Hackin9

SANS releases survey on SCADA security practices
SecurityInfoWatch
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
U.S. President Barack Obama has signed an executive order requiring federal agencies to share cyberthreat information with private companies and to create a cybersecurity framework focused on reducing risks to companies providing critical infrastructure.
 
Anonymous failed to disrupt the White House's online video stream of President Barack Obama's State of the Union address on Tuesday night.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Adobe released security updates for Flash Player and Shockwave Player on Tuesday in order to address a total of 19 vulnerabilities affecting the two products.
 
RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
 
OpenConnect VPN Gateway Stack Based Buffer Overflow Vulnerability
 
As an industry veteran, how do you think the networking business has evolved over the years?
 
The Anonymous hacking collective Tuesday said it plans to disrupt the live web stream of President Barack Obama's State of the Union address tonight.
 
Yahoo CEO Marissa Mayer thinks there are problems with checking email on a smartphone, but her company is working on a solution.
 
New research by Indiana University shows using artificial intelligence to understand and predict the outcomes of medical treatment could reduce healthcare costs by more than 50% while also improving patient outcomes by nearly the same amount.
 
You just left cocktail hour or a networking event and forgot to grab a business card from the person you'd been chatting with. Don't kick yourself. Instead, log on to LinkedIn to do some cyberstalking. It's a much better resource than Facebook, because with just bits and pieces of information, you're still likely to be able to find your target.
 
Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
 
Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Spoofing Denial of Service Vulnerability
 
Yahoo is bidding to strengthen its presence in the increasingly important mobile space with the acquisition of Alike, a location discovery app.
 
Intel later this year will start offering a TV set-top box and service as the company tries to cash in on the fast-growing TV and home entertainment business.
 
Social networks are expected to light up tonight as users react to the president's State of the Union address.
 
President Obama could use tonight's State of the Union address to continue a push for new cybersecurity legislation, even as he's widely expected to issue an executive order Wednesday to impose rules aimed at protecting critical infrastructure targets, security experts say.
 
Political activists from the Middle East were targeted in attacks that exploited a previously unknown Flash Player vulnerability to install a so-called lawful interception program designed for law enforcement use, security researchers from antivirus vendor Kaspersky Lab said Tuesday.
 

Overview of the February 2013 Microsoft patches and their status.






#

Affected

Contra Indications - KB

Known Exploits

Microsoft rating(**)

ISC rating(*)



clients

servers





MS13-009

Cumulative update for MSIE fixing in addition to prior updates a bunch of use after free vulnerabilities that allow random code execution and a character encoding problem that allows an infoleak.

(Replaces MS12-077 and MS13-008.)



IE

CVE-2013-0015

CVE-2013-0018

CVE-2013-0019

CVE-2013-0020

CVE-2013-0021

CVE-2013-0022

CVE-2013-0023

CVE-2013-0024

CVE-2013-0025

CVE-2013-0026

CVE-2013-0027

CVE-2013-0028

CVE-2013-0029

KB 2792100

No.

Severity:Critical

Exploitability: 1

Critical

Important



MS13-010

A memory corruption problem in VML allows for random code execution.

(Replaces MS11-052)



VML

CVE-2013-0030

KB 2797052

Microsoft claims it is used in targeted attacks.

Severity:Critical

Exploitability: 1

PATCH NOW

Important



MS13-011

An input validation in DirectShow (DirectX) vulnerability allows random code execution in Direct Show.

(Replaces MS10-033)



DirectX

CVE-2013-0077

KB 2797052

No publicly know exploits, but the vulnerability was publicly discussed.

Severity:Critical

Exploitability: 1

Critical

Important



MS13-012

Multiple vulnerabilities in the WebReady Document Viewing service allow random code execution with the rights of the localservice account (a low privileged account) or a DoS when a users uses OWA (Outlook Web Access) to access specific content.

(Replaces MS12-080)



Exchange

CVE-2013-0393

CVE-2013-0418

KB 2809279

No publicly know exploits, but the vulnerability was publicly discussed.

Severity:Critical

Exploitability: 2

N/A

Critical



MS13-013

Multiple vulnerabilities in the Oracle Outside In libraries allow random code execution with the rights of a user account. Attackers need to be able to get the content onto the system in order to get it indexed by the FAST Search Server.

