Hackin9

On Friday, Variety reported that Sony Pictures Entertainment employees received an e-mail from hackers threatening their families. Sources told Variety that employees were told to turn off their phones after receiving the message.

The e-mail is just the latest affront to Sony in the last two weeks since it was hacked in late November. Sony Pictures Entertainment suffered a devastating blow to its internal corporate network at the hands of hackers who promptly released passwords, e-mails, identification documents for cast and crew members of Sony's productions, business documents listing salaries, and media files from employees' computers.

Today's e-mail was poorly written and cryptically asked that employees “Please sign your name to object the false of the company at the email address below.”

Read 4 remaining paragraphs | Comments

 

Hackers have an almost unlimited number of ways to install malware on the computers of unsuspecting people. One of the more effective ones is, paradoxically itself, preying on the fear of being hacked.

A good example is the fake warning above. It's designed to resemble the alerts that Chrome, Firefox, and most other browsers display when a user tries to visit a site known to be malicious. It allows people to visit the site only by clicking a button acknowledging the risk.

In fact, the above warning is generated by attackers pushing ZeuS, a highly malicious computer trojan that steals online banking credentials and makes infected computers part of a botnet that can carry out a variety of other criminal acts. Researchers from PhishLabs who came across the warning still don't know exactly how people encounter the advisory hoax. They were, however, able to track the malware that gets installed when a user falls for it and clicks the update button. It's tied to a ZeuS command and control server.

Read 1 remaining paragraphs | Comments

 
WordPress SP Project & Document Manager Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
 
Teeworlds Memory Corruption and Denial of Service Vulnerabilities
 
Docker CVE-2014-6407 Local Privilege Escalation Vulnerability
 
Mozilla Firefox/Thunderbird CVE-2014-1595 Multiple Local Information Disclosure Vulnerabilities
 
Mozilla Firefox/Thunderbird CVE-2014-1587 Multiple Memory Corruption Vulnerabilities
 
ClickDesk Multiple HTML Injection Vulnerabilities
 

While the malware that took down computers at Sony Pictures last week was compiled just days before it was triggered, an earlier version of the code used to unleash the destructive attack may have been in use much earlier within Sony’s network. Malware with the same cryptographic signature and filename as the “Destover” malware was spotted by the security firm Packet Ninjas in July.

That malware communicated with one of the same IP addresses and domain names as the final “Destover” malware: a server at Thammasat University in Bangkok, Thailand. The malware, which was found in a Cisco Partner ThreatGrid repository, also communicated with a network address assigned to a New York business customer of TimeWarner Cable.

The Packet Ninjas report adds to the evidence that the attackers were inside Sony Pictures’ network for an extended period of time before unleashing the destructive attack that wiped the hard drives of PCs at the company and took its e-mail system offline. And further analysis of the malware’s code and behavior shows that it was tailored specifically to use parts of Sony Pictures’ e-mail server infrastructure to spread.

Read 1 remaining paragraphs | Comments

 
MantisBT 'admin/upgrade_unattended.php' Security Bypass Vulnerability
 
MantisBT 'core/current_user_api.php' PHP Object Injection Vulnerability
 
ZTE 831CII Multiple Security Vulnerabilities
 
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)
 
LinuxSecurity.com: USN-2431-1 caused a regression in the MAAS package.
 
LinuxSecurity.com: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
UnRTF RTF File Handling Out of Bounds Memory Corruption Vulnerability
 
MantisBT 'helper_api.php' Cross Site Scripting Vulnerability
 
MediaWiki Cross Site Scripting and PHP Code Injection Vulnerabilities
 
Oracle MySQL Server CVE-2014-6469 Remote Security Vulnerability
 

Posted by InfoSec News on Dec 05

http://online.wsj.com/articles/sony-pictures-hack-reveals-more-data-than-previously-believed-1417734425

By BEN FRITZ and DANNY YADRON
The Wall Street Journal
Dec. 4, 2014

The hack at Sony Pictures Entertainment revealed far more personal
information than previously believed, including the Social Security
numbers of more than 47,000 current and former employees along with
Hollywood celebrities like Sylvester Stallone.

An analysis of 33,000...
 
