Hackin9
A Dutch startup has launched a service that studies data from social networks to quickly identify online service outages -- sometimes, it says, before the service providers know about the outages themselves.
 
 

There's been a number of reports that Internet connectivity to Syria has been broken or disabled and there is no official word on what has caused this.

Google's Transparency Report page [1] displays the drop off and a more comprehensive report is on Umbrella labs blog [2]

 

 

[1]  http://www.google.com/transparencyreport/traffic/#expand=SY

[2] http://labs.umbrella.com/2013/05/07/breaking-news-traffic-from-syria-disappears-from-internet/   

 

 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft plans to accelerate improvements in Office Web Apps, the browser-based version of the Office suite, adding features like real-time co-authoring of documents and the ability to run in Android tablets via mobile Chrome browser support.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Today was yet another day with lots of compromissed websites, some notable others less.

This morning, a reader wrote in to notify us that the county government website of a county in Georgia was compromissed. Sure enough, it appeared to serve malicious javascript, launching the usual exploit kit Java exploit (zeroaccess was the readers guess, and I think he was right). With smaller sites/organizations like this, I usually try to give them a call, and in this case, was pretty quickly sent to a person who was responsible for the web site content. Sadly, I don't think this person had any basic understanding of exploit kits or web applications to understand most of what I tried to explain, but she knew someone to contact. As of right now, the web site *appears* to be "clean". Which gets me to the next point, some of the difficulties one encounters in notifying sites:

- Frequently, like in this case, the exploit only shows up on some pages, and not all the time. Sometimes you need to visit with a specific browser, sometimes it is random, or in other cases, the miscreant appears to filter out requests from "administrators" showing them the unaltered site

- It is very hard to NOT get people to go to the URL right away as you talk about it being dangerous. It was relatively early in the morning, and I forgot my usual introduction not to go the site, so sure enough, as I explain which page I noticed as "infected", the person at the phone responded "but it look normal"...

- In particular for small sites like this, the standard blacklists don't work. Virus Totals URL Scanner showed the site as "safe" . Kaspersky Anti Virus on one of my Mac's flagged the javascript with a generic exploit signature and prevented access.

FWIW: My guess is that the site was infected via the Wordpress plugin "Super Cache" which was installed on the site. This plugin had some recent vulnerabilities.

The other compromisse, that created a larger news response, was the compromise of wtop. com and federalnewsradio. com. Both sides are related to each other, so I consider them one compromise. The interesting response in this case was that the site blocked access from users running Internet Explorer, but let others in to the site. I didn't see any exploit code when I retrieved the site, but I am not sure if it is safe to assume that an exploit is only going to attack one particular browser.ses, the miscreant appears to filter out requests from "administrators" showing them the unaltered site

- It is very hard to NOT get people to go to the URL right away as you talk about it being dangerous. It was relatively early in the morning, and I forgot my usual introduction not to go the site, sore enough, as I explain which page I noticed as "infected", the person at the phone responded "but it look normal"...

- In particular for small sites like this, the standard blacklists don't work. Virus Totals URL Scanner showed the site as "safe" . Kaspersky Anti Virus on one of my Mac's flagged the javascript with a generic exploit signature and prevented access.

FWIW: My guess is that the site was infected via the Wordpress plugin "Super Cache" which was installed on the site. This plugin had some recent vulnerabilities.

The other compromisse, that created a larger news response, was the compromise of wtop. com and federalnewsradio. com. Both sides are related to each other, so I consider them one compromise. The interesting response in this case was that the site blocked access from users running Internet Explorer, but let others in to the site. I didn't see any exploit code when I retrieved the site, but I am not sure if it is safe to assume that an exploit is only going to attack one particular browser.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
EMC will continue extending its Isilon OneFS network-attached storage operating system to new use cases later this year, adding deduplication, compliance auditing and object storage features.
 
Aurich Lawson / Thinkstock

Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet's most popular Web servers to push potent malware exploits on visitors.

Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them from the Alexa top 100,000 ranking, researchers from antivirus provider Eset said. The backdoor infects sites running the Apache, nginx, and Lighttpd Web servers and has already exposed almost 100,000 end users running Eset software to attack (the AV apps protect them from infection). Because Eset sees only a small percentage of overall Internet users, the actual number of people affected is presumed to be much higher.

"This is the first time I've seen an attack that will actually target different Web servers, meaning the attacker is willing to create the backdoor for Apache, Lightttp, and nginx," Pierre-Marc Bureau, Eset's security intelligence program manager, told Ars. "Somebody is running an operation that can victimize various Web servers and in my opinion this is the first time that has ever happened. This is a stealthy, sophisticated, and streamlined distribution mechanism for getting malware on end users computers."

Read 12 remaining paragraphs | Comments

 
Supercomputer manufacturer Cray has expanded its portfolio of systems for the technical enterprise market.
 
Only a year after acquiring Syncplicity, EMC is getting ready to make the company's enterprise file management system work with hybrid clouds.
 
Internet traffic to and from Syria, which is in the midst of a civil war, appears to have dried up.
 
Rack 'Rack::File()' Insecure Temporary File Creation Vulnerability
 
Linux Kernel CVE-2012-6549 Local Information Disclosure Vulnerability
 
Microsoft plans to release a preview version of Windows 8's update, code-named Windows Blue, at the end of June, according to Julie Larson-Green, a corporate vice president in charge of the OS's development.
 
Microsoft's Tami Reller, the CFO and head of marketing for the Windows division, went on a mini publicity spree today. But she didn't say very much.
 
