, posting a service pack with a number of new features and bug fixes, the company announced Monday.
 
Apple is one of eight companies that have been named in another class-action lawsuit filed over the use of Carrier IQ software in mobile handsets.
 
The Samsung Galaxy Nexus on Verizon Wireless' 4G LTE network could go on sale Friday, with some leaked photos of the device in red packaging posted on various websites.
 
Dell has announced that the "Streak 7 is no longer available." The death of Dell's Android tablet line doesn't come as much of a surprise, but it points to some lessons that other tablets might learn from to be stronger competitors.
 
Name: Peter Campbell
 
Meditate Web Content Editor 'username_input' SQL-Injection vulnerability
 
[SECURITY] [DSA 2358-1] openjdk-6 security update
 
[DCA-2011-0014] - Elxis CMS Cross Site Script
 
nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
 
With the pending release of PHP version 5.4, due early next year, the creators behind the popular Web scripting language are including the best parts of the now-abandoned PHP 6.0 project.
 
SAP's $3.4 billion purchase of SuccessFactors not only gives the company an increasingly popular set of on-demand human resources applications, but could also bring its entire cloud software portfolio into a new focus.
 
Google executive chairman Eric Schmidt met with the European Union's antitrust commissioner Monday amid rumors that the Internet search giant will be hit with major objections by the European Commission early next year.
 
A first-of-its-kind tablet with Google's Android 4.0 priced under $100 is available in China, and will reach other countries soon, according to companies that helped build the device.
 
The attack that hacked RSA Security's network earlier this year succeeded because the company failed to take a basic security precaution, a researcher said today.
 
Defense and aerospace systems vendor Raytheon has acquired cybersecurity vendor Pikewerks in an effort to add to Raytheon's capabilities to defend against sophisticated threats facing customers in the intelligence, defense and commercial sectors, the companies announced Monday.
 
After a so-far fruitless three-year effort to settle the case, Google and the plaintiffs suing it for alleged book-related copyright infringement apparently are moving away from seeking a friendly solution.
 
Mozilla last week declined to say whether it has renewed its contract with Google, a major revenue stream that keeps its Firefox browser in business.
 
U.S. Sen. Chuck Grassley (R-Iowa) is blocking Senate action on a bill to eliminate per-country caps on employment-sponsored green cards because 'it does nothing to better protect Americans.'
 
A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.
 
Vulnerabilities in Serv-U 11.1.0.3
 
Hackito Ergo Sum 2012 Call For Papers ! (12/13/14 April 2012)
 
fast and somewhat reliable cache timing
 
[security bulletin] HPSBUX02729 SSRT100687 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
 
Let's call a spade a spade: China is the greatest threat to international cyber­security on the planet.
 

Anti-Kremlin websites complain of DDoS attacks
Register
A contrary view comes from Eugene Kapersky, boss of Russian infosec firm Kaspersky Labs, who said his firm hasn't detected any DDoS attacks. Pro-Kremlin youth activists also complained that their site had come under attack from opposition groups - an ...

and more »
 
Organizations and regulators across Europe, including Germany, have started looking into the use of Carrier IQ's tracking software, to ensure that mobile phone vendors and operators are not violating users' privacy.
 
Mozilla last week declined to say whether it has renewed its contract with Google, a major revenue stream that keeps its Firefox browser in business.
 
WikiLeaks founder Julian Assange can take his case to the U.K.'s Supreme Court in his continuing fight against extradition to Sweden.
 
Chipita America CIO Scott Martin didn't see a competitive advantage in managing internal systems, believing that moving to the cloud would provide time to focus far more on business needs.
 
Operating systems will remain important for as long as we use computers, but mostly they will matter only to the people behind the scenes.
 
The reason techies' presentations to business people often bomb is that we make the mistake of believing that they think like we do. (Insider, registration required.)
 
Despite mounting opposition from U.S. government agencies, AT&T has so far vowed to continue seeking antitrust clearance for its $39 billion merger with rival wireless carrier T-Mobile USA. Analysts say the battle may be unwinnable.
 
