InfoSec News

Researchers in the U.S. have developed integrated circuits that can stick to the skin like a child's tattoo and in some cases dissolve in water when they're no longer needed.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Most risk management programs fail because they end up being another audit function, explains Alex Hutton, a faculty member at IANS.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Weve gotten some reports and discussion around many Joomla (and some WordPress) sites exploited and hosting IFRAMES pointing to bad places. Well get to the downloaded in a second, but the interesting thing to note is that it doesnt seem to be a scanner exploiting one vulnerability but some tool thats basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits. Wed like PCAPs or weblogs if youre seeing something similar in your environment. Right now it seems the biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which dont tend to break your website).

The IFRAMES seem to have rapidly changing FQDNs that it is using but the common element is /nightend.cgi?8. Two of the bad IPs that seem to be frequent offenders are and Ultimately it pulls FakeAV software to do its badness.

Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis.

If you have weblogs (particularly verbose ones), I would be interested in seeing them. The tool being used is of interest to me.


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In the world of high-frequency trading, where being ahead of the competition by a few milliseconds can mean profits worth millions of dollars, finance firms are increasingly looking to decades-old microwave technologies for a competitive edge.
The user vote over Facebook's latest proposed privacy policy change is over and the small number of voters who took part means Facebook can proceed with its plans.
Apple and Samsung have emerged as the global kings of smartphones, tablets and PCs even though the two vendors have very different product and pricing strategies, IDC said Monday.
Arctic Torrent Remote Memory Corruption Vulnerability
HCView Remote Arbitrary Code Execution Vulnerability
Smartphone vendors will rely on upgrades such as full-HD screens and more powerful yet more frugal processors to entice customers to buy new phones in 2013.
JPEGsnoop Remote Arbitrary Code Execution Vulnerability
Snack Sound Toolkit 'GetWavHeader()' Function Buffer Overflow Vulnerability
Snare for Linux Password Disclosure
Apple has cut the shipping delay of iPad Mini tablets in half for U.S. and Canadian customers, now promising that the devices will ship in one week. Meanwhile, it's increased shipping times for its new iMac desktops.
Huawei Technologies will invest more than $90 million over a five-year period to establish a research and development center in Helsinki, Finland. Its first task will be to build software for smartphones and tablets based on Android and Windows Phone 8.
After disabling an integration tool that made it more difficult to view pictures on Twitter, Instagram has now pulled all of its photos from microblogging site.
Many mobile apps aimed at children collect and share personal data without notifying parents, potentially violating U.S. law, the Federal Trade Commission said in a report released Monday.
A new variant of a Trojan program called Reveton that prevents victims from using their computers and displays rogue messages from law enforcement agencies is using localized voice messages to trick victims into paying made-up fines, according to researchers from antivirus vendor Trend Micro.
AT&T said it added four new LTE wireless markets on Monday, for a total of 113 markets nationwide.
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework
GOM Player 'avi' File NULL Pointer Dereference Remote Denial of Service Vulnerability
Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
Call for Papers: DIMVA 2013
Snare for Linux Cross-Site Request Forgery
Snare for Linux Cross-Site Scripting via Log Injection

The Most Important IAM Question: Who Does This?
Dark Reading (blog)
I have written about a number of important trends in identity and access management (IAM), including the advent of Mobile, rising importance of authorization, Infosec maybe finally putting down its password crystal meth pipe, and how to avoid AppSec ...

Adding a competitive component to enterprise software improves adoption and real-time decision-making, gamification advocates say.
An evaluation of Android 4.2's new app verification system finds it somewhat lacking in detection capabilities when compared with existing AV engines in the cloud


I have been seeing some e-mails hitting my spam traps today, warning me of my revoked CPA license. No, I am not a CPA. But the e-mails are reasonably well done, so I do think some CPAs may fall for them. At least they got the graphics nice and pretty, but the text could be better worded.

The only clickable link is the Delation.pdf (maye that should be deletion?). Upon clicking the link, we are send on the usual malware redirect loop:

The first stop is

httx://tesorogroup. com/components/com_ag_google_analytics2/taxfraudalert.html

It includes javascript and meta tag redirects to

httx://eaglepointecondo. co/ detects /denouncement-reports.php

which will test our browser for vulnerable plugins and try to run a java applet. Looks all very standard. You may want to check your DNS server logs for anybody resolving tesorogroup.com or eaglepointecondo.co . The two host currently resolve to and respectively.

Wepawet does a nice job analysing the obfuscated javascript:



Johannes B. Ullrich, Ph.D.

SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The reported slow early sales of Microsoft's Surface RT tablet has raised a question among IT analysts -- does Microsoft truly want to produce boffo sales of the new device?
Premier 100 IT Leader Dave Ballai also answers a question on getting a master's degree.
Health care provider Kaiser Permanente has begun hiring about 500 IT professionals to staff its new information technology campus in Englewood, Colo.
Security experts have discovered a botnet client that uses Tor to anonymise its communication. The botnet is called "Skynet" and its methods make the work of criminal prosecutors much more difficult

GIMP XWD File Handling Buffer Overflow Vulnerability
[ MDVSA-2012:178 ] mysql
[SECURITY] [DSA 2584-1] iceape security update
[SECURITY] [DSA 2583-1] iceweasel security update
When security professionals see stupidity all around them, shouldn't they ask themselves whether it's their own precautions that are lacking?
Havalite CMS SQL Injection and Arbitrary File Upload Vulnerabilities
Havalite Multiple Cross Site Scripting and HTML Injection Vulnerabilities

Ira Winkler: Stupid users, or stupid infosec?
19 column, "Can Infosec Cure Stupid?", had me scratching my head. Unusually for him, May's underlying assumptions are flawed. He argues that end users are generally stupid, his evidence being that they don't understand how the devices they use work ...

and more »
The mobile chipset market is in a state of flux with a number of key vendors struggling, but analysts say the result of the turmoil will be more advanced high-end smartphones and cheaper low-end devices.
After initially offering its customers mechanical caps to cover the access port which allowed a $50 device to unlock a hotel door lock, the makers are now working with hotel chains and subsidising a proper remedy for the vulnerability

Motorola Mobility will close down most operations in South Korea in 2013 as part of an ongoing restructuring under Google ownership.
Delta Air Lines quickly published a privacy policy for its mobile application after being sued by California's attorney general, but a privacy researcher has already found a fault with it and the app.
Pivotal Initiative lumps multiple app dev, big data and cloud efforts under a single umbrella
A crop of ultrabooks is being introduced for the new Windows 8 operating system. We examine the HP Envy TouchSmart, Sony Vaio T13 and Toshiba Portege Z935 to see how they shape up.
Australian police are warning people not to rely on Apple's new mobile mapping application after several motorists ended up in a semi-arid national park where temperatures can reach 115 degrees F and there is no water supply.
Toshiba has developed a low-power, high-speed version of MRAM memory that it says can cut power consumption in mobile CPUs by two-thirds.
IBM has demonstrated that it is commercially feasible to bake optical circuitry into silicon processors using fabrication techniques, which could set the stage for radically faster and lower-cost computer communications.
Sales of Apple's iMac, the computer often credited with saving the company, have peaked and by the end of 2014 will account for approximately 2% of the firm's revenues, analysts now say.
WhatsApp for Android appears to have been fixed: the known account hijacking methods no longer work. However, accounts can still be hijacked successfully in the version for Windows Phone

Maxthon Browser Multiple Security Vulnerabilities

Posted by InfoSec News on Dec 10


By Carlton Purvis

It's a real life version of Office Space except with national security

Swiss intelligence is warning the U.S. and Britain that counterterrorism
information may have been leaked after a disgruntled employee stole a
large amount of sensitive data, Reuters reported...

Posted by InfoSec News on Dec 10


December 9, 2012

JEDDAH, Saudi Arabia -- Saudi Arabia’s national oil company, Aramco,
said on Sunday that a cyberattack against it in August that damaged some
30,000 computers was aimed at stopping oil and gas production in Saudi
Arabia, the biggest exporter in the Organization of the Petroleum
Exporting Countries.


Posted by InfoSec News on Dec 10


By Joel Falconer
The Next Web
10 Dec '12

A Gold Coast, Australia medical practice has been held to ransom by a
group of Russian hackers. The hackers encrypted the practice’s patient
database, rendering it unusable until decrypted.

The hackers have asked for the fairly low sum of $4,000, ABC News
reports, noting that...

Posted by InfoSec News on Dec 10


By Dan Goodin
Ars Technica
Dec 9 2012

A password-cracking expert has unveiled a computer cluster that can
cycle through as many as 350 billion guesses per second. It's an almost
unprecedented speed that can try every possible Windows passcode in the
typical enterprise in less than six hours.

The five-server system uses a relatively...

Posted by InfoSec News on Dec 10


By Phil Muncaster
The Register
10th December 2012

Hacktivists claiming to hail from the Pakistan Cyber Army have defaced
over 400 Chinese government web sites and also hit in excess of 20
Bangladeshi government sites.

A hacker known as ‘Code Cracker’ is claiming responsibility for the
attack on the official web site of Xuchang City People’s...
GNOME System Log CVE-2012-5535 Information Disclosure Vulnerability
Internet Storm Center Infocon Status