On Friday, the online persona behind a high-profile hack of the Democratic National Committee took credit for a separate breach of the Democratic Congressional Campaign Committee. To prove they were responsible, the leaker known as Guccifer 2.0 published a massive amount of personal information belonging to hundreds of Democratic representatives.

One Excel spreadsheet contains a dizzying amount of work and cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives. Several other documents contain passwords for various DCCC accounts. Other documents purport to be memos detailing fund raisers and campaign overviews.

"As you see the US presidential elections are becoming a farce, a big political performance where the voters are far from playing the leading role," Guccifer 2.0 wrote in a blog post accompanying the document dump. "Everything is being settled behind the scenes as it was with Bernie Sanders."

Read 5 remaining paragraphs | Comments

[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)

Rep. Nancy Pelosi (D-CA) is a member of the Gang of Eight. (credit: NASA)

Top Congressional leaders were briefed a year ago on the Russian hack of the Democratic National Committee but were sworn to secrecy by intelligence officials.

According to Reuters, the Gang of Eight was briefed in a Sensitive Compartmented Information Facility, or SCIF, last summer. This group has an even number of Republicans and Democrats, it includes Senate Majority leader Mitch McConnell and House of Representatives Speaker Rep. Paul Ryan (R-Wis.), as well as Sen. Richard Burr (R-N.C.) and Rep. Devin Nunes (R-Calif.), the House and Senate intelligence committee chairs. Across the aisle, it also includes Sen. Harry Reid (D-Nev.) and Rep. Nancy Pelosi (D-Calif.), and Sen. Dianne Feinstein (D-CA) and Rep. Adam Schiff (D-Calif.) of the intelligence committees.

Due to the sensitivity of the information, they were restricted from telling anyone, including the targets.

Read 2 remaining paragraphs | Comments

Microsoft Internet Explorer CVE-2016-3288 Remote Memory Corruption Vulnerability
IBM Tririga Application Platform CVE-2016-0346 Cross Site Request Forgery Vulnerability
Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
IBM WebSphere Portal CVE-2016-0243 Unspecified Cross Site Scripting Vulnerability
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
IBM Connections CVE-2016-0310 Host Header Injection Vulnerability

(credit: Cyber Security Labs @ Ben Gurion University)

Researchers have devised a new way to siphon data out of an infected computer even when it has been physically disconnected from the Internet to prevent the leakage of sensitive information it stores.

The method has been dubbed "DiskFiltration" by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive's actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone. The technique has a range of six feet and a speed of 180 bits per minute, fast enough to steal a 4,096-bit key in about 25 minutes.

"An air-gap isolation is considered to be a hermetic security measure which can prevent data leakage," Mordechai Guri, a security researcher and the head of research and development in the cyber security labs at Israel's Ben-Gurion University, told Ars. "Confidential data, personal information, financial records and other type of sensitive information is stored within isolated networks. We show that despite the degree of isolation, the data can be exfiltrated (for example, to a nearby smart phone)."

Read 5 remaining paragraphs | Comments

Internet Storm Center Infocon Status