Hackin9

InfoSec News


A reader just wrote in and said there is an issue composing and sending emails on Yahoo! Mail web interface. The IMAP Interface still seems to be functioning but compose seems to have an issue. Are any other readers seeing this?



Richard Porter

--- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

This one kind of slipped by unnoticed over the holidays, but Claudio company released a new version of the Cuckoo sandbox and it has some some nice new features. Some of the more significant ones to me are:


full memory dumps of the virtual machines

added packages for jar, java applet, and zip files

support for Windows 7 (yippee!!!)


Add to that lots of other improvements and bug fixes (check them out at the link below) and I cant wait to play with it myself. This project is turning into a very nice flexible automated malware analysis tool. If any of our readers have had a chance to try out the new version and want to share their thoughts, please let us know in the comments or via the contact form. If I get a chance to do some serious playing with it before my next shift, Ill try to write up my experiences. In the meantime, kudos to Claudio company, keep up the good work.

References:

http://cuckoosandbox.org/2012-12-20-to-the-end-of-the-world.html

---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Advanced Micro Devices showed off a Windows 8 tablet running the company's upcoming tablet chip code-named Temash, which the company hopes will reverse a string of past failures and provide enough ammunition to compete with tablet chip leaders ARM and Intel.
 
If you thought your TV remote control was just for switching channels, think again. Sony has a new system that uses the remote control as a transfer device between a smartphone and television.
 
Intel has released a new, low-power Core processor for ultrabooks and pledged that touchscreen ultrabooks will be available for as low as $599 by the end of the year.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LaCie today announced its largest RAID array with Thunderbolt connectivity, offering two 10Gbps ports for connectivity
 
With app development, serendipity matters. Ruggero Scorcioni knows that better than almost anybody.
 
Intel has announced plans to release its first quad-core Atom processor before the end of the year, as the company tries to capture a bigger share of the tablet market dominated today by ARM-based processors.
 
It might not be a household name in the U.S., but China's Huawei sought to make a statement at CES in Las Vegas on Monday.
 
More and more email services are tackling the problem of email overload. One of the latest is Unroll.me, which attempts to organize your inbox by tidying up the mess left by all of those subscriptions most of us receive. Unroll.me has plenty of promise, but this free beta service remains a bit rough around the edges.
 
Tiobe and PyPL offer differing perspectives on which languages are the hottest, respectively basing their criteria on Web page totals and number of searches on a language
 
Jenkins Cryptographic Key Information Disclosure Vulnerability
 
Panasonic has introduced its 2013 TV line-up with a few whizz-bang features that look useful but others that seem a curious choice for the living room.
 
John Brennan, nominated by President Barack Obama to be the director of the CIA, has been a vocal advocate for federal cybersecurity legislation in recent months.
 
Asustek is aiming for the TV market with the introduction of an Internet streaming box called Qube, which will run on Google TV software.
 
The holiday slump in PC sales -- down 11% compared to 2011 -- means that PC makers must raise prices, not continue a race to the bottom, an analyst argued today.
 
Hewlett-Packard is rebooting its tablet strategy with the ElitePad 900, but faces challenges as it tries to overcome past tablet failures and deals with the slow adoption of the Windows 8 OS, analysts said.
 
Salesforce.com is being sued by a customer who claims the CRM software vendor misrepresentations made their relationship go sour.
 
Facebook for Android - Information Diclosure Vulnerability
 
Most of the tablets, TVs, ultrabooks and smartphones on display at International CES this week ultimately are bound for someone's home, where they'll have to talk to each other. Six major home networking technologies to make that happen will be on display at the show, some of them making significant strides to keep up with the demand for instant information and fun.
 
A prototype flexible tablet with edges that can be bent to switch between pages is expected to be shown at the International CES this week.
 
[security bulletin] HPSBOV02833 SSRT101043 rev.1 - OpenVMS running Java on Integrity Servers, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
 
Chrome for Android - Cookie theft from Chrome by malicious Android app
 
Chrome for Android - Bypassing SOP for Local Files By Symlinks
 
Chrome for Android - Android APIs exposed to JavaScript
 
AT&T announced an all-digital, wireless home monitoring service that will allow customers to control home security and automate tasks such as locking doors and turning off lights from a smartphone, tablet or PC.
 