Programs to develop ever-higher performance exascale computing systems are underway around the world -- but the U.S. isn't yet leading the way after dominating high-performance computing development for decades. (Insider, registration required)
 
Vint Cerf, widely considered one of the inventors of the Internet, recently said that Internet governance is one of the most important issues in the high-tech world.
 
Qualcomm has promised that its quad-core Snapdragon chips, designed to run Microsoft's upcoming Windows 8, will appear in tablets in the second half of next year.
 
A new SIM card, dubbed nano-SIM, will free up room in phones for additional memory and larger batteries, and help manufacturers create thinner devices, German card maker Giesecke & Devrient has claimed.
 
An ISACA survey shows that people are planning to do more online holiday shopping on the job this year, and that means companies need to educate their employees about security.
 
The company's embrace of openness does not mean that it's forgoing profits.
 
Air freight company DHL recently launched a real-time wireless locator device to affix to boxes of mission-critical cargo shipped by medical and pharmaceutical companies, among others, that require urgent delivery around the globe.
 

Posted by InfoSec News on Dec 05

http://www.hindustantimes.com/technology/BusinessComputing-Updates/BSNL-website-gets-hacked-again/SP-Article1-778069.aspx

By Shayon Pal
Hindustan Times
December 05, 2011

I wonder if it is much of a surprise for us to learn that the official
website of Bharat Sanchar Nigam Limited (BSNL) has been hacked, yet
again, by the Pakistan Cyber Army.

And no, it isn’t the first time. The website had gotten hacked a couple
of months ago, too, by the...
 

Posted by InfoSec News on Dec 05

http://english.yonhapnews.co.kr/national/2011/12/05/81/0301000000AEN20111205003700315F.HTML

By Kim Eun-jung
YONHAP NEWS
2011-12-05

SEOUL, Dec. 5 (Yonhap) -- Opposition parties ratcheted up attacks on the
ruling Grand National Party on Monday over revelations that an aide to a
GNP lawmaker organized a hacking attack on the Web site of the state
election watchdog.

The National Election Commission (NEC)'s Web site came under a...
 

Posted by InfoSec News on Dec 05

http://venturebeat.com/2011/12/04/how-i-was-hacked-a-tale-of-hijack-xbox-live-and-fifa-trading-cards/

By Dan Crawley
GamesBeat
December 4, 2011

This week, my Xbox Live account was hacked. This is the story of what
happened, my response to it, and the questions about security that it
has raised.

The hijack

At twelve minutes past midnight on Tuesday night, just as I was
finishing up some work, I received an email to say that I had purchased...
 

Posted by InfoSec News on Dec 05

http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=2816&zoneid=334

By Robert K. Ackerman
SIGNAL Magazine
December 2011

The sea service is marshalling its forces to cruise the cyber realm.

The U.S. Navy is operationalizing cyber throughout the service as it
reconfigures both its force and its overarching network. The goal is to
pull cyber operations out of the corner and into the middle of daily
force...
 

Posted by InfoSec News on Dec 05

http://tmagazine.blogs.nytimes.com/2011/12/02/now-reading-darkmarket/?=

By STEPHEN HEYMAN
The New York Times Style Magazine
December 2, 2011

If style, per Gore Vidal, is about not giving a damn, then one might say
cybercriminals have lots of style. “DarkMarket” (Knopf, $27), the new
book by the T contributor Misha Glenny, disturbingly catalogs the
capabilities of these nefarious Internet trolls — imagine, as Glenny
does, that they...
 
Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
 
Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
 
The recent revelation that most of us are carrying around smartphones with embedded rootkits is both surprising and not so surprising. It's surprising because it makes you wonder, "How stupid can the carriers be?" It's not surprising in that we know the answer to that.
 
News last week that Sotheby's will auction off "The Contract That Founded Apple" - a partnership signed April 1, 1976 by the late Steve Jobs, Steve Wozniak and Ron Wayne -- no doubt caught the eye of techie collectors and even sparked speculation that Apple might buy the document.
 
Internet Storm Center Infocon Status