(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Wireshark PCAPNG File CVE-2015-7830 Remote Code Execution Vulnerability
Apple Mac OS X and iOS Multiple Security Vulnerabilities
PHP PHAR Multiple Denial of Service Vulnerabilities
Apple iOS APPLE-SA-2015-10-21-1 Multiple Security Vulnerabilities
Apple iOS and Mac OS X Multiple Security Vulnerabilities
Apple Mac OS X/watchOS/iOS/tvOS Multiple Security Vulnerabilities

Enlarge (credit: rootservers.org)

Early last week, one of the most vital organs of the Internet anatomy came under an unusual attack. On two separate occasions lasting an hour or more each, a flood of as many as many as five million queries per second hit multiple domain name system root servers that act as the final and authoritative reference for determining which IP address is returned when a user types a domain name into a browser.

The first barrage took place on Monday, November 30, and lasted for about two hours and 40 minutes. The second one happened a day later and lasted for almost exactly an hour. Most but not all of the 13 root servers that form the Internet's DNS root zone were hit. The attacks started and stopped on their own and consisted of billions of valid queries for just two undisclosed domain names, one for each incident. There's no indication of who or what was behind the attack.

While the load was large enough to be detected on external systems that monitor the Internet's root servers, they ultimately had little effect on the billions of Internet end users who rely on them. That's partly because root servers provide IP translations only when a much larger network of intermediate DNS servers fail to do so and partly because of the robust design of the hundreds of servers that run the dozen-plus root authorities.

Read 6 remaining paragraphs | Comments


Posted by InfoSec News on Dec 09


By Danny Westneat
The Seattle Times
December 6, 2015

When I first meet James Simmons, he’s at the state welfare office trying
to get some more food stamps. He survives on those, along with some free
meals he gets at the homeless shelter, where he lives.

It’s a jarring background to what I’m there to talk to him about. Which is
that he just...

Posted by InfoSec News on Dec 09

Forwarded from: BSides SF <info (at) bsidessf.com>

BSides SF is soliciting papers and presentations for the 2016 annual BSides
SF conference.

CFP: https://bsidessf.com/cfp.html

** Topics **

All topic areas related to reliability, network security, privacy,
cryptography, and information security are of interest and in scope.

Let us help you get the word out on The Next Big Thing!

** Submission **



Posted by InfoSec News on Dec 09


By Aliya Sternstein
December 8, 2015

Internet Service Provider CenturyLink has won a multiyear contract worth
up to $10.8 million dollars to fill gaps in a governmentwide firewall,
according to the Department of Homeland Security.

The deal was inked to complete a goal of making so-called EINSTEIN 3A

Posted by InfoSec News on Dec 09


By Kelly Jackson Higgins
Dark Reading

Turns out a vulnerability discovered earlier this year in antivirus
software from AVG also was present in AV software products from Intel
McAfee and Kaspersky Lab.

The security bug -- which researchers at enSilo in March reported in AVG's
Internet Security 2015 build 5736 and virus...

Posted by InfoSec News on Dec 09


By Justin Baer
Dow Jones Business News
December 08, 2015

Morgan Stanley suspected that Russian hackers stole client data from a
former financial adviser who pleaded guilty to illegally accessing the
bank's computers and taking the information home with him.

Galen Marsh, who was fired from the Wall Street firm in January for
viewing and...

In a previous diary, I presented the CIRCLean (USB sanitizer) developed by the Luxembourg CERT (circl.lu). This tool is very useful to sanitize suspicious USBsticks but it lacks of control and enforcement. Nevertheless, how to prevent the user toinsert the original USB stick in a portof his computer?

Amongst many commercial products,Powershell is a goodsolution!As it interacts nicely with the operating systems, useful actions can be programmed when a specific event occurs like"> Register-WmiEvent -Query query -SourceIdentifier name -Action { script block }

The query, in WMI Query Language (WQL) format, specifies the WMI event class on which events must be attached. The name must be a unique identifier. In script block, we define the actions to take. In our case, we must monitor the Win32_LogicalDisk instances and define two actions: when a new instance is created (USB stick inserted) and deleted (USB stick removed).

Then, we can use the magic of Powershell to perform plenty of useful actions In my example, Im just testing the presence of a specific log file (created by CIRCLean) and if it is not older than 2 days. If the file is not present or older, we just unmount the filesystem to present the user to access it and display a pop up message. I admin,the current check is not bullet proof but we could elaborate more robustscenarios:

  • Call directly the PyCIRCLean framework"> Unregister-Event RemovableDiskDetection

    The script is available on my github repository.Here is a small video which demonstrates how it works(https://www.youtube.com/watch?v=3wXk_524qPs): I insert a USB stick which contains the processing.log file, it is mounted. ThenI delete the file, eject and reinsert it, access is now denied!

    Xavier Mertens
    ISC Handler - Freelance Security Consultant
    PGP Key

    (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Internet Storm Center Infocon Status