The name "Project Sauron" came from code contained in one of the malware's configuration files. (credit: Kaspersky Lab)

Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation state.

The malware—known alternatively as "ProjectSauron" by researchers from Kaspersky Lab and "Remsec" by their counterparts from Symantec—has been active since at least 2011 and has been discovered on 30 or so targets. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin. Much of ProjectSauron resides solely in computer memory and was written in the form of Binary Large Objects, making it hard to detect using antivirus.

Because of the way the software was written, clues left behind by ProjectSauron in so-called software artifacts are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target.

Read 8 remaining paragraphs | Comments

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability
OpenSSL CVE-2016-0704 Information Disclosure Vulnerability
OpenSSL CVE-2016-0798 Memory Leak Denial of Service Vulnerability
OpenSSL CVE-2016-0703 Information Disclosure Vulnerability

MICROS, an Oracle-owned division that's one of the world's top three point-of-sale services, has suffered a security breach. The attack possibly comes at the hands of a Russian crime gang that siphoned out more than $1 billion (~£770 million) from banks and retailers in past hacks, security news site KrebsOnSecurity reported Monday.

Oracle representatives have told reporter Brian Krebs that company engineers "detected and addressed malicious code in certain legacy MICROS systems" and that the service has asked all customers to reset their passwords for the MICROS online support site. Anonymous people have told Krebs that Oracle engineers initially thought the breach was limited to a small number of computers in the company's retail division. The engineers later realized the infection affected more than 700 systems.

Krebs went on to report that two security experts briefed on the breach investigation said the MICROS support portal was seen communicating with a server that's known to be used by the Carbanak Gang. Over the past few years, Carbanak members are suspected of funneling more than $1 billion out of banks, retailers, and hospitality firms the group hacked into.

Read 4 remaining paragraphs | Comments

[SECURITY] [DSA 3644-1] fontconfig security update
FortiAnalyzer and FortiManager 'Filenames' HTML Injection Vulnerability

(credit: John Palmer)

Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks.

According to Israel-based security firm Checkpoint, the flaws—dubbed "Quadrooter"—found in the firmware which governs the chips, could allow potential attackers to "trigger privilege escalations for the purpose of gaining root access to a device" using malware which wouldn't require special permissions, allowing it to pass under suspicious users' radars.

Qualcomm makes chips for the majority of the world's phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including:

Read 4 remaining paragraphs | Comments

RETIRED: Google Nexus CVE-2016-3843 Privilege Escalation Vulnerability
NTP CVE-2015-7691 Incomplete Fix Denial of Service Vulnerability
phpCollab v2.5 CMS - SQL Injection Vulnerability
OpenSSL CVE-2016-2177 Integer Overflow Vulnerability
NTP Multiple Arbitrary File Overwrite Vulnerabilities
vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)
[slackware-security] openssh (SSA:2016-219-03)
[slackware-security] mozilla-firefox (SSA:2016-219-02)
[slackware-security] curl (SSA:2016-219-01)
[SECURITY] [DSA 3643-1] kde4libs security update
[slackware-security] stunnel (SSA:2016-219-04)
Internet Storm Center Infocon Status