Oracle Database Server CVE-2014-4245 Remote Security Vulnerability
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Criminals are installing fairly sophisticated malicious programs on banks' ATMs, allowing them to control access to the machines and easily steal cash, security firms Kaspersky and Interpol said in a joint statement released on Tuesday.

The malware, which Kaspersky dubbed 'Tyupkin,' allows low-level thieves, known as money mules, access to the machines at certain times of day using an intermittently changing code, similar to the six-digit electronic tokens used for security in the financial industry. More than 50 ATMs in Eastern Europe and Russia were found to have been infected with the malware to date, leading to the theft of currency equivalent to millions of dollars, according to the statement.

The attack shows that criminals are improving their tactics and appear to be able to gain enough access to ATMs to install code, Vicente Diaz, principal security researcher at Kaspersky Lab, said.

Read 7 remaining paragraphs | Comments


Have you ever done a quick vulnerability check only to discover that someone found that vulnerability before you did and already had the system compromised?

During the early stages of a vulnerability scan, nmap is your friend just to quickly confirm what you got. In this case, the big surprise was that the firewall responded on port 4444. Anybody whoever dabbled with pentestingmay be familiar with this port: Metasploit uses port 4444 by default for its remote shell. Other then that, it is typically not used by any well known service.

At this point, with a possible compromised network firewall, there isnt much point in going much further. A quick connect with netcat oddly enough let to an HTTP error. Upon further investigation, it tuns out thatSophosfirewalls use port 4444 for https remote administration. Typically, ports like 8000,8080 or 8443are used, but then again, maybe Sophos wanted to hide their port, or just be different.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

According ot various reports, many users of Belkin routers are havingproblems connecting to the internet as of last night. It appears that the router will occasionally ping">heartbeat.belkin.com to detect network connectivity, but the heartbeat host is not reachable for some (all?) users. Currently, the host responds to ICMP">As a workaround, you can add an entry to the routers host file pointing heartbeat.belkin.com to This appears to remove the block. The block only affects the DNS server on the device. It will route just fine. You can still get hosts on your network to work as long as you set a DNS server manually, for example using Googles DNS server at .

For a statement from Belkin, seehttps://belkininternationalinc.statuspage.io

In a tweet, Belkin also pointed to this page on its community forum:http://community.belkin.com/t5/Wireless/Belkin-Routers-Internet-Outage/m-p/5796#M1466

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
IBM WebSphere Real Time CVE-2014-3086 Unspecified Privilege Escalation Vulnerability

Naked Security

Security incidents are up - and pricier! - but infosec budgets are dwindling
Naked Security
Not only is spending not keeping pace, it's actually developed a limp: infosec budgets declined, on average, 4% over 2013. Specifically, investments in these safeguards declined: Due diligence of third-party providers; Employee security awareness and ...

and more »
Adobe even logs what you read in Digital Editions' instruction manual.

Adobe’s Digital Editions e-book and PDF reader—an application used by thousands of libraries to give patrons access to electronic lending libraries—actively logs and reports every document readers add to their local “library” along with what users do with those files. Even worse, the logs are transmitted over the Internet in the clear, allowing anyone who can monitor network traffic (such as the National Security Agency, Internet service providers and cable companies, or others sharing a public Wi-Fi network) to follow along over readers’ shoulders.

Ars has independently verified the logging of e-reader activity with the use of a packet capture tool. The exposure of data was first discovered by Nate Hoffelder of The Digital Reader, who reported the issue to Adobe but received no reply.

Update, 6:23 PM ET: An Adobe spokesperson now says the company is working on an update. "In terms of the transmission of the data collected, Adobe is in the process of working on an update to address this issue," the spokesperson said in an email to Ars Technica. "We will notify you when a date for this update has been determined."

Read 12 remaining paragraphs | Comments

phpMyAdmin CVE-2014-7217 Multiple Cross Site Scripting Vulnerabilities
LinuxSecurity.com: Updated polkit-qt packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
OWTF 1.0 "Lionheart" released!
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
CA20141001-01: Security Notice for Bash Shellshock Vulnerability
Multiple Vulnerabilities in Draytek Vigor 2130
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities
Suricata 'src/app-layer-ssh.c' Remote Denial of Service Vulnerability
Check_MK CVE-2014-5339 Arbitrary File Overwrite Vulnerability
Cisco Adaptive Security Appliance (ASA) Software Arbitrary File Overwrite Vulnerability
PolicyKit Local Privilege Escalation Vulnerability
Internet Storm Center Infocon Status