Sharp has announced two new 4K LCD monitors, which will display images at close to four times the overall resolution of traditional 1080p high-definition monitors available today.
 
On November 28 -30, 2012, NIST hosted the [email protected] symposium at its Gaithersburg, Maryland campus. The symposium featured three days of presentations and discussions on forensic science topics and ongoing NIST research efforts in ...
 
Apple today boasted that its iOS App Store has passed the 40-billion-download mark, and posted a record two billion downloads last month alone.
 
A hacker claims to have found a method of bypassing the code integrity mechanism in Windows RT, therefore allowing for desktop-style programs to be installed on the platform.
 
Kensington will formally unveil its new Proximo product this week at the Consumer Electronics Show in Las Vegas, but the company shared a $60 Proximo Starter Kit with MacworldA early. I've spent a few days with the device, which is meant to help you monitor the whereabouts of your iPhone 4S or iPhone 5, along with your keys and potentially other valuables.
 
Microsoft made big bets on Windows 8, Windows Phone and Surface tablets in 2012, and now it needs to make those bets to pay off. As more consumers and businesses go mobile, 2013 will be Microsoft's most challenging year yet.
 
MariaDB CVE-2012-4414 Multiple SQL Injection Vulnerabilities
 
Piwik 'form_url' Parameter Cross Site Scripting Vulnerability
 
With Lenovo moving up the ranks of the global PC market, the company is looking to solidify its momentum at the International CES trade show this week, showcasing a table PC, a hybrid ultrabook and a mini-ultrabook.
 
[SECURITY] [DSA 2600-1] cups security update
 
[SECURITY] [DSA 2599-1] nss security update
 
Adobe Systems warned users of its ColdFusion application server software that hackers are reportedly exploiting unpatched vulnerabilities in the product to take control of affected servers.
 
A hacker claims to have found a method of bypassing the code integrity mechanism in Windows RT, therefore allowing for desktop-style programs to be installed on the platform.
 
Apple, Research in Motion (RIM) and Motorola Mobility are among 15 companies sued in the U.S. over a fundamental 3G and 4G patent on determining when devices should switch cells in a mobile network.
 
If you're searching for a fountain of youth, the easiest way to get that feeling of continual rebirth is to hang around a few tech product launches. Every new rollout comes with the fresh, unabashed feeling that this has never been done before. Ever.
 
 
Users of Ubisoft's Uplay DRM service are reporting that their accounts have been hijacked, which prevents them from playing games authenticated through the service. The company is investigating the incident


 
[SECURITY] [DSA 2598-1] weechat security update
 
AT&T and Qualcomm jointly announced a new development platform based on a Qualcomm Gobi chipset to be used to build industrial and health care apps and embedded devices on Java to connect to AT&T 's 3G cellular network.
 
An enhanced version of USB 3.0 will deliver up to 10Gbps, twice the data speed of current connections.
 
[SECURITY] [DSA 2597-1] rails security update
 
CFP: InfoSec Southwest 2013
 

Twenty free and effective infosec tools
Network World
Twenty free and effective infosec tools. We asked readers to name the free tools they find most useful in their daily work as infosec practitioners. Here are 20 that stand out. By Bill Brenner, January 07, 2013. Subscribe to slideshows: RSS. Slideshow ...

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
FoxMediaTools FoxPlayer '.m3u' File Denial of Service Vulnerability
 
Lenovo is reorganizing its operations into two business groups, in an apparent move to leverage the company's ThinkPad brand to better compete in the market.
 
Hewlett-Packard has priced its new Pavilion Touchsmart Sleekbook laptop at $699, claiming it's the most affordable device in its category.
 
Now that our manager has gotten approval to hire new staff, he can't find anyone eager for the good jobs he's offering. Is infosec management a bubble of prosperity?
 
Premier 100 IT Leader Marty Paslick answers questions on finding a job without moving to the big city, and more.
 

