Hackin9

More than 36 organizations—some in the gas, telecommunications, and steel manufacturing industries—have been breached by attackers exploiting a vulnerability in older SAP business applications that gives them remote access to highly confidential data, the US government-sponsored CERT warned Wednesday.

The attacks were carried out over the past three years by attackers exploiting the "invoker servlet," which is a set of functions in SAP applications that allows users to run Java applications without use of a password or other authentication measure. Attackers outside the targeted organizations have abused the feature to gain access to sensitive data and possibly to take control over servers that process the data, according to researchers at security firm Onapsis.

"The exploitation of this vulnerability gives remote unauthenticated attackers full access to the affected SAP platforms, providing them with complete control of the business information and processes run by them, as well as potentially further access to connected SAP and non-SAP systems," company researchers wrote in a blog post published Wednesday.

Read 2 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Dark Reading Not Actually A Sign Of The Apocalypse
Dark Reading
The news stories were unlike anything anyone else was writing on the topic. 'Wow,' I thought, 'this Kelly Jackson Higgins girl is good.' In my mind's eye, she was a journalistic superhero, who wielded two ... In this past 10 years we've seen infosec ...

 

iT News

Attackers exploiting six-year old patched SAP bug
iT News
Attackers are exploiting organisations who failed to apply a patch SAP issued six years ago and using a vulnerability to take gain full control over their business applications. The US-CERT and infosec firm Onapsis are warning SAP users to apply the ...

and more »
 

iT News

Attackers exploiting six-year old patched SAP bug
iT News
Attackers are exploiting organisations who failed to apply a patch SAP issued six years ago and using a vulnerability to take gain full control over their business applications. The US-CERT and infosec firm Onapsis are warning SAP users to apply the ...

and more »
 
[security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities
 

(credit: Blakegripling ph)

Allwinner, a Chinese system-on-a-chip company that makes the processor used in many low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices, apparently shipped a version of its Linux kernel with a ridiculously easy-to-use backdoor built in. All any code needs to do to gain root access is send the text "rootmydevice" to an undocumented debugging process.

The backdoor code may have inadvertently been left in the kernel after developers completed debugging. But the company has been less than transparent about it: information about the backdoor was released and then apparently deleted through Allwinner's own Github account. The kernel, linux-3.4-sunxi, which was originally developed to support Android on Allwinner's ARM processors for tablets, has also been used to develop a community version. The kernel was also the basis for porting over various versions of Linux to Allwinner's processors, which are used in the Orange Pi and Banana Pi micro-PCs (developer boards compatible with Raspberry Pi) along with a number of other devices.

The way Allwinner has distributed its Linux kernel has been frustrating to many developers. The company has not encouraged or participated in community development and has been accused of numerous violations of the GPL license for the Linux kernel. The kernel "drops" by Allwinner include a number of binaries that are essentially closed source, as well as code released under other licenses—largely to support the graphics engines of its processors.

Read on Ars Technica | Comments

 

(credit: Aurich Lawson)

For the past month, people infected with the CryptXXX ransomware had a way to recover their files without paying the hefty $500 fee to obtain the decryption key. On Tuesday, that reprieve came to an end.

Researchers from security firm Proofpoint said in a blog post that version 2.006 has found a way to bypass a decryption tool that has been freely available for weeks. The tool was provided by Kaspersky Lab and was the result of flaws in the way CryptXXX worked.

The crypto ransomware update effectively renders the Kaspersky tool useless, Proofpoint said. It did this with the use of zlib, a software library used for data compression. The new version also makes it harder to use the Kaspersky tool by locking the screen of an infected computer and making it unusable until the ransom is paid.

Read 2 remaining paragraphs | Comments

 
[security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities
 
[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update
 

Softpedia News

Pornhub Puts Many Companies to Shame by Opening a Bug Bounty Program Before Them
Softpedia News
Infosec researchers must avoid damaging any of Pornhub's network or cause service interruption of any kind. Furthermore, the use of automated security testing tools is prohibited, as well as any kind of action that manipulates, leaks, or damages user ...

and more »
 

Pwnie Express Names Key Industry Veterans to Executive Team
SYS-CON Media (press release)
She has a deep passion for Infosec, including cybereducation and cybersafety and advances these missions through her extracurricular activities. Bo Thurmond is an accomplished, results-oriented sales professional with more than 20 years of experience ...

and more »
 

Cybercrime relies on human frailties
SecurityInfoWatch
... build their professional reputations. With an audience of more than half a million and more than 10,000 posts by security experts, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering ...

 
[slackware-security] imagemagick (SSA:2016-132-01)
 
BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities
 
[security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
 
[security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure
 
[SECURITY] [DSA 3574-1] libarchive security update
 
Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution
 

SYS-CON Media (press release)

Hybrid Security Monitoring | @CloudExpo @AlertLogic #DataCenter #InfoSec
SYS-CON Media (press release)
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the ...

and more »
 
Internet Storm Center Infocon Status