Hackin9

InfoSec News

As many of the Internet Storm Center readers know, my full time job is working for Sourcefire, the makers of SNORT, ClamAV, Razorback, Daemonlogger, and all of our commercial products. Snort rules, ClamAV detection, etc. I often write about Snort related things here, since I know the SANS audience uses Snort heavily, and is even taught in the 513 course.
One of the areas that I've been looking at and following even more intently recently have been all the Exploit Kits. I refer to things like Incognito, Blackhole, Crimepack, and many more.
Let me give you a couple external references to go read in case you have no idea what I am talking about:
Brian Krebs has some blog posts here and hereabout some updates to it. But for a basic explanation of how the blackhole kit exploits you, the end user, I suggest this pdf here.
The Blackhole exploit kit in particular is very actively developed and changes rapidly to things that block its exploit methods. Trust me. As a person who follows all the particular versions of these exploit kits, they change just about weekly.
You can be exploited by various kit by simply going to a website where some injected code rests on the page (you'll never see it - this is what we call a drive by), receiving some spam (Linkedin, USPS, UPS, I've even seen fake Pizza Delivery emails delivering things like the Pheonix Exploit kit) that redirects you to a landing page, receiving spam with an html/htm email attachment.. The possibilities are essentially endless on how you can wind up on an exploit kit landing page.
Once on the landing page, there are lots of different ways that the exploit kit figures out how to take over your computer, but the basic point of the landing page is which piece of software didn't this user patch?. Vulnerabilities in browsers, java, even the delivery of a pdf to exploit a vulnerable version of Adobe Reader.
These kits are all over the place, and most likely, you are going to run into one of these (if you haven't already).
I basically have three pieces of advice for you.
1) Don't open spam, or click on links inside of spam, or generally just be careful of the sites you go to. If you are reading this webpage, you know there is a 'wild west' to the Internet. Be careful.
2) Patch. Everything. Java, browsers, OS, Adobe Reader, etc. Everything. I literally cannot stress the importance of this enough.
3) Run AV and if you are on a corporate network, run an IPS.
This is an evolving threat. Nothing is going to 100% protect you all the time, however, the more layers you have, hopefully the more insulated you are against the threat, and you can protect yourself and your users.
Good Luck!
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn't going to patch critical bugs in older versions of its software, Adobe has reversed course.
 
Sports fans have it easy nowadays. We have team blogs, websites, Twitter feeds and up-to-the-minute video clips on demand. Yet for all these conveniences, fans still have to do the legwork of subscribing to feeds or following the tweets of players or beat writers. The Team Stream and Team Stream HD apps from Bleacher Report aim to make it easier for fans to find and follow content on their favorite teams.
 
Adobe released updates to three security vulnerabilities yesterday, where they address critical vulnerabilities that exists in older versions of the Adobe CS suite products. As Adobe states We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.



The update released by Adobe can be found here, and the individual vulnerabilities are listed below



Adobe Illustrator CS5.5

Adobe Photoshop CS5

Adobe Flash Professional CS5.5.1



These vulnerabilities are all of the critical nature, which if exploited could lead to a compromise of the system, without user interaction. This vulnerability exists for both the Mac and Windows versions of the software. So be on the lookout for more updates for older version of the Adobe CS suite.

tony d0t carothers -gmail (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As traditional security concepts of perimeter and end-point defense break down as a result of the proliferation of cloud services and the BYOD phenomenon, enterprises are increasingly feeling the need for greater control over access to applications. That's where automated identity and access management comes in.
 
Vint Cerf once wore a shirt that read "IP on Everything," a wry comment on the versatility of the Internet Protocol he helped invent, a protocol that underlies all Internet communication. Now a University of California Berkeley researcher has put Cerf's maxim to the test, running an IP network over a set of xylophones, played by human participants.
 
Columnist Mike Elgan offers tips on how to post to Twitter and Facebook, send a newsletter and more all from a Google+ account.
 
Internet Storm Center Infocon Status