(Replaces MS12-067)



SharePoint

CVE-2012-3214

CVE-2012-3217

KB 2553234

No publicly know exploits, but the vulnerability was publicly discussed.

Severity:Important

Exploitability: 1

N/A

Critical



MS13-014

A NULL dereference vulnerability in the Microsoft implementation of NFS (Network File System) allows a DoS condition.



NFS

CVE-2013-1281

KB 2790978

No.

Severity:Important

Exploitability: 3

N/A

Important



MS13-015

A privilege escalation in XAML browser apps (XBAP) within IE or .NET applications in bypassing CAS (Code Access Security) restrictions.

(Replaces MS12-038 )



.NET

CVE-2013-0073

KB 2800277

No.

Severity:Important

Exploitability: 1

Important

Important




MS13-016

Multiple race conditions in win32k.sys kernel-mode driver allow privilege escalation.

(Replaces MS12-078 and MS13-005 )



Windows kernel, prior to Windows 8, RT and server 2012

CVE-2013-1248

CVE-2013-1249

CVE-2013-1250

CVE-2013-1251

CVE-2013-1252

CVE-2013-1253

CVE-2013-1254

CVE-2013-1255

CVE-2013-1256

CVE-2013-1257

CVE-2013-1258

CVE-2013-1259

CVE-2013-1260

CVE-2013-1261

CVE-2013-1262

CVE-2013-1263

CVE-2013-1264

CVE-2013-1265

CVE-2013-1266

CVE-2013-1267

CVE-2013-1268

CVE-2013-1269

CVE-2013-1270

CVE-2013-1271

CVE-2013-1272

CVE-2013-1273

CVE-2013-1274

CVE-2013-1275

CVE-2013-1276

CVE-2013-1277

KB 2778344

No.

Severity:Important

Exploitability: 2

Important

Less Urgent



MS13-017

Multiple vulnerabilities allow privilege escalation and users to run arbitrary code in kernel mode.

(Replaces MS12-068)



Windows kernel

CVE-2013-1278

CVE-2013-1279

CVE-2013-1280

KB 2799494

No.

Severity:Important

Exploitability: 1

Important

Less Urgent



MS13-018

A vulnerability in the Windows TCP/IP stack makes it handle a connection termination sequence TCP FIN WAIT allows a DoS condition.



Windows TCP/IP

CVE-2013-0075

KB 2790655

No.

Severity:Important

Exploitability: 3

Important

Important



MS13-019

A privilege escalation vulnerability exists in the Windows CSRSS (Client/Server Runtime Subsystem). It allows arbitrary code execution with the privileges of local system for authenticated users.

(Replaces MS11-063)



CSRSS

CVE-2013-0075

KB 2790113

No publicly know exploits, but the vulnerability was publicly discussed.

Severity:Important

Exploitability: 2

Important

Important



MS13-020

An input validation vulnerability in OLE being used by WordPad or Microsoft Office in XP SP3 allows random code execution with the rights of the logged-on user.

(Replaces MS11-038 )



OLE

CVE-2013-1313

KB 2802968

No.

Severity:Critical

Exploitability: 1

Critical

Important





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY


(*): ISC rating


We use 4 levels:


PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.

Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.

Important: Things where more testing and other measures can help.

Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.



The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.

The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.

Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.

All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.


(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.



(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
System administrators overseeing Microsoft Exchange deployments should take a close look at Microsoft's latest round of security patches. In addition to covering Windows and Internet Explorer, Microsoft's latest monthly batch of patches covers the widely used Exchange Server, both the Exchange Server 2007 and Exchange Server 2010 editions.
 
Several inquiries into Novopay, of varying independence, are already underway. However there are already lessons we can learn from the debacle, especially in the context of the proposed $1.5 billion IRD IT spend up.
 
SlideShare, a presentation-sharing site used primarily by professionals, has added a premium feature that lets members closely monitor usage of their presentations.
 
The U.S. has better broadband service than some critics give it credit for, with speeds, availability and prices that are competitive with many other developed nations, according to a new study from a tech-focused think tank.
 
BlackBerry is getting closer to shipping a red, limited edition version of the Z10 to selected developers who have created applications for its new BlackBerry 10 OS.
 
Oracle spent years developing its next-generation Fusion Applications and finally put them into general availability nearly a year-and-a-half ago, but some new evidence suggests that it's been less than successful at enticing customers to move up.
 
