Enlarge (credit: Ввласенко)

Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.

In a farewell message posted Thursday morning, group members said they were deleting their accounts and making an exit after their offers to release their entire cache of NSA hacking tools in exchange for a whopping 10,000 bitcoins (currently valued at more than $8.2 million) were rebuffed. While they said they would still make good on the offer should the sum be transferred into their electronic wallet, they said there would be no more communications.

"Despite theories, it always being about bitcoins for TheShadowBrokers," Thursday's post, which wasn't available as this article was going live, stated. "Free dumps and bullshit political talk was being for marketing attention. There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers."

Read 13 remaining paragraphs | Comments

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
OpenSSH CVE-2016-6515 Denial of Service Vulnerability

Enlarge / Well, it's an Acrobat. (credit: tmmmb)

Adobe rolled out a set of patches for Acrobat, Adobe Reader, and Flash on Patch Tuesday this week, and the update had an unwelcome surprise in store for Chrome users. After updating their systems, they found that Chrome was prompting them to enable an extension from Adobe.

The extension does a couple of things; it provides a quick way to convert a Web page into a PDF if you have a full, paid version of Acrobat, and it lets you choose to open PDFs in Adobe Reader rather than using Chrome's built-in PDF support. This is occasionally useful for using PDF features that the browser-based support doesn't offer. The extension has existed for some years. The new, more aggressive distribution is new, however. The plugin seeks permission to do three things; "read and change all data on the websites you visit," "manage your downloads," and "communicate with cooperating native applications." The level of access required appears to be consistent with the plugin's stated purpose: as it can make a PDF of any page, it needs to have access to any page, and Chrome does not distinguish between extensions that read from pages and those that modify them.

The extension also collects basic information and sends this to Adobe. This tracking appears to be on by default, though it can be disabled through the extension's options page. Adobe states that this information is anonymous and does not include URL data.

Read 1 remaining paragraphs | Comments


Enlarge / Leeor Ben-Peretz is the executive vice president of the Israeli firm Cellebrite. (credit: JACK GUEZ/AFP/Getty Images)

On Thursday, Vice Motherboard reported that an unnamed source provided the site with 900GB of data hacked from Cellebrite, the well-known mobile phone data extraction company.

Among other products, Cellebrite's UFED system offers "in-depth physical, file system, password, and logical extractions of evidentiary data," and is often the go-to product for law enforcement to pull data from seized phones and other devices.

In a statement, Cellebrite called this hack "illegal" and noted that "the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution."

Read 5 remaining paragraphs | Comments

Juniper Junos CVE-2017-2303 Denial of Service Vulnerability
Multiple Juniper Products Ethernet Packet CVE-2017-2304 Information Disclosure Vulnerability
ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)
OpenSSH CVE-2016-1907 Denial of Service Vulnerability
[SECURITY] [DSA 3760-1] ikiwiki security update
Juniper Junos CVE-2017-2300 Denial of Service Vulnerability
WordPress Prior to 4.7.1 Security Bypass Vulnerability
Genexis DRGOS CVE-2015-3441 Multiple Remote Command Execution Vulnerabilities
LXC CVE-2016-10124 Security Bypass Vulnerability
WordPress Prior to 4.7.1 Cross Site Request Forgery Vulnerability
WordPress Prior to 4.7.1 Cross Site Scripting Vulnerability
Juniper Junos CVE-2017-2302 Denial of Service Vulnerability
Huawei M8 Products CVE-2016-8758 Local Denial of Service Vulnerability
ISC BIND CVE-2016-9444 Remote Denial of Service Vulnerability
CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application
[slackware-security] gnutls (SSA:2017-011-02)
[slackware-security] bind (SSA:2017-011-01)
Drupal OpenLucius Module Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
ISC BIND CVE-2016-9147 Remote Denial of Service Vulnerability
WordPress Prior to 4.7.1 Information Disclosure Vulnerability
ISC BIND CVE-2016-9778 Remote Denial of Service Vulnerability
Drupal Autocomplete Deluxe Module Cross Site Scripting Vulnerability
ISC BIND CVE-2016-9131 Remote Denial of Service Vulnerability
CA20170109-01: Security Notice for CA Service Desk Manager
[SECURITY] [DSA 3758-1] bind9 security update
Multiple Vulnerabilities in cPanel
Internet Storm Center Infocon Status