(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Enlarge (credit: Flickr user Erica Zabowski)

A North Carolina man has pleaded guilty to a conspiracy that illegally accessed the e-mail and social media accounts of Central Intelligence Director John Brennan and other senior government officials and then used that access to leak sensitive information and make personal threats.

Justin Gray Liverman, 24, of Morehead City, North Carolina, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, commit identity theft, and make harassing, anonymous phone calls, federal prosecutors said Friday. Among the 10 people targeted in the conspiracy were Brennan; then-Deputy FBI Director Mark Giuliano; National Intelligence Director James R. Clapper; Greg Mecher, the husband of White House Communication Director Jen Psaki; and other government officials. The group called itself Crackas with Attitude, and it was led by a co-conspirator going by the name of Cracka.

"She talks mad shit abt snowden," Liverman said on December 10, 2015 in an online chat with Cracka, referring to a target who is believed to be Psaki, according to a statement of facts signed by Liverman and filed in US District Court for the Eastern District of Virginia. (The document refers to Mecher and Psaki as Victim 3 and the spouse of Victim 3 respectively.) "If you come across anything related to [Victim 3's spouse] let me know. If you find her cell or home number omg gimme." Liverman went on to say he wanted to "phonebomb the shitt [sic] outta" Psaki.

Read 7 remaining paragraphs | Comments

 
IBM Security Identity Manager Virtual Appliance Local Information Disclosure Vulnerability
 
IBM Security Identity Manager CVE-2016-9739 Local Information Disclosure Vulnerability
 
Mozilla Firefox Multiple Security Vulnerabilities
 
Libgraphite Multiple Security Vulnerabilities
 
IBM Security Network Protection and Mobile Connect Information Disclosure Vulnerability
 
IBM MQ Appliance CVE-2015-7420 Information Disclosure Vulnerability
 
Multiple EMC Products CVE-2016-0917 Authentication Bypass Vulnerability
 
Oracle Java SE CVE-2016-3503 Local Security Vulnerability
 

Enlarge (credit: Ron Amadeo)

Google has shut down a "high-severity" exploit in its Nexus 6 and 6P phones which gave attackers with USB access the opportunity to take over the onboard modem during boot-up—allowing them to listen in on phonecalls, or intercept mobile data packets.

The vulnerability was part of a cluster of security holes found by security researchers at IBM's X-Force all related to a flaw—tagged CVE-2016-8467—in the phones' bootmode, which uses malware-infected PCs and malicious power chargers to access hidden USB interfaces. Patches were rolled out before the vulnerabilities were made public, in November for the Nexus 6, and January for the 6P.

The waveform from a successfully intercepted phone call.

The waveform from a successfully intercepted phone call. (credit: IBM)

The exploit also allowed access to find the phone's "exact GPS coordinates with detailed satellite information, place phone calls, steal call information, and access or change nonvolatile items or the EFS partition."

Read 5 remaining paragraphs | Comments

 
icoutils CVE-2017-5208 Local Integer Overflow Vulnerability
 
Netop Remote Control CVE-2017-5216 Stack Buffer Overflow Vulnerability
 

Enlarge (credit: Techno Fishy)

When Mike Tigas first created the Onion Browser app for iOS in 2012, he never expected it to become popular. He was working as a newsroom Web developer at The Spokesman-Review in Spokane, Washington, at the time, and wanted a Tor browser app for himself and his colleagues. Expecting little interest, he then put Onion Browser on the Apple App Store at just $0.99/£0.69, the lowest non-zero price that Apple allows.

Fast forward to 2016, and Tigas found himself living in New York City, working as a developer and investigative journalist at ProPublica, while earning upwards of $2,000 a month from the app—and worrying that charging for it was keeping anonymous browsing out of the hands of people who needed it.

So a few weeks ago, he made the app free. Since then, its popularity has exploded, with thousands of downloads recorded every day. The results of the recent US presidential election might have had something to do with this decision, and its impressive results, Tigas told Ars.

Read 26 remaining paragraphs | Comments

 
Internet Storm Center Infocon Status