A year before Google's futuristic-looking, computerized eyeglasses are even expected to hit the market, they have been banned -- again.
 
More than 20 percent of data brokers checked by the U.S. Federal Trade Commission allegedly violated a U.S. privacy law when sharing personal data with agency workers posing as companies wanting to purchase information.
 
The US Department of Defense (DoD) has approved BlackBerry and Samsung mobile devices for use on its networks

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Enterprises are clogging their arteries with information, most of which has no real value but carries costs and risks. The CPO can help in disposing of that information that can only cause harm. (Insider; registration required)
 
SAP is set to offer customers the option of running their applications on top of a cloud-based version of its HANA in-memory database technology.
 

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The company that built a flying car is working on its next project -- a four-seat, hybrid-electric flying car.
 
Hewlett-Packard is barely holding on to the top spot in the laptop and desktop market, but hopes a renewed vigor regarding product design will help reverse the fortunes of its PC business.
 
Microsoft has gotten little from a 2012 investment of $300 million with Barnes & Noble, analysts said, but it's poised to reap some rewards as it and its partners start to ship smaller tablets.
 
Seagate Technology today announced its new portfolio of flash-memory devices, taking the wraps off its first consumer SSD and its next generation of enterprise models.
 
Two cryptographic researchers have proposed the use of passwords as bait to snare data thieves. If an attempt is made to log in using one of the fake "honeywords", it can safely be assumed that the access is unauthorised
    


 
Hacker collective "Hack the Planet" has released details of vulnerabilities in MoinMoin and ColdFusion which they have used to (among other things) gain access to all .edu domains and to prominent web sites including that of security tool Nmap
    


 
Craiglist Gold 'catid' Parameter SQL Injection Vulnerability
 
Europe's telecoms network operators on Tuesday said that bandwidth-hungry services like UHDTV (ultra high definition television) and 3DTV should be distributed via cable or satellite instead of competing with other services for spectrum.
 
Canadian Tire began issuing thousands of BlackBerry Q10 smartphones to corporate employees in Toronto on Monday after rolling out Z10 models weeks earlier.
 
A stack-based buffer overflow has been fixed in updates for the NGINX web server. The major flaw crept in during development of the most recently published stable release
    


 
Apple violates German data protection law by asking for users' broad, overall consent in its privacy policy, the Regional Court of Berlin ruled.
 
Alibaba Group hopes to make a dent in Google's dominance of China's smartphone market, and has high hopes that handsets running the company's mobile OS will reach sales of 30 million units.
 
Chinese cyberespionage activities are fueling a rapid modernization of the country's defense and high tech industries, the Pentagon said in an unusually candid assessment of China's military and security developments last year.
 
SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager
 
The general release of the AWS (Amazon Web Services) SDK for Node.js is available for download, allowing developers to build server-side applications in JavaScript that then can run on Amazon's cloud.
 
LinuxSecurity.com: Updated subscription-manager packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
RETIRED: Google Chrome Prior to 24.0.1312.56 Multiple Security Vulnerabilities
 
SearchYourCloud, which provides a single search interface to find documents stored on a desktop or several cloud-based services, expanded on Tuesday to include Box.
 
If DevOps means infrastructure as code,' then that code very well could have bugs. DevOps also means you may not see those bugs in a test environment because, well, there is no test environment. Here's what you can do to manage this risk.
 
AutoIt, a scripting language for automating Windows interface interactions, is increasingly being used by malware developers thanks to its flexibility and low learning curve, according to security researchers from Trend Micro and Bitdefender.
 
Note-taking software provider Evernote originally wanted to delve into the hardware business as far back as 2007, with an egg-like device capable of recording conversations, the company's CEO said on Tuesday.
 
A new 0-day vulnerability in Internet Explorer 8 was used in the attack on the sub-site of the US Department of Labor. An exploit is now also available. Microsoft has issued a security advisory for the flaw and offers advice on mitigating its effects
    


 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Acer said its net profit for the first quarter grew 55 percent year-over-year, but its revenue continued to decline amid struggling PC sales.
 
A 33-year-old man was sentenced to three years and 10 months in prison by a German court for running the torrent site torrent.to between December 2005 and April 2008.
 
A very specialised sub-site of the US Department of Labor's web site has been hacked in an attack that bears the fingerprint of a "known Chinese actor", but most users are unlikely to ever visit the site
    
 
Google Chrome CVE-2013-0843 Denial of Service Vulnerability
 
Panasonic has developed a tiny, low-power chip for sensor networks and Internet-connected appliances, which it says is the first to support a broad range of frequency bands.
 
Nokia has confirmed the upcoming launch of the long-rumored Lumia 928, with a website that hints at advanced camera features.
 
Skype's Web-based management tool Manager for businesses is now available in over 170 countries and for all subscriptions, allowing companies to centrally control their usage of the service.
 
Microsoft's apparent plan to automatically update its own Windows Store apps in the next version of Windows 8 is drawing praise from security experts.
 
China's largest search engine Baidu is getting closer to becoming the country's largest online video provider with a new $370 million acquisition.
 
HIPAA, along with outmoded communications technology, reduces the time available for patient care, according to a new survey of healthcare professionals
 
Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
 
China's largest search engine Baidu is getting closer to becoming the country's largest online video provider with a new US$370 million acquisition.
 
Microsoft's update of its Windows 8 operating system, code-named Windows Blue, will be available later this year, supporting a variety of form factors and display sizes, and providing more options for both businesses and consumers.
 
Internet Storm Center Infocon Status