Startup Pertino -- backed by former executives from Packeteer and Apple -- has what one analyst calls the most advanced networking as a service (NaaS) product on the market, available starting today as a public beta.
 
Apple will not create a new, inexpensive iPhone just for the sake of offering a cheaper alternative, Apple CEO Tim Cook said in a speech on Tuesday.
 
Nokia said Tuesday it filed letters of objection in India to protest actions by the country's income tax authorities, including a raid on its factory, which it claimed ran counter to domestic laws and international standards.
 
NewsGator is re-architecting its Social Sites enterprise social networking (ESN) suite so that it can be installed independently of Microsoft's SharePoint collaboration server.
 
[slackware-security] openssl (SSA:2013-042-01)
 
Re: Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
 

This month Adobe decided to fix its Flash and Shockwave players for Black Tuesday:

APSB13-05tells about the fixes for CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638 and CVE-2013-0637. The fixes are for Flash Player, AIR and AIR SDK.

APSB13-06 tells about the fixes for CVE-2012-0613 and CVE-2012-0636 in the Shockwave Player.

--

Swa Frantzen -- Section 66
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple will not create a new, inexpensive iPhone just for the sake of offering a cheaper alternative, Apple CEO Tim Cook said in a speech on Tuesday.
 
Changes to the regulations should make it easier for cloud clients and vendors to understand their responsibilities.
 
Two bugs in Rails and a bug in the JSON gem expose Ruby on Rails applications to new attacks, some of which involve the possibility of remote code execution. Updating is recommended


 
Microsoft Office is the most popular word processing suite around, when it comes to generating documents. But a lot of people are completely unaware that, every time you open a document, type in it, edit it, close it, or do anything more than breathe on it, personally identifying data called "metadata" is collected and attached to the document. Disclosure of this information can be very detrimental in certain situations, so it pays to spend an extra few minutes before sending someone the file, to wipe the metadata. A free, small app called Document Metadata Cleaner will help you achieve this.
 
McAfee is enhancing its business security platform by adding near real-time querying capabilities to its ePolicy Orchestrator software and by integrating it with its security information and event management product to automatically initiate endpoint security policy changes.
 
Microsoft will support its Surface Pro tablet until July 2017, or almost four-and-a-half years after its launch last weekend, the company's website confirmed.
 
Unknown perpetrators have used a Bit9 code-signing certificate to sign malware. According to Bit9, the hackers were able to access the certificate because its own security software was not installed on some computers on its network


 
Contrary to the announcement that a hacker managed to get the Emergency Alert Systems in Michigan and Montana to issue, the dead have not risen and begun attacking the living. Local TV managers are investigating how the systems were hacked, though


 
Novell Groupwise Client CVE-2012-0439 ActiveX Control Remote Code Execution Vulnerability
 
Nokia and LG Electronics have both launched new phones that can handle two SIM cards, as they aim to attract more buyers in developing countries.
 
India's provision of outsourcing services to other countries will grow by 12% to 14% in the fiscal year starting April 1, trade group predicts.
 
Web hosting provider and domain name registrar Go Daddy has acquired M.dot, the developer of a mobile app for website creation and management by small businesses.
 
Opera Web Browser Prior to 12.13 Multiple Security Vulnerabilities
 
Web hosting provider and domain name registrar Go Daddy has acquired M.dot, the developer of a mobile app for website creation and management by small businesses.
 
Groupon has acquired MashLogic, a company based in California that makes a simple tool called Britely to capture and collate bits of information from web pages.
 
Tela Innovations has filed patent infringement complaints against key mobile handset vendors, including LG, HTC, Nokia and Motorola Mobility, before the U.S. International Trade Commission and the U.S. District Court for the District of Delaware.
 
Facebook is being sued by the family of a deceased Dutch programmer who held two patents dealing with sharing and updating social media content long before the social networking site launched.
 
Intel today released its Cache Acceleration Software for applications running on SSDs inside Linux servers.
 
The Tokyo government has posted nearly 300 NFC location tags around the upscale Ginza shopping district and released an Android app to interact with them as part of an experiment to help guide shoppers.
 
India's provision of outsourcing services to other countries will grow by 12% to 14% in the fiscal year starting April 1, trade group predicts.
 
SSSD Multiple Denial of Service Vulnerabilities
 
Internet Storm Center Infocon Status