Hackin9
LinuxSecurity.com: Several security issues were fixed in OpenSSL.
 
LinuxSecurity.com: * CVE-2015-4037: insecure temporary file use in /net/slirp.c (bz #1222894)
 
LinuxSecurity.com: An updated wpa_supplicant package that fixes two security issues and adds one enhancement is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM's security. An OPM statement on the attack said that the agency discovered the breach as it had "undertaken an aggressive effort to update its cybersecurity posture." And a DHS spokesperson told Ars that "interagency partners" were helping the OPM improve its network monitoring "through which OPM detected new malicious activity affecting its information technology systems and data in April 2015."

Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services. "CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network," Paletta and Hughes reported.

And, according to federal investigators, that malware may have been in place for over a year. US intelligence agencies have joined the investigation into the breach. But it's still not even clear what data was accessed by the attackers.

Read 4 remaining paragraphs | Comments

 

In mid-May, the Federal Bureau of Investigations lost control over seized domains, including Megaupload.com, when the agency failed to renew a key domain name of its own. That domain, which hosted the name servers that redirected requests for seized sites to an FBI Web page, was purchased at auction—and then used to redirect traffic from Megaupload.com and other sites to a malicious site serving porn ads and malware. Weeks later, those sites are still in limbo because somehow, despite a law enforcement freeze on the domain name, the name servers associated with Megaupload.com and those other seized sites were changed to point at hosts associated with a domain registered in China.

As Ars reported on May 28, the domain CIRFU.NET had been registered by the FBI through GoDaddy to provide domain name servers and Web servers for the FBI's Cyber Initiative and Resources Fusion Unit (part of FBI's Cyber Division). The FBI failed to renew the domain on April 1, however, and on May 13 the domain was acquired at an auction by "Syndk8 Media Limited"—a front company registered at a Gibraltar mail and call forwarding service by a "black-hat SEO" Web marketer who calls himself Earl Grey.

That created some problems, because up until at least May 27, the name servers listed in Whois data for Megaupload.com and several other seized sites were still hosts on CIRFU.NET—meaning that whoever controlled CIRFU.NET essentially controlled the FBI's seized domains. And for a number of days up until May 28, the new owner of CIRFU.NET apparently gave control over to an individual who had registered CIRFU.BIZ—a domain that in turn served up a stream of "zero-click" advertisements for porn, advertisements that were really Web exploit malware, and other malicious or otherwise undesirable ads.

Read 4 remaining paragraphs | Comments

 
[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
 
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
 
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
 

An OpenSSL security advisory issued earlier today onThursday2015-06-11 [1]. According to the advisoryusers should upgrade OpenSSL to fix vulnerabliities that could be exploited by a Logjam attack [2].

The issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

  • OpenSSL 1.0.2 users should upgrade to 1.0.2b
  • OpenSSL 1.0.1 users should upgrade to 1.0.1n
  • OpenSSL 1.0.0 users should upgrade to 1.0.0s
  • OpenSSL 0.9.8 users should upgrade to 0.9.8zg

Related vulnerabilities from the announcement:

Of note, support for OpenSSL versions 1.0.0 and 0.9.8 will cease at the end of the year on 2015-12-31. No security updates for 1.0.0 and 0.9.8 will be provided after that. Users are advised to upgrade to the latest versions of1.0.1 or 1.0.2.

References:

[1] http://openssl.org/news/secadv_20150611.txt
[2] https://weakdh.org/

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
 
D-Link DSP-W110 - multiple vulnerabilities
 
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities
 
LinuxSecurity.com: Security fix for CVE-2015-0850CVE-2015-0850: Prevent arbitrary command execution via clone URL parameter of the method to create secondary Git repositories. Found by Ansgar Burchardt .
 
LinuxSecurity.com: Rolled back 0.15 update for f20 & f21 due to library conflict.Also addresses a security vulnerability.
 
LinuxSecurity.com: Force cabal upload to always use digest auth and never basic authNote this only affects uploading of new source tarballs toHackage by Haskell upstream package maintainers.It is safer to upload packages via the Hackage web interface.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Security fixes The XSRF token is now encoded with a random mask on each request. This makes it safe to include in compressed pages without being vulnerable to the BREACH attack. This applies to most applications that use both the xsrf_cookies and gzip options (or have gzip applied by a proxy).Backwards-compatibility notes If Tornado 3.2.2 is run at the same time as older versions on the same domain, there is some potential for issues with the differing cookie versions. The Application setting xsrf_cookie_version=1 can be used for a transitional period to generate the older cookie format on newer servers.
 
 
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
 
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
 
Internet Storm Center Infocon Status