(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Bloomberg News is reporting evidence of a watershed event in the annals of cyberwarfare, a 2008 hack attack that caused a Turkish oil pipeline to spectacularly burst into flames.

If true, the hack could rewrite the history of cyberwar. The first known use of a computer hack digital weapon to cause physical damage on an enemy is the Stuxnet worm, which in 2009 caused the destruction of uranium centrifuges in Iran's Natanz nuclear facility. (The malware was unleashed on a handful of carefully selected targets a year or so earlier, journalist and author Kim Zetter reported in a recent book, but it took time for the malware to infect its intended target.) The timing has earned Stuxnet the title of the world's first known digital weapon. The Bloomberg account suggests the hack on the Turkish pipeline occurred around the same time Stuxnet was released and was able to successfully detonate its payload effect physical damage a year earlier than Stuxnet did. Update: As several readers have pointed out in comments below, the suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb.

As described by Bloomberg, attackers gained access to the pipeline's computerized operational controls and increased the pressure of the crude oil flowing inside. By hacking the video and sensors that closely monitored the 1,099-mile Baku-Tbilisi-Ceyhan pipeline, the attackers were able to prevent operators from learning of the blast until 40 minutes after it happened, from a security worker who saw the flames, Bloomberg said. As many as 60 hours of surveillance video were also erased. According to Bloomberg:

Read 2 remaining paragraphs | Comments

Adobe Flash Player CVE-2014-9163 Unspecified Stack Based Buffer Overflow Vulnerability

Researchers have uncovered yet another international espionage campaign that's so sophisticated and comprehensive that it could only have been developed with the backing of a well resourced country.

Inception, as the malware is dubbed in a report published Tuesday by Blue Coat Labs, targets devices running Windows, Android, BlackBerry, and iOS, and uses free accounts on Swedish cloud service Cloudme to collect pilfered data. Malware infecting Android handsets records incoming and outgoing phone calls to MP4 sound files that are periodically uploaded to the attackers. The researchers also uncovered evidence of an MMS phishing campaign designed to work on at least 60 mobile networks in multiple countries in an attempt to infect targeted individuals.

"There clearly is a well-resourced and very professional organization behind Inception, with precise targets and intentions that could be widespread and harmful," the Blue Coat report stated. "The complex attack framework shows signs of automation and seasoned programming, and the number of layers used to protect the payload of the attack and to obfuscate the identity of the attackers is extremely advanced, if not paranoid."

Read 9 remaining paragraphs | Comments

Adobe Flash Player CVE-2014-8443 Unspecified Use After Free Remote Code Execution Vulnerability
Adobe Flash Player CVE-2014-9164 Unspecified Memory Corruption Vulnerability
FreeBSD Security Advisory FreeBSD-SA-14:28.file
libvirt CVE-2013-7336 Denial of Service Vulnerability
[SECURITY] [DSA 3095-1] xorg-server security update
AST-2014-019: Remote Crash Vulnerability in WebSocket Server
FreeBSD Security Advisory FreeBSD-SA-14:29.bind

I noticed it in my own logs overnight and also had a couple of readers (both named Peter) report some odd new ssh scanning overnight. The scanning involves many sites, likely a botnet, attempting to ssh in as 3 users, D-Link, admin, and ftpuser. Given the first of those usernames, I suspect that they are targetting improperly configured D-Link routers or other appliances that have some sort of default password. The system that I have at home was not running kippo, so I didnt get the passwords that they were guessing and was not able to see what they might do if they succeed in ssh-ing in. If anyone out there has any more info on what exactly they are targetting, please let us know by e-mail, via the contact page, or by commenting on this post. Ill try to reconfigure a couple of kippo honeypots to see if I can capture the bad guys there and may update this post later.

Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

We got two security updates from VMWare this week:

VMWare ID CVE Product Details
VMSA-2014-0013 CVE-2014-8373 VMware vCloud Automation Center Remote privilegeescalation vulnerability. Authenticated remote users may obtain administrative privileges. Mitigated by turning off Connect (by) Using VMRC
VMSA-2014-0014 CVE-2014-8372 AirWatch A direct object reference vulnerability allows users to see each others information.

VMSA-2014-0013 (CVE:http://www.vmware.com/security/advisories/VMSA-2014-0013.html

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities
RPM CVE-2014-8118 CPIO Header Handling Integer Overflow Vulnerability
WebKit CVE-2014-4462 Unspecified Memory Corruption Vulnerability

The growing number of smart devices that interoperates with smartphones could leave text messages, calendar entries, biometric data, and other sensitive user information wide open to hackers, security researchers warn.

That's because most smart watches rely on a six-digit PIN to secure information traveling to and from connected Android smartphones. With only one million possible keys securing the Bluetooth connection between the handset and the smart device, the PINs are susceptible to brute-force attacks, in which a nearby hacker attempts every possible combination until finding the right one.

Researchers from security firm Bitdefender mounted a proof-of-concept hack against a Samsung Gear Live smartwatch that was paired with a Google Nexus 4 running Android L Preview. Using readily available hacking tools, they found that the PIN obfuscating the Bluetooth connection between the two devices was easily brute forced. From that point on, they were able to monitor the information passing between the watch and the phone.

Read 2 remaining paragraphs | Comments

Microsoft Internet Explorer CVE-2014-6327 Remote Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-6376 Remote Memory Corruption Vulnerability
ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
[CVE-2014-7303] SGI Tempo System Database Exposure
[CVE-2014-7301] SGI Tempo System Database Password Exposure
[CVE-2014-7302] SGI SUID Root Privilege Escalation
Cisco Unified Computing System CVE-2014-7989 Multiple Local Privilege Escalation Vulnerabilities
RPM CVE-2013-6435 Remote Code Execution Vulnerability
PowerDNS Recursor CVE-2014-8601 Remote Denial of Service Vulnerability
OpenVPN CVE-2014-8104 Denial of Service Vulnerability
Linux Kernel CVE-2014-3182 'hid-logitech-dj.c' Buffer Overflow Vulnerability

Posted by InfoSec News on Dec 10


By Steve Ragan
Senior Staff Writer
Dec 9, 2014

During a panel discussion at a security conference hosted by Bloomberg
Government, the FBI cyber division's assistant director, Joe Demarest,
told attendees that at present, there is nothing to tie North Korea to the
attacks on Sony Pictures.

"There is no...

Posted by InfoSec News on Dec 10


By Patrick Tucker
Defense One
December 9, 2014

Online security company Cylance released a report last week showing that
an Iranian cyber-espionage operation “Operation Cleaver” had successfully
breached U.S. and foreign military, infrastructure and transportation
targets. The report claimed to confirm widely-suspected Iranian hacks of
the unclassified Navy...

Posted by InfoSec News on Dec 10


By Cliff Saran
09 December 2014

Security issues are the main factor limiting the further use of cloud
computing services, research from Eurostat has found.

In a survey conducted by the European Commission’s Eurostat statistics
service, public cloud computing was reportedly used by 24% of large
enterprises and 12% of...

Posted by InfoSec News on Dec 10


By William Jackson
Dec 05, 2014

The Veterans Affairs Department has been dinged once again by the
Government Accountability Office for lack of follow-through in its
cybersecurity operations. In a recent report, VA Needs to Address
Identified Vulnerabilities, the GAO warned that unless VA’s security
weaknesses are fully addressed, “its information is at...

Posted by InfoSec News on Dec 10


From: Kenneth Buckler <kenneth.buckler () gmail com>
Date: Tue, 9 Dec 2014 13:04:20 -0500


Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity
of coffee pods, known as K-Cups, uses weak verification methods, which are
subject to a spoofing attack through re-use of a previously verified


CVSS Base Score: 4.9

Impact Subscore: 6.9...
Internet Storm Center Infocon Status