Infosec analysis: Will this year be unlucky 13?
SC Magazine UK
With 2013 upon us, Phil Muncaster gathers the predictions and advice of infosec experts. Information security experts have something of a thankless task at this time of year, when all we want to hear about are their suggestions for major trends and ...

and more »
 
Microsoft's Windows 8 Pro upgrade discount will expire in about three weeks, at which point the company will triple or even quintuple the current price of the new operating system, according to several online retailers.
 
Nvidia has unveiled its Tegra 4 processor, a chip that will bring consumers more power in mobile devices and help Nvidia remain competitive in the fast moving mobile market.
 
Corning has developed a new version of its Gorilla Glass for smartphones and tablets that it says will result in 40% fewer scratches and appear in devices later this year.
 
Samsung is reported to have rolled out an update in the UK which addresses the Exynos 4 security issue that left a number of high profile devices vulnerable to exploitation. Samsung has yet to comment on the update or its availability


 

Posted by InfoSec News on Jan 07

http://www.bankinfosecurity.com/blogs/3-unemployment-among-infosec-pros-p-1400

By Eric Chabrow
Bank Info Security
January 5, 2013

After seven straight quarters of recording no joblessness among IT
security professionals, an unpublished U.S. Bureau of Labor Statistics
report suggests a small number of information security experts are out
of work and looking for jobs in the field.

BLS each quarter creates tables that breakdown employment data...
 

Posted by InfoSec News on Jan 07

https://www.pcworld.com/article/2023787/netherlands-offers-guidelines-to-work-with-hactivists.html

By Loek Essers
PCWorld.com
Jan 6, 2013

The Dutch government's cyber security center has published guidelines
that it hopes will encourage ethical hackers to disclose security
vulnerabilities in a responsible way.

"Persons who report an IT vulnerability have an important social
responsibility," the Dutch ministry of Security and...
 

Posted by InfoSec News on Jan 07

http://freebeacon.com/cyber-jihad/

By Bill Gertz
Washington Free Beacon
January 6, 2013

Iran is continuing aggressive cyber attacks against U.S. financial
institutions and officials say the U.S. government has failed to take
steps to halt the electronic strikes.

The sophisticated denial-of-service cyber attacks have been underway for
several months and involve Iranian-origin hackers who flood banking and
financial institution web sites...
 

Posted by InfoSec News on Jan 07

http://www.newyorker.com/reporting/2013/01/07/130107fa_fact_green

By Adam Green
The New Yorker
JANUARY 7, 2013

A few years ago, at a Las Vegas convention for magicians, Penn Jillette,
of the act Penn and Teller, was introduced to a soft-spoken young man
named Apollo Robbins, who has a reputation as a pickpocket of almost
supernatural ability. Jillette, who ranks pickpockets, he says, “a few
notches below hypnotists on the show-biz totem...
 

Posted by InfoSec News on Jan 07

http://www.informationweek.com/government/security/doe-taps-pnnl-cio-to-improve-security/240145570

By John Foley
InformationWeek
January 04, 2013

The U.S. Department of Energy is looking to bolster its cybersecurity
readiness with the appointment of Jerry Johnson, CIO of Pacific
Northwest National Laboratory for the past eight years, as a senior
policy and technical adviser.

Johnson had first-hand experience with one of the federal...
 
A security firm says that it has managed to bypass Microsoft's temporary patch for the critical 0day hole in Internet Explorer


 
GnuPG CVE-2012-6085 Multiple Remote Memory Corruption Vulnerabilities
 
A famed iPhone hacker has developed a fresh way to jailbreak Apple's iOS 6 operating system in order to install unauthorized apps, but he says he won't release it.
 
Nvidia is taking video games into the cloud with a new rack server optimized for computer graphics.
 
Corning has developed a new version of its Gorilla Glass for smartphones and tablets that it says will result in 40 percent fewer scratches and appear in devices later this year.
 
Google has quietly shut down a search function that helped users in China navigate past the country's censorship systems, after authorities had tried to block the feature.
 
Perhaps taking a leaf from Apple's book, Nvidia kept its greatest surprise at CES for the end of its news conference: an Android-based portable gaming device based on its new Tegra 4 chip.
 
TomatoCart 'json.php' Security Bypass Vulnerability
 
Internet Storm Center Infocon Status