OpenStack Neutron 'dns_nameservers' Parameter Denial of Service Vulnerability
 

Posted by InfoSec News on Dec 05

http://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205

By JU-MIN PARK AND JAMES PEARSON
Reuters
Dec 5, 2014

Despite its poverty and isolation, North Korea has poured resources into a
sophisticated cyber-warfare cell called Bureau 121, defectors from the
secretive state said as Pyongyang came under the microscope for a
crippling hack into computers at Sony Pictures Entertainment.

A North Korean...
 

Posted by InfoSec News on Dec 05

http://arstechnica.com/tech-policy/2014/12/judge-rules-that-banks-can-sue-target-for-2013-credit-card-hack/

By Megan Geuss
Ars Technica
Dec 4, 2014

On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group
of banks can proceed to sue Target for negligence in the December 2013
breach that resulted in the theft of 40 million consumer credit card
numbers as well as personal information on 70 million customers. The banks
alleged...
 

Posted by InfoSec News on Dec 05

http://www.abc.net.au/news/2014-12-05/dozens-of-chinese-held-in-kenya-in-cyber-bust/5945610

abc.net.au
December 4, 2014

Police in Kenya say they are holding 77 Chinese nationals who are accused
of running a cyber crime network and mysterious "command centre" from
upmarket houses in the capital Nairobi.

Kenya's foreign ministry also summoned China's top diplomat in Nairobi as
it sought to establish if Beijing was in...
 

Posted by InfoSec News on Dec 05

http://www.govinfosecurity.com/cybersecurity-seen-as-dod-priority-under-carter-a-7634

By Eric Chabrow
Gov Info Security
December 3, 2014

Ashton Carter is a Ph.D. physicist and an expert in nuclear weaponry and
procurement, but the likely defense secretary nominee understands that
cyberdefense must be a priority in running the Pentagon.

"Cybersecurity won't get lost," says Jane Holl Lute, who as deputy
secretary of the...
 

Today VMware has released the following new and updated security
advisories:

1-VMSA-2014-0012

Summary

VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.

Relevant releases:

VMware vCenter Server Appliance 5.1 Prior to Update 3

VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Server 5.1 prior to Update 3
VMware vCenter Server 5.0 prior to Update 3c

VMware ESXi 5.1 without patch ESXi510-201412101-SG

Problem Description
a. VMware vCSA cross-site scripting vulnerability
b. vCenter Server certificate validation issue
c. Update to ESXi libxml2 package
d. Update to ESXi Curl package
e. Update to ESXi Python package
f. vCenter and Update Manager, Oracle JRE 1.6 Update 81


http://www.vmware.com/security/advisories/VMSA-2014-0012.html

2-VMSA-2014-0002.4

Summary

VMware has updated vSphere third party libraries.
Relevant Releases
vCenter Server Appliance 5.5 prior to 5.5 Update 1
vCenter Server Appliance 5.1 prior to 5.1 Update 3

VMware vCenter Server 5.5 prior 5.5 Update 1

VMware Update Manager 5.5 prior 5.5 Update 1

VMware ESXi 5.5 without patch ESXi550-201403101-SG
VMware ESXi 5.1 without patch ESXi510-201404101-SG
VMware ESXi 5.0 without patch ESXi500-201405102-SG
VMware ESXi 4.1 without patch ESXi410-201404401-SG
VMware ESXi 4.0 without patch ESXi400-201404401-SG

VMware ESX 4.1 without patch ESX410-201404402-SG
VMware ESX 4.0 without patch ESX400-201404402-SG

Problem Description:

a. DDoS vulnerability in NTP third party libraries
b.Update to ESXi glibc package
c. vCenter and Update Manager, Oracle JRE 1.7 Update 45

for further details please refer to:
http://www.vmware.com/security/advisories/VMSA-2014-0002.html

3-VMSA-2014-0008.2
Summary
VMware has updated vSphere third party libraries
Relevant releases
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Server 5.1 prior to Update 3
VMware vCenter Server 5.0 prior to Update 3c

VMware vCenter Update Manager 5.5 prior to Update 2

VMware ESXi 5.5 without patch ESXi550-201409101-SG
VMware ESXi 5.1 without patch ESXi510-201412101-SG
Problem Description
a. vCenter Server Apache Struts Update
b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates
c. Update to ESXi glibc package
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55

for further information please refer to:
http://www.vmware.com/security/advisories/VMSA-2014-0008.html

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
 
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
 
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
 
Offset2lib: bypassing full ASLR on 64bit Linux
 
Internet Storm Center Infocon Status